Gitiles
Code Review Sign In
android-review.linaro.org / platform / libcore2 / refs/heads/main / . / luni / src / test / java / tests / security / cert / X509CertSelectorTest.java
blob: 049f3a0848dc1b80747a78a81ea4314fac658c9e [file] [log] [blame]
The Android Open Source Projectb5de22c2012-04-01 00:00:00 -0700[diff] [blame]1/*
2 * Licensed to the Apache Software Foundation (ASF) under one or more
3 * contributor license agreements. See the NOTICE file distributed with
4 * this work for additional information regarding copyright ownership.
5 * The ASF licenses this file to You under the Apache License, Version 2.0
6 * (the "License"); you may not use this file except in compliance with
7 * the License. You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18package tests.security.cert;
19
20import java.io.ByteArrayInputStream;
21import java.io.IOException;
22import java.math.BigInteger;
23import java.security.InvalidAlgorithmParameterException;
24import java.security.InvalidKeyException;
25import java.security.NoSuchAlgorithmException;
26import java.security.NoSuchProviderException;
27import java.security.Principal;
28import java.security.PublicKey;
29import java.security.SignatureException;
30import java.security.cert.CertPath;
31import java.security.cert.CertPathBuilder;
32import java.security.cert.CertPathBuilderException;
33import java.security.cert.CertificateEncodingException;
34import java.security.cert.CertificateException;
35import java.security.cert.CertificateExpiredException;
36import java.security.cert.CertificateFactory;
37import java.security.cert.CertificateNotYetValidException;
38import java.security.cert.CertificateParsingException;
39import java.security.cert.PKIXBuilderParameters;
40import java.security.cert.PKIXCertPathBuilderResult;
41import java.security.cert.TrustAnchor;
42import java.security.cert.X509CertSelector;
43import java.security.cert.X509Certificate;
44import java.util.ArrayList;
45import java.util.Arrays;
46import java.util.Calendar;
47import java.util.Collection;
48import java.util.Collections;
49import java.util.Date;
50import java.util.HashSet;
51import java.util.Iterator;
52import java.util.List;
53import java.util.Set;
54import javax.security.auth.x500.X500Principal;
55import junit.framework.TestCase;
56import org.apache.harmony.security.asn1.ASN1Boolean;
57import org.apache.harmony.security.asn1.ASN1Integer;
58import org.apache.harmony.security.asn1.ASN1OctetString;
59import org.apache.harmony.security.asn1.ASN1Oid;
60import org.apache.harmony.security.asn1.ASN1Sequence;
61import org.apache.harmony.security.asn1.ASN1Type;
62import org.apache.harmony.security.tests.support.TestKeyPair;
63import org.apache.harmony.security.tests.support.cert.MyCRL;
64import org.apache.harmony.security.tests.support.cert.TestUtils;
65import org.apache.harmony.security.x501.Name;
66import org.apache.harmony.security.x509.CertificatePolicies;
67import org.apache.harmony.security.x509.GeneralName;
68import org.apache.harmony.security.x509.GeneralNames;
69import org.apache.harmony.security.x509.NameConstraints;
70import org.apache.harmony.security.x509.ORAddress;
71import org.apache.harmony.security.x509.OtherName;
72import org.apache.harmony.security.x509.PolicyInformation;
73import org.apache.harmony.security.x509.PrivateKeyUsagePeriod;
74
75/**
76 * X509CertSelectorTest
77 */
78public class X509CertSelectorTest extends TestCase {
79
80 byte[][] constraintBytes = new byte[][] {
81 {
82 48, 34, -96, 15, 48, 13, -127, 8, 56, 50, 50, 46, 78,
83 97, 109, 101, -128, 1, 0, -95, 15, 48, 13, -127, 8, 56,
84 50, 50, 46, 78, 97, 109, 101, -128, 1, 0},
85 {
86 48, 42, -96, 19, 48, 17, -127, 12, 114, 102, 99, 64,
87 56, 50, 50, 46, 78, 97, 109, 101, -128, 1, 0, -95, 19,
88 48, 17, -127, 12, 114, 102, 99, 64, 56, 50, 50, 46, 78,
89 97, 109, 101, -128, 1, 0},
90 {
91 48, 34, -96, 15, 48, 13, -126, 8, 78, 97, 109, 101, 46,
92 111, 114, 103, -128, 1, 0, -95, 15, 48, 13, -126, 8,
93 78, 97, 109, 101, 46, 111, 114, 103, -128, 1, 0},
94 {
95 48, 42, -96, 19, 48, 17, -126, 12, 100, 78, 83, 46, 78,
96 97, 109, 101, 46, 111, 114, 103, -128, 1, 0, -95, 19,
97 48, 17, -126, 12, 100, 78, 83, 46, 78, 97, 109, 101,
98 46, 111, 114, 103, -128, 1, 0},
99 {
100 48, 54, -96, 25, 48, 23, -122, 18, 104, 116, 116, 112,
101 58, 47, 47, 82, 101, 115, 111, 117, 114, 99, 101, 46,
102 73, 100, -128, 1, 0, -95, 25, 48, 23, -122, 18, 104,
103 116, 116, 112, 58, 47, 47, 82, 101, 115, 111, 117, 114,
104 99, 101, 46, 73, 100, -128, 1, 0},
105 {
106 48, 70, -96, 33, 48, 31, -122, 26, 104, 116, 116, 112,
107 58, 47, 47, 117, 110, 105, 102, 111, 114, 109, 46, 82,
108 101, 115, 111, 117, 114, 99, 101, 46, 73, 100, -128, 1,
109 0, -95, 33, 48, 31, -122, 26, 104, 116, 116, 112, 58,
110 47, 47, 117, 110, 105, 102, 111, 114, 109, 46, 82, 101,
111 115, 111, 117, 114, 99, 101, 46, 73, 100, -128, 1, 0},
112 {
113 48, 26, -96, 11, 48, 9, -121, 4, 1, 1, 1, 1, -128, 1,
114 0, -95, 11, 48, 9, -121, 4, 1, 1, 1, 1, -128, 1, 0},
115 {
116 48, 50, -96, 23, 48, 21, -121, 16, 1, 1, 1, 1, 1, 1, 1,
117 1, 1, 1, 1, 1, 1, 1, 1, 1, -128, 1, 0, -95, 23, 48, 21,
118 -121, 16, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
119 1, -128, 1, 0}};
120
121 /**
122 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, byte[])
123 */
124 public void test_addSubjectAlternativeNameLintLbyte_array() throws IOException {
125 // Regression for HARMONY-2487
126 int[] types = { GeneralName.OTHER_NAME,
127 GeneralName.RFC822_NAME,
128 GeneralName.DNS_NAME,
129 GeneralName.X400_ADDR,
130 GeneralName.DIR_NAME,
131 GeneralName.EDIP_NAME,
132 GeneralName.UR_ID,
133 GeneralName.IP_ADDR,
134 GeneralName.REG_ID };
135 for (int i = 0; i < types.length; i++) {
136 try {
137 new X509CertSelector().addSubjectAlternativeName(types[i],
138 (byte[]) null);
139 fail("No expected NullPointerException for type: " + types[i]);
140 } catch (NullPointerException expected) {
141 }
142 }
143 }
144
145 /**
146 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, String)
147 */
148 public void test_addSubjectAlternativeNameLintLjava_lang_String() {
149 // Regression for HARMONY-727
150 int[] types = { GeneralName.OTHER_NAME,
151 // GeneralName.RFC822_NAME,
152 GeneralName.DNS_NAME,
153 GeneralName.X400_ADDR,
154 GeneralName.DIR_NAME,
155 GeneralName.EDIP_NAME,
156 GeneralName.UR_ID,
157 GeneralName.IP_ADDR,
158 GeneralName.REG_ID };
159 for (int i = 0; i < types.length; i++) {
160 try {
161 new X509CertSelector().addSubjectAlternativeName(types[i],
162 "-0xDFRF");
163 fail("IOException expected for type: " + types[i]);
164 } catch (IOException expected) {
165 }
166 }
167 }
168
169 /**
170 * java.security.cert.X509CertSelector#addPathToName(int, byte[])
171 */
172 public void test_addPathToNameLintLbyte_array() throws IOException {
173 // Regression for HARMONY-2487
174 int[] types = { GeneralName.OTHER_NAME,
175 GeneralName.RFC822_NAME,
176 GeneralName.DNS_NAME,
177 GeneralName.X400_ADDR,
178 GeneralName.DIR_NAME,
179 GeneralName.EDIP_NAME,
180 GeneralName.UR_ID,
181 GeneralName.IP_ADDR,
182 GeneralName.REG_ID };
183 for (int i = 0; i < types.length; i++) {
184 try {
185 new X509CertSelector().addPathToName(types[i], (byte[]) null);
186 fail("No expected NullPointerException for type: " + types[i]);
187 } catch (NullPointerException expected) {
188 }
189 }
190 }
191
192 /**
193 * java.security.cert.X509CertSelector#addPathToName(int, String)
194 */
195 public void test_addPathToNameLintLjava_lang_String() {
196 // Regression for HARMONY-724
197 for (int type = 0; type <= 8; type++) {
198 try {
199 new X509CertSelector().addPathToName(type, (String) null);
200 fail();
201 } catch (IOException expected) {
202 }
203 }
204
205
206 }
207
208 /**
209 * java.security.cert.X509CertSelector#X509CertSelector()
210 */
211 public void test_X509CertSelector() {
212 X509CertSelector selector = new X509CertSelector();
213 assertEquals(-1, selector.getBasicConstraints());
214 assertTrue(selector.getMatchAllSubjectAltNames());
215 }
216
217 /**
218 * java.security.cert.X509CertSelector#clone()
219 */
220 public void test_clone() throws Exception {
221 X509CertSelector selector = new X509CertSelector();
222 X509CertSelector selector1 = (X509CertSelector) selector.clone();
223
224 assertEquals(selector.getMatchAllSubjectAltNames(), selector1.getMatchAllSubjectAltNames());
225 assertEquals(selector.getAuthorityKeyIdentifier(), selector1.getAuthorityKeyIdentifier());
226 assertEquals(selector.getBasicConstraints(), selector1.getBasicConstraints());
227 assertEquals(selector.getCertificate(), selector1.getCertificate());
228 assertEquals(selector.getCertificateValid(), selector1.getCertificateValid());
229 assertEquals(selector.getExtendedKeyUsage(), selector1.getExtendedKeyUsage());
230 assertEquals(selector.getIssuer(), selector1.getIssuer());
231 assertEquals(selector.getIssuerAsBytes(), selector1.getIssuerAsBytes());
232 assertEquals(selector.getIssuerAsString(), selector1.getIssuerAsString());
233 assertEquals(selector.getKeyUsage(), selector1.getKeyUsage());
234 assertEquals(selector.getNameConstraints(), selector1.getNameConstraints());
235 assertEquals(selector.getPathToNames(), selector1.getPathToNames());
236 assertEquals(selector.getPolicy(), selector1.getPolicy());
237 assertEquals(selector.getPrivateKeyValid(), selector1.getPrivateKeyValid());
238 assertEquals(selector.getSerialNumber(), selector1.getSerialNumber());
239 assertEquals(selector.getSubject(), selector1.getSubject());
240 assertEquals(selector.getSubjectAlternativeNames(), selector1.getSubjectAlternativeNames());
241 assertEquals(selector.getSubjectAsBytes(), selector1.getSubjectAsBytes());
242 assertEquals(selector.getSubjectAsString(), selector1.getSubjectAsString());
243 assertEquals(selector.getSubjectKeyIdentifier(), selector1.getSubjectKeyIdentifier());
244 assertEquals(selector.getSubjectPublicKey(), selector1.getSubjectPublicKey());
245 assertEquals(selector.getSubjectPublicKeyAlgID(), selector1.getSubjectPublicKeyAlgID());
246
247 selector = null;
248 try {
249 selector.clone();
250 fail();
251 } catch (NullPointerException expected) {
252 }
253 }
254
255 /**
256 * java.security.cert.X509CertSelector#getAuthorityKeyIdentifier()
257 */
258 public void test_getAuthorityKeyIdentifier() {
259 byte[] akid1 = new byte[] { 4, 5, 1, 2, 3, 4, 5 }; // random value
260 byte[] akid2 = new byte[] { 4, 5, 5, 4, 3, 2, 1 }; // random value
261 X509CertSelector selector = new X509CertSelector();
262
263 assertNull("Selector should return null",
264 selector.getAuthorityKeyIdentifier());
265 assertFalse("The returned keyID should be equal to specified",
266 Arrays.equals(akid1, selector.getAuthorityKeyIdentifier()));
267 selector.setAuthorityKeyIdentifier(akid1);
268 assertTrue("The returned keyID should be equal to specified",
269 Arrays.equals(akid1, selector.getAuthorityKeyIdentifier()));
270 assertFalse("The returned keyID should differ",
271 Arrays.equals(akid2, selector.getAuthorityKeyIdentifier()));
272 }
273
274 /**
275 * java.security.cert.X509CertSelector#getBasicConstraints()
276 */
277 public void test_getBasicConstraints() {
278 X509CertSelector selector = new X509CertSelector();
279 int[] validValues = { 2, 1, 0, 1, 2, 3, 10, 20 };
280 for (int i = 0; i < validValues.length; i++) {
281 selector.setBasicConstraints(validValues[i]);
282 assertEquals(validValues[i], selector.getBasicConstraints());
283 }
284 }
285
286 /**
287 * java.security.cert.X509CertSelector#getCertificate()
288 */
289 public void test_getCertificate() throws Exception {
290 X509CertSelector selector = new X509CertSelector();
291 CertificateFactory certFact = CertificateFactory.getInstance("X509");
292 X509Certificate cert1 = (X509Certificate)
293 certFact.generateCertificate(new ByteArrayInputStream(
294 TestUtils.getX509Certificate_v3()));
295
296 X509Certificate cert2 = (X509Certificate)
297 certFact.generateCertificate(new ByteArrayInputStream(
298 TestUtils.getX509Certificate_v1()));
299
300 selector.setCertificate(cert1);
301 assertEquals(cert1, selector.getCertificate());
302
303 selector.setCertificate(cert2);
304 assertEquals(cert2, selector.getCertificate());
305
306 selector.setCertificate(null);
307 assertNull(selector.getCertificate());
308 }
309
310 /**
311 * java.security.cert.X509CertSelector#getCertificateValid()
312 */
313 public void test_getCertificateValid() {
314 Date date1 = new Date(100);
315 Date date2 = new Date(200);
316 Date date3 = Calendar.getInstance().getTime();
317 X509CertSelector selector = new X509CertSelector();
318
319 assertNull("Selector should return null",
320 selector.getCertificateValid());
321 selector.setCertificateValid(date1);
322 assertTrue("The returned date should be equal to specified",
323 date1.equals(selector.getCertificateValid()));
324 selector.getCertificateValid().setTime(200);
325 assertTrue("The returned date should be equal to specified",
326 date1.equals(selector.getCertificateValid()));
327 assertFalse("The returned date should differ",
328 date2.equals(selector.getCertificateValid()));
329 selector.setCertificateValid(date3);
330 assertTrue("The returned date should be equal to specified",
331 date3.equals(selector.getCertificateValid()));
332 selector.setCertificateValid(null);
333 assertNull(selector.getCertificateValid());
334 }
335
336 /**
337 * java.security.cert.X509CertSelector#getExtendedKeyUsage()
338 */
339 public void test_getExtendedKeyUsage() throws Exception {
340 HashSet<String> ku = new HashSet<String>(Arrays.asList(new String[] {
341 "1.3.6.1.5.5.7.3.1",
342 "1.3.6.1.5.5.7.3.2",
343 "1.3.6.1.5.5.7.3.3",
344 "1.3.6.1.5.5.7.3.4",
345 "1.3.6.1.5.5.7.3.8",
346 "1.3.6.1.5.5.7.3.9",
347 "1.3.6.1.5.5.7.3.5",
348 "1.3.6.1.5.5.7.3.6",
349 "1.3.6.1.5.5.7.3.7"
350 }));
351 X509CertSelector selector = new X509CertSelector();
352
353 assertNull("Selector should return null", selector.getExtendedKeyUsage());
354 selector.setExtendedKeyUsage(ku);
355 assertTrue("The returned extendedKeyUsage should be equal to specified",
356 ku.equals(selector.getExtendedKeyUsage()));
357 try {
358 selector.getExtendedKeyUsage().add("KRIBLEGRABLI");
359 fail("The returned Set should be immutable.");
360 } catch (UnsupportedOperationException expected) {
361 }
362 }
363
364 /**
365 * java.security.cert.X509CertSelector#getIssuer()
366 */
367 public void test_getIssuer() {
368 X500Principal iss1 = new X500Principal("O=First Org.");
369 X500Principal iss2 = new X500Principal("O=Second Org.");
370 X509CertSelector selector = new X509CertSelector();
371
372 assertNull("Selector should return null", selector.getIssuer());
373 selector.setIssuer(iss1);
374 assertEquals("The returned issuer should be equal to specified",
375 iss1, selector.getIssuer());
376 assertFalse("The returned issuer should differ",
377 iss2.equals(selector.getIssuer()));
378 }
379
380 /**
381 * java.security.cert.X509CertSelector#getIssuerAsBytes()
382 */
383 public void test_getIssuerAsBytes() throws Exception {
384 byte[] name1 = new byte[]
385 // manually obtained DER encoding of "O=First Org." issuer name;
386 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115,
387 116, 32, 79, 114, 103, 46 };
388
389 byte[] name2 = new byte[]
390 // manually obtained DER encoding of "O=Second Org." issuer name;
391 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111,
392 110, 100, 32, 79, 114, 103, 46 };
393 X500Principal iss1 = new X500Principal(name1);
394 X500Principal iss2 = new X500Principal(name2);
395 X509CertSelector selector = new X509CertSelector();
396
397 assertNull("Selector should return null", selector.getIssuerAsBytes());
398 selector.setIssuer(iss1);
399 assertTrue("The returned issuer should be equal to specified",
400 Arrays.equals(name1, selector.getIssuerAsBytes()));
401 assertFalse("The returned issuer should differ", name2.equals(selector.getIssuerAsBytes()));
402 selector.setIssuer(iss2);
403 assertTrue("The returned issuer should be equal to specified",
404 Arrays.equals(name2, selector.getIssuerAsBytes()));
405 }
406
407 /**
408 * java.security.cert.X509CertSelector#getIssuerAsString()
409 */
410 public void test_getIssuerAsString() {
411 String name1 = "O=First Org.";
412 String name2 = "O=Second Org.";
413 X500Principal iss1 = new X500Principal(name1);
414 X500Principal iss2 = new X500Principal(name2);
415 X509CertSelector selector = new X509CertSelector();
416
417 assertNull("Selector should return null", selector.getIssuerAsString());
418 selector.setIssuer(iss1);
419 assertEquals("The returned issuer should be equal to specified", name1,
420 selector.getIssuerAsString());
421 assertFalse("The returned issuer should differ",
422 name2.equals(selector.getIssuerAsString()));
423 selector.setIssuer(iss2);
424 assertEquals("The returned issuer should be equal to specified", name2,
425 selector.getIssuerAsString());
426 }
427
428 /**
429 * java.security.cert.X509CertSelector#getKeyUsage()
430 */
431 public void test_getKeyUsage() {
432 boolean[] ku = new boolean[] { true, false, true, false, true, false,
433 true, false, true };
434 X509CertSelector selector = new X509CertSelector();
435
436 assertNull("Selector should return null", selector.getKeyUsage());
437 selector.setKeyUsage(ku);
438 assertTrue("The returned date should be equal to specified",
439 Arrays.equals(ku, selector.getKeyUsage()));
440 boolean[] result = selector.getKeyUsage();
441 result[0] = !result[0];
442 assertTrue("The returned keyUsage should be equal to specified",
443 Arrays.equals(ku, selector.getKeyUsage()));
444 }
445
446 /**
447 * java.security.cert.X509CertSelector#getMatchAllSubjectAltNames()
448 */
449 public void test_getMatchAllSubjectAltNames() {
450 X509CertSelector selector = new X509CertSelector();
451 assertTrue("The matchAllNames initially should be true",
452 selector.getMatchAllSubjectAltNames());
453 selector.setMatchAllSubjectAltNames(false);
454 assertFalse("The value should be false",
455 selector.getMatchAllSubjectAltNames());
456 }
457
458 /**
459 * java.security.cert.X509CertSelector#getNameConstraints()
460 */
461 public void test_getNameConstraints() throws IOException {
462
463// Used to generate following byte array
464// GeneralName[] name_constraints = new GeneralName[] {
465// new GeneralName(1, "822.Name"),
466// new GeneralName(1, "rfc@822.Name"),
467// new GeneralName(2, "Name.org"),
468// new GeneralName(2, "dNS.Name.org"),
469//
470// new GeneralName(6, "http://Resource.Id"),
471// new GeneralName(6, "http://uniform.Resource.Id"),
472// new GeneralName(7, "1.1.1.1"),
473//
474// new GeneralName(new byte[] { 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
475// 1, 1, 1, 1, 1 }), };
476//
477// constraintBytes = new byte[name_constraints.length][];
478//
479// for (int i = 0; i < name_constraints.length; i++) {
480// GeneralSubtree subtree = new GeneralSubtree(name_constraints[i]);
481// GeneralSubtrees subtrees = new GeneralSubtrees();
482// subtrees.addSubtree(subtree);
483// NameConstraints constraints = new NameConstraints(subtrees,
484// subtrees);
485// constraintBytes[i] = constraints.getEncoded();
486// }
487// System.out.println("XXX"+Arrays.deepToString(constraintBytes)+"XXX");
488
489 X509CertSelector selector = new X509CertSelector();
490
491 for (int i = 0; i < constraintBytes.length; i++) {
492 selector.setNameConstraints(constraintBytes[i]);
493 assertTrue(Arrays.equals(constraintBytes[i],
494 selector.getNameConstraints()));
495 }
496 }
497
498 /**
499 * java.security.cert.X509CertSelector#getPathToNames()
500 */
501 public void test_getPathToNames() throws Exception {
502 GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5",
503 new byte[] { 1, 2, 0, 1 }));
504 GeneralName san1 = new GeneralName(1, "rfc@822.Name");
505 GeneralName san2 = new GeneralName(2, "dNSName");
506 GeneralName san3 = new GeneralName(new ORAddress());
507 GeneralName san4 = new GeneralName(new Name("O=Organization"));
508 GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
509 GeneralName san7 = new GeneralName(7, "1.1.1.1");
510 GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
511
512 GeneralNames sans1 = new GeneralNames();
513 sans1.addName(san0);
514 sans1.addName(san1);
515 sans1.addName(san2);
516 sans1.addName(san3);
517 sans1.addName(san4);
518 sans1.addName(san6);
519 sans1.addName(san7);
520 sans1.addName(san8);
521 GeneralNames sans2 = new GeneralNames();
522 sans2.addName(san0);
523
524 TestCert cert1 = new TestCert(sans1);
525 TestCert cert2 = new TestCert(sans2);
526 X509CertSelector selector = new X509CertSelector();
527 selector.setMatchAllSubjectAltNames(true);
528
529 selector.setPathToNames(null);
530 assertTrue("Any certificate should match in the case of null "
531 + "subjectAlternativeNames criteria.",
532 selector.match(cert1) && selector.match(cert2));
533
534 Collection<List<?>> sans = sans1.getPairsList();
535
536 selector.setPathToNames(sans);
537 selector.getPathToNames();
538 }
539
540 /**
541 * java.security.cert.X509CertSelector#getPolicy()
542 */
543 public void test_getPolicy() throws IOException {
544 String[] policies1 = new String[] {
545 "1.3.6.1.5.5.7.3.1",
546 "1.3.6.1.5.5.7.3.2",
547 "1.3.6.1.5.5.7.3.3",
548 "1.3.6.1.5.5.7.3.4",
549 "1.3.6.1.5.5.7.3.8",
550 "1.3.6.1.5.5.7.3.9",
551 "1.3.6.1.5.5.7.3.5",
552 "1.3.6.1.5.5.7.3.6",
553 "1.3.6.1.5.5.7.3.7"
554 };
555
556 String[] policies2 = new String[] { "1.3.6.7.3.1" };
557
558 HashSet<String> p1 = new HashSet<String>(Arrays.asList(policies1));
559 HashSet<String> p2 = new HashSet<String>(Arrays.asList(policies2));
560
561 X509CertSelector selector = new X509CertSelector();
562
563 selector.setPolicy(null);
564 assertNull(selector.getPolicy());
565
566 selector.setPolicy(p1);
567 assertEquals("The returned date should be equal to specified", p1, selector.getPolicy());
568
569 selector.setPolicy(p2);
570 assertEquals("The returned date should be equal to specified", p2, selector.getPolicy());
571 }
572
573 /**
574 * java.security.cert.X509CertSelector#getPrivateKeyValid()
575 */
576 public void test_getPrivateKeyValid() {
577 Date date1 = new Date(100);
578 Date date2 = new Date(200);
579 X509CertSelector selector = new X509CertSelector();
580
581 assertNull("Selector should return null", selector.getPrivateKeyValid());
582 selector.setPrivateKeyValid(date1);
583 assertTrue("The returned date should be equal to specified",
584 date1.equals(selector.getPrivateKeyValid()));
585 selector.getPrivateKeyValid().setTime(200);
586 assertTrue("The returned date should be equal to specified",
587 date1.equals(selector.getPrivateKeyValid()));
588 assertFalse("The returned date should differ",
589 date2.equals(selector.getPrivateKeyValid()));
590 }
591
592 /**
593 * java.security.cert.X509CertSelector#getSerialNumber()
594 */
595 public void test_getSerialNumber() {
596 BigInteger ser1 = new BigInteger("10000");
597 BigInteger ser2 = new BigInteger("10001");
598 X509CertSelector selector = new X509CertSelector();
599
600 assertNull("Selector should return null", selector.getSerialNumber());
601 selector.setSerialNumber(ser1);
602 assertEquals("The returned serial number should be equal to specified",
603 ser1, selector.getSerialNumber());
604 assertFalse("The returned serial number should differ",
605 ser2.equals(selector.getSerialNumber()));
606 }
607
608 /**
609 * java.security.cert.X509CertSelector#getSubject()
610 */
611 public void test_getSubject() {
612 X500Principal sub1 = new X500Principal("O=First Org.");
613 X500Principal sub2 = new X500Principal("O=Second Org.");
614 X509CertSelector selector = new X509CertSelector();
615
616 assertNull("Selector should return null", selector.getSubject());
617 selector.setSubject(sub1);
618 assertEquals("The returned subject should be equal to specified", sub1,
619 selector.getSubject());
620 assertFalse("The returned subject should differ",
621 sub2.equals(selector.getSubject()));
622 }
623
624 /**
625 * java.security.cert.X509CertSelector#getSubjectAlternativeNames()
626 */
627 public void test_getSubjectAlternativeNames() throws Exception {
628 GeneralName san1 = new GeneralName(1, "rfc@822.Name");
629 GeneralName san2 = new GeneralName(2, "dNSName");
630
631 GeneralNames sans = new GeneralNames();
632 sans.addName(san1);
633 sans.addName(san2);
634
635 TestCert cert_1 = new TestCert(sans);
636 X509CertSelector selector = new X509CertSelector();
637
638 assertNull("Selector should return null",
639 selector.getSubjectAlternativeNames());
640
641 selector.setSubjectAlternativeNames(sans.getPairsList());
642 assertTrue("The certificate should match the selection criteria.",
643 selector.match(cert_1));
644 selector.getSubjectAlternativeNames().clear();
645 assertTrue("The modification of initialization object "
646 + "should not affect the modification "
647 + "of internal object.",
648 selector.match(cert_1));
649 }
650
651 /**
652 * java.security.cert.X509CertSelector#getSubjectAsBytes()
653 */
654 public void test_getSubjectAsBytes() throws Exception {
655 byte[] name1 = new byte[]
656 // manually obtained DER encoding of "O=First Org." issuer name;
657 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115,
658 116, 32, 79, 114, 103, 46 };
659 byte[] name2 = new byte[]
660 // manually obtained DER encoding of "O=Second Org." issuer name;
661 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111,
662 110, 100, 32, 79, 114, 103, 46 };
663
664 X500Principal sub1 = new X500Principal(name1);
665 X500Principal sub2 = new X500Principal(name2);
666 X509CertSelector selector = new X509CertSelector();
667
668 assertNull("Selector should return null",
669 selector.getSubjectAsBytes());
670 selector.setSubject(sub1);
671 assertTrue("The returned issuer should be equal to specified",
672 Arrays.equals(name1, selector.getSubjectAsBytes()));
673 assertFalse("The returned issuer should differ",
674 name2.equals(selector.getSubjectAsBytes()));
675 selector.setSubject(sub2);
676 assertTrue("The returned issuer should be equal to specified",
677 Arrays.equals(name2, selector.getSubjectAsBytes()));
678 }
679
680 /**
681 * java.security.cert.X509CertSelector#getSubjectAsString()
682 */
683 public void test_getSubjectAsString() {
684 String name1 = "O=First Org.";
685 String name2 = "O=Second Org.";
686 X500Principal sub1 = new X500Principal(name1);
687 X500Principal sub2 = new X500Principal(name2);
688 X509CertSelector selector = new X509CertSelector();
689
690 assertNull("Selector should return null", selector.getSubjectAsString());
691 selector.setSubject(sub1);
692 assertEquals("The returned subject should be equal to specified",
693 name1, selector.getSubjectAsString());
694 assertFalse("The returned subject should differ",
695 name2.equals(selector.getSubjectAsString()));
696 selector.setSubject(sub2);
697 assertEquals("The returned subject should be equal to specified",
698 name2, selector.getSubjectAsString());
699 }
700
701 /**
702 * java.security.cert.X509CertSelector#getSubjectKeyIdentifier()
703 */
704 public void test_getSubjectKeyIdentifier() {
705 byte[] skid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value
706 byte[] skid2 = new byte[] { 4, 5, 5, 4, 3, 2, 1 }; // random value
707 X509CertSelector selector = new X509CertSelector();
708
709 assertNull("Selector should return null", selector.getSubjectKeyIdentifier());
710 selector.setSubjectKeyIdentifier(skid1);
711 assertTrue("The returned keyID should be equal to specified",
712 Arrays.equals(skid1, selector.getSubjectKeyIdentifier()));
713 selector.getSubjectKeyIdentifier()[0]++;
714 assertTrue("The returned keyID should be equal to specified",
715 Arrays.equals(skid1, selector.getSubjectKeyIdentifier()));
716 assertFalse("The returned keyID should differ",
717 Arrays.equals(skid2, selector.getSubjectKeyIdentifier()));
718 }
719
720 /**
721 * java.security.cert.X509CertSelector#getSubjectPublicKey()
722 */
723 public void test_getSubjectPublicKey() throws Exception {
724
725 // SubjectPublicKeyInfo ::= SEQUENCE {
726 // algorithm AlgorithmIdentifier,
727 // subjectPublicKey BIT STRING }
728 byte[] enc = { 0x30, 0x0E, // SEQUENCE
729 0x30, 0x07, // SEQUENCE
730 0x06, 0x02, 0x03, 0x05,// OID
731 0x01, 0x01, 0x07, // ANY
732 0x03, 0x03, 0x01, 0x01, 0x06, // subjectPublicKey
733 };
734
735 X509CertSelector selector = new X509CertSelector();
736
737 selector.setSubjectPublicKey(enc);
738 PublicKey key = selector.getSubjectPublicKey();
739 assertEquals("0.3.5", key.getAlgorithm());
740 assertEquals("X.509", key.getFormat());
741 assertTrue(Arrays.equals(enc, key.getEncoded()));
742 assertNotNull(key.toString());
743
744 key = new MyPublicKey();
745
746 selector.setSubjectPublicKey(key);
747 PublicKey keyActual = selector.getSubjectPublicKey();
748 assertEquals(key, keyActual);
749 assertEquals(key.getAlgorithm(), keyActual.getAlgorithm());
750 }
751
752 /**
753 * java.security.cert.X509CertSelector#getSubjectPublicKeyAlgID()
754 */
755 public void test_getSubjectPublicKeyAlgID() throws Exception {
756
757 X509CertSelector selector = new X509CertSelector();
758 String[] validOIDs = { "0.0.20", "1.25.0", "2.0.39", "0.2.10", "1.35.15", "2.17.89" };
759
760 assertNull("Selector should return null", selector.getSubjectPublicKeyAlgID());
761
762 for (int i = 0; i < validOIDs.length; i++) {
763 try {
764 selector.setSubjectPublicKeyAlgID(validOIDs[i]);
765 assertEquals(validOIDs[i], selector.getSubjectPublicKeyAlgID());
766 } catch (IOException e) {
767 System.out.println("t = " + e.getMessage());
768 //fail("Unexpected exception " + e.getMessage());
769 }
770 }
771
772 String pkaid1 = "1.2.840.113549.1.1.1"; // RSA encryption
773 String pkaid2 = "1.2.840.113549.1.1.4"; // MD5 with RSA encryption
774
775 selector.setSubjectPublicKeyAlgID(pkaid1);
776 assertTrue("The returned oid should be equal to specified",
777 pkaid1.equals(selector.getSubjectPublicKeyAlgID()));
778 assertFalse("The returned oid should differ",
779 pkaid2.equals(selector.getSubjectPublicKeyAlgID()));
780 }
781
782 /**
783 * java.security.cert.X509CertSelector#match(java.security.cert.Certificate)
784 */
785 public void test_matchLjava_security_cert_Certificate() throws Exception {
786 X509CertSelector selector = new X509CertSelector();
787 assertFalse(selector.match(null));
788
789 CertificateFactory certFact = CertificateFactory.getInstance("X509");
790 X509Certificate cert1 = (X509Certificate)
791 certFact.generateCertificate(new ByteArrayInputStream(
792 TestUtils.getX509Certificate_v3()));
793
794 X509Certificate cert2 = (X509Certificate)
795 certFact.generateCertificate(new ByteArrayInputStream(
796 TestUtils.getX509Certificate_v1()));
797
798 selector.setCertificate(cert1);
799 assertTrue(selector.match(cert1));
800 assertFalse(selector.match(cert2));
801
802 selector.setCertificate(cert2);
803 assertFalse(selector.match(cert1));
804 assertTrue(selector.match(cert2));
805 }
806
807 /**
808 * java.security.cert.X509CertSelector#setAuthorityKeyIdentifier(byte[])
809 */
810 public void test_setAuthorityKeyIdentifierLB$() throws Exception {
811 X509CertSelector selector = new X509CertSelector();
812
813 byte[] akid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value
814 byte[] akid2 = new byte[] { 5, 4, 3, 2, 1 }; // random value
815 TestCert cert1 = new TestCert(akid1);
816 TestCert cert2 = new TestCert(akid2);
817
818 selector.setAuthorityKeyIdentifier(null);
819 assertTrue("The certificate should match the selection criteria.",
820 selector.match(cert1));
821 assertTrue("The certificate should match the selection criteria.",
822 selector.match(cert2));
823 assertNull(selector.getAuthorityKeyIdentifier());
824
825 selector.setAuthorityKeyIdentifier(akid1);
826 assertTrue("The certificate should not match the selection criteria.",
827 selector.match(cert1));
828 assertFalse("The certificate should not match the selection criteria.",
829 selector.match(cert2));
830 selector.setAuthorityKeyIdentifier(akid2);
831 assertFalse("The certificate should not match the selection criteria.",
832 selector.match(cert1));
833 assertTrue("The certificate should not match the selection criteria.",
834 selector.match(cert2));
835
836 akid2[0]++;
837 assertTrue("The certificate should match the selection criteria.",
838 selector.match(cert2));
839 }
840
841 /**
842 * java.security.cert.X509CertSelector#setBasicConstraints(int)
843 */
844 public void test_setBasicConstraintsLint() {
845 X509CertSelector selector = new X509CertSelector();
846 int[] invalidValues = { -3, -4, -5, 1000000000 };
847 for (int i = 0; i < invalidValues.length; i++) {
848 try {
849 selector.setBasicConstraints(-3);
850 } catch (IllegalArgumentException expected) {
851 }
852 }
853
854 int[] validValues = { -2, -1, 0, 1, 2, 3, 10, 20 };
855 for (int i = 0; i < validValues.length; i++) {
856 selector.setBasicConstraints(validValues[i]);
857 assertEquals(validValues[i], selector.getBasicConstraints());
858 }
859 }
860
861 /**
862 * java.security.cert.X509CertSelector#setCertificate(java.security.cert.Certificate)
863 */
864 public void test_setCertificateLjava_security_cert_X509Certificate()
865 throws Exception {
866
867 TestCert cert1 = new TestCert("same certificate");
868 TestCert cert2 = new TestCert("other certificate");
869 X509CertSelector selector = new X509CertSelector();
870
871 selector.setCertificate(null);
872 assertTrue("Any certificates should match in the case of null "
873 + "certificateEquals criteria.",
874 selector.match(cert1) && selector.match(cert2));
875 selector.setCertificate(cert1);
876 assertTrue("The certificate should match the selection criteria.",
877 selector.match(cert1));
878 assertFalse("The certificate should not match the selection criteria.",
879 selector.match(cert2));
880 selector.setCertificate(cert2);
881 assertTrue("The certificate should match the selection criteria.",
882 selector.match(cert2));
883 selector.setCertificate(null);
884 assertNull(selector.getCertificate());
885 }
886
887 /**
888 * java.security.cert.X509CertSelector#setCertificateValid(java.util.Date)
889 */
890 public void test_setCertificateValidLjava_util_Date()
891 throws Exception {
892 X509CertSelector selector = new X509CertSelector();
893
894 Date date1 = new Date(100);
895 Date date2 = new Date(200);
896 TestCert cert1 = new TestCert(date1);
897 TestCert cert2 = new TestCert(date2);
898
899 selector.setCertificateValid(null);
900 assertNull(selector.getCertificateValid());
901 selector.setCertificateValid(date1);
902 assertTrue("The certificate should match the selection criteria.",
903 selector.match(cert1));
904 assertFalse("The certificate should not match the selection criteria.",
905 selector.match(cert2));
906 selector.setCertificateValid(date2);
907 date2.setTime(300);
908 assertTrue("The certificate should match the selection criteria.",
909 selector.match(cert2));
910 }
911
912 /**
913 * java.security.cert.X509CertSelector#setExtendedKeyUsage(Set<String>)
914 */
915 public void test_setExtendedKeyUsageLjava_util_Set() throws Exception {
916 HashSet<String> ku1 = new HashSet<String>(Arrays.asList(new String[] {
917 "1.3.6.1.5.5.7.3.1",
918 "1.3.6.1.5.5.7.3.2",
919 "1.3.6.1.5.5.7.3.3",
920 "1.3.6.1.5.5.7.3.4",
921 "1.3.6.1.5.5.7.3.8",
922 "1.3.6.1.5.5.7.3.9",
923 "1.3.6.1.5.5.7.3.5",
924 "1.3.6.1.5.5.7.3.6",
925 "1.3.6.1.5.5.7.3.7"
926 }));
927 HashSet<String> ku2 = new HashSet<String>(Arrays.asList(new String[] {
928 "1.3.6.1.5.5.7.3.1",
929 "1.3.6.1.5.5.7.3.2",
930 "1.3.6.1.5.5.7.3.3",
931 "1.3.6.1.5.5.7.3.4",
932 "1.3.6.1.5.5.7.3.8",
933 "1.3.6.1.5.5.7.3.9",
934 "1.3.6.1.5.5.7.3.5",
935 "1.3.6.1.5.5.7.3.6"
936 }));
937 TestCert cert1 = new TestCert(ku1);
938 TestCert cert2 = new TestCert(ku2);
939
940 X509CertSelector selector = new X509CertSelector();
941
942 selector.setExtendedKeyUsage(null);
943 assertTrue("Any certificate should match in the case of null "
944 + "extendedKeyUsage criteria.",
945 selector.match(cert1)&& selector.match(cert2));
946 selector.setExtendedKeyUsage(ku1);
947 assertEquals(ku1, selector.getExtendedKeyUsage());
948
949 selector.setExtendedKeyUsage(ku2);
950 assertEquals(ku2, selector.getExtendedKeyUsage());
951 }
952
953 /**
954 * java.security.cert.X509CertSelector#setIssuer(byte[])
955 */
956 public void test_setIssuerLB$() throws Exception {
957 byte[] name1 = new byte[]
958 // manually obtained DER encoding of "O=First Org." issuer name;
959 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115,
960 116, 32, 79, 114, 103, 46 };
961 byte[] name2 = new byte[]
962 // manually obtained DER encoding of "O=Second Org." issuer name;
963 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111,
964 110, 100, 32, 79, 114, 103, 46 };
965 X500Principal iss1 = new X500Principal(name1);
966 X500Principal iss2 = new X500Principal(name2);
967 TestCert cert1 = new TestCert(iss1);
968 TestCert cert2 = new TestCert(iss2);
969
970 X509CertSelector selector = new X509CertSelector();
971
972 selector.setIssuer((byte[]) null);
973 assertTrue("Any certificates should match "
974 + "in the case of null issuer criteria.", selector.match(cert1)
975 && selector.match(cert2));
976 selector.setIssuer(name1);
977 assertTrue("The certificate should match the selection criteria.",
978 selector.match(cert1));
979 assertFalse("The certificate should not match the selection criteria.",
980 selector.match(cert2));
981 selector.setIssuer(name2);
982 assertTrue("The certificate should match the selection criteria.",
983 selector.match(cert2));
984 }
985
986 /**
987 * java.security.cert.X509CertSelector#setIssuer(java.lang.String)
988 */
989 public void test_setIssuerLjava_lang_String() throws Exception {
990
991 String name1 = "O=First Org.";
992 String name2 = "O=Second Org.";
993 X500Principal iss1 = new X500Principal(name1);
994 X500Principal iss2 = new X500Principal(name2);
995 TestCert cert1 = new TestCert(iss1);
996 TestCert cert2 = new TestCert(iss2);
997
998 X509CertSelector selector = new X509CertSelector();
999
1000 selector.setIssuer((String) null);
1001 assertTrue("Any certificates should match "
1002 + "in the case of null issuer criteria.",
1003 selector.match(cert1) && selector.match(cert2));
1004 selector.setIssuer(name1);
1005 assertTrue("The certificate should match the selection criteria.",
1006 selector.match(cert1));
1007 assertFalse("The certificate should not match the selection criteria.",
1008 selector.match(cert2));
1009 selector.setIssuer(name2);
1010 assertTrue("The certificate should match the selection criteria.",
1011 selector.match(cert2));
1012 }
1013
1014 /**
1015 * java.security.cert.X509CertSelector#setIssuer(javax.security.auth.x500.X500Principal)
1016 */
1017 public void test_setIssuerLjavax_security_auth_x500_X500Principal()
1018 throws Exception {
1019 X500Principal iss1 = new X500Principal("O=First Org.");
1020 X500Principal iss2 = new X500Principal("O=Second Org.");
1021 TestCert cert1 = new TestCert(iss1);
1022 TestCert cert2 = new TestCert(iss2);
1023 X509CertSelector selector = new X509CertSelector();
1024
1025 selector.setIssuer((X500Principal) null);
1026 assertTrue("Any certificates should match "
1027 + "in the case of null issuer criteria.",
1028 selector.match(cert1) && selector.match(cert2));
1029 selector.setIssuer(iss1);
1030 assertTrue("The certificate should match the selection criteria.",
1031 selector.match(cert1));
1032 assertFalse("The certificate should not match the selection criteria.",
1033 selector.match(cert2));
1034 selector.setIssuer(iss2);
1035 assertTrue("The certificate should match the selection criteria.",
1036 selector.match(cert2));
1037 }
1038
1039 /**
1040 * java.security.cert.X509CertSelector#setKeyUsage(boolean)
1041 */
1042 public void test_setKeyUsageZ() throws Exception {
1043 boolean[] ku1 = new boolean[] { true, true, true, true, true, true,
1044 true, true, true };
1045 // decipherOnly is disallowed
1046 boolean[] ku2 = new boolean[] { true, true, true, true, true, true,
1047 true, true, false };
1048 TestCert cert1 = new TestCert(ku1);
1049 TestCert cert2 = new TestCert(ku2);
1050 TestCert cert3 = new TestCert((boolean[]) null);
1051
1052 X509CertSelector selector = new X509CertSelector();
1053
1054 selector.setKeyUsage(null);
1055 assertTrue("Any certificate should match in the case of null keyUsage criteria.",
1056 selector.match(cert1) && selector.match(cert2));
1057 selector.setKeyUsage(ku1);
1058 assertTrue("The certificate should match the selection criteria.",
1059 selector.match(cert1));
1060 assertFalse("The certificate should not match the selection criteria.",
1061 selector.match(cert2));
1062 assertTrue("The certificate which does not have a keyUsage extension "
1063 + "implicitly allows all keyUsage values.",
1064 selector.match(cert3));
1065 selector.setKeyUsage(ku2);
1066 ku2[0] = !ku2[0];
1067 assertTrue("The certificate should match the selection criteria.",
1068 selector.match(cert2));
1069 }
1070
1071 /**
1072 * java.security.cert.X509CertSelector#setMatchAllSubjectAltNames(boolean)
1073 */
1074 public void test_setMatchAllSubjectAltNamesZ() {
1075 TestCert cert = new TestCert();
1076 X509CertSelector selector = new X509CertSelector();
1077
1078 assertTrue(selector.match(cert));
1079
1080 assertFalse(selector.match(null));
1081 }
1082
1083 /**
1084 * java.security.cert.X509CertSelector#setNameConstraints(byte[]
1085 * bytes)
1086 */
1087 public void test_setNameConstraintsLB$() throws IOException {
1088// GeneralName[] name_constraints = new GeneralName[] {
1089// new GeneralName(1, "822.Name"),
1090// new GeneralName(1, "rfc@822.Name"),
1091// new GeneralName(2, "Name.org"),
1092// new GeneralName(2, "dNS.Name.org"),
1093//
1094// new GeneralName(6, "http://Resource.Id"),
1095// new GeneralName(6, "http://uniform.Resource.Id"),
1096// new GeneralName(7, "1.1.1.1"),
1097//
1098// new GeneralName(new byte[] { 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1099// 1, 1, 1, 1, 1 }), };
1100//
1101// for (int i = 0; i < name_constraints.length; i++) {
1102// GeneralSubtree subtree = new GeneralSubtree(name_constraints[i]);
1103// GeneralSubtrees subtrees = new GeneralSubtrees();
1104// subtrees.addSubtree(subtree);
1105// NameConstraints constraints = new NameConstraints(subtrees,
1106// subtrees);
1107// }
1108 X509CertSelector selector = new X509CertSelector();
1109
1110 for (int i = 0; i < constraintBytes.length; i++) {
1111 selector.setNameConstraints(constraintBytes[i]);
1112 assertTrue(Arrays.equals(constraintBytes[i], selector.getNameConstraints()));
1113 }
1114 }
1115
1116 /**
1117 * java.security.cert.X509CertSelector#setPathToNames(Collection<List<?>>)
1118 */
1119 public void test_setPathToNamesLjava_util_Collection() throws Exception {
1120 GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5",
1121 new byte[] { 1, 2, 0, 1 }));
1122 GeneralName san1 = new GeneralName(1, "rfc@822.Name");
1123 GeneralName san2 = new GeneralName(2, "dNSName");
1124 GeneralName san3 = new GeneralName(new ORAddress());
1125 GeneralName san4 = new GeneralName(new Name("O=Organization"));
1126 GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
1127 GeneralName san7 = new GeneralName(7, "1.1.1.1");
1128 GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
1129
1130 GeneralNames sans1 = new GeneralNames();
1131 sans1.addName(san0);
1132 sans1.addName(san1);
1133 sans1.addName(san2);
1134 sans1.addName(san3);
1135 sans1.addName(san4);
1136 sans1.addName(san6);
1137 sans1.addName(san7);
1138 sans1.addName(san8);
1139 GeneralNames sans2 = new GeneralNames();
1140 sans2.addName(san0);
1141
1142 TestCert cert1 = new TestCert(sans1);
1143 TestCert cert2 = new TestCert(sans2);
1144 X509CertSelector selector = new X509CertSelector();
1145 selector.setMatchAllSubjectAltNames(true);
1146
1147 selector.setPathToNames(null);
1148 assertTrue("Any certificate should match in the case of null "
1149 + "subjectAlternativeNames criteria.",
1150 selector.match(cert1) && selector.match(cert2));
1151
1152 Collection<List<?>> sans = sans1.getPairsList();
1153
1154 selector.setPathToNames(sans);
1155 selector.getPathToNames();
1156 }
1157
1158 /**
1159 * java.security.cert.X509CertSelector#setPolicy(Set<String>)
1160 */
1161 public void test_setPolicyLjava_util_Set() throws IOException {
1162 String[] policies1 = new String[] {
1163 "1.3.6.1.5.5.7.3.1",
1164 "1.3.6.1.5.5.7.3.2",
1165 "1.3.6.1.5.5.7.3.3",
1166 "1.3.6.1.5.5.7.3.4",
1167 "1.3.6.1.5.5.7.3.8",
1168 "1.3.6.1.5.5.7.3.9",
1169 "1.3.6.1.5.5.7.3.5",
1170 "1.3.6.1.5.5.7.3.6",
1171 "1.3.6.1.5.5.7.3.7"
1172 };
1173
1174 String[] policies2 = new String[] { "1.3.6.7.3.1" };
1175
1176 HashSet<String> p1 = new HashSet<String>(Arrays.asList(policies1));
1177 HashSet<String> p2 = new HashSet<String>(Arrays.asList(policies2));
1178
1179 X509CertSelector selector = new X509CertSelector();
1180
1181 TestCert cert1 = new TestCert(policies1);
1182 TestCert cert2 = new TestCert(policies2);
1183
1184 selector.setPolicy(null);
1185 assertTrue("Any certificate should match in the case of null "
1186 + "privateKeyValid criteria.",
1187 selector.match(cert1) && selector.match(cert2));
1188
1189 selector.setPolicy(p1);
1190 assertTrue("The certificate should match the selection criteria.",
1191 selector.match(cert1));
1192 assertFalse("The certificate should not match the selection criteria.",
1193 selector.match(cert2));
1194
1195 selector.setPolicy(p2);
1196 assertFalse("The certificate should not match the selection criteria.",
1197 selector.match(cert1));
1198 assertTrue("The certificate should match the selection criteria.",
1199 selector.match(cert2));
1200 }
1201
1202 /**
1203 * java.security.cert.X509CertSelector#setPrivateKeyValid(java.util.Date)
1204 */
1205 public void test_setPrivateKeyValidLjava_util_Date()
1206 throws Exception {
1207 Date date1 = new Date(100000000);
1208 Date date2 = new Date(200000000);
1209 Date date3 = new Date(300000000);
1210 Date date4 = new Date(150000000);
1211 Date date5 = new Date(250000000);
1212 TestCert cert1 = new TestCert(date1, date2);
1213 TestCert cert2 = new TestCert(date2, date3);
1214
1215 X509CertSelector selector = new X509CertSelector();
1216
1217 selector.setPrivateKeyValid(null);
1218 assertTrue("Any certificate should match in the case of null "
1219 + "privateKeyValid criteria.",
1220 selector.match(cert1) && selector.match(cert2));
1221 selector.setPrivateKeyValid(date4);
1222 assertTrue("The certificate should match the selection criteria.",
1223 selector.match(cert1));
1224 assertFalse("The certificate should not match the selection criteria.",
1225 selector.match(cert2));
1226 selector.setPrivateKeyValid(date5);
1227 date5.setTime(date4.getTime());
1228 assertTrue("The certificate should match the selection criteria.",
1229 selector.match(cert2));
1230 }
1231
1232 /**
1233 * java.security.cert.X509CertSelector#setSerialNumber(java.math.BigInteger)
1234 */
1235 public void test_setSerialNumberLjava_math_BigInteger()
1236 throws Exception {
1237 BigInteger ser1 = new BigInteger("10000");
1238 BigInteger ser2 = new BigInteger("10001");
1239 TestCert cert1 = new TestCert(ser1);
1240 TestCert cert2 = new TestCert(ser2);
1241 X509CertSelector selector = new X509CertSelector();
1242
1243 selector.setSerialNumber(null);
1244 assertTrue("Any certificate should match in the case of null "
1245 + "serialNumber criteria.",
1246 selector.match(cert1) && selector.match(cert2));
1247 selector.setSerialNumber(ser1);
1248 assertTrue("The certificate should match the selection criteria.",
1249 selector.match(cert1));
1250 assertFalse("The certificate should not match the selection criteria.",
1251 selector.match(cert2));
1252 selector.setSerialNumber(ser2);
1253 assertTrue("The certificate should match the selection criteria.",
1254 selector.match(cert2));
1255 }
1256
1257 /**
1258 * java.security.cert.X509CertSelector#setSubject(byte[])
1259 */
1260 public void test_setSubjectLB$() throws Exception {
1261 byte[] name1 = new byte[]
1262 // manually obtained DER encoding of "O=First Org." issuer name;
1263 { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115,
1264 116, 32, 79, 114, 103, 46 };
1265 byte[] name2 = new byte[]
1266 // manually obtained DER encoding of "O=Second Org." issuer name;
1267 { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111,
1268 110, 100, 32, 79, 114, 103, 46 };
1269 X500Principal sub1 = new X500Principal(name1);
1270 X500Principal sub2 = new X500Principal(name2);
1271 TestCert cert1 = new TestCert(sub1);
1272 TestCert cert2 = new TestCert(sub2);
1273
1274 X509CertSelector selector = new X509CertSelector();
1275
1276 selector.setSubject((byte[]) null);
1277 assertTrue("Any certificates should match "
1278 + "in the case of null issuer criteria.",
1279 selector.match(cert1) && selector.match(cert2));
1280 selector.setSubject(name1);
1281 assertTrue("The certificate should match the selection criteria.",
1282 selector.match(cert1));
1283 assertFalse("The certificate should not match the selection criteria.",
1284 selector.match(cert2));
1285 selector.setSubject(name2);
1286 assertTrue("The certificate should match the selection criteria.",
1287 selector.match(cert2));
1288 }
1289
1290 /**
1291 * java.security.cert.X509CertSelector#setSubject(java.lang.String)
1292 */
1293 public void test_setSubjectLjava_lang_String() throws Exception {
1294 String name1 = "O=First Org.";
1295 String name2 = "O=Second Org.";
1296 X500Principal sub1 = new X500Principal(name1);
1297 X500Principal sub2 = new X500Principal(name2);
1298 TestCert cert1 = new TestCert(sub1);
1299 TestCert cert2 = new TestCert(sub2);
1300 X509CertSelector selector = new X509CertSelector();
1301
1302 selector.setSubject((String) null);
1303 assertTrue("Any certificates should match "
1304 + "in the case of null subject criteria.",
1305 selector.match(cert1) && selector.match(cert2));
1306 selector.setSubject(name1);
1307 assertTrue("The certificate should match the selection criteria.",
1308 selector.match(cert1));
1309 assertFalse("The certificate should not match the selection criteria.",
1310 selector.match(cert2));
1311 selector.setSubject(name2);
1312 assertTrue("The certificate should match the selection criteria.",
1313 selector.match(cert2));
1314 }
1315
1316 /**
1317 * java.security.cert.X509CertSelector#setSubject(javax.security.auth.x500.X500Principal)
1318 */
1319 public void test_setSubjectLjavax_security_auth_x500_X500Principal()
1320 throws Exception {
1321 X500Principal sub1 = new X500Principal("O=First Org.");
1322 X500Principal sub2 = new X500Principal("O=Second Org.");
1323 TestCert cert1 = new TestCert(sub1);
1324 TestCert cert2 = new TestCert(sub2);
1325 X509CertSelector selector = new X509CertSelector();
1326
1327 selector.setSubject((X500Principal) null);
1328 assertTrue("Any certificates should match "
1329 + "in the case of null subjcet criteria.",
1330 selector.match(cert1) && selector.match(cert2));
1331 selector.setSubject(sub1);
1332 assertTrue("The certificate should match the selection criteria.",
1333 selector.match(cert1));
1334 assertFalse("The certificate should not match the selection criteria.",
1335 selector.match(cert2));
1336 selector.setSubject(sub2);
1337 assertTrue("The certificate should match the selection criteria.",
1338 selector.match(cert2));
1339 }
1340
1341 /**
1342 * java.security.cert.X509CertSelector#setSubjectAlternativeNames(Collection<List<?>>)
1343 */
1344 public void test_setSubjectAlternativeNamesLjava_util_Collection() throws Exception {
1345
1346 GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5",
1347 new byte[] { 1, 2, 0, 1 }));
1348 GeneralName san1 = new GeneralName(1, "rfc@822.Name");
1349 GeneralName san2 = new GeneralName(2, "dNSName");
1350 GeneralName san3 = new GeneralName(new ORAddress());
1351 GeneralName san4 = new GeneralName(new Name("O=Organization"));
1352 GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
1353 GeneralName san7 = new GeneralName(7, "1.1.1.1");
1354 GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
1355
1356 GeneralNames sans1 = new GeneralNames();
1357 sans1.addName(san0);
1358 sans1.addName(san1);
1359 sans1.addName(san2);
1360 sans1.addName(san3);
1361 sans1.addName(san4);
1362 sans1.addName(san6);
1363 sans1.addName(san7);
1364 sans1.addName(san8);
1365 GeneralNames sans2 = new GeneralNames();
1366 sans2.addName(san0);
1367
1368 TestCert cert1 = new TestCert(sans1);
1369 TestCert cert2 = new TestCert(sans2);
1370 X509CertSelector selector = new X509CertSelector();
1371 selector.setMatchAllSubjectAltNames(true);
1372
1373 selector.setSubjectAlternativeNames(null);
1374 assertTrue("Any certificate should match in the case of null "
1375 + "subjectAlternativeNames criteria.",
1376 selector.match(cert1) && selector.match(cert2));
1377
1378 Collection<List<?>> sans = sans1.getPairsList();
1379
1380 selector.setSubjectAlternativeNames(sans);
1381
1382 selector.getSubjectAlternativeNames();
1383 }
1384
1385 /**
1386 * java.security.cert.X509CertSelector#setSubjectKeyIdentifier(byte[])
1387 */
1388 public void test_setSubjectKeyIdentifierLB$() throws Exception {
1389 byte[] skid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value
1390 byte[] skid2 = new byte[] { 5, 4, 3, 2, 1 }; // random value
1391 TestCert cert1 = new TestCert(skid1);
1392 TestCert cert2 = new TestCert(skid2);
1393 X509CertSelector selector = new X509CertSelector();
1394
1395 selector.setSubjectKeyIdentifier(null);
1396 assertTrue("Any certificate should match in the case of null "
1397 + "serialNumber criteria.",
1398 selector.match(cert1) && selector.match(cert2));
1399 selector.setSubjectKeyIdentifier(skid1);
1400 assertTrue("The certificate should match the selection criteria.",
1401 selector.match(cert1));
1402 assertFalse("The certificate should not match the selection criteria.",
1403 selector.match(cert2));
1404 selector.setSubjectKeyIdentifier(skid2);
1405 skid2[0]++;
1406 assertTrue("The certificate should match the selection criteria.",
1407 selector.match(cert2));
1408 }
1409
1410 /**
1411 * java.security.cert.X509CertSelector#setSubjectPublicKey(byte[])
1412 */
1413 public void test_setSubjectPublicKeyLB$() throws Exception {
1414
1415 //SubjectPublicKeyInfo ::= SEQUENCE {
1416 // algorithm AlgorithmIdentifier,
1417 // subjectPublicKey BIT STRING }
1418 byte[] enc = { 0x30, 0x0E, // SEQUENCE
1419 0x30, 0x07, // SEQUENCE
1420 0x06, 0x02, 0x03, 0x05,//OID
1421 0x01, 0x01, 0x07, //ANY
1422 0x03, 0x03, 0x01, 0x01, 0x06, // subjectPublicKey
1423 };
1424
1425 X509CertSelector selector = new X509CertSelector();
1426
1427 selector.setSubjectPublicKey(enc);
1428 PublicKey key = selector.getSubjectPublicKey();
1429 assertEquals("0.3.5", key.getAlgorithm());
1430 assertEquals("X.509", key.getFormat());
1431 assertTrue(Arrays.equals(enc, key.getEncoded()));
1432 assertNotNull(key.toString());
1433 }
1434
1435 /**
1436 * java.security.cert.X509CertSelector#setSubjectPublicKey(java.security.PublicKey key)
1437 */
1438 public void test_setSubjectPublicKeyLjava_security_PublicKey()
1439 throws Exception {
1440 PublicKey pkey1 = new TestKeyPair("RSA").getPublic();
1441 PublicKey pkey2 = new TestKeyPair("DSA").getPublic();
1442
1443 TestCert cert1 = new TestCert(pkey1);
1444 TestCert cert2 = new TestCert(pkey2);
1445 X509CertSelector selector = new X509CertSelector();
1446
1447 selector.setSubjectPublicKey((PublicKey) null);
1448 assertTrue("Any certificate should match in the case of null "
1449 + "subjectPublicKey criteria.",
1450 selector.match(cert1) && selector.match(cert2));
1451 selector.setSubjectPublicKey(pkey1);
1452 assertTrue("The certificate should match the selection criteria.",
1453 selector.match(cert1));
1454 assertFalse("The certificate should not match the selection criteria.",
1455 selector.match(cert2));
1456 selector.setSubjectPublicKey(pkey2);
1457 assertTrue("The certificate should match the selection criteria.",
1458 selector.match(cert2));
1459 }
1460
1461 /**
1462 * java.security.cert.X509CertSelector#setSubjectPublicKeyAlgID(java.lang.String)
1463 */
1464 public void test_setSubjectPublicKeyAlgIDLjava_lang_String() throws Exception {
1465
1466 X509CertSelector selector = new X509CertSelector();
1467 String pkaid1 = "1.2.840.113549.1.1.1"; // RSA (source:
1468 // http://asn1.elibel.tm.fr)
1469 String pkaid2 = "1.2.840.10040.4.1"; // DSA (source:
1470 // http://asn1.elibel.tm.fr)
1471 PublicKey pkey1 = new TestKeyPair("RSA").getPublic();;
1472 PublicKey pkey2 = new TestKeyPair("DSA").getPublic();;
1473
1474 TestCert cert1 = new TestCert(pkey1);
1475 TestCert cert2 = new TestCert(pkey2);
1476
1477 selector.setSubjectPublicKeyAlgID(null);
1478 assertTrue("Any certificate should match in the case of null "
1479 + "subjectPublicKeyAlgID criteria.",
1480 selector.match(cert1) && selector.match(cert2));
1481
1482 String[] validOIDs = {
1483 "0.0.20",
1484 "1.25.0",
1485 "2.0.39",
1486 "0.2.10",
1487 "1.35.15",
1488 "2.17.89",
1489 "2.5.29.16",
1490 "2.5.29.17",
1491 "2.5.29.30",
1492 "2.5.29.32",
1493 "2.5.29.37"
1494 };
1495
1496 for (int i = 0; i < validOIDs.length; i++) {
1497 selector.setSubjectPublicKeyAlgID(validOIDs[i]);
1498 assertEquals(validOIDs[i], selector.getSubjectPublicKeyAlgID());
1499 }
1500
1501 String[] invalidOIDs = { "0.20", "1.25", "2.39", "3.10" };
1502 for (int i = 0; i < invalidOIDs.length; i++) {
1503 try {
1504 selector.setSubjectPublicKeyAlgID(invalidOIDs[i]);
1505 fail("IOException wasn't thrown for " + invalidOIDs[i]);
1506 } catch (IOException expected) {
1507 }
1508 }
1509
1510 selector.setSubjectPublicKeyAlgID(pkaid1);
1511 assertTrue("The certificate should match the selection criteria.",
1512 selector.match(cert1));
1513 assertFalse("The certificate should not match the selection criteria.",
1514 selector.match(cert2));
1515 selector.setSubjectPublicKeyAlgID(pkaid2);
1516 assertTrue("The certificate should match the selection criteria.",
1517 selector.match(cert2));
1518 }
1519
1520 /**
1521 * java.security.cert.X509CertSelector#toString()
1522 */
1523 public void test_toString() {
1524 X509CertSelector selector = new X509CertSelector();
1525 assertNotNull(selector.toString());
1526 }
1527
1528 public class MyPublicKey implements PublicKey {
1529 private static final long serialVersionUID = 2899528375354645752L;
1530
1531 public MyPublicKey() {
1532 super();
1533 }
1534
1535 public String getAlgorithm() {
1536 return "PublicKey";
1537 }
1538
1539 public String getFormat() {
1540 return "Format";
1541 }
1542
1543 public byte[] getEncoded() {
1544 return new byte[0];
1545 }
1546
1547 public long getSerVerUID() {
1548 return serialVersionUID;
1549 }
1550 }
1551
1552 private class TestCert extends X509Certificate {
1553
1554 private static final long serialVersionUID = 176676115254260405L;
1555
1556 /* Stuff fields */
1557 protected String equalCriteria = null; // to simplify method equals()
1558
1559 protected BigInteger serialNumber = null;
1560
1561 protected X500Principal issuer = null;
1562
1563 protected X500Principal subject = null;
1564
1565 protected byte[] keyIdentifier = null;
1566
1567 protected Date date = null;
1568
1569 protected Date notBefore = null;
1570
1571 protected Date notAfter = null;
1572
1573 protected PublicKey key = null;
1574
1575 protected boolean[] keyUsage = null;
1576
1577 protected List<String> extKeyUsage = null;
1578
1579 protected int pathLen = 1;
1580
1581 protected GeneralNames sans = null;
1582
1583 protected byte[] encoding = null;
1584
1585 protected String[] policies = null;
1586
1587 protected Collection<List<?>> collection = null;
1588
1589 protected NameConstraints nameConstraints = null;
1590
1591 /* Stuff methods */
1592 public TestCert() {
1593 }
1594
1595 public TestCert(GeneralNames sans) {
1596 setSubjectAlternativeNames(sans);
1597 }
1598
1599 public TestCert(NameConstraints nameConstraints) {
1600 this.nameConstraints = nameConstraints;
1601 }
1602
1603 public TestCert(Collection<List<?>> collection) {
1604 setCollection(collection);
1605 }
1606
1607 public TestCert(String equalCriteria) {
1608 setEqualCriteria(equalCriteria);
1609 }
1610
1611 public TestCert(String[] policies) {
1612 setPolicies(policies);
1613 }
1614
1615 public TestCert(BigInteger serial) {
1616 setSerialNumber(serial);
1617 }
1618
1619 public TestCert(X500Principal principal) {
1620 setIssuer(principal);
1621 setSubject(principal);
1622 }
1623
1624 public TestCert(byte[] array) {
1625 setKeyIdentifier(array);
1626 }
1627
1628 public TestCert(Date date) {
1629 setDate(date);
1630 }
1631
1632 public TestCert(Date notBefore, Date notAfter) {
1633 setPeriod(notBefore, notAfter);
1634 }
1635
1636 public TestCert(PublicKey key) {
1637 setPublicKey(key);
1638 }
1639
1640 public TestCert(boolean[] keyUsage) {
1641 setKeyUsage(keyUsage);
1642 }
1643
1644 public TestCert(Set<String> extKeyUsage) {
1645 setExtendedKeyUsage(extKeyUsage);
1646 }
1647
1648 public TestCert(int pathLen) {
1649 this.pathLen = pathLen;
1650 }
1651
1652 public void setSubjectAlternativeNames(GeneralNames sans) {
1653 this.sans = sans;
1654 }
1655
1656 public void setCollection(Collection<List<?>> collection) {
1657 this.collection = collection;
1658 }
1659
1660 public void setPolicies(String[] policies) {
1661 this.policies = policies;
1662 }
1663
1664 public void setExtendedKeyUsage(Set<String> extKeyUsage) {
1665 this.extKeyUsage = (extKeyUsage == null) ? null : new ArrayList<String>(extKeyUsage);
1666 }
1667
1668 public void setKeyUsage(boolean[] keyUsage) {
1669 this.keyUsage = (keyUsage == null) ? null : (boolean[]) keyUsage.clone();
1670 }
1671
1672 public void setPublicKey(PublicKey key) {
1673 this.key = key;
1674 }
1675
1676 public void setPeriod(Date notBefore, Date notAfter) {
1677 this.notBefore = notBefore;
1678 this.notAfter = notAfter;
1679 }
1680
1681 public void setSerialNumber(BigInteger serial) {
1682 this.serialNumber = serial;
1683 }
1684
1685 public void setEqualCriteria(String equalCriteria) {
1686 this.equalCriteria = equalCriteria;
1687 }
1688
1689 public void setIssuer(X500Principal issuer) {
1690 this.issuer = issuer;
1691 }
1692
1693 public void setSubject(X500Principal subject) {
1694 this.subject = subject;
1695 }
1696
1697 public void setKeyIdentifier(byte[] subjectKeyID) {
1698 this.keyIdentifier = (byte[]) subjectKeyID.clone();
1699 }
1700
1701 public void setDate(Date date) {
1702 this.date = new Date(date.getTime());
1703 }
1704
1705 public void setEncoding(byte[] encoding) {
1706 this.encoding = encoding;
1707 }
1708
1709 /* Method implementations */
1710 public boolean equals(Object cert) {
1711 if (cert == null) {
1712 return false;
1713 }
1714 if ((equalCriteria == null)
1715 || (((TestCert) cert).equalCriteria == null)) {
1716 return false;
1717 } else {
1718 return equalCriteria.equals(((TestCert) cert).equalCriteria);
1719 }
1720 }
1721
1722 public String toString() {
1723 if (equalCriteria != null) {
1724 return equalCriteria;
1725 }
1726 return "";
1727 }
1728
1729 public void checkValidity() throws CertificateExpiredException,
1730 CertificateNotYetValidException {
1731 }
1732
1733 public void checkValidity(Date date)
1734 throws CertificateExpiredException,
1735 CertificateNotYetValidException {
1736 if (this.date == null) {
1737 throw new CertificateExpiredException();
1738 }
1739 int result = this.date.compareTo(date);
1740 if (result > 0) {
1741 throw new CertificateExpiredException();
1742 }
1743 if (result < 0) {
1744 throw new CertificateNotYetValidException();
1745 }
1746 }
1747
1748 public int getVersion() {
1749 return 3;
1750 }
1751
1752 public BigInteger getSerialNumber() {
1753 return (serialNumber == null) ? new BigInteger("1111")
1754 : serialNumber;
1755 }
1756
1757 public Principal getIssuerDN() {
1758 return issuer;
1759 }
1760
1761 public X500Principal getIssuerX500Principal() {
1762 return issuer;
1763 }
1764
1765 public Principal getSubjectDN() {
1766 return subject;
1767 }
1768
1769 public X500Principal getSubjectX500Principal() {
1770 return subject;
1771 }
1772
1773 public Date getNotBefore() {
1774 return null;
1775 }
1776
1777 public Date getNotAfter() {
1778 return null;
1779 }
1780
1781 public byte[] getTBSCertificate() throws CertificateEncodingException {
1782 return null;
1783 }
1784
1785 public byte[] getSignature() {
1786 return null;
1787 }
1788
1789 public String getSigAlgName() {
1790 return null;
1791 }
1792
1793 public String getSigAlgOID() {
1794 return null;
1795 }
1796
1797 public byte[] getSigAlgParams() {
1798 return null;
1799 }
1800
1801 public boolean[] getIssuerUniqueID() {
1802 return null;
1803 }
1804
1805 public boolean[] getSubjectUniqueID() {
1806 return null;
1807 }
1808
1809 public boolean[] getKeyUsage() {
1810 return keyUsage;
1811 }
1812
1813 public List<String> getExtendedKeyUsage()
1814 throws CertificateParsingException {
1815 return extKeyUsage;
1816 }
1817
1818 public int getBasicConstraints() {
1819 return pathLen;
1820 }
1821
1822 public void verify(PublicKey key) throws CertificateException,
1823 NoSuchAlgorithmException, InvalidKeyException,
1824 NoSuchProviderException, SignatureException {
1825 }
1826
1827 public void verify(PublicKey key, String sigProvider)
1828 throws CertificateException, NoSuchAlgorithmException,
1829 InvalidKeyException, NoSuchProviderException,
1830 SignatureException {
1831 }
1832
1833 public PublicKey getPublicKey() {
1834 return key;
1835 }
1836
1837 public byte[] getEncoded() throws CertificateEncodingException {
1838 return encoding;
1839 }
1840
1841 public Set<String> getNonCriticalExtensionOIDs() {
1842 return null;
1843 }
1844
1845 public Set<String> getCriticalExtensionOIDs() {
1846 return null;
1847 }
1848
1849 public byte[] getExtensionValue(String oid) {
1850
1851 if (("2.5.29.14".equals(oid)) || ("2.5.29.35".equals(oid))) {
1852 // Extension value is represented as an OctetString
1853 return ASN1OctetString.getInstance().encode(keyIdentifier);
1854 }
1855 if ("2.5.29.16".equals(oid)) {
1856 PrivateKeyUsagePeriod pkup = new PrivateKeyUsagePeriod(
1857 notBefore, notAfter);
1858 byte[] encoded = pkup.getEncoded();
1859 return ASN1OctetString.getInstance().encode(encoded);
1860 }
1861 if (("2.5.29.37".equals(oid)) && (extKeyUsage != null)) {
1862 ASN1Oid[] oa = new ASN1Oid[extKeyUsage.size()];
1863 String[] val = new String[extKeyUsage.size()];
1864 Iterator it = extKeyUsage.iterator();
1865 int id = 0;
1866 while (it.hasNext()) {
1867 oa[id] = ASN1Oid.getInstanceForString();
1868 val[id++] = (String) it.next();
1869 }
1870 return ASN1OctetString.getInstance().encode(
1871 new ASN1Sequence(oa).encode(val));
1872 }
1873 if ("2.5.29.19".equals(oid)) {
1874 return ASN1OctetString.getInstance().encode(
1875 new ASN1Sequence(new ASN1Type[] {
1876 ASN1Boolean.getInstance(),
1877 ASN1Integer.getInstance() })
1878 .encode(new Object[] {
1879 new Boolean(pathLen != 1),
1880 BigInteger.valueOf(pathLen).toByteArray() }));
1881 }
1882 if ("2.5.29.17".equals(oid) && (sans != null)) {
1883 if (sans.getNames() == null) {
1884 return null;
1885 }
1886 return ASN1OctetString.getInstance().encode(
1887 GeneralNames.ASN1.encode(sans));
1888 }
1889 if ("2.5.29.32".equals(oid) && (policies != null)
1890 && (policies.length > 0)) {
1891 // Certificate Policies Extension (as specified in rfc 3280)
1892 CertificatePolicies certificatePolicies = new CertificatePolicies();
1893 for (int i = 0; i < policies.length; i++) {
1894 PolicyInformation policyInformation = new PolicyInformation(
1895 policies[i]);
1896 certificatePolicies.addPolicyInformation(policyInformation);
1897 }
1898 return ASN1OctetString.getInstance().encode(
1899 certificatePolicies.getEncoded());
1900 }
1901 if ("2.5.29.30".equals(oid) && (nameConstraints != null)) { //
1902 // Name
1903 // Constraints
1904 // Extension
1905 // (as
1906 // specified
1907 // in
1908 // rfc
1909 // 3280)
1910 return ASN1OctetString.getInstance().encode(
1911 nameConstraints.getEncoded());
1912 }
1913
1914 return null;
1915 }
1916
1917 public boolean hasUnsupportedCriticalExtension() {
1918 return false;
1919 }
1920
1921 }
1922
1923 public X509Certificate rootCertificate;
1924
1925 public X509Certificate endCertificate;
1926
1927 public MyCRL crl;
1928
1929 private X509CertSelector theCertSelector;
1930
1931 private CertPathBuilder builder;
1932
1933 private void setupEnvironment() throws Exception {
1934 // create certificates and CRLs
1935 CertificateFactory cf = CertificateFactory.getInstance("X.509");
1936 ByteArrayInputStream bi = new ByteArrayInputStream(TestUtils.rootCert.getBytes());
1937 rootCertificate = (X509Certificate) cf.generateCertificate(bi);
1938 bi = new ByteArrayInputStream(TestUtils.endCert.getBytes());
1939 endCertificate = (X509Certificate) cf.generateCertificate(bi);
1940
1941 BigInteger revokedSerialNumber = BigInteger.valueOf(1);
1942 crl = new MyCRL("X.509");
1943// X509CRL rootCRL = X509CRL;
1944// X509CRL interCRL = X509CRLExample.createCRL(interCert,
1945// interPair.getPrivate(),
1946// revokedSerialNumber);
1947
1948 // create CertStore to support path building
1949 List<Object> list = new ArrayList<Object>();
1950
1951 list.add(rootCertificate);
1952 list.add(endCertificate);
1953
1954// CollectionCertStoreParameters params = new CollectionCertStoreParameters(list);
1955// CertStore store = CertStore.getInstance("Collection", params);
1956//
1957 theCertSelector = new X509CertSelector();
1958 theCertSelector.setCertificate(endCertificate);
1959 theCertSelector.setIssuer(endCertificate.getIssuerX500Principal().getEncoded());
1960
1961 // build the path
1962 builder = CertPathBuilder.getInstance("PKIX");
1963
1964 }
1965
1966 private CertPath buildCertPath() throws InvalidAlgorithmParameterException {
1967 PKIXCertPathBuilderResult result = null;
1968 PKIXBuilderParameters buildParams = new PKIXBuilderParameters(
1969 Collections.singleton(new TrustAnchor(rootCertificate, null)),
1970 theCertSelector);
1971 try {
1972 result = (PKIXCertPathBuilderResult) builder.build(buildParams);
1973 } catch(CertPathBuilderException e) {
1974 return null;
1975 }
1976 return result.getCertPath();
1977 }
1978
1979 /**
1980 * java.security.cert.X509CertSelector#addPathToName(int, byte[])
1981 */
1982 public void test_addPathToNameLintLbyte_array2() throws Exception {
1983 TestUtils.initCertPathSSCertChain();
1984 setupEnvironment();
1985 byte[] bytes, bytesName;
1986 // GeneralName name = new GeneralName(1, "822.Name");
1987 // bytes = name.getEncoded();
1988 // bytesName = name.getEncodedName();
1989 bytes = new byte[] {-127, 8, 56, 50, 50, 46, 78, 97, 109, 101};
1990 bytesName = new byte[] {22, 8, 56, 50, 50, 46, 78, 97, 109, 101};
1991 bytes[bytes.length-3] = (byte) 200;
1992
1993 try {
1994 theCertSelector.addPathToName(1, bytes);
1995 } catch (IOException e) {
1996 // ok
1997 }
1998
1999 theCertSelector.setPathToNames(null);
2000
2001 theCertSelector.addPathToName(1, bytesName);
2002 assertNotNull(theCertSelector.getPathToNames());
2003 CertPath p = buildCertPath();
2004 assertNull(p);
2005
2006 theCertSelector.setPathToNames(null);
2007
2008// name = new GeneralName(new Name("O=Android"));
2009// theCertSelector.addPathToName(4, endCertificate.getSubjectDN().getName());
2010 theCertSelector.addPathToName(4, TestUtils.rootCertificateSS.getIssuerX500Principal().getEncoded());
2011 assertNotNull(theCertSelector.getPathToNames());
2012 p = TestUtils.buildCertPathSSCertChain();
2013 assertNotNull(p);
2014 }
2015
2016 /**
2017 * java.security.cert.X509CertSelector#addPathToName(int, String)
2018 */
2019 public void test_addPathToNameLintLjava_lang_String2() throws Exception {
2020 setupEnvironment();
2021 byte[] bytes, bytesName;
2022 // GeneralName name = new GeneralName(1, "822.Name");
2023 // bytes = name.getEncoded();
2024 // bytesName = name.getEncodedName();
2025 bytes = new byte[] {-127, 8, 56, 50, 50, 46, 78, 97, 109, 101};
2026 bytesName = new byte[] {22, 8, 56, 50, 50, 46, 78, 97, 109, 101};
2027 assertNotNull(bytes);
2028 byte[] b = new byte[bytes.length];
2029 b = bytes;
2030 b[bytes.length-3] = (byte) 200;
2031
2032 try {
2033 theCertSelector.addPathToName(1, new String(b));
2034 } catch (IOException e) {
2035 // ok
2036 }
2037
2038 theCertSelector.setPathToNames(null);
2039
2040 theCertSelector.addPathToName(1, new String(bytesName));
2041 assertNotNull(theCertSelector.getPathToNames());
2042
2043 CertPath p = buildCertPath();
2044 assertNull(p);
2045
2046 theCertSelector.setPathToNames(null);
2047 theCertSelector.addPathToName(1, rootCertificate.getIssuerX500Principal().getName());
2048 assertNotNull(theCertSelector.getPathToNames());
2049 //p = buildCertPath();
2050 //assertNotNull(p);
2051 }
2052
2053 /**
2054 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, byte[])
2055 */
2056 public void test_addSubjectAlternativeNameLintLbyte_array2()
2057 throws Exception {
2058
2059
2060 GeneralName san0 = new GeneralName(new OtherName("1.2.3.4.5",
2061 new byte[] {1, 2, 0, 1}));
2062 GeneralName san1 = new GeneralName(1, "rfc@822.Name");
2063 GeneralName san2 = new GeneralName(2, "dNSName");
2064
2065 GeneralNames sans1 = new GeneralNames();
2066 sans1.addName(san0);
2067 sans1.addName(san1);
2068 sans1.addName(san2);
2069
2070 X509CertSelector selector = new X509CertSelector();
2071
2072 selector.addSubjectAlternativeName(0, san0.getEncodedName());
2073 selector.addSubjectAlternativeName(1, san1.getEncodedName());
2074 selector.addSubjectAlternativeName(2, san2.getEncodedName());
2075
2076 GeneralNames sans2 = new GeneralNames();
2077 sans2.addName(san0);
2078
2079 TestCert cert1 = new TestCert(sans1);
2080 TestCert cert2 = new TestCert(sans2);
2081
2082 assertTrue(selector.match(cert1));
2083 assertFalse(selector.match(cert2));
2084
2085 selector.setSubjectAlternativeNames(null);
2086
2087 GeneralName name = new GeneralName(new Name("O=Android"));
2088 try {
2089 selector.addSubjectAlternativeName(0, name.getEncodedName());
2090 } catch (IOException e) {
2091 // ok
2092 }
2093
2094 }
2095
2096 /**
2097 * java.security.cert.X509CertSelector#addSubjectAlternativeName(int, String)
2098 */
2099 public void test_addSubjectAlternativeNameLintLjava_lang_String2() throws Exception{
2100 GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
2101 GeneralName san2 = new GeneralName(2, "dNSName");
2102
2103 GeneralNames sans1 = new GeneralNames();
2104 sans1.addName(san6);
2105 sans1.addName(san2);
2106
2107 X509CertSelector selector = new X509CertSelector();
2108
2109 selector.addSubjectAlternativeName(6, "http://uniform.Resource.Id");
2110 selector.addSubjectAlternativeName(2, "dNSName");
2111
2112 GeneralNames sans2 = new GeneralNames();
2113 sans2.addName(san2);
2114
2115 TestCert cert1 = new TestCert(sans1);
2116 TestCert cert2 = new TestCert(sans2);
2117
2118 assertTrue(selector.match(cert1));
2119 assertFalse(selector.match(cert2));
2120
2121 selector.setSubjectAlternativeNames(null);
2122
2123 GeneralName name = new GeneralName(new Name("O=Android"));
2124 try {
2125 selector.addSubjectAlternativeName(0, (name.toString()));
2126 } catch (IOException e) {
2127 // ok
2128 }
2129
2130 }
2131}