You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@harmony.apache.org by ml...@apache.org on 2006/06/13 10:58:17 UTC
svn commit: r413841 [5/9] - in
/incubator/harmony/enhanced/classlib/trunk/modules/security/src:
main/java/common/java/security/ test/api/java.injected/java/security/
test/api/java/org/apache/harmony/security/tests/java/security/
test/impl/java.injected...
Modified: incubator/harmony/enhanced/classlib/trunk/modules/security/src/test/impl/java.injected/java/security/cert/X509CertSelectorTest.java
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/modules/security/src/test/impl/java.injected/java/security/cert/X509CertSelectorTest.java?rev=413841&r1=413840&r2=413841&view=diff
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/security/src/test/impl/java.injected/java/security/cert/X509CertSelectorTest.java (original)
+++ incubator/harmony/enhanced/classlib/trunk/modules/security/src/test/impl/java.injected/java/security/cert/X509CertSelectorTest.java Tue Jun 13 01:58:11 2006
@@ -1,3056 +1,3056 @@
-/*
- * Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
-* @author Alexander Y. Kleymenov
-* @version $Revision$
-*/
-
-package java.security.cert;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Principal;
-import java.security.PublicKey;
-import java.security.SignatureException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-import java.util.Set;
-import java.util.HashSet;
-import java.util.Arrays;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Iterator;
-import java.util.Collection;
-import javax.security.auth.x500.X500Principal;
-
-import org.apache.harmony.security.asn1.ASN1Boolean;
-import org.apache.harmony.security.asn1.ASN1Integer;
-import org.apache.harmony.security.asn1.ASN1OctetString;
-import org.apache.harmony.security.asn1.ASN1Oid;
-import org.apache.harmony.security.asn1.ASN1Sequence;
-import org.apache.harmony.security.asn1.ASN1Type;
-
-import org.apache.harmony.security.tests.support.TestKeyPair;
-import org.apache.harmony.security.x501.Name;
-import org.apache.harmony.security.x509.AlgorithmIdentifier;
-import org.apache.harmony.security.x509.CertificatePolicies;
-import org.apache.harmony.security.x509.EDIPartyName;
-import org.apache.harmony.security.x509.Extension;
-import org.apache.harmony.security.x509.Extensions;
-import org.apache.harmony.security.x509.GeneralName;
-import org.apache.harmony.security.x509.GeneralNames;
-import org.apache.harmony.security.x509.GeneralSubtree;
-import org.apache.harmony.security.x509.GeneralSubtrees;
-import org.apache.harmony.security.x509.NameConstraints;
-import org.apache.harmony.security.x509.ORAddress;
-import org.apache.harmony.security.x509.OtherName;
-import org.apache.harmony.security.x509.PolicyInformation;
-import org.apache.harmony.security.x509.PrivateKeyUsagePeriod;
-import org.apache.harmony.security.x509.SubjectPublicKeyInfo;
-import org.apache.harmony.security.x509.TBSCertificate;
-import org.apache.harmony.security.x509.Validity;
-
-
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-/**
- * X509CertSelectorTest
- */
-public class X509CertSelectorTest extends TestCase {
-
- /**
- * The abstract class stub implementation.
- */
- private class TestCert extends X509Certificate {
-
- /* Stuff fields */
- protected String equalCriteria = null; // to simplify method equals()
- protected BigInteger serialNumber = null;
- protected X500Principal issuer = null;
- protected X500Principal subject = null;
- protected byte[] keyIdentifier = null;
- protected Date date = null;
- protected Date notBefore = null;
- protected Date notAfter = null;
- protected PublicKey key = null;
- protected boolean[] keyUsage = null;
- protected List extKeyUsage = null;
- protected int pathLen = -1;
- protected GeneralNames sans = null;
- protected byte[] encoding = null;
- protected String[] policies = null;
- protected NameConstraints nameConstraints = null;
-
- /* Stuff methods */
- public TestCert() {}
-
- public TestCert(GeneralNames sans) {
- setSubjectAlternativeNames(sans);
- }
-
- public TestCert(NameConstraints nameConstraints) {
- this.nameConstraints = nameConstraints;
- }
-
- public TestCert(String equalCriteria) {
- setEqualCriteria(equalCriteria);
- }
-
- public TestCert(String[] policies) {
- setPolicies(policies);
- }
-
- public TestCert(BigInteger serial) {
- setSerialNumber(serial);
- }
-
- public TestCert(X500Principal principal) {
- setIssuer(principal);
- setSubject(principal);
- }
-
- public TestCert(byte[] array) {
- setKeyIdentifier(array);
- }
-
- public TestCert(Date date) {
- setDate(date);
- }
-
- public TestCert(Date notBefore, Date notAfter) {
- setPeriod(notBefore, notAfter);
- }
-
- public TestCert(PublicKey key) {
- setPublicKey(key);
- }
-
- public TestCert(boolean[] keyUsage) {
- setKeyUsage(keyUsage);
- }
-
- public TestCert(Set extKeyUsage) {
- setExtendedKeyUsage(extKeyUsage);
- }
-
- public TestCert(int pathLen) {
- this.pathLen = pathLen;
- }
-
- public void setPolicies(String[] policies) {
- this.policies = policies;
- }
-
- public void setSubjectAlternativeNames(GeneralNames sans) {
- this.sans = sans;
- }
-
- public void setExtendedKeyUsage(Set extKeyUsage) {
- this.extKeyUsage = (extKeyUsage == null)
- ? null
- : new ArrayList(extKeyUsage);
- }
-
- public void setKeyUsage(boolean[] keyUsage) {
- this.keyUsage = (keyUsage == null) ? null
- : (boolean[]) keyUsage.clone();
- }
-
- public void setPublicKey(PublicKey key) {
- this.key = key;
- }
-
- public void setPeriod(Date notBefore, Date notAfter) {
- this.notBefore = notBefore;
- this.notAfter = notAfter;
- }
-
- public void setSerialNumber(BigInteger serial) {
- this.serialNumber = serial;
- }
-
- public void setEqualCriteria(String equalCriteria) {
- this.equalCriteria = equalCriteria;
- }
-
- public void setIssuer(X500Principal issuer) {
- this.issuer = issuer;
- }
-
- public void setSubject(X500Principal subject) {
- this.subject = subject;
- }
-
- public void setKeyIdentifier(byte[] subjectKeyID) {
- this.keyIdentifier = (byte[]) subjectKeyID.clone();
- }
-
- public void setDate(Date date) {
- this.date = new Date(date.getTime());
- }
-
- public void setEncoding(byte[] encoding) {
- this.encoding = encoding;
- }
-
- /* Method implementations */
- public boolean equals(Object cert) {
- if (cert == null) {
- return false;
- }
- if ((equalCriteria == null)
- || (((TestCert)cert).equalCriteria == null)) {
- return false;
- } else {
- return equalCriteria.equals(((TestCert)cert).equalCriteria);
- }
- }
-
- public String toString() {
- if (equalCriteria != null) {
- return equalCriteria;
- }
- return "";
- }
-
- public void checkValidity() throws CertificateExpiredException,
- CertificateNotYetValidException {}
-
- public void checkValidity(Date date)
- throws CertificateExpiredException,
- CertificateNotYetValidException {
- if (this.date == null) {
- throw new CertificateExpiredException();
- }
- int result = this.date.compareTo(date);
- if (result > 0) {
- throw new CertificateExpiredException();
- }
- if (result < 0) {
- throw new CertificateNotYetValidException();
- }
- }
-
- public int getVersion() {
- return 3;
- }
-
- public BigInteger getSerialNumber() {
- return (serialNumber == null)
- ? new BigInteger("1111")
- : serialNumber;
- }
-
- public Principal getIssuerDN() {
- return issuer;
- }
-
- public X500Principal getIssuerX500Principal() {
- return issuer;
- }
-
- public Principal getSubjectDN() {
- return subject;
- }
-
- public X500Principal getSubjectX500Principal() {
- return subject;
- }
-
- public Date getNotBefore() {
- return null;
- }
-
- public Date getNotAfter() {
- return null;
- }
-
- public byte[] getTBSCertificate()
- throws CertificateEncodingException
- {
- return null;
- }
-
- public byte[] getSignature() {
- return null;
- }
-
- public String getSigAlgName() {
- return null;
- }
-
- public String getSigAlgOID() {
- return null;
- }
-
- public byte[] getSigAlgParams() {
- return null;
- }
-
- public boolean[] getIssuerUniqueID() {
- return null;
- }
-
- public boolean[] getSubjectUniqueID() {
- return null;
- }
-
- public boolean[] getKeyUsage() {
- return keyUsage;
- }
-
- public List/*<String>*/ getExtendedKeyUsage()
- throws CertificateParsingException {
- return extKeyUsage;
- }
-
- public int getBasicConstraints() {
- return pathLen;
- }
-
- public Collection/*<List<?>>*/ getSubjectAlternativeNames()
- throws CertificateParsingException {
- return sans.getPairsList();
- }
-
-
- public void verify(PublicKey key)
- throws CertificateException, NoSuchAlgorithmException,
- InvalidKeyException, NoSuchProviderException,
- SignatureException
- {
- }
-
- public void verify(PublicKey key,
- String sigProvider)
- throws CertificateException, NoSuchAlgorithmException,
- InvalidKeyException, NoSuchProviderException,
- SignatureException
- {
- }
-
- public PublicKey getPublicKey() {
- return key;
- }
-
- public byte[] getEncoded() throws CertificateEncodingException
- {
- return encoding;
- }
-
- public Set getNonCriticalExtensionOIDs() {
- return null;
- }
-
- public Set getCriticalExtensionOIDs() {
- return null;
- }
-
- public byte[] getExtensionValue(String oid) {
- if (("2.5.29.14".equals(oid)) || ("2.5.29.35".equals(oid))) {
- // Extension value is represented as an OctetString
- return ASN1OctetString.getInstance().encode(keyIdentifier);
- }
- if ("2.5.29.16".equals(oid)) {
- PrivateKeyUsagePeriod pkup =
- new PrivateKeyUsagePeriod(notBefore, notAfter);
- byte[] encoded = pkup.getEncoded();
- return ASN1OctetString.getInstance().encode(encoded);
- }
- if (("2.5.29.37".equals(oid)) && (extKeyUsage != null)) {
- ASN1Oid[] oa = new ASN1Oid[extKeyUsage.size()];
- String[] val = new String[extKeyUsage.size()];
- Iterator it = extKeyUsage.iterator();
- int id = 0;
- while (it.hasNext()) {
- oa[id] = ASN1Oid.getInstanceForString();
- val[id++] = (String) it.next();
- }
- return ASN1OctetString.getInstance().encode(
- new ASN1Sequence(oa).encode(val));
- }
- if ("2.5.29.19".equals(oid)) {
- return ASN1OctetString.getInstance().encode(
- new ASN1Sequence(
- new ASN1Type[] {
- ASN1Boolean.getInstance(),
- ASN1Integer.getInstance()
- }).encode(
- new Object[] {
- new Boolean(pathLen != -1),
- BigInteger.valueOf(pathLen).
- toByteArray()
- })
- );
- }
- if ("2.5.29.17".equals(oid) && (sans != null)) {
- if (sans.getNames() == null) {
- return null;
- }
- return ASN1OctetString.getInstance().encode(
- GeneralNames.ASN1.encode(sans));
- }
- if ("2.5.29.32".equals(oid) && (policies != null)
- && (policies.length > 0)) {
- // Certificate Policies Extension (as specified in rfc 3280)
- CertificatePolicies certificatePolicies =
- new CertificatePolicies();
- for (int i=0; i<policies.length; i++) {
- PolicyInformation policyInformation =
- new PolicyInformation(policies[i]);
- certificatePolicies.addPolicyInformation(policyInformation);
- }
- return ASN1OctetString.getInstance().encode(
- certificatePolicies.getEncoded());
- }
- if ("2.5.29.30".equals(oid) && (nameConstraints != null)) {
- // Name Constraints Extension (as specified in rfc 3280)
- return ASN1OctetString.getInstance().encode(
- nameConstraints.getEncoded());
- }
- return null;
- }
-
- public boolean hasUnsupportedCriticalExtension() {
- return false;
- }
- }
-
- /* ********************************************************************** */
- /* ************************* Test implementation ************************ */
- /* ********************************************************************** */
-
- /**
- * setCertificate(X509Certificate certificate) method testing.
- * Tests if any certificates match in the case of null criteria,
- * if [not]proper certificates [do not]match
- */
- public void testSetCertificate() {
- TestCert cert_1 = new TestCert("same certificate");
- TestCert cert_2 = new TestCert("other certificate");
- X509CertSelector selector = new X509CertSelector();
-
- selector.setCertificate(null);
- assertTrue("Any certificates should match in the case of null "
- + "certificateEquals criteria.",
- selector.match(cert_1) && selector.match(cert_2));
- selector.setCertificate(cert_1);
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match the selection criteria.",
- selector.match(cert_2));
- selector.setCertificate(cert_2);
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_2));
- }
-
- /**
- * getCertificate() method testing.
- * Tests if the method return null in the case of not specified criteria,
- * if the returned value [does not]corresponds to [not]specified
- */
- public void testGetCertificate() {
- TestCert cert_1 = new TestCert("same certificate");
- TestCert cert_2 = new TestCert("other certificate");
- X509CertSelector selector = new X509CertSelector();
-
- assertNull("Selector should return null", selector.getCertificate());
- selector.setCertificate(cert_1);
- assertEquals("The returned certificate should be equal to specified",
- cert_1, selector.getCertificate());
- assertFalse("The returned certificate should differ",
- cert_2.equals(selector.getCertificate()));
- }
-
- /**
- * setSerialNumber(BigInteger serial) method testing.
- * Tests if any certificates match in the case of null criteria,
- * if [not]proper certificates [do not]match
- */
- public void testSetSerialNumber() {
- BigInteger ser1 = new BigInteger("10000");
- BigInteger ser2 = new BigInteger("10001");
- TestCert cert_1 = new TestCert(ser1);
- TestCert cert_2 = new TestCert(ser2);
- X509CertSelector selector = new X509CertSelector();
-
- selector.setSerialNumber(null);
- assertTrue("Any certificate should match in the case of null "
- + "serialNumber criteria.",
- selector.match(cert_1) && selector.match(cert_2));
- selector.setSerialNumber(ser1);
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match the selection criteria.",
- selector.match(cert_2));
- selector.setSerialNumber(ser2);
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_2));
- }
-
- /**
- * getSerialNumber() method testing.
- * Tests if the method return null in the case of not specified criteria,
- * if the returned value [does not]corresponds to [not]specified
- */
- public void testGetSerialNumber() {
- BigInteger ser1 = new BigInteger("10000");
- BigInteger ser2 = new BigInteger("10001");
- X509CertSelector selector = new X509CertSelector();
-
- assertNull("Selector should return null", selector.getSerialNumber());
- selector.setSerialNumber(ser1);
- assertEquals("The returned serial number should be equal to specified",
- ser1, selector.getSerialNumber());
- assertFalse("The returned serial number should differ",
- ser2.equals(selector.getSerialNumber()));
- }
-
- /**
- * setIssuer(X500Principal issuer) method testing.
- * Tests if any certificates match in the case of null criteria,
- * if [not]proper certificates [do not]match
- */
- public void testSetIssuer1() {
- X500Principal iss1 = new X500Principal("O=First Org.");
- X500Principal iss2 = new X500Principal("O=Second Org.");
- TestCert cert_1 = new TestCert(iss1);
- TestCert cert_2 = new TestCert(iss2);
- X509CertSelector selector = new X509CertSelector();
-
- selector.setIssuer((X500Principal) null);
- assertTrue("Any certificates should match "
- + "in the case of null issuer criteria.",
- selector.match(cert_1) && selector.match(cert_2));
- selector.setIssuer(iss1);
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match the selection criteria.",
- selector.match(cert_2));
- selector.setIssuer(iss2);
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_2));
- }
-
- /**
- * getIssuer() method testing.
- * Tests if the method return null in the case of not specified criteria,
- * if the returned value [does not]corresponds to [not]specified
- */
- public void testGetIssuer() {
- X500Principal iss1 = new X500Principal("O=First Org.");
- X500Principal iss2 = new X500Principal("O=Second Org.");
- X509CertSelector selector = new X509CertSelector();
-
- assertNull("Selector should return null", selector.getIssuer());
- selector.setIssuer(iss1);
- assertEquals("The returned issuer should be equal to specified",
- iss1, selector.getIssuer());
- assertFalse("The returned issuer should differ",
- iss2.equals(selector.getIssuer()));
- }
-
- /**
- * setIssuer(String issuerDN) method testing.
- * Tests if any certificates match in the case of null criteria,
- * if [not]proper certificates [do not]match
- */
- public void testSetIssuer2() {
- String name1 = "O=First Org.";
- String name2 = "O=Second Org.";
- X500Principal iss1 = new X500Principal(name1);
- X500Principal iss2 = new X500Principal(name2);
- TestCert cert_1 = new TestCert(iss1);
- TestCert cert_2 = new TestCert(iss2);
- X509CertSelector selector = new X509CertSelector();
-
- try {
- selector.setIssuer((String) null);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("Any certificates should match "
- + "in the case of null issuer criteria.",
- selector.match(cert_1) && selector.match(cert_2));
- try {
- selector.setIssuer(name1);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match the selection criteria.",
- selector.match(cert_2));
- try {
- selector.setIssuer(name2);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_2));
- }
-
- /**
- * getIssuerAsString() method testing.
- * Tests if the method return null in the case of not specified criteria,
- * if the returned value [does not]corresponds to [not]specified
- */
- public void testGetIssuerAsString() {
- String name1 = "O=First Org.";
- String name2 = "O=Second Org.";
- X500Principal iss1 = new X500Principal(name1);
- X500Principal iss2 = new X500Principal(name2);
- X509CertSelector selector = new X509CertSelector();
-
- assertNull("Selector should return null", selector.getIssuerAsString());
- selector.setIssuer(iss1);
- assertEquals("The returned issuer should be equal to specified",
- name1, selector.getIssuerAsString());
- assertFalse("The returned issuer should differ",
- name2.equals(selector.getIssuerAsString()));
- selector.setIssuer(iss2);
- assertEquals("The returned issuer should be equal to specified",
- name2, selector.getIssuerAsString());
- }
-
- /**
- * setIssuer(byte[] issuerDN) method testing.
- * Tests if any certificates match in the case of null criteria,
- * if [not]proper certificates [do not]match
- */
- public void testSetIssuer3() {
- byte[] name1 = new byte[]
- //manually obtained DER encoding of "O=First Org." issuer name;
- {48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10,
- 70, 105, 114, 115, 116, 32, 79, 114, 103, 46};
- byte[] name2 = new byte[]
- //manually obtained DER encoding of "O=Second Org." issuer name;
- {48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11,
- 83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46};
- X500Principal iss1 = new X500Principal(name1);
- X500Principal iss2 = new X500Principal(name2);
- TestCert cert_1 = new TestCert(iss1);
- TestCert cert_2 = new TestCert(iss2);
- X509CertSelector selector = new X509CertSelector();
-
- try {
- selector.setIssuer((byte[]) null);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("Any certificates should match "
- + "in the case of null issuer criteria.",
- selector.match(cert_1) && selector.match(cert_2));
- try {
- selector.setIssuer(name1);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match the selection criteria.",
- selector.match(cert_2));
- try {
- selector.setIssuer(name2);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_2));
- }
-
- /**
- * getIssuerAsBytes() method testing.
- * Tests if the method return null in the case of not specified criteria,
- * if the returned value [does not]corresponds to [not]specified
- */
- public void testGetIssuerAsBytes() {
- byte[] name1 = new byte[]
- //manually obtained DER encoding of "O=First Org." issuer name;
- {48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10,
- 70, 105, 114, 115, 116, 32, 79, 114, 103, 46};
- byte[] name2 = new byte[]
- //manually obtained DER encoding of "O=Second Org." issuer name;
- {48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11,
- 83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46};
- X500Principal iss1 = new X500Principal(name1);
- X500Principal iss2 = new X500Principal(name2);
- X509CertSelector selector = new X509CertSelector();
-
- try {
- assertNull("Selector should return null",
- selector.getIssuerAsBytes());
- selector.setIssuer(iss1);
- assertTrue("The returned issuer should be equal to specified",
- Arrays.equals(name1, selector.getIssuerAsBytes()));
- assertFalse("The returned issuer should differ",
- name2.equals(selector.getIssuerAsBytes()));
- selector.setIssuer(iss2);
- assertTrue("The returned issuer should be equal to specified",
- Arrays.equals(name2, selector.getIssuerAsBytes()));
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- }
-
- /**
- * setSubject(X500Principal subject) method testing.
- * Tests if any certificates match in the case of null criteria,
- * if [not]proper certificates [do not]match
- */
- public void testSetSubject1() {
- X500Principal sub1 = new X500Principal("O=First Org.");
- X500Principal sub2 = new X500Principal("O=Second Org.");
- TestCert cert_1 = new TestCert(sub1);
- TestCert cert_2 = new TestCert(sub2);
- X509CertSelector selector = new X509CertSelector();
-
- selector.setSubject((X500Principal) null);
- assertTrue("Any certificates should match "
- + "in the case of null subjcet criteria.",
- selector.match(cert_1) && selector.match(cert_2));
- selector.setSubject(sub1);
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match the selection criteria.",
- selector.match(cert_2));
- selector.setSubject(sub2);
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_2));
- }
-
- /**
- * getSubject() method testing.
- * Tests if the method return null in the case of not specified criteria,
- * if the returned value [does not]corresponds to [not]specified
- */
- public void testGetSubject() {
- X500Principal sub1 = new X500Principal("O=First Org.");
- X500Principal sub2 = new X500Principal("O=Second Org.");
- X509CertSelector selector = new X509CertSelector();
-
- assertNull("Selector should return null", selector.getSubject());
- selector.setSubject(sub1);
- assertEquals("The returned subject should be equal to specified",
- sub1, selector.getSubject());
- assertFalse("The returned subject should differ",
- sub2.equals(selector.getSubject()));
- }
-
- /**
- * setSubject(String subjectDN) method testing.
- * Tests if any certificates match in the case of null criteria,
- * if [not]proper certificates [do not]match
- */
- public void testSetSubject2() {
- String name1 = "O=First Org.";
- String name2 = "O=Second Org.";
- X500Principal sub1 = new X500Principal(name1);
- X500Principal sub2 = new X500Principal(name2);
- TestCert cert_1 = new TestCert(sub1);
- TestCert cert_2 = new TestCert(sub2);
- X509CertSelector selector = new X509CertSelector();
-
- try {
- selector.setSubject((String) null);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("Any certificates should match "
- + "in the case of null subject criteria.",
- selector.match(cert_1) && selector.match(cert_2));
- try {
- selector.setSubject(name1);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match the selection criteria.",
- selector.match(cert_2));
- try {
- selector.setSubject(name2);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_2));
- }
-
- /**
- * getSubjectAsString() method testing.
- * Tests if the method return null in the case of not specified criteria,
- * if the returned value [does not]corresponds to [not]specified
- */
- public void testGetSubjectAsString() {
- String name1 = "O=First Org.";
- String name2 = "O=Second Org.";
- X500Principal sub1 = new X500Principal(name1);
- X500Principal sub2 = new X500Principal(name2);
- X509CertSelector selector = new X509CertSelector();
-
- assertNull("Selector should return null",
- selector.getSubjectAsString());
- selector.setSubject(sub1);
- assertEquals("The returned subject should be equal to specified",
- name1, selector.getSubjectAsString());
- assertFalse("The returned subject should differ",
- name2.equals(selector.getSubjectAsString()));
- selector.setSubject(sub2);
- assertEquals("The returned subject should be equal to specified",
- name2, selector.getSubjectAsString());
- }
-
- /**
- * setSubject(byte[] subjectDN) method testing.
- * Tests if any certificates match in the case of null criteria,
- * if [not]proper certificates [do not]match
- */
- public void testSetSubject3() {
- byte[] name1 = new byte[]
- //manually obtained DER encoding of "O=First Org." issuer name;
- {48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10,
- 70, 105, 114, 115, 116, 32, 79, 114, 103, 46};
- byte[] name2 = new byte[]
- //manually obtained DER encoding of "O=Second Org." issuer name;
- {48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11,
- 83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46};
- X500Principal sub1 = new X500Principal(name1);
- X500Principal sub2 = new X500Principal(name2);
- TestCert cert_1 = new TestCert(sub1);
- TestCert cert_2 = new TestCert(sub2);
- X509CertSelector selector = new X509CertSelector();
-
- try {
- selector.setSubject((byte[]) null);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("Any certificates should match "
- + "in the case of null issuer criteria.",
- selector.match(cert_1) && selector.match(cert_2));
- try {
- selector.setSubject(name1);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match the selection criteria.",
- selector.match(cert_2));
- try {
- selector.setSubject(name2);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_2));
- }
-
- /**
- * getSubjectAsBytes() method testing.
- * Tests if the method return null in the case of not specified criteria,
- * if the returned value [does not]corresponds to [not]specified
- */
- public void testGetSubjectAsBytes() {
- byte[] name1 = new byte[]
- //manually obtained DER encoding of "O=First Org." issuer name;
- {48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10,
- 70, 105, 114, 115, 116, 32, 79, 114, 103, 46};
- byte[] name2 = new byte[]
- //manually obtained DER encoding of "O=Second Org." issuer name;
- {48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11,
- 83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46};
- X500Principal sub1 = new X500Principal(name1);
- X500Principal sub2 = new X500Principal(name2);
- X509CertSelector selector = new X509CertSelector();
-
- try {
- assertNull("Selector should return null",
- selector.getSubjectAsBytes());
- selector.setSubject(sub1);
- assertTrue("The returned issuer should be equal to specified",
- Arrays.equals(name1, selector.getSubjectAsBytes()));
- assertFalse("The returned issuer should differ",
- name2.equals(selector.getSubjectAsBytes()));
- selector.setSubject(sub2);
- assertTrue("The returned issuer should be equal to specified",
- Arrays.equals(name2, selector.getSubjectAsBytes()));
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- }
-
- /**
- * setSubjectKeyIdentifier(byte[] subjectKeyID) method testing.
- * Tests if any certificates match in the case of null criteria,
- * if [not]proper certificates [do not]match, and if the initialization
- * object are copied during the initialization.
- */
- public void testSetSubjectKeyIdentifier() {
- byte[] skid1 = new byte[] {1, 2, 3, 4, 5}; // random value
- byte[] skid2 = new byte[] {5, 4, 3, 2, 1}; // random value
- TestCert cert_1 = new TestCert(skid1);
- TestCert cert_2 = new TestCert(skid2);
- X509CertSelector selector = new X509CertSelector();
-
- selector.setSubjectKeyIdentifier(null);
- assertTrue("Any certificate should match in the case of null "
- + "serialNumber criteria.",
- selector.match(cert_1) && selector.match(cert_2));
- selector.setSubjectKeyIdentifier(skid1);
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match the selection criteria.",
- selector.match(cert_2));
- selector.setSubjectKeyIdentifier(skid2);
- skid2[0] ++;
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_2));
- }
-
- /**
- * getSubjectKeyIdentifier() method testing.
- * Tests if the method return null in the case of not specified criteria,
- * if the returned value [does not]corresponds to [not]specified
- * and its modification does not cause the modification of internal object.
- */
- public void testGetSubjectKeyIdentifier() {
- byte[] skid1 = new byte[] {1, 2, 3, 4, 5}; // random value
- byte[] skid2 = new byte[] {4, 5, 5, 4, 3, 2, 1}; // random value
- X509CertSelector selector = new X509CertSelector();
-
- assertNull("Selector should return null",
- selector.getSubjectKeyIdentifier());
- selector.setSubjectKeyIdentifier(skid1);
- assertTrue("The returned keyID should be equal to specified",
- Arrays.equals(skid1, selector.getSubjectKeyIdentifier()));
- selector.getSubjectKeyIdentifier()[0] ++;
- assertTrue("The returned keyID should be equal to specified",
- Arrays.equals(skid1, selector.getSubjectKeyIdentifier()));
- assertFalse("The returned keyID should differ",
- Arrays.equals(skid2, selector.getSubjectKeyIdentifier()));
- }
-
- /**
- * setAuthorityKeyIdentifier(byte[] authorityKeyID) method testing.
- * Tests if any certificates match in the case of null criteria,
- * if [not]proper certificates [do not]match, and if the initialization
- * object are copied during the initialization.
- */
- public void testSetAuthorityKeyIdentifier() {
- byte[] akid1 = new byte[] {1, 2, 3, 4, 5}; // random value
- byte[] akid2 = new byte[] {5, 4, 3, 2, 1}; // random value
- TestCert cert_1 = new TestCert(akid1);
- TestCert cert_2 = new TestCert(akid2);
- X509CertSelector selector = new X509CertSelector();
-
- selector.setAuthorityKeyIdentifier(null);
- assertTrue("Any certificate should match in the case of null "
- + "serialNumber criteria.",
- selector.match(cert_1) && selector.match(cert_2));
- selector.setAuthorityKeyIdentifier(akid1);
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match the selection criteria.",
- selector.match(cert_2));
- selector.setAuthorityKeyIdentifier(akid2);
- akid2[0] ++;
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_2));
- }
-
- /**
- * getAuthorityKeyIdentifier() method testing.
- * Tests if the method return null in the case of not specified criteria,
- * if the returned value [does not]corresponds to [not]specified
- * and its modification does not cause the modification of internal object.
- */
- public void testGetAuthorityKeyIdentifier() {
- byte[] akid1 = new byte[] {4, 5, 1, 2, 3, 4, 5}; // random value
- byte[] akid2 = new byte[] {4, 5, 5, 4, 3, 2, 1}; // random value
- X509CertSelector selector = new X509CertSelector();
-
- assertNull("Selector should return null",
- selector.getAuthorityKeyIdentifier());
- selector.setAuthorityKeyIdentifier(akid1);
- assertTrue("The returned keyID should be equal to specified",
- Arrays.equals(akid1, selector.getAuthorityKeyIdentifier()));
- selector.getAuthorityKeyIdentifier()[0] ++;
- assertTrue("The returned keyID should be equal to specified",
- Arrays.equals(akid1, selector.getAuthorityKeyIdentifier()));
- assertFalse("The returned keyID should differ",
- Arrays.equals(akid2, selector.getAuthorityKeyIdentifier()));
- }
-
- /**
- * setCertificateValid(Date certificateValid) method testing.
- * Tests if any certificates match in the case of null criteria,
- * if [not]proper certificates [do not]match, and if the initialization
- * object are copied during the initialization.
- */
- public void testSetCertificateValid() {
- Date date1 = new Date(100);
- Date date2 = new Date(200);
- TestCert cert_1 = new TestCert(date1);
- TestCert cert_2 = new TestCert(date2);
- X509CertSelector selector = new X509CertSelector();
-
- selector.setCertificateValid(null);
- assertTrue("Any certificate should match in the case of null "
- + "serialNumber criteria.",
- selector.match(cert_1) && selector.match(cert_2));
- selector.setCertificateValid(date1);
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match the selection criteria.",
- selector.match(cert_2));
- selector.setCertificateValid(date2);
- date2.setTime(300);
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_2));
- }
-
- /**
- * getCertificateValid() method testing.
- * Tests if the method return null in the case of not specified criteria,
- * if the returned value [does not]corresponds to [not]specified
- * and its modification does not cause the modification of internal object.
- */
- public void testGetCertificateValid() {
- Date date1 = new Date(100);
- Date date2 = new Date(200);
- X509CertSelector selector = new X509CertSelector();
-
- assertNull("Selector should return null",
- selector.getCertificateValid());
- selector.setCertificateValid(date1);
- assertTrue("The returned date should be equal to specified",
- date1.equals(selector.getCertificateValid()));
- selector.getCertificateValid().setTime(200);
- assertTrue("The returned date should be equal to specified",
- date1.equals(selector.getCertificateValid()));
- assertFalse("The returned date should differ",
- date2.equals(selector.getCertificateValid()));
- }
-
- /**
- * setPrivateKeyValid(Date privateKeyValid) method testing.
- * Tests if any certificates match in the case of null criteria,
- * if [not]proper certificates [do not]match, and if the initialization
- * object are copied during the initialization.
- */
- public void testSetPrivateKeyValid() {
- Date date1 = new Date(100000000);
- Date date2 = new Date(200000000);
- Date date3 = new Date(300000000);
- Date date4 = new Date(150000000);
- Date date5 = new Date(250000000);
- TestCert cert_1 = new TestCert(date1, date2);
- TestCert cert_2 = new TestCert(date2, date3);
- X509CertSelector selector = new X509CertSelector();
-
- selector.setPrivateKeyValid(null);
- assertTrue("Any certificate should match in the case of null "
- + "privateKeyValid criteria.",
- selector.match(cert_1) && selector.match(cert_2));
- selector.setPrivateKeyValid(date4);
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match the selection criteria.",
- selector.match(cert_2));
- selector.setPrivateKeyValid(date5);
- date5.setTime(date4.getTime());
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_2));
- }
-
- /**
- * getPrivateKeyValid() method testing.
- * Tests if the method return null in the case of not specified criteria,
- * if the returned value [does not]corresponds to [not]specified
- * and its modification does not cause the modification of internal object.
- */
- public void testGetPrivateKeyValid() {
- Date date1 = new Date(100);
- Date date2 = new Date(200);
- X509CertSelector selector = new X509CertSelector();
-
- assertNull("Selector should return null",
- selector.getPrivateKeyValid());
- selector.setPrivateKeyValid(date1);
- assertTrue("The returned date should be equal to specified",
- date1.equals(selector.getPrivateKeyValid()));
- selector.getPrivateKeyValid().setTime(200);
- assertTrue("The returned date should be equal to specified",
- date1.equals(selector.getPrivateKeyValid()));
- assertFalse("The returned date should differ",
- date2.equals(selector.getPrivateKeyValid()));
- }
-
- /**
- * setSubjectPublicKeyAlgID(String oid) method testing.
- * Tests if any certificates match in the case of null criteria,
- * if [not]proper certificates [do not]match
- */
- public void testSetSubjectPublicKeyAlgID() {
- String pkaid1 = "1.2.840.113549.1.1.1"; // RSA (source: http://asn1.elibel.tm.fr)
- String pkaid2 = "1.2.840.10040.4.1"; // DSA (source: http://asn1.elibel.tm.fr)
- PublicKey pkey1;
- PublicKey pkey2;
- try {
- pkey1 = new TestKeyPair("RSA").getPublic();
- pkey2 = new TestKeyPair("DSA").getPublic();
- } catch (Exception e) {
- e.printStackTrace();
- fail("Unexpected Exception was thrown: "
- + e.getMessage());
- return;
- }
- TestCert cert_1 = new TestCert(pkey1);
- TestCert cert_2 = new TestCert(pkey2);
- X509CertSelector selector = new X509CertSelector();
-
- try {
- selector.setSubjectPublicKeyAlgID(null);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("Any certificate should match in the case of null "
- + "subjectPublicKeyAlgID criteria.",
- selector.match(cert_1) && selector.match(cert_2));
- try {
- selector.setSubjectPublicKeyAlgID(pkaid1);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match the selection criteria.",
- selector.match(cert_2));
- try {
- selector.setSubjectPublicKeyAlgID(pkaid2);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_2));
- }
-
- /**
- * getSubjectPublicKeyAlgID() method testing.
- * Tests if the method return null in the case of not specified criteria,
- * if the returned value [does not]corresponds to [not]specified
- */
- public void testGetSubjectPublicKeyAlgID() {
- String pkaid1 = "1.2.840.113549.1.1.1"; // RSA encryption (source: http://asn1.elibel.tm.fr)
- String pkaid2 = "1.2.840.113549.1.1.2"; // MD2 with RSA encryption (source: http://asn1.elibel.tm.fr)
- X509CertSelector selector = new X509CertSelector();
-
- assertNull("Selector should return null",
- selector.getSubjectPublicKeyAlgID());
- try {
- selector.setSubjectPublicKeyAlgID(pkaid1);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("The returned oid should be equal to specified",
- pkaid1.equals(selector.getSubjectPublicKeyAlgID()));
- assertFalse("The returned oid should differ",
- pkaid2.equals(selector.getSubjectPublicKeyAlgID()));
- }
-
- /**
- * setSubjectPublicKey(PublicKey key) method testing.
- * Tests if any certificates match in the case of null criteria,
- * if [not]proper certificates [do not]match.
- */
- public void testSetSubjectPublicKey1() {
- PublicKey pkey1;
- PublicKey pkey2;
- try {
- pkey1 = new TestKeyPair("RSA").getPublic();
- pkey2 = new TestKeyPair("DSA").getPublic();
- } catch (Exception e) {
- e.printStackTrace();
- fail("Unexpected Exception was thrown: "
- + e.getMessage());
- return;
- }
-
- TestCert cert_1 = new TestCert(pkey1);
- TestCert cert_2 = new TestCert(pkey2);
- X509CertSelector selector = new X509CertSelector();
-
- selector.setSubjectPublicKey((PublicKey) null);
- assertTrue("Any certificate should match in the case of null "
- + "subjectPublicKey criteria.",
- selector.match(cert_1) && selector.match(cert_2));
- selector.setSubjectPublicKey(pkey1);
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match the selection criteria.",
- selector.match(cert_2));
- selector.setSubjectPublicKey(pkey2);
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_2));
- }
-
- /**
- * getSubjectPublicKey() method testing.
- * Tests if the method return null in the case of not specified criteria,
- * if the returned value corresponds to specified
- */
- public void testGetSubjectPublicKey1() {
- PublicKey pkey;
- try {
- pkey = new TestKeyPair("RSA").getPublic();
- } catch (Exception e) {
- e.printStackTrace();
- fail("Unexpected Exception was thrown: " + e.getMessage());
- return;
- }
- X509CertSelector selector = new X509CertSelector();
-
- assertNull("Selector should return null",
- selector.getSubjectPublicKey());
- selector.setSubjectPublicKey(pkey);
- PublicKey result = selector.getSubjectPublicKey();
-
- assertEquals("The name of algorithm should be RSA",
- result.getAlgorithm(), "RSA");
- }
-
- /**
- * setSubjectPublicKey(byte[] key) method testing.
- * Tests if any certificates match in the case of null criteria,
- * if [not]proper certificates [do not]match, and if the initialization
- * object are copied during the initialization.
- */
- public void testSetSubjectPublicKey2() {
- PublicKey pkey1;
- PublicKey pkey2;
- try {
- pkey1 = new TestKeyPair("RSA").getPublic();
- pkey2 = new TestKeyPair("DSA").getPublic();
- } catch (Exception e) {
- e.printStackTrace();
- fail("Unexpected Exception was thrown: "
- + e.getMessage());
- return;
- }
-
- byte[] encoding1 = pkey1.getEncoded();
- byte[] encoding2 = pkey2.getEncoded();
- TestCert cert_1 = new TestCert(pkey1);
- TestCert cert_2 = new TestCert(pkey2);
- X509CertSelector selector = new X509CertSelector();
-
- try {
- selector.setSubjectPublicKey((byte[]) null);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("Any certificate should match in the case of null "
- + "subjectPublicKey criteria.",
- selector.match(cert_1) && selector.match(cert_2));
- try {
- selector.setSubjectPublicKey(encoding1);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- encoding1[0] ++;
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match the selection criteria.",
- selector.match(cert_2));
- try {
- selector.setSubjectPublicKey(encoding2);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_2));
- }
-
- /**
- * getSubjectPublicKey() method testing.
- * Tests if the method return null in the case of not specified criteria,
- * if the returned value corresponds to specified
- */
- public void testGetSubjectPublicKey2() {
- PublicKey pkey;
- try {
- pkey = new TestKeyPair("RSA").getPublic();
- } catch (Exception e) {
- e.printStackTrace();
- fail("Unexpected Exception was thrown: " + e.getMessage());
- return;
- }
- X509CertSelector selector = new X509CertSelector();
-
- assertNull("Selector should return null",
- selector.getSubjectPublicKey());
- try {
- selector.setSubjectPublicKey(pkey.getEncoded());
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- PublicKey result = selector.getSubjectPublicKey();
-
- assertEquals("The name of algorithm should be RSA",
- result.getAlgorithm(), "RSA");
- }
-
- /**
- * setKeyUsage(boolean[] keyUsage) method testing.
- * Tests if any certificates match in the case of null criteria,
- * if [not]proper certificates [do not]match, and if the initialization
- * object are copied during the initialization. Also checks if selector
- * matches the certificate which does not have a keyUsage extension.
- */
- public void testSetKeyUsage() {
- boolean[] ku1 = new boolean[]
- {true, true, true, true, true, true, true, true, true};
- // decipherOnly is disallowed
- boolean[] ku2 = new boolean[]
- {true, true, true, true, true, true, true, true, false};
- TestCert cert_1 = new TestCert(ku1);
- TestCert cert_2 = new TestCert(ku2);
- TestCert cert_3 = new TestCert((boolean[]) null);
- X509CertSelector selector = new X509CertSelector();
-
- selector.setKeyUsage(null);
- assertTrue("Any certificate should match in the case of null "
- + "keyUsage criteria.",
- selector.match(cert_1) && selector.match(cert_2));
- selector.setKeyUsage(ku1);
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match the selection criteria.",
- selector.match(cert_2));
- assertTrue("The certificate which does not have a keyUsage extension "
- + "implicitly allows all keyUsage values.",
- selector.match(cert_3));
- selector.setKeyUsage(ku2);
- ku2[0] = !ku2[0];
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_2));
- }
-
- /**
- * getKeyUsage() method testing.
- * Tests if the method return null in the case of not specified criteria,
- * if the returned value [does not]corresponds to [not]specified
- * and its modification does not cause the modification of internal object.
- */
- public void testGetKeyUsage() {
- boolean[] ku = new boolean[]
- {true, false, true, false, true, false, true, false, true};
- X509CertSelector selector = new X509CertSelector();
-
- assertNull("Selector should return null", selector.getKeyUsage());
- selector.setKeyUsage(ku);
- assertTrue("The returned date should be equal to specified",
- Arrays.equals(ku, selector.getKeyUsage()));
- boolean[] result = selector.getKeyUsage();
- result[0] = !result[0];
- assertTrue("The returned keyUsage should be equal to specified",
- Arrays.equals(ku, selector.getKeyUsage()));
- }
-
- /**
- * setExtendedKeyUsage(Set<String> keyPurposeSet) method testing.
- */
- public void testSetExtendedKeyUsage() {
- HashSet ku1 = new HashSet(Arrays.asList(new String[] {
- "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3",
- "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9",
- "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7"}
- ));
- HashSet ku2 = new HashSet(Arrays.asList(new String[] {
- "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3",
- "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9",
- "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6"}));
- TestCert cert_1 = new TestCert(ku1);
- TestCert cert_2 = new TestCert(ku2);
- TestCert cert_3 = new TestCert((Set) null);
- X509CertSelector selector = new X509CertSelector();
-
- try {
- selector.setExtendedKeyUsage(null);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("Any certificate should match in the case of null "
- + "extendedKeyUsage criteria.",
- selector.match(cert_1) && selector.match(cert_2));
- try {
- selector.setExtendedKeyUsage(ku1);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match the selection criteria.",
- selector.match(cert_2));
- assertTrue("The certificate which does not have a keyUsage extension "
- + "implicitly allows all keyUsage values.",
- selector.match(cert_3));
- ku1.remove("1.3.6.1.5.5.7.3.7"); // remove the missing in ku2 keyUsage
- assertFalse("The modification of initialization object "
- + "should not affect the modification of internal object.",
- selector.match(cert_2));
- try {
- selector.setExtendedKeyUsage(ku2);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_2));
- }
-
- /**
- * getExtendedKeyUsage() method testing.
- */
- public void testGetExtendedKeyUsage() {
- HashSet ku = new HashSet(Arrays.asList(new String[] {
- "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3",
- "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9",
- "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7"}
- ));
- X509CertSelector selector = new X509CertSelector();
-
- assertNull("Selector should return null",
- selector.getExtendedKeyUsage());
- try {
- selector.setExtendedKeyUsage(ku);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("The returned extendedKeyUsage should be equal to specified",
- ku.equals(selector.getExtendedKeyUsage()));
- try {
- selector.getExtendedKeyUsage().add("KRIBLE-GRABLI");
- fail("The returned Set should be immutable.");
- } catch (UnsupportedOperationException e) {
- }
- }
-
- /**
- * setSubjectAlternativeNames(Collection<List<?>> names) method testing.
- */
- public void testSetSubjectAlternativeNames() {
- try {
- GeneralName san0 =
- new GeneralName(new OtherName("1.2.3.4.5",
- new byte[] {1, 2, 0, 1}));
- GeneralName san1 = new GeneralName(1, "rfc@822.Name");
- GeneralName san2 = new GeneralName(2, "dNSName");
- GeneralName san3 = new GeneralName(new ORAddress());
- GeneralName san4 = new GeneralName(new Name("O=Organization"));
- GeneralName san5 =
- new GeneralName(new EDIPartyName("assigner", "party"));
- GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
- GeneralName san7 = new GeneralName(7, "1.1.1.1");
- GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
-
- GeneralNames sans_1 = new GeneralNames();
- sans_1.addName(san0);
- sans_1.addName(san1);
- sans_1.addName(san2);
- sans_1.addName(san3);
- sans_1.addName(san4);
- sans_1.addName(san5);
- sans_1.addName(san6);
- sans_1.addName(san7);
- sans_1.addName(san8);
- GeneralNames sans_2 = new GeneralNames();
- sans_2.addName(san0);
-
- TestCert cert_1 = new TestCert(sans_1);
- TestCert cert_2 = new TestCert(sans_2);
- X509CertSelector selector = new X509CertSelector();
- selector.setMatchAllSubjectAltNames(true);
-
- selector.setSubjectAlternativeNames(null);
- assertTrue("Any certificate should match in the case of null "
- + "subjectAlternativeNames criteria.",
- selector.match(cert_1) && selector.match(cert_2));
-
- Collection sans = sans_1.getPairsList();
- selector.setSubjectAlternativeNames(sans);
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match "
- + "the selection criteria.", selector.match(cert_2));
- sans.clear();
- assertTrue("The modification of initialization object "
- + "should not affect the modification "
- + "of internal object.", selector.match(cert_1));
- selector.setSubjectAlternativeNames(sans_2.getPairsList());
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_2));
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- }
-
- /**
- * addSubjectAlternativeName(int type, String name) method testing.
- */
- public void testAddSubjectAlternativeName1() throws IOException {
- String name1 = "rfc@822.Name";
- String name2 = "dNSName";
- String name4 = "O=Organization";
- String name6 = "http://uniform.Resource.Id";
- String name7 = "255.255.255.0";
- String name8 = "1.2.3.4444.55555";
-
- GeneralName san1 = new GeneralName(1, name1);
- GeneralName san2 = new GeneralName(2, name2);
- GeneralName san4 = new GeneralName(4, name4);
- GeneralName san6 = new GeneralName(6, name6);
- GeneralName san7 = new GeneralName(7, name7);
- GeneralName san8 = new GeneralName(8, name8);
-
- GeneralNames sans_1 = new GeneralNames();
- sans_1.addName(san1);
- sans_1.addName(san2);
- sans_1.addName(san4);
- sans_1.addName(san6);
- sans_1.addName(san7);
- sans_1.addName(san8);
- GeneralNames sans_2 = new GeneralNames();
- sans_2.addName(san1);
- sans_2.addName(san2);
-
- TestCert cert_1 = new TestCert(sans_1);
- TestCert cert_2 = new TestCert(sans_2);
- X509CertSelector selector = new X509CertSelector();
- selector.setMatchAllSubjectAltNames(true);
-
- try {
- selector.addSubjectAlternativeName(1, name1);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_2));
-
- try {
- selector.addSubjectAlternativeName(2, name2);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_2));
-
- try {
- selector.addSubjectAlternativeName(4, name4);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match the selection criteria.",
- selector.match(cert_2));
- try {
- selector.addSubjectAlternativeName(6, name6);
- selector.addSubjectAlternativeName(7, name7);
- selector.addSubjectAlternativeName(8, name8);
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match the selection criteria.",
- selector.match(cert_2));
- }
-
- /**
- * addSubjectAlternativeName(int type, byte[] name) method testing.
- */
- public void testAddSubjectAlternativeName2() {
- try {
- GeneralName san0 =
- new GeneralName(new OtherName("1.2.3.4.5",
- ASN1Integer.getInstance().encode(
- BigInteger.valueOf(55L).toByteArray())
- ));
- GeneralName san1 = new GeneralName(1, "rfc@822.Name");
- GeneralName san2 = new GeneralName(2, "dNSName");
- GeneralName san3 = new GeneralName(new ORAddress());
- GeneralName san4 = new GeneralName(new Name("O=Organization"));
- GeneralName san5 =
- new GeneralName(new EDIPartyName("assigner", "party"));
- GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
- GeneralName san7 = new GeneralName(new byte[] {1, 1, 1, 1});
- GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
-
- GeneralNames sans_1 = new GeneralNames();
- sans_1.addName(san0);
- sans_1.addName(san1);
- sans_1.addName(san2);
- sans_1.addName(san3);
- sans_1.addName(san4);
- sans_1.addName(san5);
- sans_1.addName(san6);
- sans_1.addName(san7);
- sans_1.addName(san8);
- GeneralNames sans_2 = new GeneralNames();
- sans_2.addName(san0);
- sans_2.addName(san1);
- sans_2.addName(san2);
-
- TestCert cert_1 = new TestCert(sans_1);
- TestCert cert_2 = new TestCert(sans_2);
- X509CertSelector selector = new X509CertSelector();
- selector.setMatchAllSubjectAltNames(true);
-
- selector.addSubjectAlternativeName(0, san0.getEncodedName());
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_2));
- selector.addSubjectAlternativeName(1, san1.getEncodedName());
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_2));
- selector.addSubjectAlternativeName(2, san2.getEncodedName());
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_2));
- selector.addSubjectAlternativeName(3, san3.getEncodedName());
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match the selection criteria.",
- selector.match(cert_2));
- selector.addSubjectAlternativeName(4, san4.getEncodedName());
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match "
- + "the selection criteria.", selector.match(cert_2));
- selector.addSubjectAlternativeName(5, san5.getEncodedName());
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match "
- + "the selection criteria.", selector.match(cert_2));
- selector.addSubjectAlternativeName(6, san6.getEncodedName());
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match "
- + "the selection criteria.", selector.match(cert_2));
- selector.addSubjectAlternativeName(7, san7.getEncodedName());
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match "
- + "the selection criteria.", selector.match(cert_2));
- byte[] oid = san8.getEncodedName();
- selector.addSubjectAlternativeName(8, oid);
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- assertFalse("The certificate should not match "
- + "the selection criteria.", selector.match(cert_2));
- oid[3] += 1;
- assertTrue("The byte array should be cloned to protect against "
- + "subsequent modifications.", selector.match(cert_1));
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- }
-
- /**
- * getSubjectAlternativeNames() method testing.
- */
- public void testGetSubjectAlternativeNames() {
- try {
- GeneralName san1 = new GeneralName(1, "rfc@822.Name");
- GeneralName san2 = new GeneralName(2, "dNSName");
-
- GeneralNames sans = new GeneralNames();
- sans.addName(san1);
- sans.addName(san2);
-
- TestCert cert_1 = new TestCert(sans);
- X509CertSelector selector = new X509CertSelector();
-
- assertNull("Selector should return null",
- selector.getSubjectAlternativeNames());
-
- selector.setSubjectAlternativeNames(sans.getPairsList());
- assertTrue("The certificate should match the selection criteria.",
- selector.match(cert_1));
- selector.getSubjectAlternativeNames().clear();
- assertTrue("The modification of initialization object "
- + "should not affect the modification "
- + "of internal object.", selector.match(cert_1));
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- }
-
- /**
- * setMatchAllSubjectAltNames(boolean matchAllNames) method testing.
- */
- public void testSetMatchAllSubjectAltNames() {
- try {
- GeneralName san1 = new GeneralName(1, "rfc@822.Name");
- GeneralName san2 = new GeneralName(2, "dNSName");
-
- GeneralNames sans_1 = new GeneralNames();
- sans_1.addName(san1);
- GeneralNames sans_2 = new GeneralNames();
- sans_2.addName(san1);
- sans_2.addName(san2);
-
- TestCert cert = new TestCert(sans_1);
- X509CertSelector selector = new X509CertSelector();
- selector.setMatchAllSubjectAltNames(true);
-
- selector.setSubjectAlternativeNames(sans_2.getPairsList());
- assertFalse("Only certificate which contain all of the specified "
- + "subject alternative names should match.",
- selector.match(cert));
- selector.setMatchAllSubjectAltNames(false);
- /*
- assertTrue("The certificate which contain at least one of the "
- + "specified subject alternative names must match.",
- selector.match(cert));
- */
- } catch (IOException e) {
- e.printStackTrace();
- fail("Unexpected IOException was thrown.");
- }
- }
-
- /**
- * getMatchAllSubjectAltNames() method testing.
- */
- public void testGetMatchAllSubjectAltNames() {
- X509CertSelector selector = new X509CertSelector();
- assertTrue("The matchAllNames initially should be true",
- selector.getMatchAllSubjectAltNames());
- selector.setMatchAllSubjectAltNames(false);
- assertFalse("The value should be false",
- selector.getMatchAllSubjectAltNames());
- }
-
- /**
- * setNameConstraints(byte[] bytes) method testing.
- * Constructs the NameConstraints DER structure with
- * GeneralNames of types: 1, 2, 6, 7 and set it as a criterion.
- */
- public void testSetNameConstraints0() throws IOException {
- // Restrictions apply only when the specified name form is present.
- // If no name of the type is in the certificate,
- // the certificate is acceptable (rfc 3280).
-
- GeneralName [] name_constraints = new GeneralName[] {
- new GeneralName(1, "822.Name"),
- new GeneralName(1, "rfc@822.Name"),
- new GeneralName(2, "Name.org"),
- new GeneralName(2, "dNS.Name.org"),
- //new GeneralName(4, "O=Organization"),
- new GeneralName(6, "http://.Resource.Id"),
- new GeneralName(6, "http://uniform.Resource.Id"),
- new GeneralName(7, "1.1.1.1"),
- // new GeneralName(7, new byte[] {1, 1, 1, 1, 3, 3, 3, 3}),
- new GeneralName(new byte[] {1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1}),
- // new GeneralName(7, new byte[] {1, 1, 1, 1, 1, 1, 1, 1,
- // 1, 1, 1, 1, 1, 1, 1, 1,
- // 3, 3, 3, 3, 3, 3, 3, 3,
- // 3, 3, 3, 3, 3, 3, 3, 3})
- };
-
- // names which should match divided from names which should not
- // match by null
- GeneralName[][] alternative_names = new GeneralName[][] {
- {
- new GeneralName(1, "rfc@822.Name"),
- null,
- new GeneralName(1, "rfc@Other.Name")
- }, {
- new GeneralName(1, "rfc@822.Name"),
- null,
- new GeneralName(1, "rfc@Other.Name")
- }, {
- new GeneralName(2, "Name.org"),
- new GeneralName(2, "dNS.Name.org"),
- null,
- new GeneralName(2, "dNS.OtherName.org")
- }, {
- new GeneralName(2, "dNS.Name.org"),
- null,
- new GeneralName(2, "Name.org"),
- new GeneralName(2, "dNS.OtherName.org")
- }, {
-
- // new GeneralName(4, "O=Organization"),
- // null,
- // new GeneralName(4, "O=OtherOrganization")
- //}, {
-
- new GeneralName(6, "http://uniform.Resource.Id/location"),
- null,
- //new GeneralName(6, "http://Resource.Id")
- }, {
- new GeneralName(6, "http://uniform.Resource.Id"),
- null,
- new GeneralName(6, "http://Resource.Id")
- }, {
- new GeneralName(new byte[] {1, 1, 1, 1}),
- null,
- new GeneralName(new byte[] {2, 2, 2, 2})
- // }, {
- // new GeneralName(7, new byte[] {1, 1, 1, 1}),
- // new GeneralName(7, new byte[] {2, 2, 2, 2}),
- // new GeneralName(7, new byte[] {3, 3, 3, 3}),
- // null,
- // new GeneralName(7, new byte[] {4, 4, 4, 4})
- }, {
- new GeneralName(new byte[] {1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1}),
- null,
- new GeneralName(new byte[] {2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2}),
- // }, {
- // new GeneralName(7, new byte[] {1, 1, 1, 1, 1, 1, 1, 1,
- // 1, 1, 1, 1, 1, 1, 1, 1}),
- // new GeneralName(7, new byte[] {2, 2, 2, 2, 2, 2, 2, 2,
- // 2, 2, 2, 2, 2, 2, 2, 2}),
- // new GeneralName(7, new byte[] {3, 3, 3, 3, 3, 3, 3, 3,
- // 3, 3, 3, 3, 3, 3, 3, 3}),
- // null,
- // new GeneralName(7, new byte[] {4, 4, 4, 4, 4, 4, 4, 4,
- // 4, 4, 4, 4, 4, 4, 4, 4}),
- }
- };
-
- X509CertSelector selector = new X509CertSelector();
- String subject = "O=Organization";
- X500Principal x500Subject = new X500Principal(subject);
- try {
- Name nameSubject = new Name(subject);
- for (int i=0; i<name_constraints.length; i++) {
- // make the subtrees (part of name constraints)
- // this subrtees will be used as permited and as excluded
- GeneralSubtree subtree =
- new GeneralSubtree(name_constraints[i]);
- GeneralSubtrees subtrees = new GeneralSubtrees();
- NameConstraints constraints;
- subtrees.addSubtree(subtree);
- // start the checking for each alt. name corresponding
- // to current name_constraints[i]
- boolean check_matching = true;
- for (int j=0; j<alternative_names[i].length; j++) {
- GeneralNames alt_names_extension = new GeneralNames();
- if (alternative_names[i][j] == null) {
- // double trick: turn the switch and check that the
- // restrictions apply only when the specified name
- // form is presented. If no name of the type is in the
- // certificate, the certificate is acceptable.
- check_matching = false;
- } else {
- alt_names_extension.addName(alternative_names[i][j]);
- }
- TestCert certificate = new TestCert(alt_names_extension);
- certificate.setSubject(x500Subject);
- certificate.setEncoding(getCertEncoding(nameSubject,
- alt_names_extension));
- // first check if permited name match
[... 4186 lines stripped ...]