/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* @author Alexander Y. Kleymenov
* @version $Revision$
*/
package java.security.cert;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.Date;
import java.util.Set;
import java.util.HashSet;
import java.util.Arrays;
import java.util.ArrayList;
import java.util.List;
import java.util.Iterator;
import java.util.Collection;
import javax.security.auth.x500.X500Principal;
import org.apache.harmony.security.asn1.ASN1Boolean;
import org.apache.harmony.security.asn1.ASN1Integer;
import org.apache.harmony.security.asn1.ASN1OctetString;
import org.apache.harmony.security.asn1.ASN1Oid;
import org.apache.harmony.security.asn1.ASN1Sequence;
import org.apache.harmony.security.asn1.ASN1Type;
import org.apache.harmony.security.tests.support.TestKeyPair;
import org.apache.harmony.security.x501.Name;
import org.apache.harmony.security.x509.AlgorithmIdentifier;
import org.apache.harmony.security.x509.CertificatePolicies;
import org.apache.harmony.security.x509.EDIPartyName;
import org.apache.harmony.security.x509.Extension;
import org.apache.harmony.security.x509.Extensions;
import org.apache.harmony.security.x509.GeneralName;
import org.apache.harmony.security.x509.GeneralNames;
import org.apache.harmony.security.x509.GeneralSubtree;
import org.apache.harmony.security.x509.GeneralSubtrees;
import org.apache.harmony.security.x509.NameConstraints;
import org.apache.harmony.security.x509.ORAddress;
import org.apache.harmony.security.x509.OtherName;
import org.apache.harmony.security.x509.PolicyInformation;
import org.apache.harmony.security.x509.PrivateKeyUsagePeriod;
import org.apache.harmony.security.x509.SubjectPublicKeyInfo;
import org.apache.harmony.security.x509.TBSCertificate;
import org.apache.harmony.security.x509.Validity;
import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;
/**
* X509CertSelectorTest
*/
public class X509CertSelectorTest extends TestCase {
/**
* The abstract class stub implementation.
*/
private class TestCert extends X509Certificate {
/* Stuff fields */
protected String equalCriteria = null; // to simplify method equals()
protected BigInteger serialNumber = null;
protected X500Principal issuer = null;
protected X500Principal subject = null;
protected byte[] keyIdentifier = null;
protected Date date = null;
protected Date notBefore = null;
protected Date notAfter = null;
protected PublicKey key = null;
protected boolean[] keyUsage = null;
protected List extKeyUsage = null;
protected int pathLen = -1;
protected GeneralNames sans = null;
protected byte[] encoding = null;
protected String[] policies = null;
protected NameConstraints nameConstraints = null;
/* Stuff methods */
public TestCert() {}
public TestCert(GeneralNames sans) {
setSubjectAlternativeNames(sans);
}
public TestCert(NameConstraints nameConstraints) {
this.nameConstraints = nameConstraints;
}
public TestCert(String equalCriteria) {
setEqualCriteria(equalCriteria);
}
public TestCert(String[] policies) {
setPolicies(policies);
}
public TestCert(BigInteger serial) {
setSerialNumber(serial);
}
public TestCert(X500Principal principal) {
setIssuer(principal);
setSubject(principal);
}
public TestCert(byte[] array) {
setKeyIdentifier(array);
}
public TestCert(Date date) {
setDate(date);
}
public TestCert(Date notBefore, Date notAfter) {
setPeriod(notBefore, notAfter);
}
public TestCert(PublicKey key) {
setPublicKey(key);
}
public TestCert(boolean[] keyUsage) {
setKeyUsage(keyUsage);
}
public TestCert(Set extKeyUsage) {
setExtendedKeyUsage(extKeyUsage);
}
public TestCert(int pathLen) {
this.pathLen = pathLen;
}
public void setPolicies(String[] policies) {
this.policies = policies;
}
public void setSubjectAlternativeNames(GeneralNames sans) {
this.sans = sans;
}
public void setExtendedKeyUsage(Set extKeyUsage) {
this.extKeyUsage = (extKeyUsage == null)
? null
: new ArrayList(extKeyUsage);
}
public void setKeyUsage(boolean[] keyUsage) {
this.keyUsage = (keyUsage == null) ? null
: (boolean[]) keyUsage.clone();
}
public void setPublicKey(PublicKey key) {
this.key = key;
}
public void setPeriod(Date notBefore, Date notAfter) {
this.notBefore = notBefore;
this.notAfter = notAfter;
}
public void setSerialNumber(BigInteger serial) {
this.serialNumber = serial;
}
public void setEqualCriteria(String equalCriteria) {
this.equalCriteria = equalCriteria;
}
public void setIssuer(X500Principal issuer) {
this.issuer = issuer;
}
public void setSubject(X500Principal subject) {
this.subject = subject;
}
public void setKeyIdentifier(byte[] subjectKeyID) {
this.keyIdentifier = subjectKeyID.clone();
}
public void setDate(Date date) {
this.date = new Date(date.getTime());
}
public void setEncoding(byte[] encoding) {
this.encoding = encoding;
}
/* Method implementations */
public boolean equals(Object cert) {
if (cert == null) {
return false;
}
if ((equalCriteria == null)
|| (((TestCert)cert).equalCriteria == null)) {
return false;
} else {
return equalCriteria.equals(((TestCert)cert).equalCriteria);
}
}
public String toString() {
if (equalCriteria != null) {
return equalCriteria;
}
return "";
}
public void checkValidity() throws CertificateExpiredException,
CertificateNotYetValidException {}
public void checkValidity(Date date)
throws CertificateExpiredException,
CertificateNotYetValidException {
if (this.date == null) {
throw new CertificateExpiredException();
}
int result = this.date.compareTo(date);
if (result > 0) {
throw new CertificateExpiredException();
}
if (result < 0) {
throw new CertificateNotYetValidException();
}
}
public int getVersion() {
return 3;
}
public BigInteger getSerialNumber() {
return (serialNumber == null)
? new BigInteger("1111")
: serialNumber;
}
public Principal getIssuerDN() {
return issuer;
}
public X500Principal getIssuerX500Principal() {
return issuer;
}
public Principal getSubjectDN() {
return subject;
}
public X500Principal getSubjectX500Principal() {
return subject;
}
public Date getNotBefore() {
return null;
}
public Date getNotAfter() {
return null;
}
public byte[] getTBSCertificate()
throws CertificateEncodingException
{
return null;
}
public byte[] getSignature() {
return null;
}
public String getSigAlgName() {
return null;
}
public String getSigAlgOID() {
return null;
}
public byte[] getSigAlgParams() {
return null;
}
public boolean[] getIssuerUniqueID() {
return null;
}
public boolean[] getSubjectUniqueID() {
return null;
}
public boolean[] getKeyUsage() {
return keyUsage;
}
public List/*<String>*/ getExtendedKeyUsage()
throws CertificateParsingException {
return extKeyUsage;
}
public int getBasicConstraints() {
return pathLen;
}
public Collection/*<List<?>>*/ getSubjectAlternativeNames()
throws CertificateParsingException {
return sans.getPairsList();
}
public void verify(PublicKey key)
throws CertificateException, NoSuchAlgorithmException,
InvalidKeyException, NoSuchProviderException,
SignatureException
{
}
public void verify(PublicKey key,
String sigProvider)
throws CertificateException, NoSuchAlgorithmException,
InvalidKeyException, NoSuchProviderException,
SignatureException
{
}
public PublicKey getPublicKey() {
return key;
}
public byte[] getEncoded() throws CertificateEncodingException
{
return encoding;
}
public Set getNonCriticalExtensionOIDs() {
return null;
}
public Set getCriticalExtensionOIDs() {
return null;
}
public byte[] getExtensionValue(String oid) {
if (("2.5.29.14".equals(oid)) || ("2.5.29.35".equals(oid))) {
// Extension value is represented as an OctetString
return ASN1OctetString.getInstance().encode(keyIdentifier);
}
if ("2.5.29.16".equals(oid)) {
PrivateKeyUsagePeriod pkup =
new PrivateKeyUsagePeriod(notBefore, notAfter);
byte[] encoded = pkup.getEncoded();
return ASN1OctetString.getInstance().encode(encoded);
}
if (("2.5.29.37".equals(oid)) && (extKeyUsage != null)) {
ASN1Oid[] oa = new ASN1Oid[extKeyUsage.size()];
String[] val = new String[extKeyUsage.size()];
Iterator it = extKeyUsage.iterator();
int id = 0;
while (it.hasNext()) {
oa[id] = ASN1Oid.getInstanceForString();
val[id++] = (String) it.next();
}
return ASN1OctetString.getInstance().encode(
new ASN1Sequence(oa).encode(val));
}
if ("2.5.29.19".equals(oid)) {
return ASN1OctetString.getInstance().encode(
new ASN1Sequence(
new ASN1Type[] {
ASN1Boolean.getInstance(),
ASN1Integer.getInstance()
}).encode(
new Object[] {
new Boolean(pathLen != -1),
BigInteger.valueOf(pathLen).
toByteArray()
})
);
}
if ("2.5.29.17".equals(oid) && (sans != null)) {
if (sans.getNames() == null) {
return null;
}
return ASN1OctetString.getInstance().encode(
GeneralNames.ASN1.encode(sans));
}
if ("2.5.29.32".equals(oid) && (policies != null)
&& (policies.length > 0)) {
// Certificate Policies Extension (as specified in rfc 3280)
CertificatePolicies certificatePolicies =
new CertificatePolicies();
for (int i=0; i<policies.length; i++) {
PolicyInformation policyInformation =
new PolicyInformation(policies[i]);
certificatePolicies.addPolicyInformation(policyInformation);
}
return ASN1OctetString.getInstance().encode(
certificatePolicies.getEncoded());
}
if ("2.5.29.30".equals(oid) && (nameConstraints != null)) {
// Name Constraints Extension (as specified in rfc 3280)
return ASN1OctetString.getInstance().encode(
nameConstraints.getEncoded());
}
return null;
}
public boolean hasUnsupportedCriticalExtension() {
return false;
}
}
/* ********************************************************************** */
/* ************************* Test implementation ************************ */
/* ********************************************************************** */
/**
* setCertificate(X509Certificate certificate) method testing.
* Tests if any certificates match in the case of null criteria,
* if [not]proper certificates [do not]match
*/
public void testSetCertificate() {
TestCert cert_1 = new TestCert("same certificate");
TestCert cert_2 = new TestCert("other certificate");
X509CertSelector selector = new X509CertSelector();
selector.setCertificate(null);
assertTrue("Any certificates should match in the case of null "
+ "certificateEquals criteria.",
selector.match(cert_1) && selector.match(cert_2));
selector.setCertificate(cert_1);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert_2));
selector.setCertificate(cert_2);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
}
/**
* getCertificate() method testing.
* Tests if the method return null in the case of not specified criteria,
* if the returned value [does not]corresponds to [not]specified
*/
public void testGetCertificate() {
TestCert cert_1 = new TestCert("same certificate");
TestCert cert_2 = new TestCert("other certificate");
X509CertSelector selector = new X509CertSelector();
assertNull("Selector should return null", selector.getCertificate());
selector.setCertificate(cert_1);
assertEquals("The returned certificate should be equal to specified",
cert_1, selector.getCertificate());
assertFalse("The returned certificate should differ",
cert_2.equals(selector.getCertificate()));
}
/**
* setSerialNumber(BigInteger serial) method testing.
* Tests if any certificates match in the case of null criteria,
* if [not]proper certificates [do not]match
*/
public void testSetSerialNumber() {
BigInteger ser1 = new BigInteger("10000");
BigInteger ser2 = new BigInteger("10001");
TestCert cert_1 = new TestCert(ser1);
TestCert cert_2 = new TestCert(ser2);
X509CertSelector selector = new X509CertSelector();
selector.setSerialNumber(null);
assertTrue("Any certificate should match in the case of null "
+ "serialNumber criteria.",
selector.match(cert_1) && selector.match(cert_2));
selector.setSerialNumber(ser1);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert_2));
selector.setSerialNumber(ser2);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
}
/**
* getSerialNumber() method testing.
* Tests if the method return null in the case of not specified criteria,
* if the returned value [does not]corresponds to [not]specified
*/
public void testGetSerialNumber() {
BigInteger ser1 = new BigInteger("10000");
BigInteger ser2 = new BigInteger("10001");
X509CertSelector selector = new X509CertSelector();
assertNull("Selector should return null", selector.getSerialNumber());
selector.setSerialNumber(ser1);
assertEquals("The returned serial number should be equal to specified",
ser1, selector.getSerialNumber());
assertFalse("The returned serial number should differ",
ser2.equals(selector.getSerialNumber()));
}
/**
* setIssuer(X500Principal issuer) method testing.
* Tests if any certificates match in the case of null criteria,
* if [not]proper certificates [do not]match
*/
public void testSetIssuer1() {
X500Principal iss1 = new X500Principal("O=First Org.");
X500Principal iss2 = new X500Principal("O=Second Org.");
TestCert cert_1 = new TestCert(iss1);
TestCert cert_2 = new TestCert(iss2);
X509CertSelector selector = new X509CertSelector();
selector.setIssuer((X500Principal) null);
assertTrue("Any certificates should match "
+ "in the case of null issuer criteria.",
selector.match(cert_1) && selector.match(cert_2));
selector.setIssuer(iss1);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert_2));
selector.setIssuer(iss2);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
}
/**
* getIssuer() method testing.
* Tests if the method return null in the case of not specified criteria,
* if the returned value [does not]corresponds to [not]specified
*/
public void testGetIssuer() {
X500Principal iss1 = new X500Principal("O=First Org.");
X500Principal iss2 = new X500Principal("O=Second Org.");
X509CertSelector selector = new X509CertSelector();
assertNull("Selector should return null", selector.getIssuer());
selector.setIssuer(iss1);
assertEquals("The returned issuer should be equal to specified",
iss1, selector.getIssuer());
assertFalse("The returned issuer should differ",
iss2.equals(selector.getIssuer()));
}
/**
* setIssuer(String issuerDN) method testing.
* Tests if any certificates match in the case of null criteria,
* if [not]proper certificates [do not]match
*/
public void testSetIssuer2() throws IOException {
String name1 = "O=First Org.";
String name2 = "O=Second Org.";
X500Principal iss1 = new X500Principal(name1);
X500Principal iss2 = new X500Principal(name2);
TestCert cert_1 = new TestCert(iss1);
TestCert cert_2 = new TestCert(iss2);
X509CertSelector selector = new X509CertSelector();
selector.setIssuer((String) null);
assertTrue(
"Any certificates should match in the case of null issuer criteria.",
selector.match(cert_1) && selector.match(cert_2));
selector.setIssuer(name1);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert_2));
selector.setIssuer(name2);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
}
/**
* getIssuerAsString() method testing.
* Tests if the method return null in the case of not specified criteria,
* if the returned value [does not]corresponds to [not]specified
*/
public void testGetIssuerAsString() {
String name1 = "O=First Org.";
String name2 = "O=Second Org.";
X500Principal iss1 = new X500Principal(name1);
X500Principal iss2 = new X500Principal(name2);
X509CertSelector selector = new X509CertSelector();
assertNull("Selector should return null", selector.getIssuerAsString());
selector.setIssuer(iss1);
assertEquals("The returned issuer should be equal to specified",
new X500Principal(name1),
new X500Principal(selector.getIssuerAsString()));
assertFalse("The returned issuer should differ",
new X500Principal(name2).equals(
new X500Principal(selector.getIssuerAsString())));
selector.setIssuer(iss2);
assertEquals("The returned issuer should be equal to specified",
new X500Principal(name2),
new X500Principal(selector.getIssuerAsString()));
}
/**
* setIssuer(byte[] issuerDN) method testing.
* Tests if any certificates match in the case of null criteria,
* if [not]proper certificates [do not]match
*/
public void testSetIssuer3() throws IOException {
byte[] name1 = new byte[]
//manually obtained DER encoding of "O=First Org." issuer name;
{48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10,
70, 105, 114, 115, 116, 32, 79, 114, 103, 46};
byte[] name2 = new byte[]
//manually obtained DER encoding of "O=Second Org." issuer name;
{48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11,
83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46};
X500Principal iss1 = new X500Principal(name1);
X500Principal iss2 = new X500Principal(name2);
TestCert cert_1 = new TestCert(iss1);
TestCert cert_2 = new TestCert(iss2);
X509CertSelector selector = new X509CertSelector();
selector.setIssuer((byte[]) null);
assertTrue(
"Any certificates should match in the case of null issuer criteria.",
selector.match(cert_1) && selector.match(cert_2));
selector.setIssuer(name1);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert_2));
selector.setIssuer(name2);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
}
/**
* getIssuerAsBytes() method testing.
* Tests if the method return null in the case of not specified criteria,
* if the returned value [does not]corresponds to [not]specified
*/
public void testGetIssuerAsBytes() throws IOException {
byte[] name1 = new byte[]
//manually obtained DER encoding of "O=First Org." issuer name;
{48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10,
70, 105, 114, 115, 116, 32, 79, 114, 103, 46};
byte[] name2 = new byte[]
//manually obtained DER encoding of "O=Second Org." issuer name;
{48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11,
83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46};
X500Principal iss1 = new X500Principal(name1);
X500Principal iss2 = new X500Principal(name2);
X509CertSelector selector = new X509CertSelector();
assertNull("Selector should return null", selector.getIssuerAsBytes());
selector.setIssuer(iss1);
assertEquals("The returned issuer should be equal to specified",
new X500Principal(name1), new X500Principal(selector
.getIssuerAsBytes()));
assertFalse("The returned issuer should differ", new X500Principal(
name2).equals(new X500Principal(selector.getIssuerAsBytes())));
selector.setIssuer(iss2);
assertEquals("The returned issuer should be equal to specified",
new X500Principal(name2), new X500Principal(selector
.getIssuerAsBytes()));
}
/**
* setSubject(X500Principal subject) method testing.
* Tests if any certificates match in the case of null criteria,
* if [not]proper certificates [do not]match
*/
public void testSetSubject1() {
X500Principal sub1 = new X500Principal("O=First Org.");
X500Principal sub2 = new X500Principal("O=Second Org.");
TestCert cert_1 = new TestCert(sub1);
TestCert cert_2 = new TestCert(sub2);
X509CertSelector selector = new X509CertSelector();
selector.setSubject((X500Principal) null);
assertTrue("Any certificates should match "
+ "in the case of null subjcet criteria.",
selector.match(cert_1) && selector.match(cert_2));
selector.setSubject(sub1);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert_2));
selector.setSubject(sub2);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
}
/**
* getSubject() method testing.
* Tests if the method return null in the case of not specified criteria,
* if the returned value [does not]corresponds to [not]specified
*/
public void testGetSubject() {
X500Principal sub1 = new X500Principal("O=First Org.");
X500Principal sub2 = new X500Principal("O=Second Org.");
X509CertSelector selector = new X509CertSelector();
assertNull("Selector should return null", selector.getSubject());
selector.setSubject(sub1);
assertEquals("The returned subject should be equal to specified",
sub1, selector.getSubject());
assertFalse("The returned subject should differ",
sub2.equals(selector.getSubject()));
}
/**
* setSubject(String subjectDN) method testing.
* Tests if any certificates match in the case of null criteria,
* if [not]proper certificates [do not]match
*/
public void testSetSubject2() throws IOException {
String name1 = "O=First Org.";
String name2 = "O=Second Org.";
X500Principal sub1 = new X500Principal(name1);
X500Principal sub2 = new X500Principal(name2);
TestCert cert_1 = new TestCert(sub1);
TestCert cert_2 = new TestCert(sub2);
X509CertSelector selector = new X509CertSelector();
selector.setSubject((String) null);
assertTrue(
"Any certificates should match in the case of null subject criteria.",
selector.match(cert_1) && selector.match(cert_2));
selector.setSubject(name1);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert_2));
selector.setSubject(name2);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
}
/**
* getSubjectAsString() method testing.
* Tests if the method return null in the case of not specified criteria,
* if the returned value [does not]corresponds to [not]specified
*/
public void testGetSubjectAsString() {
String name1 = "O=First Org.";
String name2 = "O=Second Org.";
X500Principal sub1 = new X500Principal(name1);
X500Principal sub2 = new X500Principal(name2);
X509CertSelector selector = new X509CertSelector();
assertNull("Selector should return null",
selector.getSubjectAsString());
selector.setSubject(sub1);
assertEquals("The returned subject should be equal to specified",
new X500Principal(name1),
new X500Principal(selector.getSubjectAsString()));
assertFalse("The returned subject should differ",
new X500Principal(name2).equals(
new X500Principal(selector.getSubjectAsString())));
selector.setSubject(sub2);
assertEquals("The returned subject should be equal to specified",
new X500Principal(name2),
new X500Principal(selector.getSubjectAsString()));
}
/**
* setSubject(byte[] subjectDN) method testing.
* Tests if any certificates match in the case of null criteria,
* if [not]proper certificates [do not]match
*/
public void testSetSubject3() throws IOException {
byte[] name1 = new byte[]
//manually obtained DER encoding of "O=First Org." issuer name;
{48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10,
70, 105, 114, 115, 116, 32, 79, 114, 103, 46};
byte[] name2 = new byte[]
//manually obtained DER encoding of "O=Second Org." issuer name;
{48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11,
83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46};
X500Principal sub1 = new X500Principal(name1);
X500Principal sub2 = new X500Principal(name2);
TestCert cert_1 = new TestCert(sub1);
TestCert cert_2 = new TestCert(sub2);
X509CertSelector selector = new X509CertSelector();
selector.setSubject((byte[]) null);
assertTrue(
"Any certificates should match in the case of null issuer criteria.",
selector.match(cert_1) && selector.match(cert_2));
selector.setSubject(name1);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert_2));
selector.setSubject(name2);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
}
/**
* getSubjectAsBytes() method testing.
* Tests if the method return null in the case of not specified criteria,
* if the returned value [does not]corresponds to [not]specified
*/
public void testGetSubjectAsBytes() throws IOException {
byte[] name1 = new byte[]
//manually obtained DER encoding of "O=First Org." issuer name;
{48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10,
70, 105, 114, 115, 116, 32, 79, 114, 103, 46};
byte[] name2 = new byte[]
//manually obtained DER encoding of "O=Second Org." issuer name;
{48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11,
83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46};
X500Principal sub1 = new X500Principal(name1);
X500Principal sub2 = new X500Principal(name2);
X509CertSelector selector = new X509CertSelector();
assertNull("Selector should return null", selector.getSubjectAsBytes());
selector.setSubject(sub1);
assertEquals("The returned issuer should be equal to specified",
new X500Principal(name1), new X500Principal(selector
.getSubjectAsBytes()));
assertFalse("The returned issuer should differ", new X500Principal(
name2).equals(new X500Principal(selector.getSubjectAsBytes())));
selector.setSubject(sub2);
assertEquals("The returned issuer should be equal to specified",
new X500Principal(name2), new X500Principal(selector
.getSubjectAsBytes()));
}
/**
* setSubjectKeyIdentifier(byte[] subjectKeyID) method testing.
* Tests if any certificates match in the case of null criteria,
* if [not]proper certificates [do not]match, and if the initialization
* object are copied during the initialization.
*/
public void testSetSubjectKeyIdentifier() {
byte[] skid1 = new byte[] {1, 2, 3, 4, 5}; // random value
byte[] skid2 = new byte[] {5, 4, 3, 2, 1}; // random value
TestCert cert_1 = new TestCert(skid1);
TestCert cert_2 = new TestCert(skid2);
X509CertSelector selector = new X509CertSelector();
selector.setSubjectKeyIdentifier(null);
assertTrue("Any certificate should match in the case of null "
+ "serialNumber criteria.",
selector.match(cert_1) && selector.match(cert_2));
selector.setSubjectKeyIdentifier(skid1);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert_2));
selector.setSubjectKeyIdentifier(skid2);
skid2[0] ++;
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
}
/**
* getSubjectKeyIdentifier() method testing.
* Tests if the method return null in the case of not specified criteria,
* if the returned value [does not]corresponds to [not]specified
* and its modification does not cause the modification of internal object.
*/
public void testGetSubjectKeyIdentifier() {
byte[] skid1 = new byte[] {1, 2, 3, 4, 5}; // random value
byte[] skid2 = new byte[] {4, 5, 5, 4, 3, 2, 1}; // random value
X509CertSelector selector = new X509CertSelector();
assertNull("Selector should return null",
selector.getSubjectKeyIdentifier());
selector.setSubjectKeyIdentifier(skid1);
assertTrue("The returned keyID should be equal to specified",
Arrays.equals(skid1, selector.getSubjectKeyIdentifier()));
selector.getSubjectKeyIdentifier()[0] ++;
assertTrue("The returned keyID should be equal to specified",
Arrays.equals(skid1, selector.getSubjectKeyIdentifier()));
assertFalse("The returned keyID should differ",
Arrays.equals(skid2, selector.getSubjectKeyIdentifier()));
}
/**
* setAuthorityKeyIdentifier(byte[] authorityKeyID) method testing.
* Tests if any certificates match in the case of null criteria,
* if [not]proper certificates [do not]match, and if the initialization
* object are copied during the initialization.
*/
public void testSetAuthorityKeyIdentifier() {
byte[] akid1 = new byte[] {1, 2, 3, 4, 5}; // random value
byte[] akid2 = new byte[] {5, 4, 3, 2, 1}; // random value
TestCert cert_1 = new TestCert(akid1);
TestCert cert_2 = new TestCert(akid2);
X509CertSelector selector = new X509CertSelector();
selector.setAuthorityKeyIdentifier(null);
assertTrue("Any certificate should match in the case of null "
+ "serialNumber criteria.",
selector.match(cert_1) && selector.match(cert_2));
selector.setAuthorityKeyIdentifier(akid1);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert_2));
selector.setAuthorityKeyIdentifier(akid2);
akid2[0] ++;
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
}
/**
* getAuthorityKeyIdentifier() method testing.
* Tests if the method return null in the case of not specified criteria,
* if the returned value [does not]corresponds to [not]specified
* and its modification does not cause the modification of internal object.
*/
public void testGetAuthorityKeyIdentifier() {
byte[] akid1 = new byte[] {4, 5, 1, 2, 3, 4, 5}; // random value
byte[] akid2 = new byte[] {4, 5, 5, 4, 3, 2, 1}; // random value
X509CertSelector selector = new X509CertSelector();
assertNull("Selector should return null",
selector.getAuthorityKeyIdentifier());
selector.setAuthorityKeyIdentifier(akid1);
assertTrue("The returned keyID should be equal to specified",
Arrays.equals(akid1, selector.getAuthorityKeyIdentifier()));
selector.getAuthorityKeyIdentifier()[0] ++;
assertTrue("The returned keyID should be equal to specified",
Arrays.equals(akid1, selector.getAuthorityKeyIdentifier()));
assertFalse("The returned keyID should differ",
Arrays.equals(akid2, selector.getAuthorityKeyIdentifier()));
}
/**
* setCertificateValid(Date certificateValid) method testing.
* Tests if any certificates match in the case of null criteria,
* if [not]proper certificates [do not]match, and if the initialization
* object are copied during the initialization.
*/
public void testSetCertificateValid() {
Date date1 = new Date(100);
Date date2 = new Date(200);
TestCert cert_1 = new TestCert(date1);
TestCert cert_2 = new TestCert(date2);
X509CertSelector selector = new X509CertSelector();
selector.setCertificateValid(null);
assertTrue("Any certificate should match in the case of null "
+ "serialNumber criteria.",
selector.match(cert_1) && selector.match(cert_2));
selector.setCertificateValid(date1);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert_2));
selector.setCertificateValid(date2);
date2.setTime(300);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
}
/**
* getCertificateValid() method testing.
* Tests if the method return null in the case of not specified criteria,
* if the returned value [does not]corresponds to [not]specified
* and its modification does not cause the modification of internal object.
*/
public void testGetCertificateValid() {
Date date1 = new Date(100);
Date date2 = new Date(200);
X509CertSelector selector = new X509CertSelector();
assertNull("Selector should return null",
selector.getCertificateValid());
selector.setCertificateValid(date1);
assertTrue("The returned date should be equal to specified",
date1.equals(selector.getCertificateValid()));
selector.getCertificateValid().setTime(200);
assertTrue("The returned date should be equal to specified",
date1.equals(selector.getCertificateValid()));
assertFalse("The returned date should differ",
date2.equals(selector.getCertificateValid()));
}
/**
* setPrivateKeyValid(Date privateKeyValid) method testing.
* Tests if any certificates match in the case of null criteria,
* if [not]proper certificates [do not]match, and if the initialization
* object are copied during the initialization.
*/
public void testSetPrivateKeyValid() {
Date date1 = new Date(100000000);
Date date2 = new Date(200000000);
Date date3 = new Date(300000000);
Date date4 = new Date(150000000);
Date date5 = new Date(250000000);
TestCert cert_1 = new TestCert(date1, date2);
TestCert cert_2 = new TestCert(date2, date3);
X509CertSelector selector = new X509CertSelector();
selector.setPrivateKeyValid(null);
assertTrue("Any certificate should match in the case of null "
+ "privateKeyValid criteria.",
selector.match(cert_1) && selector.match(cert_2));
selector.setPrivateKeyValid(date4);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert_2));
selector.setPrivateKeyValid(date5);
date5.setTime(date4.getTime());
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
}
/**
* getPrivateKeyValid() method testing.
* Tests if the method return null in the case of not specified criteria,
* if the returned value [does not]corresponds to [not]specified
* and its modification does not cause the modification of internal object.
*/
public void testGetPrivateKeyValid() {
Date date1 = new Date(100);
Date date2 = new Date(200);
X509CertSelector selector = new X509CertSelector();
assertNull("Selector should return null",
selector.getPrivateKeyValid());
selector.setPrivateKeyValid(date1);
assertTrue("The returned date should be equal to specified",
date1.equals(selector.getPrivateKeyValid()));
selector.getPrivateKeyValid().setTime(200);
assertTrue("The returned date should be equal to specified",
date1.equals(selector.getPrivateKeyValid()));
assertFalse("The returned date should differ",
date2.equals(selector.getPrivateKeyValid()));
}
/**
* setSubjectPublicKeyAlgID(String oid) method testing.
* Tests if any certificates match in the case of null criteria,
* if [not]proper certificates [do not]match
*/
public void testSetSubjectPublicKeyAlgID() throws Exception {
String pkaid1 = "1.2.840.113549.1.1.1"; // RSA (source: http://asn1.elibel.tm.fr)
String pkaid2 = "1.2.840.10040.4.1"; // DSA (source: http://asn1.elibel.tm.fr)
PublicKey pkey1 = new TestKeyPair("RSA").getPublic();
PublicKey pkey2 = new TestKeyPair("DSA").getPublic();
TestCert cert_1 = new TestCert(pkey1);
TestCert cert_2 = new TestCert(pkey2);
X509CertSelector selector = new X509CertSelector();
selector.setSubjectPublicKeyAlgID(null);
assertTrue("Any certificate should match in the case of null "
+ "subjectPublicKeyAlgID criteria.", selector.match(cert_1)
&& selector.match(cert_2));
selector.setSubjectPublicKeyAlgID(pkaid1);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert_2));
selector.setSubjectPublicKeyAlgID(pkaid2);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
}
/**
* @tests java.security.cert.X509CertSelector#setSubjectPublicKeyAlgID(java.lang.String)
*/
public void test_setSubjectPublicKeyAlgIDLjava_lang_String() throws Exception {
//Regression for HARMONY-465
X509CertSelector obj = new X509CertSelector();
try {
obj.setSubjectPublicKeyAlgID("abc");
fail("IOException expected");
} catch (IOException e) {
// expected
}
}
/**
* getSubjectPublicKeyAlgID() method testing.
* Tests if the method return null in the case of not specified criteria,
* if the returned value [does not]corresponds to [not]specified
*/
public void testGetSubjectPublicKeyAlgID() throws IOException {
String pkaid1 = "1.2.840.113549.1.1.1"; // RSA encryption (source: http://asn1.elibel.tm.fr)
String pkaid2 = "1.2.840.113549.1.1.2"; // MD2 with RSA encryption (source: http://asn1.elibel.tm.fr)
X509CertSelector selector = new X509CertSelector();
assertNull("Selector should return null",
selector.getSubjectPublicKeyAlgID());
selector.setSubjectPublicKeyAlgID(pkaid1);
assertTrue("The returned oid should be equal to specified",
pkaid1.equals(selector.getSubjectPublicKeyAlgID()));
assertFalse("The returned oid should differ",
pkaid2.equals(selector.getSubjectPublicKeyAlgID()));
}
/**
* setSubjectPublicKey(PublicKey key) method testing.
* Tests if any certificates match in the case of null criteria,
* if [not]proper certificates [do not]match.
*/
public void testSetSubjectPublicKey1() throws Exception {
PublicKey pkey1 = new TestKeyPair("RSA").getPublic();
PublicKey pkey2 = new TestKeyPair("DSA").getPublic();
TestCert cert_1 = new TestCert(pkey1);
TestCert cert_2 = new TestCert(pkey2);
X509CertSelector selector = new X509CertSelector();
selector.setSubjectPublicKey((PublicKey) null);
assertTrue("Any certificate should match in the case of null "
+ "subjectPublicKey criteria.",
selector.match(cert_1) && selector.match(cert_2));
selector.setSubjectPublicKey(pkey1);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert_2));
selector.setSubjectPublicKey(pkey2);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
}
/**
* getSubjectPublicKey() method testing.
* Tests if the method return null in the case of not specified criteria,
* if the returned value corresponds to specified
*/
public void testGetSubjectPublicKey1() throws Exception {
PublicKey pkey = new TestKeyPair("RSA").getPublic();
X509CertSelector selector = new X509CertSelector();
assertNull("Selector should return null",
selector.getSubjectPublicKey());
selector.setSubjectPublicKey(pkey);
PublicKey result = selector.getSubjectPublicKey();
assertEquals("The name of algorithm should be RSA",
result.getAlgorithm(), "RSA");
}
/**
* setSubjectPublicKey(byte[] key) method testing.
* Tests if any certificates match in the case of null criteria,
* if [not]proper certificates [do not]match, and if the initialization
* object are copied during the initialization.
*/
public void testSetSubjectPublicKey2() throws Exception {
PublicKey pkey1 = new TestKeyPair("RSA").getPublic();
PublicKey pkey2 = new TestKeyPair("DSA").getPublic();
byte[] encoding1 = pkey1.getEncoded();
byte[] encoding2 = pkey2.getEncoded();
TestCert cert_1 = new TestCert(pkey1);
TestCert cert_2 = new TestCert(pkey2);
X509CertSelector selector = new X509CertSelector();
selector.setSubjectPublicKey((byte[]) null);
assertTrue("Any certificate should match in the case of null "
+ "subjectPublicKey criteria.", selector.match(cert_1)
&& selector.match(cert_2));
selector.setSubjectPublicKey(encoding1);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
encoding1[0]++;
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert_2));
selector.setSubjectPublicKey(encoding2);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
}
/**
* getSubjectPublicKey() method testing.
* Tests if the method return null in the case of not specified criteria,
* if the returned value corresponds to specified
*/
public void testGetSubjectPublicKey2() throws Exception {
PublicKey pkey = new TestKeyPair("RSA").getPublic();
X509CertSelector selector = new X509CertSelector();
assertNull("Selector should return null",
selector.getSubjectPublicKey());
selector.setSubjectPublicKey(pkey.getEncoded());
PublicKey result = selector.getSubjectPublicKey();
assertEquals("The name of algorithm should be RSA",
result.getAlgorithm(), "RSA");
}
/**
* setKeyUsage(boolean[] keyUsage) method testing.
* Tests if any certificates match in the case of null criteria,
* if [not]proper certificates [do not]match, and if the initialization
* object are copied during the initialization. Also checks if selector
* matches the certificate which does not have a keyUsage extension.
*/
public void testSetKeyUsage() {
boolean[] ku1 = new boolean[]
{true, true, true, true, true, true, true, true, true};
// decipherOnly is disallowed
boolean[] ku2 = new boolean[]
{true, true, true, true, true, true, true, true, false};
TestCert cert_1 = new TestCert(ku1);
TestCert cert_2 = new TestCert(ku2);
TestCert cert_3 = new TestCert((boolean[]) null);
X509CertSelector selector = new X509CertSelector();
selector.setKeyUsage(null);
assertTrue("Any certificate should match in the case of null "
+ "keyUsage criteria.",
selector.match(cert_1) && selector.match(cert_2));
selector.setKeyUsage(ku1);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert_2));
assertTrue("The certificate which does not have a keyUsage extension "
+ "implicitly allows all keyUsage values.",
selector.match(cert_3));
selector.setKeyUsage(ku2);
ku2[0] = !ku2[0];
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
}
/**
* getKeyUsage() method testing.
* Tests if the method return null in the case of not specified criteria,
* if the returned value [does not]corresponds to [not]specified
* and its modification does not cause the modification of internal object.
*/
public void testGetKeyUsage() {
boolean[] ku = new boolean[]
{true, false, true, false, true, false, true, false, true};
X509CertSelector selector = new X509CertSelector();
assertNull("Selector should return null", selector.getKeyUsage());
selector.setKeyUsage(ku);
assertTrue("The returned date should be equal to specified",
Arrays.equals(ku, selector.getKeyUsage()));
boolean[] result = selector.getKeyUsage();
result[0] = !result[0];
assertTrue("The returned keyUsage should be equal to specified",
Arrays.equals(ku, selector.getKeyUsage()));
}
/**
* setExtendedKeyUsage(Set<String> keyPurposeSet) method testing.
*/
public void testSetExtendedKeyUsage() throws IOException {
HashSet ku1 = new HashSet(Arrays.asList(new String[] {
"1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3",
"1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9",
"1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7"}
));
HashSet ku2 = new HashSet(Arrays.asList(new String[] {
"1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3",
"1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9",
"1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6"}));
TestCert cert_1 = new TestCert(ku1);
TestCert cert_2 = new TestCert(ku2);
TestCert cert_3 = new TestCert((Set) null);
X509CertSelector selector = new X509CertSelector();
selector.setExtendedKeyUsage(null);
assertTrue("Any certificate should match in the case of null "
+ "extendedKeyUsage criteria.", selector.match(cert_1)
&& selector.match(cert_2));
selector.setExtendedKeyUsage(ku1);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert_2));
assertTrue("The certificate which does not have a keyUsage extension "
+ "implicitly allows all keyUsage values.", selector
.match(cert_3));
ku1.remove("1.3.6.1.5.5.7.3.7"); // remove the missing in ku2 keyUsage
assertFalse("The modification of initialization object "
+ "should not affect the modification of internal object.",
selector.match(cert_2));
selector.setExtendedKeyUsage(ku2);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
}
/**
* getExtendedKeyUsage() method testing.
*/
public void testGetExtendedKeyUsage() {
HashSet ku = new HashSet(Arrays.asList(new String[] {
"1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3",
"1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9",
"1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7"}
));
X509CertSelector selector = new X509CertSelector();
assertNull("Selector should return null",
selector.getExtendedKeyUsage());
try {
selector.setExtendedKeyUsage(ku);
} catch (IOException e) {
e.printStackTrace();
fail("Unexpected IOException was thrown.");
}
assertTrue("The returned extendedKeyUsage should be equal to specified",
ku.equals(selector.getExtendedKeyUsage()));
try {
selector.getExtendedKeyUsage().add("KRIBLE-GRABLI");
fail("The returned Set should be immutable.");
} catch (UnsupportedOperationException e) {
}
}
/**
* setSubjectAlternativeNames(Collection<List<?>> names) method testing.
*/
public void testSetSubjectAlternativeNames() {
try {
GeneralName san0 =
new GeneralName(new OtherName("1.2.3.4.5",
new byte[] {1, 2, 0, 1}));
GeneralName san1 = new GeneralName(1, "rfc@822.Name");
GeneralName san2 = new GeneralName(2, "dNSName");
GeneralName san3 = new GeneralName(new ORAddress());
GeneralName san4 = new GeneralName(new Name("O=Organization"));
GeneralName san5 =
new GeneralName(new EDIPartyName("assigner", "party"));
GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
GeneralName san7 = new GeneralName(7, "1.1.1.1");
GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
GeneralNames sans_1 = new GeneralNames();
sans_1.addName(san0);
sans_1.addName(san1);
sans_1.addName(san2);
sans_1.addName(san3);
sans_1.addName(san4);
sans_1.addName(san5);
sans_1.addName(san6);
sans_1.addName(san7);
sans_1.addName(san8);
GeneralNames sans_2 = new GeneralNames();
sans_2.addName(san0);
TestCert cert_1 = new TestCert(sans_1);
TestCert cert_2 = new TestCert(sans_2);
X509CertSelector selector = new X509CertSelector();
selector.setMatchAllSubjectAltNames(true);
selector.setSubjectAlternativeNames(null);
assertTrue("Any certificate should match in the case of null "
+ "subjectAlternativeNames criteria.",
selector.match(cert_1) && selector.match(cert_2));
Collection sans = sans_1.getPairsList();
selector.setSubjectAlternativeNames(sans);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match "
+ "the selection criteria.", selector.match(cert_2));
sans.clear();
assertTrue("The modification of initialization object "
+ "should not affect the modification "
+ "of internal object.", selector.match(cert_1));
selector.setSubjectAlternativeNames(sans_2.getPairsList());
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
} catch (IOException e) {
e.printStackTrace();
fail("Unexpected IOException was thrown.");
}
}
/**
* addSubjectAlternativeName(int type, String name) method testing.
*/
public void testAddSubjectAlternativeName1() throws IOException {
String name1 = "rfc@822.Name";
String name2 = "dNSName";
String name4 = "O=Organization";
String name6 = "http://uniform.Resource.Id";
String name7 = "255.255.255.0";
String name8 = "1.2.3.4444.55555";
GeneralName san1 = new GeneralName(1, name1);
GeneralName san2 = new GeneralName(2, name2);
GeneralName san4 = new GeneralName(4, name4);
GeneralName san6 = new GeneralName(6, name6);
GeneralName san7 = new GeneralName(7, name7);
GeneralName san8 = new GeneralName(8, name8);
GeneralNames sans_1 = new GeneralNames();
sans_1.addName(san1);
sans_1.addName(san2);
sans_1.addName(san4);
sans_1.addName(san6);
sans_1.addName(san7);
sans_1.addName(san8);
GeneralNames sans_2 = new GeneralNames();
sans_2.addName(san1);
sans_2.addName(san2);
TestCert cert_1 = new TestCert(sans_1);
TestCert cert_2 = new TestCert(sans_2);
X509CertSelector selector = new X509CertSelector();
selector.setMatchAllSubjectAltNames(true);
try {
selector.addSubjectAlternativeName(1, name1);
} catch (IOException e) {
e.printStackTrace();
fail("Unexpected IOException was thrown.");
}
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
try {
selector.addSubjectAlternativeName(2, name2);
} catch (IOException e) {
e.printStackTrace();
fail("Unexpected IOException was thrown.");
}
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
try {
selector.addSubjectAlternativeName(4, name4);
} catch (IOException e) {
e.printStackTrace();
fail("Unexpected IOException was thrown.");
}
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert_2));
try {
selector.addSubjectAlternativeName(6, name6);
selector.addSubjectAlternativeName(7, name7);
selector.addSubjectAlternativeName(8, name8);
} catch (IOException e) {
e.printStackTrace();
fail("Unexpected IOException was thrown.");
}
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert_2));
}
/**
* addSubjectAlternativeName(int type, byte[] name) method testing.
*/
public void testAddSubjectAlternativeName2() {
try {
GeneralName san0 =
new GeneralName(new OtherName("1.2.3.4.5",
ASN1Integer.getInstance().encode(
BigInteger.valueOf(55L).toByteArray())
));
GeneralName san1 = new GeneralName(1, "rfc@822.Name");
GeneralName san2 = new GeneralName(2, "dNSName");
GeneralName san3 = new GeneralName(new ORAddress());
GeneralName san4 = new GeneralName(new Name("O=Organization"));
GeneralName san5 =
new GeneralName(new EDIPartyName("assigner", "party"));
GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
GeneralName san7 = new GeneralName(new byte[] {1, 1, 1, 1});
GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
GeneralNames sans_1 = new GeneralNames();
sans_1.addName(san0);
sans_1.addName(san1);
sans_1.addName(san2);
sans_1.addName(san3);
sans_1.addName(san4);
sans_1.addName(san5);
sans_1.addName(san6);
sans_1.addName(san7);
sans_1.addName(san8);
GeneralNames sans_2 = new GeneralNames();
sans_2.addName(san0);
sans_2.addName(san1);
sans_2.addName(san2);
TestCert cert_1 = new TestCert(sans_1);
TestCert cert_2 = new TestCert(sans_2);
X509CertSelector selector = new X509CertSelector();
selector.setMatchAllSubjectAltNames(true);
selector.addSubjectAlternativeName(0, san0.getEncodedName());
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
selector.addSubjectAlternativeName(1, san1.getEncodedName());
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
selector.addSubjectAlternativeName(2, san2.getEncodedName());
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
selector.addSubjectAlternativeName(3, san3.getEncodedName());
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert_2));
selector.addSubjectAlternativeName(4, san4.getEncodedName());
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match "
+ "the selection criteria.", selector.match(cert_2));
selector.addSubjectAlternativeName(5, san5.getEncodedName());
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match "
+ "the selection criteria.", selector.match(cert_2));
selector.addSubjectAlternativeName(6, san6.getEncodedName());
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match "
+ "the selection criteria.", selector.match(cert_2));
selector.addSubjectAlternativeName(7, san7.getEncodedName());
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match "
+ "the selection criteria.", selector.match(cert_2));
byte[] oid = san8.getEncodedName();
selector.addSubjectAlternativeName(8, oid);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match "
+ "the selection criteria.", selector.match(cert_2));
oid[3] += 1;
assertTrue("The byte array should be cloned to protect against "
+ "subsequent modifications.", selector.match(cert_1));
} catch (IOException e) {
e.printStackTrace();
fail("Unexpected IOException was thrown.");
}
}
/**
* getSubjectAlternativeNames() method testing.
*/
public void testGetSubjectAlternativeNames() {
try {
GeneralName san1 = new GeneralName(1, "rfc@822.Name");
GeneralName san2 = new GeneralName(2, "dNSName");
GeneralNames sans = new GeneralNames();
sans.addName(san1);
sans.addName(san2);
TestCert cert_1 = new TestCert(sans);
X509CertSelector selector = new X509CertSelector();
assertNull("Selector should return null",
selector.getSubjectAlternativeNames());
selector.setSubjectAlternativeNames(sans.getPairsList());
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
selector.getSubjectAlternativeNames().clear();
assertTrue("The modification of initialization object "
+ "should not affect the modification "
+ "of internal object.", selector.match(cert_1));
} catch (IOException e) {
e.printStackTrace();
fail("Unexpected IOException was thrown.");
}
}
/**
* setMatchAllSubjectAltNames(boolean matchAllNames) method testing.
*/
public void testSetMatchAllSubjectAltNames() {
try {
GeneralName san1 = new GeneralName(1, "rfc@822.Name");
GeneralName san2 = new GeneralName(2, "dNSName");
GeneralNames sans_1 = new GeneralNames();
sans_1.addName(san1);
GeneralNames sans_2 = new GeneralNames();
sans_2.addName(san1);
sans_2.addName(san2);
TestCert cert = new TestCert(sans_1);
X509CertSelector selector = new X509CertSelector();
selector.setMatchAllSubjectAltNames(true);
selector.setSubjectAlternativeNames(sans_2.getPairsList());
assertFalse("Only certificate which contain all of the specified "
+ "subject alternative names should match.",
selector.match(cert));
selector.setMatchAllSubjectAltNames(false);
/*
assertTrue("The certificate which contain at least one of the "
+ "specified subject alternative names must match.",
selector.match(cert));
*/
} catch (IOException e) {
e.printStackTrace();
fail("Unexpected IOException was thrown.");
}
}
/**
* getMatchAllSubjectAltNames() method testing.
*/
public void testGetMatchAllSubjectAltNames() {
X509CertSelector selector = new X509CertSelector();
assertTrue("The matchAllNames initially should be true",
selector.getMatchAllSubjectAltNames());
selector.setMatchAllSubjectAltNames(false);
assertFalse("The value should be false",
selector.getMatchAllSubjectAltNames());
}
/**
* setNameConstraints(byte[] bytes) method testing.
* Constructs the NameConstraints DER structure with
* GeneralNames of types: 1, 2, 6, 7 and set it as a criterion.
*/
public void testSetNameConstraints0() throws IOException {
// Restrictions apply only when the specified name form is present.
// If no name of the type is in the certificate,
// the certificate is acceptable (rfc 3280).
GeneralName [] name_constraints = new GeneralName[] {
new GeneralName(1, "822.Name"),
new GeneralName(1, "rfc@822.Name"),
new GeneralName(2, "Name.org"),
new GeneralName(2, "dNS.Name.org"),
//new GeneralName(4, "O=Organization"),
new GeneralName(6, "http://.Resource.Id"),
new GeneralName(6, "http://uniform.Resource.Id"),
new GeneralName(7, "1.1.1.1"),
// new GeneralName(7, new byte[] {1, 1, 1, 1, 3, 3, 3, 3}),
new GeneralName(new byte[] {1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1}),
// new GeneralName(7, new byte[] {1, 1, 1, 1, 1, 1, 1, 1,
// 1, 1, 1, 1, 1, 1, 1, 1,
// 3, 3, 3, 3, 3, 3, 3, 3,
// 3, 3, 3, 3, 3, 3, 3, 3})
};
// names which should match divided from names which should not
// match by null
GeneralName[][] alternative_names = new GeneralName[][] {
{
new GeneralName(1, "rfc@822.Name"),
null,
new GeneralName(1, "rfc@Other.Name")
}, {
new GeneralName(1, "rfc@822.Name"),
null,
new GeneralName(1, "rfc@Other.Name")
}, {
new GeneralName(2, "Name.org"),
new GeneralName(2, "dNS.Name.org"),
null,
new GeneralName(2, "dNS.OtherName.org")
}, {
new GeneralName(2, "dNS.Name.org"),
null,
new GeneralName(2, "Name.org"),
new GeneralName(2, "dNS.OtherName.org")
}, {
// new GeneralName(4, "O=Organization"),
// null,
// new GeneralName(4, "O=OtherOrganization")
//}, {
new GeneralName(6, "http://uniform.Resource.Id/location"),
null,
//new GeneralName(6, "http://Resource.Id")
}, {
new GeneralName(6, "http://uniform.Resource.Id"),
null,
new GeneralName(6, "http://Resource.Id")
}, {
new GeneralName(new byte[] {1, 1, 1, 1}),
null,
new GeneralName(new byte[] {2, 2, 2, 2})
// }, {
// new GeneralName(7, new byte[] {1, 1, 1, 1}),
// new GeneralName(7, new byte[] {2, 2, 2, 2}),
// new GeneralName(7, new byte[] {3, 3, 3, 3}),
// null,
// new GeneralName(7, new byte[] {4, 4, 4, 4})
}, {
new GeneralName(new byte[] {1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1}),
null,
new GeneralName(new byte[] {2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2}),
// }, {
// new GeneralName(7, new byte[] {1, 1, 1, 1, 1, 1, 1, 1,
// 1, 1, 1, 1, 1, 1, 1, 1}),
// new GeneralName(7, new byte[] {2, 2, 2, 2, 2, 2, 2, 2,
// 2, 2, 2, 2, 2, 2, 2, 2}),
// new GeneralName(7, new byte[] {3, 3, 3, 3, 3, 3, 3, 3,
// 3, 3, 3, 3, 3, 3, 3, 3}),
// null,
// new GeneralName(7, new byte[] {4, 4, 4, 4, 4, 4, 4, 4,
// 4, 4, 4, 4, 4, 4, 4, 4}),
}
};
X509CertSelector selector = new X509CertSelector();
String subject = "O=Organization";
X500Principal x500Subject = new X500Principal(subject);
try {
Name nameSubject = new Name(subject);
for (int i=0; i<name_constraints.length; i++) {
// make the subtrees (part of name constraints)
// this subtrees will be used as permited and as excluded
GeneralSubtree subtree =
new GeneralSubtree(name_constraints[i]);
GeneralSubtrees subtrees = new GeneralSubtrees();
NameConstraints constraints;
subtrees.addSubtree(subtree);
// start the checking for each alt. name corresponding
// to current name_constraints[i]
boolean check_matching = true;
for (int j=0; j<alternative_names[i].length; j++) {
GeneralNames alt_names_extension = new GeneralNames();
if (alternative_names[i][j] == null) {
// double trick: turn the switch and check that the
// restrictions apply only when the specified name
// form is presented. If no name of the type is in the
// certificate, the certificate is acceptable.
check_matching = false;
} else {
alt_names_extension.addName(alternative_names[i][j]);
}
TestCert certificate = new TestCert(alt_names_extension);
certificate.setSubject(x500Subject);
certificate.setEncoding(getCertEncoding(nameSubject,
alt_names_extension));
// first check if permited name match
constraints = new NameConstraints(subtrees, null);
selector.setNameConstraints(constraints.getEncoded());
boolean expected = check_matching
|| (alternative_names[i][j] == null);
assertTrue("The method match() for:\n "
+ alternative_names[i][j]
+ "\nand permited name\n "
+ name_constraints[i]
+ "\nshould return: "+expected,
selector.match(certificate) == expected);
// second check if excluded name does not match
constraints = (check_matching)
// check for 'Any name matching a
// restriction in the excludedSubtrees
// field is invalid regardless of
// information appearing in the
// permittedSubtrees'.
? new NameConstraints(subtrees, subtrees)
: new NameConstraints(null, subtrees);
selector.setNameConstraints(constraints.getEncoded());
expected = !check_matching
|| (alternative_names[i][j] == null);
assertTrue("The method match() for:\n "
+ alternative_names[i][j]
+ "\nand excluded name\n "
+ name_constraints[i]
+ "\nshould return: "+expected,
selector.match(certificate) == expected);
}
}
} catch (IOException e) {
e.printStackTrace();
fail("Unexpected IOException was thrown.");
}
}
/**
* setNameConstraints(byte[] bytes) method testing.
* Constructs the NameConstraints DER structure with
* GeneralNames of types: 1, 2, 6, 7 and set it as a criterion.
*/
public void testSetNameConstraints1() throws IOException {
GeneralName [] name_constraints = new GeneralName[] {
new GeneralName(1, "822.Name"),
new GeneralName(1, "rfc@822.Name"),
new GeneralName(2, "Name.org"),
new GeneralName(2, "dNS.Name.org"),
new GeneralName(6, "http://.Resource.Id"),
new GeneralName(6, "http://uniform.Resource.Id"),
new GeneralName(7, "1.1.1.1"),
new GeneralName(7, "1.1.1.1/3.3.3.3"),
new GeneralName(7, "0101:0101:0101:0101:0101:0101:0101:0101"),
new GeneralName(7, "0101:0101:0101:0101:0101:0101:0101:0101"
+ "/0303:0303:0303:0303:0303:0303:0303:0303"),
};
// Names which should match divided from names which should not
// match by null.
// Restrictions apply only when the specified name form is present.
// If no name of the type is in the certificate, the certificate
// is acceptable (rfc 3280). This assertion is checked during processing
// of null GeneralName object (it also serves as separator).
GeneralName[][] alternative_names = new GeneralName[][] {
{
new GeneralName(1, "rfc@822.Name"),
null,
new GeneralName(1, "rfc@Other.Name")
}, {
new GeneralName(1, "rfc@822.Name"),
null,
new GeneralName(1, "rfc@Other.Name")
}, {
new GeneralName(2, "Name.org"),
new GeneralName(2, "dNS.Name.org"),
null,
new GeneralName(2, "dNS.OtherName.org")
}, {
new GeneralName(2, "dNS.Name.org"),
null,
new GeneralName(2, "Name.org"),
new GeneralName(2, "dNS.OtherName.org")
}, {
new GeneralName(6, "http://uniform.Resource.Id/location"),
null,
new GeneralName(6, "http://Resource.Id")
}, {
new GeneralName(6, "http://uniform.Resource.Id"),
null,
new GeneralName(6, "http://Resource.Id")
}, {
new GeneralName(new byte[] {1, 1, 1, 1}),
null,
new GeneralName(new byte[] {2, 2, 2, 2})
}, {
new GeneralName(new byte[] {1, 1, 1, 1}),
new GeneralName(new byte[] {2, 2, 2, 2}),
new GeneralName(new byte[] {3, 3, 3, 3}),
null,
new GeneralName(new byte[] {4, 4, 4, 4})
}, {
new GeneralName(new byte[] {1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1}),
null,
new GeneralName(new byte[] {2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2}),
}, {
new GeneralName(new byte[] {1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1}),
new GeneralName(new byte[] {2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2}),
new GeneralName(new byte[] {3, 3, 3, 3, 3, 3, 3, 3,
3, 3, 3, 3, 3, 3, 3, 3}),
null,
new GeneralName(new byte[] {4, 4, 4, 4, 4, 4, 4, 4,
4, 4, 4, 4, 4, 4, 4, 4}),
}
};
X509CertSelector selector = new X509CertSelector();
String subject = "O=Organization";
X500Principal x500Subject = new X500Principal(subject);
try {
Name nameSubject = new Name(subject);
for (int i=0; i<name_constraints.length; i++) {
// make the subtrees (part of name constraints)
// this subtrees will be used as permited and as excluded
GeneralSubtree subtree =
new GeneralSubtree(name_constraints[i]);
GeneralSubtrees subtrees = new GeneralSubtrees();
NameConstraints constraints;
subtrees.addSubtree(subtree);
// start the checking for each alt. name corresponding
// to current name_constraints[i]
boolean check_matching = true;
for (int j=0; j<alternative_names[i].length; j++) {
GeneralNames alt_names_extension = new GeneralNames();
if (alternative_names[i][j] == null) {
// double trick: turn the switch and check that the
// restrictions apply only when the specified name
// form is presented. If no name of the type is in the
// certificate, the certificate is acceptable.
check_matching = false;
} else {
alt_names_extension.addName(alternative_names[i][j]);
}
TestCert certificate = new TestCert(alt_names_extension);
certificate.setSubject(x500Subject);
certificate.setEncoding(getCertEncoding(nameSubject,
alt_names_extension));
// first check if permited name match
constraints = new NameConstraints(subtrees, null);
selector.setNameConstraints(constraints.getEncoded());
boolean expected = check_matching
|| (alternative_names[i][j] == null);
assertTrue("The method match() for:\n "
+ alternative_names[i][j]
+ "\nand permited name\n "
+ name_constraints[i]
+ "\nshould return: "+expected,
selector.match(certificate) == expected);
// second check if excluded name does not match
constraints = (check_matching)
// check for 'Any name matching a
// restriction in the excludedSubtrees
// field is invalid regardless of
// information appearing in the
// permittedSubtrees'.
? new NameConstraints(subtrees, subtrees)
: new NameConstraints(null, subtrees);
selector.setNameConstraints(constraints.getEncoded());
expected = !check_matching
|| (alternative_names[i][j] == null);
assertTrue("The method match() for:\n "
+ alternative_names[i][j]
+ "\nand excluded name\n "
+ name_constraints[i]
+ "\nshould return: "+expected,
selector.match(certificate) == expected);
}
}
} catch (IOException e) {
e.printStackTrace();
fail("Unexpected IOException was thrown.");
}
}
/**
* setNameConstraints(byte[] bytes) method testing.
* Constructs the different NameConstraints DER structures with
* GeneralNames of type 4 and checks if the different certificates
* matches or does not.
*/
public void testSetNameConstraints2() {
// As specified in rfc 3280:
//
// Restrictions apply only when the specified name form is present.
// If no name of the type is in the certificate,
// the certificate is acceptable.
//
// Restrictions of the form directoryName MUST be applied to the
// subject field in the certificate and to the subjectAltName
// extensions of type directoryName.
//
// According to p. 4.1.2.4 comparing the encoded forms of the names.
String[][] variants = new String[][] {
// subject Alternative Presented name Absent name
// name name perm(t)/excl(f) perm(f)/excl(t)
{"O=Org", "O=Org", "O=Org", "O=Org2"},
{"O=Org", "O=Org1", "O=Org", "O=Org2"},
{"O=Org1", "O=Org", "O=Org", "O=Org2"},
};
X509CertSelector selector = new X509CertSelector();
try {
for (int i=0; i<variants.length; i++) {
// make the names objects
X500Principal subject = new X500Principal(variants[i][0]);
Name subject_name = new Name(variants[i][0]);
GeneralName alt_name = new GeneralName(4, variants[i][1]);
// make the certificate to be checked
GeneralNames alt_names_extension = new GeneralNames();
alt_names_extension.addName(alt_name);
TestCert certificate = new TestCert(alt_names_extension);
certificate.setSubject(subject);
certificate.setEncoding(getCertEncoding(subject_name,
alt_names_extension));
// make the subtrees (part of name constraints)
// this subtrees will be used as permited and as excluded
// name which is presented in certificate:
GeneralSubtrees pos_subtrees = new GeneralSubtrees();
pos_subtrees.addSubtree(
new GeneralSubtree(
new GeneralName(4, variants[i][2])));
// name which is absent in certificate:
GeneralSubtrees neg_subtrees = new GeneralSubtrees();
neg_subtrees.addSubtree(
new GeneralSubtree(
new GeneralName(4, variants[i][3])));
NameConstraints constraints;
// Work with name which is presented in certificate
// first check if certificate with permited name matches:
constraints = new NameConstraints(pos_subtrees, null);
selector.setNameConstraints(constraints.getEncoded());
assertTrue("The method match() for certificate "
+ "with subject:\n "
+ variants[i][0]
+ "\nand with alternative name:\n "
+ variants[i][1]
+ "\nand permited name\n "
+ variants[i][2]
+ "\nshould return true",
selector.match(certificate));
// second check if certificate with excluded name doesn't match:
constraints = new NameConstraints(pos_subtrees, pos_subtrees);
selector.setNameConstraints(constraints.getEncoded());
assertTrue("The method match() for certificate "
+ "with subject:\n "
+ variants[i][0]
+ "\nand with alternative name:\n "
+ variants[i][1]
+ "\nand excluded name\n "
+ variants[i][2]
+ "\nshould return false",
!selector.match(certificate));
// Work with name which is not presented in certificate
// first check if the certificate without permited name
// does not match:
constraints = new NameConstraints(neg_subtrees, null);
selector.setNameConstraints(constraints.getEncoded());
assertTrue("The method match() for certificate "
+ "with subject:\n "
+ variants[i][0]
+ "\nand with alternative name:\n "
+ variants[i][1]
+ "\nand permited name\n "
+ variants[i][3]
+ "\nshould return false",
!selector.match(certificate));
// second check if certificate without excluded name matches:
constraints = new NameConstraints(neg_subtrees, neg_subtrees);
selector.setNameConstraints(constraints.getEncoded());
assertTrue("The method match() for certificate "
+ "with subject:\n "
+ variants[i][0]
+ "\nand with alternative name:\n "
+ variants[i][1]
+ "\nand excluded name\n "
+ variants[i][3]
+ "\nshould return false",
!selector.match(certificate));
}
} catch (IOException e) {
e.printStackTrace();
fail("Unexpected IOException was thrown.");
}
}
/**
* Constructs the encoded form of certificate with specified subject field
* of TBSCertificate and specified alternative names.
*/
private byte[] getCertEncoding(Name subject, GeneralNames subjectAltNames)
throws IOException {
// make the TBSCertificate for Certificate
int version = 2; //v3
BigInteger serialNumber = BigInteger.valueOf(555L);
AlgorithmIdentifier signature = new AlgorithmIdentifier("1.2.3.44.555");
Name issuer = new Name("O=Certificate Issuer");
Validity validity = new Validity(new Date(100000000),
new Date(200000000));
SubjectPublicKeyInfo subjectPublicKeyInfo =
new SubjectPublicKeyInfo(
new AlgorithmIdentifier("1.2.840.113549.1.1.2"),
new byte[10]);
boolean[] issuerUniqueID = new boolean[]
{true, false, true, false, true, false, true, false};
boolean[] subjectUniqueID = new boolean[]
{false, true, false, true, false, true, false, true};
Extension extension = new Extension("2.5.29.17",
true, subjectAltNames.getEncoded());
Extensions extensions = new Extensions();
extensions.addExtension(extension);
TBSCertificate tbsCertificate = new TBSCertificate(version,
serialNumber, signature, issuer, validity, subject,
subjectPublicKeyInfo, issuerUniqueID, subjectUniqueID,
extensions);
// make the Certificate
org.apache.harmony.security.x509.Certificate certificate =
new org.apache.harmony.security.x509.Certificate
(tbsCertificate, signature, new byte[10]);
return certificate.getEncoded();
}
/**
* getNameConstraints() method testing.
*/
public void testGetNameConstraints() {
}
/**
* setBasicConstraints(int minMaxPathLen) method testing.
*/
public void testSetBasicConstraints() {
try {
new X509CertSelector().setBasicConstraints(-3);
fail("IllegalArgumentException should be thrown.");
} catch (IllegalArgumentException e) {
}
int plen1 = 2;
int plen2 = -1;
TestCert cert_1 = new TestCert(plen1);
TestCert cert_2 = new TestCert(plen2);
X509CertSelector selector = new X509CertSelector();
selector.setBasicConstraints(-1);
assertTrue("Any certificate should match in the case of -1 "
+ "pathLen criteria.",
selector.match(cert_1) && selector.match(cert_2));
selector.setBasicConstraints(plen1);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert_2));
selector.setBasicConstraints(plen2);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert_2));
}
/**
* getBasicConstraints() method testing.
*/
public void testGetBasicConstraints() {
int plen1 = 2;
int plen2 = -1;
X509CertSelector selector = new X509CertSelector();
assertEquals("Selector should return -1",
selector.getBasicConstraints(), -1);
selector.setBasicConstraints(plen1);
assertEquals("The returned value should be equal to specified",
plen1, selector.getBasicConstraints());
assertFalse("The returned value should differ",
plen2 == selector.getBasicConstraints());
}
/**
* setPolicy(Set<String> certPolicySet) method testing.
*/
public void testSetPolicy() {
String[] policies_1 = new String[] {
"0.0.0.0.0.0",
"1.1.1.1.1.1",
};
String[] policies_2 = new String[] {
"0.0.0.0.0.0",
"1.1.1.1.1.1",
"2.2.2.2.2.2"
};
String[] policies_3 = new String[] {
"2.2.2.2.2.2"
};
String[] policies_4 = new String[] {};
X509CertSelector selector = new X509CertSelector();
HashSet set = new HashSet(Arrays.asList(policies_1));
try {
selector.setPolicy(set);
} catch (IOException e) {
e.printStackTrace();
fail("Unexpected IOException was thrown.");
}
TestCert cert_1 = new TestCert(policies_1);
TestCert cert_2 = new TestCert(policies_2);
TestCert cert_3 = new TestCert(policies_3);
TestCert cert_4 = new TestCert(policies_4);
assertTrue("The certificate should match the specified criteria",
selector.match(cert_1));
assertTrue("The certificate should match the specified criteria",
selector.match(cert_2));
assertFalse("The certificate should not match the specified criteria",
selector.match(cert_3));
assertFalse("The certificate should not match the specified criteria",
selector.match(cert_4));
set.add("2.2.2.2.2.2");
assertFalse("The modification of the set should not cause the "
+ "modification of internal object",
selector.match(cert_3));
set = new HashSet();
try {
selector.setPolicy(set);
} catch (IOException e) {
e.printStackTrace();
fail("Unexpected IOException was thrown.");
}
assertTrue("The certificate should match the specified criteria",
selector.match(cert_1));
assertTrue("The certificate should match the specified criteria",
selector.match(cert_2));
assertTrue("The certificate should match the specified criteria",
selector.match(cert_3));
assertFalse("The certificate should not match the specified criteria",
selector.match(cert_4));
set.add("2.2.2.2.2.2");
try {
selector.setPolicy(set);
} catch (IOException e) {
e.printStackTrace();
fail("Unexpected IOException was thrown.");
}
assertFalse("The certificate should not match the specified criteria",
selector.match(cert_1));
assertTrue("The certificate should match the specified criteria",
selector.match(cert_2));
assertTrue("The certificate should match the specified criteria",
selector.match(cert_3));
assertFalse("The certificate should not match the specified criteria",
selector.match(cert_4));
}
/**
* getPolicy() method testing.
*/
public void testGetPolicy() {
String[] policies = new String[] {
"0.0.0.0.0.0",
"1.1.1.1.1.1",
"2.2.2.2.2.2"
};
X509CertSelector selector = new X509CertSelector();
HashSet set = new HashSet(Arrays.asList(policies));
try {
selector.setPolicy(set);
} catch (IOException e) {
e.printStackTrace();
fail("Unexpected IOException was thrown.");
}
Set result = selector.getPolicy();
try {
result.remove(policies[0]);
fail("An immutable set should be returned.");
} catch (UnsupportedOperationException e) {
}
if (result.size() != 3) {
fail("The size of returned set differs from specified.");
}
for (int i=0; i<policies.length; i++) {
if (!result.contains(policies[i])) {
fail("The set does not have specified policy.");
}
}
}
/**
* setPathToNames(Collection<List<?>> names) method testing.
*/
public void testSetPathToNames() {
try {
GeneralName[] names = new GeneralName[] {
new GeneralName(1, "rfc@822.Name"),
new GeneralName(1, "rfc@822.AnotherName"),
new GeneralName(2, "dNSName"),
new GeneralName(2, "AnotherdNSName"),
new GeneralName(4, "O=Organization"),
new GeneralName(4, "O=Another Organization"),
new GeneralName(6, "http://uniform.Resource.Id"),
new GeneralName(6, "http://another.uniform.Resource.Id"),
new GeneralName(7, "1.1.1.1"),
new GeneralName(7, "2.2.2.2")
};
X509CertSelector selector = new X509CertSelector();
TestCert cert;
GeneralSubtrees subtrees;
NameConstraints constraints;
for (int i=0; i<names.length; i+=2) {
// Set up the pathToNames criterion
ArrayList pathToNames = new ArrayList();
pathToNames.add(names[i].getAsList());
selector.setPathToNames(pathToNames);
// Construct the subtrees without the current name
subtrees = new GeneralSubtrees();
for (int j=0; j<names.length; j++) {
if (i != j && i+1 != j) {
subtrees.addSubtree(new GeneralSubtree(names[j]));
}
}
constraints = new NameConstraints(subtrees, null);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate does not contain the names "
+ "of such type so method match() should "
+ "return true.", selector.match(cert));
constraints = new NameConstraints(subtrees, subtrees);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate does not contain the names "
+ "of such type so method match() should "
+ "return true.", selector.match(cert));
constraints = new NameConstraints(null, subtrees);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate does not contain the names "
+ "of such type so method match() should "
+ "return true.", selector.match(cert));
subtrees.addSubtree(new GeneralSubtree(names[i+1]));
constraints = new NameConstraints(subtrees, null);
cert = new TestCert(constraints);
assertFalse("The Name Constraints Extension of the "
+ "certificate does not contain the name "
+ "as a permitted name so method match() "
+ "should return false", selector.match(cert));
constraints = new NameConstraints(subtrees, subtrees);
cert = new TestCert(constraints);
assertFalse("The Name Constraints Extension of the "
+ "certificate does not contain the name "
+ "as an excluded name but it does not "
+ "contain this name as a permitted so match()"
+ "should return false", selector.match(cert));
constraints = new NameConstraints(null, subtrees);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate does not contain the name "
+ "as an excluded name so method match() "
+ "should return true", selector.match(cert));
subtrees.addSubtree(new GeneralSubtree(names[i]));
constraints = new NameConstraints(subtrees, null);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate contains the name "
+ "as a permitted name so method match() "
+ "should return true", selector.match(cert));
constraints = new NameConstraints(subtrees, subtrees);
cert = new TestCert(constraints);
assertFalse("The Name Constraints Extension of the "
+ "certificate contains the name "
+ "as an excluded name so method match() "
+ "should return false", selector.match(cert));
constraints = new NameConstraints(null, subtrees);
cert = new TestCert(constraints);
assertFalse("The Name Constraints Extension of the "
+ "certificate contains the name "
+ "as an excluded name so method match() "
+ "should return false", selector.match(cert));
pathToNames.clear();
assertFalse("The modification of initialization parameter "
+ "should not cause the modification of "
+ "internal object ", selector.match(cert));
}
} catch (IOException e) {
e.printStackTrace();
fail("Unexpected IOException was thrown.");
}
}
/**
* addPathToName(int type, String name) method testing.
*/
public void testAddPathToName1() {
try {
int[] types = new int[] {1, 1, 2, 2, 4, 4, 6, 6, 7, 7};
String[] names = new String[] {
"rfc@822.Name",
"rfc@822.AnotherName",
"dNSName",
"AnotherdNSName",
"O=Organization",
"O=Another Organization",
"http://uniform.Resource.Id",
"http://another.uniform.Resource.Id",
"1.1.1.1",
"2.2.2.2"
};
X509CertSelector selector = new X509CertSelector();
TestCert cert;
GeneralSubtrees subtrees;
NameConstraints constraints;
for (int i=0; i<names.length-2; i+=2) {
// Set up the pathToNames criterion
selector.addPathToName(types[i], names[i]);
// Construct the subtrees without the current name
subtrees = new GeneralSubtrees();
for (int j=i+2; j<names.length; j++) {
if (i != j && i+1 != j) {
subtrees.addSubtree(
new GeneralSubtree(
new GeneralName(types[j], names[j])));
}
}
constraints = new NameConstraints(subtrees, null);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate does not contain the names "
+ "of such type so method match() should "
+ "return true.", selector.match(cert));
constraints = new NameConstraints(subtrees, subtrees);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate does not contain the names "
+ "of such type so method match() should "
+ "return true.", selector.match(cert));
constraints = new NameConstraints(null, subtrees);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate does not contain the names "
+ "of such type so method match() should "
+ "return true.", selector.match(cert));
subtrees.addSubtree(
new GeneralSubtree(
new GeneralName(types[i+1], names[i+1])));
constraints = new NameConstraints(subtrees, null);
cert = new TestCert(constraints);
assertFalse("The Name Constraints Extension of the "
+ "certificate does not contain the name "
+ "as a permitted name so method match() "
+ "should return false", selector.match(cert));
constraints = new NameConstraints(subtrees, subtrees);
cert = new TestCert(constraints);
assertFalse("The Name Constraints Extension of the "
+ "certificate does not contain the name "
+ "as an excluded name but it does not "
+ "contain this name as a permitted so match()"
+ "should return false", selector.match(cert));
constraints = new NameConstraints(null, subtrees);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate does not contain the name "
+ "as an excluded name so method match() "
+ "should return true", selector.match(cert));
subtrees.addSubtree(
new GeneralSubtree(
new GeneralName(types[i], names[i])));
constraints = new NameConstraints(subtrees, null);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate contains the name "
+ "as a permitted name so method match() "
+ "should return true", selector.match(cert));
constraints = new NameConstraints(subtrees, subtrees);
cert = new TestCert(constraints);
assertFalse("The Name Constraints Extension of the "
+ "certificate contains the name "
+ "as an excluded name so method match() "
+ "should return false", selector.match(cert));
constraints = new NameConstraints(null, subtrees);
cert = new TestCert(constraints);
assertFalse("The Name Constraints Extension of the "
+ "certificate contains the name "
+ "as an excluded name so method match() "
+ "should return false", selector.match(cert));
}
} catch (IOException e) {
e.printStackTrace();
fail("Unexpected IOException was thrown.");
}
}
/**
* addPathToName(int type, byte[] name) method testing.
*/
public void testAddPathToName2() {
try {
int[] types = new int[] {1, 1, 2, 2, 4, 4, 6, 6, 7, 7};
byte[][] names = new byte[][] {
new GeneralName(1, "rfc@822.Name").getEncodedName(),
new GeneralName(1, "rfc@822.AnotherName").getEncodedName(),
new GeneralName(2, "dNSName").getEncodedName(),
new GeneralName(2, "AnotherdNSName").getEncodedName(),
new GeneralName(4, "O=Organization").getEncodedName(),
new GeneralName(4, "O=Another Organization").getEncodedName(),
new GeneralName(6, "http://uniform.Resource.Id")
.getEncodedName(),
new GeneralName(6, "http://another.uniform.Resource.Id")
.getEncodedName(),
new GeneralName(7, "1.1.1.1").getEncodedName(),
new GeneralName(7, "2.2.2.2").getEncodedName()
};
X509CertSelector selector = new X509CertSelector();
TestCert cert;
GeneralSubtrees subtrees;
NameConstraints constraints;
for (int i=0; i<names.length-2; i+=2) {
// Set up the pathToNames criterion
selector.addPathToName(types[i], names[i]);
// Construct the subtrees without the current name
subtrees = new GeneralSubtrees();
for (int j=i+2; j<names.length; j++) {
if (i != j && i+1 != j) {
subtrees.addSubtree(
new GeneralSubtree(
new GeneralName(types[j], names[j])));
}
}
constraints = new NameConstraints(subtrees, null);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate does not contain the names "
+ "of such type so method match() should "
+ "return true.", selector.match(cert));
constraints = new NameConstraints(subtrees, subtrees);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate does not contain the names "
+ "of such type so method match() should "
+ "return true.", selector.match(cert));
constraints = new NameConstraints(null, subtrees);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate does not contain the names "
+ "of such type so method match() should "
+ "return true.", selector.match(cert));
subtrees.addSubtree(
new GeneralSubtree(
new GeneralName(types[i+1], names[i+1])));
constraints = new NameConstraints(subtrees, null);
cert = new TestCert(constraints);
assertFalse("The Name Constraints Extension of the "
+ "certificate does not contain the name "
+ "as a permitted name so method match() "
+ "should return false", selector.match(cert));
constraints = new NameConstraints(subtrees, subtrees);
cert = new TestCert(constraints);
assertFalse("The Name Constraints Extension of the "
+ "certificate does not contain the name "
+ "as an excluded name but it does not "
+ "contain this name as a permitted so match()"
+ "should return false", selector.match(cert));
constraints = new NameConstraints(null, subtrees);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate does not contain the name "
+ "as an excluded name so method match() "
+ "should return true", selector.match(cert));
subtrees.addSubtree(
new GeneralSubtree(
new GeneralName(types[i], names[i])));
constraints = new NameConstraints(subtrees, null);
cert = new TestCert(constraints);
assertTrue("The Name Constraints Extension of the "
+ "certificate contains the name "
+ "as a permitted name so method match() "
+ "should return true", selector.match(cert));
constraints = new NameConstraints(subtrees, subtrees);
cert = new TestCert(constraints);
assertFalse("The Name Constraints Extension of the "
+ "certificate contains the name "
+ "as an excluded name so method match() "
+ "should return false", selector.match(cert));
constraints = new NameConstraints(null, subtrees);
cert = new TestCert(constraints);
assertFalse("The Name Constraints Extension of the "
+ "certificate contains the name "
+ "as an excluded name so method match() "
+ "should return false", selector.match(cert));
}
} catch (IOException e) {
e.printStackTrace();
fail("Unexpected IOException was thrown.");
}
}
/**
* getPathToNames() method testing.
*/
public void testGetPathToNames() {
try {
byte[] encoding =
new GeneralName(1, "rfc@822.Name").getEncodedName();
X509CertSelector selector = new X509CertSelector();
selector.addPathToName(1, encoding);
encoding[0]++;
Collection coll = selector.getPathToNames();
Iterator it = coll.iterator();
List list = (List) it.next();
Object result = list.get(1);
if ((result instanceof byte[])
&& (encoding[0] == ((byte[])result)[0])) {
fail("Deep copy should be performed on pathToNames.");
}
} catch (IOException e) {
e.printStackTrace();
fail("Unexpected IOException was thrown.");
}
}
/**
* toString() method testing.
*/
public void testToString() throws Exception {
BigInteger serial = new BigInteger("10000");
X500Principal issuer = new X500Principal("O=Issuer Org.");
X500Principal subject = new X500Principal("O=Subject Org.");
byte[] subject_auth_KeyID = new byte[] {1, 2, 3, 4, 5};
Date certValid = new Date(2000000000);
Date[] privateKeyValid = new Date[] {
new Date(100000000L),
new Date(200000000L),
new Date(300000000L)
};
String pkAlgID = "1.2.840.113549.1.1.4"; // MD5 with RSA encryption (source: http://asn1.elibel.tm.fr)
PublicKey pkey;
pkey = new TestKeyPair("RSA").getPublic();
boolean[] keyUsage = new boolean[]
{true, true, true, true, true, true, true, true, false};
// OID values was taken from rfc 3280
HashSet extKeyUsage = new HashSet(Arrays.asList(new String[] {
"1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3",
"1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9",
"1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7"}
));
GeneralNames subjectAltNames = new GeneralNames(Arrays.asList(
new GeneralName[] {
new GeneralName(1, "rfc@822.Name"),
new GeneralName(2, "dNSName"),
new GeneralName(6, "http://uniform.Resource.Id"),
new GeneralName(7, "1.1.1.1")
}
));
String[] policies = new String[] {
"0.0.0.0.0.0",
"1.1.1.1.1.1",
};
TestCert cert = new TestCert("certificate equality criteria");
X509CertSelector selector = new X509CertSelector();
selector.setCertificate(cert);
selector.setSerialNumber(serial);
selector.setIssuer(issuer);
selector.setSubject(subject);
selector.setSubjectKeyIdentifier(subject_auth_KeyID);
selector.setAuthorityKeyIdentifier(subject_auth_KeyID);
selector.setCertificateValid(certValid);
selector.setPrivateKeyValid(privateKeyValid[1]);
selector.setSubjectPublicKey(pkey);
selector.setSubjectPublicKeyAlgID(pkAlgID);
selector.setKeyUsage(keyUsage);
selector.setExtendedKeyUsage(extKeyUsage);
selector.setSubjectAlternativeNames(subjectAltNames.getPairsList());
selector.setMatchAllSubjectAltNames(true);
selector.setPolicy(new HashSet(Arrays.asList(policies)));
assertNotNull("The result should not be null.",
selector.toString());
}
/**
* match(Certificate cert) method testing.
* Tests if the null object matches to the selector or does not,
* and if the certificate conforming to the multiple matching criteria
* matches or does not..
*/
public void testMatch() throws Exception {
BigInteger serial = new BigInteger("10000");
X500Principal issuer = new X500Principal("O=Issuer Org.");
X500Principal subject = new X500Principal("O=Subject Org.");
byte[] subject_auth_KeyID = new byte[] {1, 2, 3, 4, 5}; // random value
Date certValid = new Date(2000000000);
Date[] privateKeyValid = new Date[] {
new Date(100000000L),
new Date(200000000L),
new Date(300000000L)
};
String pkAlgID = "1.2.840.113549.1.1.1"; // RSA encryption (source: http://asn1.elibel.tm.fr)
PublicKey pkey;
pkey = new TestKeyPair("RSA").getPublic();
boolean[] keyUsage = new boolean[]
{true, true, true, true, true, true, true, true, false};
// OID values was taken from rfc 3280
HashSet extKeyUsage = new HashSet(Arrays.asList(new String[] {
"1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3",
"1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9",
"1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7"}
));
GeneralNames subjectAltNames = new GeneralNames(Arrays.asList(
new GeneralName[] {
new GeneralName(1, "rfc@822.Name"),
new GeneralName(2, "dNSName"),
new GeneralName(6, "http://uniform.Resource.Id"),
new GeneralName(7, "1.1.1.1")
}
));
String[] policies = new String[] {
"0.0.0.0.0.0",
"1.1.1.1.1.1",
};
TestCert cert = new TestCert("certificate equality criteria");
cert.setSerialNumber(serial);
cert.setIssuer(issuer);
cert.setSubject(subject);
cert.setKeyIdentifier(subject_auth_KeyID);
cert.setDate(certValid);
cert.setPeriod(privateKeyValid[0], privateKeyValid[2]);
cert.setPublicKey(pkey);
cert.setKeyUsage(keyUsage);
cert.setExtendedKeyUsage(extKeyUsage);
cert.setSubjectAlternativeNames(subjectAltNames);
cert.setPolicies(policies);
X509CertSelector selector = new X509CertSelector();
selector.setCertificate(cert);
selector.setSerialNumber(serial);
selector.setIssuer(issuer);
selector.setSubject(subject);
selector.setSubjectKeyIdentifier(subject_auth_KeyID);
selector.setAuthorityKeyIdentifier(subject_auth_KeyID);
selector.setCertificateValid(certValid);
selector.setPrivateKeyValid(privateKeyValid[1]);
selector.setSubjectPublicKey(pkey);
selector.setSubjectPublicKeyAlgID(pkAlgID);
selector.setKeyUsage(keyUsage);
selector.setExtendedKeyUsage(extKeyUsage);
selector.setSubjectAlternativeNames(subjectAltNames.getPairsList());
selector.setMatchAllSubjectAltNames(true);
selector.setPolicy(new HashSet(Arrays.asList(policies)));
assertFalse("The null object should not match",
selector.match((X509Certificate) null));
assertTrue("The certificate should match the selector",
selector.match(cert));
}
/**
* @tests java.security.cert.X509CertSelector#match(java.security.cert.Certificate)
*/
public void test_matchLjava_security_cert_Certificate() {
// Regression for HARMONY-186
TestCert cert = new TestCert();
cert.setKeyUsage(new boolean[] { true, false, true, false, false,
false, false, false, false });
X509CertSelector certSelector = new X509CertSelector();
certSelector.setKeyUsage(new boolean[] { true, false, true });
assertTrue("Assert 1: ", certSelector.match(cert));
certSelector.setKeyUsage(new boolean[] { true, true, true });
assertFalse("Assert 2: ", certSelector.match(cert));
}
/**
* clone() method testing.
*/
public void testClone() throws Exception {
BigInteger serial = new BigInteger("10000");
X500Principal issuer = new X500Principal("O=Issuer Org.");
X500Principal subject = new X500Principal("O=Subject Org.");
byte[] subject_auth_KeyID = new byte[] {1, 2, 3, 4, 5}; // random value
Date certValid = new Date(2000000000);
Date[] privateKeyValid = new Date[] {
new Date(100000000L),
new Date(200000000L),
new Date(300000000L)
};
String pkAlgID = "1.2.840.113549.1.1.1"; // RSA encryption (source: http://asn1.elibel.tm.fr)
PublicKey pkey;
pkey = new TestKeyPair("RSA").getPublic();
boolean[] keyUsage = new boolean[]
{true, true, true, true, true, true, true, true, false};
// OID values was taken from rfc 3280
HashSet extKeyUsage = new HashSet(Arrays.asList(new String[] {
"1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3",
"1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9",
"1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7"}
));
GeneralNames subjectAltNames = new GeneralNames(Arrays.asList(
new GeneralName[] {
new GeneralName(1, "rfc@822.Name"),
new GeneralName(2, "dNSName"),
new GeneralName(6, "http://uniform.Resource.Id"),
new GeneralName(7, "1.1.1.1")
}
));
String[] policies = new String[] {
"0.0.0.0.0.0",
"1.1.1.1.1.1",
};
TestCert cert = new TestCert("certificate equality criteria");
cert.setSerialNumber(serial);
cert.setIssuer(issuer);
cert.setSubject(subject);
cert.setKeyIdentifier(subject_auth_KeyID);
cert.setDate(certValid);
cert.setPeriod(privateKeyValid[0], privateKeyValid[2]);
cert.setPublicKey(pkey);
cert.setKeyUsage(keyUsage);
cert.setExtendedKeyUsage(extKeyUsage);
cert.setSubjectAlternativeNames(subjectAltNames);
cert.setPolicies(policies);
X509CertSelector selector = new X509CertSelector();
selector.setCertificate(cert);
selector.setSerialNumber(serial);
selector.setIssuer(issuer);
selector.setSubject(subject);
selector.setSubjectKeyIdentifier(subject_auth_KeyID);
selector.setAuthorityKeyIdentifier(subject_auth_KeyID);
selector.setCertificateValid(certValid);
selector.setPrivateKeyValid(privateKeyValid[1]);
selector.setSubjectPublicKey(pkey);
selector.setSubjectPublicKeyAlgID(pkAlgID);
selector.setKeyUsage(keyUsage);
selector.setExtendedKeyUsage(extKeyUsage);
selector.setSubjectAlternativeNames(subjectAltNames.getPairsList());
selector.setMatchAllSubjectAltNames(true);
selector.setPolicy(new HashSet(Arrays.asList(policies)));
assertTrue("The certificate should match the selector",
((X509CertSelector)selector.clone()).match(cert));
}
public static Test suite() {
return new TestSuite(X509CertSelectorTest.class);
}
public static void main(String[] args) {
//new X509CertSelectorTest().testSetSubjectPublicKey1();
junit.textui.TestRunner.run(suite());
}
}