0001: /*
0002: * Licensed to the Apache Software Foundation (ASF) under one or more
0003: * contributor license agreements. See the NOTICE file distributed with
0004: * this work for additional information regarding copyright ownership.
0005: * The ASF licenses this file to You under the Apache License, Version 2.0
0006: * (the "License"); you may not use this file except in compliance with
0007: * the License. You may obtain a copy of the License at
0008: *
0009: * http://www.apache.org/licenses/LICENSE-2.0
0010: *
0011: * Unless required by applicable law or agreed to in writing, software
0012: * distributed under the License is distributed on an "AS IS" BASIS,
0013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
0014: * See the License for the specific language governing permissions and
0015: * limitations under the License.
0016: */
0017:
0018: /**
0019: * @author Alexander Y. Kleymenov
0020: * @version $Revision$
0021: */package java.security.cert;
0022:
0023: import java.io.IOException;
0024: import java.math.BigInteger;
0025: import java.security.InvalidKeyException;
0026: import java.security.NoSuchAlgorithmException;
0027: import java.security.NoSuchProviderException;
0028: import java.security.Principal;
0029: import java.security.PublicKey;
0030: import java.security.SignatureException;
0031: import java.security.cert.CertificateEncodingException;
0032: import java.security.cert.CertificateException;
0033: import java.security.cert.CertificateExpiredException;
0034: import java.security.cert.CertificateNotYetValidException;
0035: import java.security.cert.X509Certificate;
0036: import java.security.spec.InvalidKeySpecException;
0037: import java.util.Date;
0038: import java.util.Set;
0039: import java.util.HashSet;
0040: import java.util.Arrays;
0041: import java.util.ArrayList;
0042: import java.util.List;
0043: import java.util.Iterator;
0044: import java.util.Collection;
0045: import javax.security.auth.x500.X500Principal;
0046:
0047: import org.apache.harmony.security.asn1.ASN1Boolean;
0048: import org.apache.harmony.security.asn1.ASN1Integer;
0049: import org.apache.harmony.security.asn1.ASN1OctetString;
0050: import org.apache.harmony.security.asn1.ASN1Oid;
0051: import org.apache.harmony.security.asn1.ASN1Sequence;
0052: import org.apache.harmony.security.asn1.ASN1Type;
0053:
0054: import org.apache.harmony.security.tests.support.TestKeyPair;
0055: import org.apache.harmony.security.x501.Name;
0056: import org.apache.harmony.security.x509.AlgorithmIdentifier;
0057: import org.apache.harmony.security.x509.CertificatePolicies;
0058: import org.apache.harmony.security.x509.EDIPartyName;
0059: import org.apache.harmony.security.x509.Extension;
0060: import org.apache.harmony.security.x509.Extensions;
0061: import org.apache.harmony.security.x509.GeneralName;
0062: import org.apache.harmony.security.x509.GeneralNames;
0063: import org.apache.harmony.security.x509.GeneralSubtree;
0064: import org.apache.harmony.security.x509.GeneralSubtrees;
0065: import org.apache.harmony.security.x509.NameConstraints;
0066: import org.apache.harmony.security.x509.ORAddress;
0067: import org.apache.harmony.security.x509.OtherName;
0068: import org.apache.harmony.security.x509.PolicyInformation;
0069: import org.apache.harmony.security.x509.PrivateKeyUsagePeriod;
0070: import org.apache.harmony.security.x509.SubjectPublicKeyInfo;
0071: import org.apache.harmony.security.x509.TBSCertificate;
0072: import org.apache.harmony.security.x509.Validity;
0073:
0074: import junit.framework.Test;
0075: import junit.framework.TestCase;
0076: import junit.framework.TestSuite;
0077:
0078: /**
0079: * X509CertSelectorTest
0080: */
0081: public class X509CertSelectorTest extends TestCase {
0082:
0083: /**
0084: * The abstract class stub implementation.
0085: */
0086: private class TestCert extends X509Certificate {
0087:
0088: /* Stuff fields */
0089: protected String equalCriteria = null; // to simplify method equals()
0090: protected BigInteger serialNumber = null;
0091: protected X500Principal issuer = null;
0092: protected X500Principal subject = null;
0093: protected byte[] keyIdentifier = null;
0094: protected Date date = null;
0095: protected Date notBefore = null;
0096: protected Date notAfter = null;
0097: protected PublicKey key = null;
0098: protected boolean[] keyUsage = null;
0099: protected List extKeyUsage = null;
0100: protected int pathLen = -1;
0101: protected GeneralNames sans = null;
0102: protected byte[] encoding = null;
0103: protected String[] policies = null;
0104: protected NameConstraints nameConstraints = null;
0105:
0106: /* Stuff methods */
0107: public TestCert() {
0108: }
0109:
0110: public TestCert(GeneralNames sans) {
0111: setSubjectAlternativeNames(sans);
0112: }
0113:
0114: public TestCert(NameConstraints nameConstraints) {
0115: this .nameConstraints = nameConstraints;
0116: }
0117:
0118: public TestCert(String equalCriteria) {
0119: setEqualCriteria(equalCriteria);
0120: }
0121:
0122: public TestCert(String[] policies) {
0123: setPolicies(policies);
0124: }
0125:
0126: public TestCert(BigInteger serial) {
0127: setSerialNumber(serial);
0128: }
0129:
0130: public TestCert(X500Principal principal) {
0131: setIssuer(principal);
0132: setSubject(principal);
0133: }
0134:
0135: public TestCert(byte[] array) {
0136: setKeyIdentifier(array);
0137: }
0138:
0139: public TestCert(Date date) {
0140: setDate(date);
0141: }
0142:
0143: public TestCert(Date notBefore, Date notAfter) {
0144: setPeriod(notBefore, notAfter);
0145: }
0146:
0147: public TestCert(PublicKey key) {
0148: setPublicKey(key);
0149: }
0150:
0151: public TestCert(boolean[] keyUsage) {
0152: setKeyUsage(keyUsage);
0153: }
0154:
0155: public TestCert(Set extKeyUsage) {
0156: setExtendedKeyUsage(extKeyUsage);
0157: }
0158:
0159: public TestCert(int pathLen) {
0160: this .pathLen = pathLen;
0161: }
0162:
0163: public void setPolicies(String[] policies) {
0164: this .policies = policies;
0165: }
0166:
0167: public void setSubjectAlternativeNames(GeneralNames sans) {
0168: this .sans = sans;
0169: }
0170:
0171: public void setExtendedKeyUsage(Set extKeyUsage) {
0172: this .extKeyUsage = (extKeyUsage == null) ? null
0173: : new ArrayList(extKeyUsage);
0174: }
0175:
0176: public void setKeyUsage(boolean[] keyUsage) {
0177: this .keyUsage = (keyUsage == null) ? null
0178: : (boolean[]) keyUsage.clone();
0179: }
0180:
0181: public void setPublicKey(PublicKey key) {
0182: this .key = key;
0183: }
0184:
0185: public void setPeriod(Date notBefore, Date notAfter) {
0186: this .notBefore = notBefore;
0187: this .notAfter = notAfter;
0188: }
0189:
0190: public void setSerialNumber(BigInteger serial) {
0191: this .serialNumber = serial;
0192: }
0193:
0194: public void setEqualCriteria(String equalCriteria) {
0195: this .equalCriteria = equalCriteria;
0196: }
0197:
0198: public void setIssuer(X500Principal issuer) {
0199: this .issuer = issuer;
0200: }
0201:
0202: public void setSubject(X500Principal subject) {
0203: this .subject = subject;
0204: }
0205:
0206: public void setKeyIdentifier(byte[] subjectKeyID) {
0207: this .keyIdentifier = subjectKeyID.clone();
0208: }
0209:
0210: public void setDate(Date date) {
0211: this .date = new Date(date.getTime());
0212: }
0213:
0214: public void setEncoding(byte[] encoding) {
0215: this .encoding = encoding;
0216: }
0217:
0218: /* Method implementations */
0219: public boolean equals(Object cert) {
0220: if (cert == null) {
0221: return false;
0222: }
0223: if ((equalCriteria == null)
0224: || (((TestCert) cert).equalCriteria == null)) {
0225: return false;
0226: } else {
0227: return equalCriteria
0228: .equals(((TestCert) cert).equalCriteria);
0229: }
0230: }
0231:
0232: public String toString() {
0233: if (equalCriteria != null) {
0234: return equalCriteria;
0235: }
0236: return "";
0237: }
0238:
0239: public void checkValidity() throws CertificateExpiredException,
0240: CertificateNotYetValidException {
0241: }
0242:
0243: public void checkValidity(Date date)
0244: throws CertificateExpiredException,
0245: CertificateNotYetValidException {
0246: if (this .date == null) {
0247: throw new CertificateExpiredException();
0248: }
0249: int result = this .date.compareTo(date);
0250: if (result > 0) {
0251: throw new CertificateExpiredException();
0252: }
0253: if (result < 0) {
0254: throw new CertificateNotYetValidException();
0255: }
0256: }
0257:
0258: public int getVersion() {
0259: return 3;
0260: }
0261:
0262: public BigInteger getSerialNumber() {
0263: return (serialNumber == null) ? new BigInteger("1111")
0264: : serialNumber;
0265: }
0266:
0267: public Principal getIssuerDN() {
0268: return issuer;
0269: }
0270:
0271: public X500Principal getIssuerX500Principal() {
0272: return issuer;
0273: }
0274:
0275: public Principal getSubjectDN() {
0276: return subject;
0277: }
0278:
0279: public X500Principal getSubjectX500Principal() {
0280: return subject;
0281: }
0282:
0283: public Date getNotBefore() {
0284: return null;
0285: }
0286:
0287: public Date getNotAfter() {
0288: return null;
0289: }
0290:
0291: public byte[] getTBSCertificate()
0292: throws CertificateEncodingException {
0293: return null;
0294: }
0295:
0296: public byte[] getSignature() {
0297: return null;
0298: }
0299:
0300: public String getSigAlgName() {
0301: return null;
0302: }
0303:
0304: public String getSigAlgOID() {
0305: return null;
0306: }
0307:
0308: public byte[] getSigAlgParams() {
0309: return null;
0310: }
0311:
0312: public boolean[] getIssuerUniqueID() {
0313: return null;
0314: }
0315:
0316: public boolean[] getSubjectUniqueID() {
0317: return null;
0318: }
0319:
0320: public boolean[] getKeyUsage() {
0321: return keyUsage;
0322: }
0323:
0324: public List/*<String>*/getExtendedKeyUsage()
0325: throws CertificateParsingException {
0326: return extKeyUsage;
0327: }
0328:
0329: public int getBasicConstraints() {
0330: return pathLen;
0331: }
0332:
0333: public Collection/*<List<?>>*/getSubjectAlternativeNames()
0334: throws CertificateParsingException {
0335: return sans.getPairsList();
0336: }
0337:
0338: public void verify(PublicKey key) throws CertificateException,
0339: NoSuchAlgorithmException, InvalidKeyException,
0340: NoSuchProviderException, SignatureException {
0341: }
0342:
0343: public void verify(PublicKey key, String sigProvider)
0344: throws CertificateException, NoSuchAlgorithmException,
0345: InvalidKeyException, NoSuchProviderException,
0346: SignatureException {
0347: }
0348:
0349: public PublicKey getPublicKey() {
0350: return key;
0351: }
0352:
0353: public byte[] getEncoded() throws CertificateEncodingException {
0354: return encoding;
0355: }
0356:
0357: public Set getNonCriticalExtensionOIDs() {
0358: return null;
0359: }
0360:
0361: public Set getCriticalExtensionOIDs() {
0362: return null;
0363: }
0364:
0365: public byte[] getExtensionValue(String oid) {
0366: if (("2.5.29.14".equals(oid)) || ("2.5.29.35".equals(oid))) {
0367: // Extension value is represented as an OctetString
0368: return ASN1OctetString.getInstance().encode(
0369: keyIdentifier);
0370: }
0371: if ("2.5.29.16".equals(oid)) {
0372: PrivateKeyUsagePeriod pkup = new PrivateKeyUsagePeriod(
0373: notBefore, notAfter);
0374: byte[] encoded = pkup.getEncoded();
0375: return ASN1OctetString.getInstance().encode(encoded);
0376: }
0377: if (("2.5.29.37".equals(oid)) && (extKeyUsage != null)) {
0378: ASN1Oid[] oa = new ASN1Oid[extKeyUsage.size()];
0379: String[] val = new String[extKeyUsage.size()];
0380: Iterator it = extKeyUsage.iterator();
0381: int id = 0;
0382: while (it.hasNext()) {
0383: oa[id] = ASN1Oid.getInstanceForString();
0384: val[id++] = (String) it.next();
0385: }
0386: return ASN1OctetString.getInstance().encode(
0387: new ASN1Sequence(oa).encode(val));
0388: }
0389: if ("2.5.29.19".equals(oid)) {
0390: return ASN1OctetString.getInstance().encode(
0391: new ASN1Sequence(new ASN1Type[] {
0392: ASN1Boolean.getInstance(),
0393: ASN1Integer.getInstance() })
0394: .encode(new Object[] {
0395: new Boolean(pathLen != -1),
0396: BigInteger.valueOf(pathLen)
0397: .toByteArray() }));
0398: }
0399: if ("2.5.29.17".equals(oid) && (sans != null)) {
0400: if (sans.getNames() == null) {
0401: return null;
0402: }
0403: return ASN1OctetString.getInstance().encode(
0404: GeneralNames.ASN1.encode(sans));
0405: }
0406: if ("2.5.29.32".equals(oid) && (policies != null)
0407: && (policies.length > 0)) {
0408: // Certificate Policies Extension (as specified in rfc 3280)
0409: CertificatePolicies certificatePolicies = new CertificatePolicies();
0410: for (int i = 0; i < policies.length; i++) {
0411: PolicyInformation policyInformation = new PolicyInformation(
0412: policies[i]);
0413: certificatePolicies
0414: .addPolicyInformation(policyInformation);
0415: }
0416: return ASN1OctetString.getInstance().encode(
0417: certificatePolicies.getEncoded());
0418: }
0419: if ("2.5.29.30".equals(oid) && (nameConstraints != null)) {
0420: // Name Constraints Extension (as specified in rfc 3280)
0421: return ASN1OctetString.getInstance().encode(
0422: nameConstraints.getEncoded());
0423: }
0424: return null;
0425: }
0426:
0427: public boolean hasUnsupportedCriticalExtension() {
0428: return false;
0429: }
0430: }
0431:
0432: /* ********************************************************************** */
0433: /* ************************* Test implementation ************************ */
0434: /* ********************************************************************** */
0435:
0436: /**
0437: * setCertificate(X509Certificate certificate) method testing.
0438: * Tests if any certificates match in the case of null criteria,
0439: * if [not]proper certificates [do not]match
0440: */
0441: public void testSetCertificate() {
0442: TestCert cert_1 = new TestCert("same certificate");
0443: TestCert cert_2 = new TestCert("other certificate");
0444: X509CertSelector selector = new X509CertSelector();
0445:
0446: selector.setCertificate(null);
0447: assertTrue("Any certificates should match in the case of null "
0448: + "certificateEquals criteria.", selector.match(cert_1)
0449: && selector.match(cert_2));
0450: selector.setCertificate(cert_1);
0451: assertTrue(
0452: "The certificate should match the selection criteria.",
0453: selector.match(cert_1));
0454: assertFalse(
0455: "The certificate should not match the selection criteria.",
0456: selector.match(cert_2));
0457: selector.setCertificate(cert_2);
0458: assertTrue(
0459: "The certificate should match the selection criteria.",
0460: selector.match(cert_2));
0461: }
0462:
0463: /**
0464: * getCertificate() method testing.
0465: * Tests if the method return null in the case of not specified criteria,
0466: * if the returned value [does not]corresponds to [not]specified
0467: */
0468: public void testGetCertificate() {
0469: TestCert cert_1 = new TestCert("same certificate");
0470: TestCert cert_2 = new TestCert("other certificate");
0471: X509CertSelector selector = new X509CertSelector();
0472:
0473: assertNull("Selector should return null", selector
0474: .getCertificate());
0475: selector.setCertificate(cert_1);
0476: assertEquals(
0477: "The returned certificate should be equal to specified",
0478: cert_1, selector.getCertificate());
0479: assertFalse("The returned certificate should differ", cert_2
0480: .equals(selector.getCertificate()));
0481: }
0482:
0483: /**
0484: * setSerialNumber(BigInteger serial) method testing.
0485: * Tests if any certificates match in the case of null criteria,
0486: * if [not]proper certificates [do not]match
0487: */
0488: public void testSetSerialNumber() {
0489: BigInteger ser1 = new BigInteger("10000");
0490: BigInteger ser2 = new BigInteger("10001");
0491: TestCert cert_1 = new TestCert(ser1);
0492: TestCert cert_2 = new TestCert(ser2);
0493: X509CertSelector selector = new X509CertSelector();
0494:
0495: selector.setSerialNumber(null);
0496: assertTrue("Any certificate should match in the case of null "
0497: + "serialNumber criteria.", selector.match(cert_1)
0498: && selector.match(cert_2));
0499: selector.setSerialNumber(ser1);
0500: assertTrue(
0501: "The certificate should match the selection criteria.",
0502: selector.match(cert_1));
0503: assertFalse(
0504: "The certificate should not match the selection criteria.",
0505: selector.match(cert_2));
0506: selector.setSerialNumber(ser2);
0507: assertTrue(
0508: "The certificate should match the selection criteria.",
0509: selector.match(cert_2));
0510: }
0511:
0512: /**
0513: * getSerialNumber() method testing.
0514: * Tests if the method return null in the case of not specified criteria,
0515: * if the returned value [does not]corresponds to [not]specified
0516: */
0517: public void testGetSerialNumber() {
0518: BigInteger ser1 = new BigInteger("10000");
0519: BigInteger ser2 = new BigInteger("10001");
0520: X509CertSelector selector = new X509CertSelector();
0521:
0522: assertNull("Selector should return null", selector
0523: .getSerialNumber());
0524: selector.setSerialNumber(ser1);
0525: assertEquals(
0526: "The returned serial number should be equal to specified",
0527: ser1, selector.getSerialNumber());
0528: assertFalse("The returned serial number should differ", ser2
0529: .equals(selector.getSerialNumber()));
0530: }
0531:
0532: /**
0533: * setIssuer(X500Principal issuer) method testing.
0534: * Tests if any certificates match in the case of null criteria,
0535: * if [not]proper certificates [do not]match
0536: */
0537: public void testSetIssuer1() {
0538: X500Principal iss1 = new X500Principal("O=First Org.");
0539: X500Principal iss2 = new X500Principal("O=Second Org.");
0540: TestCert cert_1 = new TestCert(iss1);
0541: TestCert cert_2 = new TestCert(iss2);
0542: X509CertSelector selector = new X509CertSelector();
0543:
0544: selector.setIssuer((X500Principal) null);
0545: assertTrue("Any certificates should match "
0546: + "in the case of null issuer criteria.", selector
0547: .match(cert_1)
0548: && selector.match(cert_2));
0549: selector.setIssuer(iss1);
0550: assertTrue(
0551: "The certificate should match the selection criteria.",
0552: selector.match(cert_1));
0553: assertFalse(
0554: "The certificate should not match the selection criteria.",
0555: selector.match(cert_2));
0556: selector.setIssuer(iss2);
0557: assertTrue(
0558: "The certificate should match the selection criteria.",
0559: selector.match(cert_2));
0560: }
0561:
0562: /**
0563: * getIssuer() method testing.
0564: * Tests if the method return null in the case of not specified criteria,
0565: * if the returned value [does not]corresponds to [not]specified
0566: */
0567: public void testGetIssuer() {
0568: X500Principal iss1 = new X500Principal("O=First Org.");
0569: X500Principal iss2 = new X500Principal("O=Second Org.");
0570: X509CertSelector selector = new X509CertSelector();
0571:
0572: assertNull("Selector should return null", selector.getIssuer());
0573: selector.setIssuer(iss1);
0574: assertEquals(
0575: "The returned issuer should be equal to specified",
0576: iss1, selector.getIssuer());
0577: assertFalse("The returned issuer should differ", iss2
0578: .equals(selector.getIssuer()));
0579: }
0580:
0581: /**
0582: * setIssuer(String issuerDN) method testing.
0583: * Tests if any certificates match in the case of null criteria,
0584: * if [not]proper certificates [do not]match
0585: */
0586: public void testSetIssuer2() throws IOException {
0587: String name1 = "O=First Org.";
0588: String name2 = "O=Second Org.";
0589: X500Principal iss1 = new X500Principal(name1);
0590: X500Principal iss2 = new X500Principal(name2);
0591: TestCert cert_1 = new TestCert(iss1);
0592: TestCert cert_2 = new TestCert(iss2);
0593: X509CertSelector selector = new X509CertSelector();
0594:
0595: selector.setIssuer((String) null);
0596: assertTrue(
0597: "Any certificates should match in the case of null issuer criteria.",
0598: selector.match(cert_1) && selector.match(cert_2));
0599:
0600: selector.setIssuer(name1);
0601: assertTrue(
0602: "The certificate should match the selection criteria.",
0603: selector.match(cert_1));
0604: assertFalse(
0605: "The certificate should not match the selection criteria.",
0606: selector.match(cert_2));
0607: selector.setIssuer(name2);
0608: assertTrue(
0609: "The certificate should match the selection criteria.",
0610: selector.match(cert_2));
0611: }
0612:
0613: /**
0614: * getIssuerAsString() method testing.
0615: * Tests if the method return null in the case of not specified criteria,
0616: * if the returned value [does not]corresponds to [not]specified
0617: */
0618: public void testGetIssuerAsString() {
0619: String name1 = "O=First Org.";
0620: String name2 = "O=Second Org.";
0621: X500Principal iss1 = new X500Principal(name1);
0622: X500Principal iss2 = new X500Principal(name2);
0623: X509CertSelector selector = new X509CertSelector();
0624:
0625: assertNull("Selector should return null", selector
0626: .getIssuerAsString());
0627: selector.setIssuer(iss1);
0628: assertEquals(
0629: "The returned issuer should be equal to specified",
0630: new X500Principal(name1), new X500Principal(selector
0631: .getIssuerAsString()));
0632: assertFalse("The returned issuer should differ",
0633: new X500Principal(name2).equals(new X500Principal(
0634: selector.getIssuerAsString())));
0635: selector.setIssuer(iss2);
0636: assertEquals(
0637: "The returned issuer should be equal to specified",
0638: new X500Principal(name2), new X500Principal(selector
0639: .getIssuerAsString()));
0640: }
0641:
0642: /**
0643: * setIssuer(byte[] issuerDN) method testing.
0644: * Tests if any certificates match in the case of null criteria,
0645: * if [not]proper certificates [do not]match
0646: */
0647: public void testSetIssuer3() throws IOException {
0648: byte[] name1 = new byte[]
0649: //manually obtained DER encoding of "O=First Org." issuer name;
0650: { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105,
0651: 114, 115, 116, 32, 79, 114, 103, 46 };
0652: byte[] name2 = new byte[]
0653: //manually obtained DER encoding of "O=Second Org." issuer name;
0654: { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99,
0655: 111, 110, 100, 32, 79, 114, 103, 46 };
0656: X500Principal iss1 = new X500Principal(name1);
0657: X500Principal iss2 = new X500Principal(name2);
0658: TestCert cert_1 = new TestCert(iss1);
0659: TestCert cert_2 = new TestCert(iss2);
0660: X509CertSelector selector = new X509CertSelector();
0661:
0662: selector.setIssuer((byte[]) null);
0663: assertTrue(
0664: "Any certificates should match in the case of null issuer criteria.",
0665: selector.match(cert_1) && selector.match(cert_2));
0666:
0667: selector.setIssuer(name1);
0668: assertTrue(
0669: "The certificate should match the selection criteria.",
0670: selector.match(cert_1));
0671: assertFalse(
0672: "The certificate should not match the selection criteria.",
0673: selector.match(cert_2));
0674: selector.setIssuer(name2);
0675: assertTrue(
0676: "The certificate should match the selection criteria.",
0677: selector.match(cert_2));
0678: }
0679:
0680: /**
0681: * getIssuerAsBytes() method testing.
0682: * Tests if the method return null in the case of not specified criteria,
0683: * if the returned value [does not]corresponds to [not]specified
0684: */
0685: public void testGetIssuerAsBytes() throws IOException {
0686: byte[] name1 = new byte[]
0687: //manually obtained DER encoding of "O=First Org." issuer name;
0688: { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105,
0689: 114, 115, 116, 32, 79, 114, 103, 46 };
0690: byte[] name2 = new byte[]
0691: //manually obtained DER encoding of "O=Second Org." issuer name;
0692: { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99,
0693: 111, 110, 100, 32, 79, 114, 103, 46 };
0694: X500Principal iss1 = new X500Principal(name1);
0695: X500Principal iss2 = new X500Principal(name2);
0696: X509CertSelector selector = new X509CertSelector();
0697:
0698: assertNull("Selector should return null", selector
0699: .getIssuerAsBytes());
0700:
0701: selector.setIssuer(iss1);
0702: assertEquals(
0703: "The returned issuer should be equal to specified",
0704: new X500Principal(name1), new X500Principal(selector
0705: .getIssuerAsBytes()));
0706: assertFalse("The returned issuer should differ",
0707: new X500Principal(name2).equals(new X500Principal(
0708: selector.getIssuerAsBytes())));
0709:
0710: selector.setIssuer(iss2);
0711: assertEquals(
0712: "The returned issuer should be equal to specified",
0713: new X500Principal(name2), new X500Principal(selector
0714: .getIssuerAsBytes()));
0715: }
0716:
0717: /**
0718: * setSubject(X500Principal subject) method testing.
0719: * Tests if any certificates match in the case of null criteria,
0720: * if [not]proper certificates [do not]match
0721: */
0722: public void testSetSubject1() {
0723: X500Principal sub1 = new X500Principal("O=First Org.");
0724: X500Principal sub2 = new X500Principal("O=Second Org.");
0725: TestCert cert_1 = new TestCert(sub1);
0726: TestCert cert_2 = new TestCert(sub2);
0727: X509CertSelector selector = new X509CertSelector();
0728:
0729: selector.setSubject((X500Principal) null);
0730: assertTrue("Any certificates should match "
0731: + "in the case of null subjcet criteria.", selector
0732: .match(cert_1)
0733: && selector.match(cert_2));
0734: selector.setSubject(sub1);
0735: assertTrue(
0736: "The certificate should match the selection criteria.",
0737: selector.match(cert_1));
0738: assertFalse(
0739: "The certificate should not match the selection criteria.",
0740: selector.match(cert_2));
0741: selector.setSubject(sub2);
0742: assertTrue(
0743: "The certificate should match the selection criteria.",
0744: selector.match(cert_2));
0745: }
0746:
0747: /**
0748: * getSubject() method testing.
0749: * Tests if the method return null in the case of not specified criteria,
0750: * if the returned value [does not]corresponds to [not]specified
0751: */
0752: public void testGetSubject() {
0753: X500Principal sub1 = new X500Principal("O=First Org.");
0754: X500Principal sub2 = new X500Principal("O=Second Org.");
0755: X509CertSelector selector = new X509CertSelector();
0756:
0757: assertNull("Selector should return null", selector.getSubject());
0758: selector.setSubject(sub1);
0759: assertEquals(
0760: "The returned subject should be equal to specified",
0761: sub1, selector.getSubject());
0762: assertFalse("The returned subject should differ", sub2
0763: .equals(selector.getSubject()));
0764: }
0765:
0766: /**
0767: * setSubject(String subjectDN) method testing.
0768: * Tests if any certificates match in the case of null criteria,
0769: * if [not]proper certificates [do not]match
0770: */
0771: public void testSetSubject2() throws IOException {
0772: String name1 = "O=First Org.";
0773: String name2 = "O=Second Org.";
0774: X500Principal sub1 = new X500Principal(name1);
0775: X500Principal sub2 = new X500Principal(name2);
0776: TestCert cert_1 = new TestCert(sub1);
0777: TestCert cert_2 = new TestCert(sub2);
0778: X509CertSelector selector = new X509CertSelector();
0779:
0780: selector.setSubject((String) null);
0781: assertTrue(
0782: "Any certificates should match in the case of null subject criteria.",
0783: selector.match(cert_1) && selector.match(cert_2));
0784:
0785: selector.setSubject(name1);
0786: assertTrue(
0787: "The certificate should match the selection criteria.",
0788: selector.match(cert_1));
0789: assertFalse(
0790: "The certificate should not match the selection criteria.",
0791: selector.match(cert_2));
0792:
0793: selector.setSubject(name2);
0794: assertTrue(
0795: "The certificate should match the selection criteria.",
0796: selector.match(cert_2));
0797: }
0798:
0799: /**
0800: * getSubjectAsString() method testing.
0801: * Tests if the method return null in the case of not specified criteria,
0802: * if the returned value [does not]corresponds to [not]specified
0803: */
0804: public void testGetSubjectAsString() {
0805: String name1 = "O=First Org.";
0806: String name2 = "O=Second Org.";
0807: X500Principal sub1 = new X500Principal(name1);
0808: X500Principal sub2 = new X500Principal(name2);
0809: X509CertSelector selector = new X509CertSelector();
0810:
0811: assertNull("Selector should return null", selector
0812: .getSubjectAsString());
0813: selector.setSubject(sub1);
0814: assertEquals(
0815: "The returned subject should be equal to specified",
0816: new X500Principal(name1), new X500Principal(selector
0817: .getSubjectAsString()));
0818: assertFalse("The returned subject should differ",
0819: new X500Principal(name2).equals(new X500Principal(
0820: selector.getSubjectAsString())));
0821: selector.setSubject(sub2);
0822: assertEquals(
0823: "The returned subject should be equal to specified",
0824: new X500Principal(name2), new X500Principal(selector
0825: .getSubjectAsString()));
0826: }
0827:
0828: /**
0829: * setSubject(byte[] subjectDN) method testing.
0830: * Tests if any certificates match in the case of null criteria,
0831: * if [not]proper certificates [do not]match
0832: */
0833: public void testSetSubject3() throws IOException {
0834: byte[] name1 = new byte[]
0835: //manually obtained DER encoding of "O=First Org." issuer name;
0836: { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105,
0837: 114, 115, 116, 32, 79, 114, 103, 46 };
0838: byte[] name2 = new byte[]
0839: //manually obtained DER encoding of "O=Second Org." issuer name;
0840: { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99,
0841: 111, 110, 100, 32, 79, 114, 103, 46 };
0842: X500Principal sub1 = new X500Principal(name1);
0843: X500Principal sub2 = new X500Principal(name2);
0844: TestCert cert_1 = new TestCert(sub1);
0845: TestCert cert_2 = new TestCert(sub2);
0846: X509CertSelector selector = new X509CertSelector();
0847:
0848: selector.setSubject((byte[]) null);
0849: assertTrue(
0850: "Any certificates should match in the case of null issuer criteria.",
0851: selector.match(cert_1) && selector.match(cert_2));
0852:
0853: selector.setSubject(name1);
0854: assertTrue(
0855: "The certificate should match the selection criteria.",
0856: selector.match(cert_1));
0857: assertFalse(
0858: "The certificate should not match the selection criteria.",
0859: selector.match(cert_2));
0860:
0861: selector.setSubject(name2);
0862: assertTrue(
0863: "The certificate should match the selection criteria.",
0864: selector.match(cert_2));
0865: }
0866:
0867: /**
0868: * getSubjectAsBytes() method testing.
0869: * Tests if the method return null in the case of not specified criteria,
0870: * if the returned value [does not]corresponds to [not]specified
0871: */
0872: public void testGetSubjectAsBytes() throws IOException {
0873: byte[] name1 = new byte[]
0874: //manually obtained DER encoding of "O=First Org." issuer name;
0875: { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105,
0876: 114, 115, 116, 32, 79, 114, 103, 46 };
0877: byte[] name2 = new byte[]
0878: //manually obtained DER encoding of "O=Second Org." issuer name;
0879: { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99,
0880: 111, 110, 100, 32, 79, 114, 103, 46 };
0881: X500Principal sub1 = new X500Principal(name1);
0882: X500Principal sub2 = new X500Principal(name2);
0883: X509CertSelector selector = new X509CertSelector();
0884:
0885: assertNull("Selector should return null", selector
0886: .getSubjectAsBytes());
0887: selector.setSubject(sub1);
0888:
0889: assertEquals(
0890: "The returned issuer should be equal to specified",
0891: new X500Principal(name1), new X500Principal(selector
0892: .getSubjectAsBytes()));
0893: assertFalse("The returned issuer should differ",
0894: new X500Principal(name2).equals(new X500Principal(
0895: selector.getSubjectAsBytes())));
0896:
0897: selector.setSubject(sub2);
0898: assertEquals(
0899: "The returned issuer should be equal to specified",
0900: new X500Principal(name2), new X500Principal(selector
0901: .getSubjectAsBytes()));
0902: }
0903:
0904: /**
0905: * setSubjectKeyIdentifier(byte[] subjectKeyID) method testing.
0906: * Tests if any certificates match in the case of null criteria,
0907: * if [not]proper certificates [do not]match, and if the initialization
0908: * object are copied during the initialization.
0909: */
0910: public void testSetSubjectKeyIdentifier() {
0911: byte[] skid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value
0912: byte[] skid2 = new byte[] { 5, 4, 3, 2, 1 }; // random value
0913: TestCert cert_1 = new TestCert(skid1);
0914: TestCert cert_2 = new TestCert(skid2);
0915: X509CertSelector selector = new X509CertSelector();
0916:
0917: selector.setSubjectKeyIdentifier(null);
0918: assertTrue("Any certificate should match in the case of null "
0919: + "serialNumber criteria.", selector.match(cert_1)
0920: && selector.match(cert_2));
0921: selector.setSubjectKeyIdentifier(skid1);
0922: assertTrue(
0923: "The certificate should match the selection criteria.",
0924: selector.match(cert_1));
0925: assertFalse(
0926: "The certificate should not match the selection criteria.",
0927: selector.match(cert_2));
0928: selector.setSubjectKeyIdentifier(skid2);
0929: skid2[0]++;
0930: assertTrue(
0931: "The certificate should match the selection criteria.",
0932: selector.match(cert_2));
0933: }
0934:
0935: /**
0936: * getSubjectKeyIdentifier() method testing.
0937: * Tests if the method return null in the case of not specified criteria,
0938: * if the returned value [does not]corresponds to [not]specified
0939: * and its modification does not cause the modification of internal object.
0940: */
0941: public void testGetSubjectKeyIdentifier() {
0942: byte[] skid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value
0943: byte[] skid2 = new byte[] { 4, 5, 5, 4, 3, 2, 1 }; // random value
0944: X509CertSelector selector = new X509CertSelector();
0945:
0946: assertNull("Selector should return null", selector
0947: .getSubjectKeyIdentifier());
0948: selector.setSubjectKeyIdentifier(skid1);
0949: assertTrue("The returned keyID should be equal to specified",
0950: Arrays
0951: .equals(skid1, selector
0952: .getSubjectKeyIdentifier()));
0953: selector.getSubjectKeyIdentifier()[0]++;
0954: assertTrue("The returned keyID should be equal to specified",
0955: Arrays
0956: .equals(skid1, selector
0957: .getSubjectKeyIdentifier()));
0958: assertFalse("The returned keyID should differ", Arrays.equals(
0959: skid2, selector.getSubjectKeyIdentifier()));
0960: }
0961:
0962: /**
0963: * setAuthorityKeyIdentifier(byte[] authorityKeyID) method testing.
0964: * Tests if any certificates match in the case of null criteria,
0965: * if [not]proper certificates [do not]match, and if the initialization
0966: * object are copied during the initialization.
0967: */
0968: public void testSetAuthorityKeyIdentifier() {
0969: byte[] akid1 = new byte[] { 1, 2, 3, 4, 5 }; // random value
0970: byte[] akid2 = new byte[] { 5, 4, 3, 2, 1 }; // random value
0971: TestCert cert_1 = new TestCert(akid1);
0972: TestCert cert_2 = new TestCert(akid2);
0973: X509CertSelector selector = new X509CertSelector();
0974:
0975: selector.setAuthorityKeyIdentifier(null);
0976: assertTrue("Any certificate should match in the case of null "
0977: + "serialNumber criteria.", selector.match(cert_1)
0978: && selector.match(cert_2));
0979: selector.setAuthorityKeyIdentifier(akid1);
0980: assertTrue(
0981: "The certificate should match the selection criteria.",
0982: selector.match(cert_1));
0983: assertFalse(
0984: "The certificate should not match the selection criteria.",
0985: selector.match(cert_2));
0986: selector.setAuthorityKeyIdentifier(akid2);
0987: akid2[0]++;
0988: assertTrue(
0989: "The certificate should match the selection criteria.",
0990: selector.match(cert_2));
0991: }
0992:
0993: /**
0994: * getAuthorityKeyIdentifier() method testing.
0995: * Tests if the method return null in the case of not specified criteria,
0996: * if the returned value [does not]corresponds to [not]specified
0997: * and its modification does not cause the modification of internal object.
0998: */
0999: public void testGetAuthorityKeyIdentifier() {
1000: byte[] akid1 = new byte[] { 4, 5, 1, 2, 3, 4, 5 }; // random value
1001: byte[] akid2 = new byte[] { 4, 5, 5, 4, 3, 2, 1 }; // random value
1002: X509CertSelector selector = new X509CertSelector();
1003:
1004: assertNull("Selector should return null", selector
1005: .getAuthorityKeyIdentifier());
1006: selector.setAuthorityKeyIdentifier(akid1);
1007: assertTrue("The returned keyID should be equal to specified",
1008: Arrays.equals(akid1, selector
1009: .getAuthorityKeyIdentifier()));
1010: selector.getAuthorityKeyIdentifier()[0]++;
1011: assertTrue("The returned keyID should be equal to specified",
1012: Arrays.equals(akid1, selector
1013: .getAuthorityKeyIdentifier()));
1014: assertFalse("The returned keyID should differ", Arrays.equals(
1015: akid2, selector.getAuthorityKeyIdentifier()));
1016: }
1017:
1018: /**
1019: * setCertificateValid(Date certificateValid) method testing.
1020: * Tests if any certificates match in the case of null criteria,
1021: * if [not]proper certificates [do not]match, and if the initialization
1022: * object are copied during the initialization.
1023: */
1024: public void testSetCertificateValid() {
1025: Date date1 = new Date(100);
1026: Date date2 = new Date(200);
1027: TestCert cert_1 = new TestCert(date1);
1028: TestCert cert_2 = new TestCert(date2);
1029: X509CertSelector selector = new X509CertSelector();
1030:
1031: selector.setCertificateValid(null);
1032: assertTrue("Any certificate should match in the case of null "
1033: + "serialNumber criteria.", selector.match(cert_1)
1034: && selector.match(cert_2));
1035: selector.setCertificateValid(date1);
1036: assertTrue(
1037: "The certificate should match the selection criteria.",
1038: selector.match(cert_1));
1039: assertFalse(
1040: "The certificate should not match the selection criteria.",
1041: selector.match(cert_2));
1042: selector.setCertificateValid(date2);
1043: date2.setTime(300);
1044: assertTrue(
1045: "The certificate should match the selection criteria.",
1046: selector.match(cert_2));
1047: }
1048:
1049: /**
1050: * getCertificateValid() method testing.
1051: * Tests if the method return null in the case of not specified criteria,
1052: * if the returned value [does not]corresponds to [not]specified
1053: * and its modification does not cause the modification of internal object.
1054: */
1055: public void testGetCertificateValid() {
1056: Date date1 = new Date(100);
1057: Date date2 = new Date(200);
1058: X509CertSelector selector = new X509CertSelector();
1059:
1060: assertNull("Selector should return null", selector
1061: .getCertificateValid());
1062: selector.setCertificateValid(date1);
1063: assertTrue("The returned date should be equal to specified",
1064: date1.equals(selector.getCertificateValid()));
1065: selector.getCertificateValid().setTime(200);
1066: assertTrue("The returned date should be equal to specified",
1067: date1.equals(selector.getCertificateValid()));
1068: assertFalse("The returned date should differ", date2
1069: .equals(selector.getCertificateValid()));
1070: }
1071:
1072: /**
1073: * setPrivateKeyValid(Date privateKeyValid) method testing.
1074: * Tests if any certificates match in the case of null criteria,
1075: * if [not]proper certificates [do not]match, and if the initialization
1076: * object are copied during the initialization.
1077: */
1078: public void testSetPrivateKeyValid() {
1079: Date date1 = new Date(100000000);
1080: Date date2 = new Date(200000000);
1081: Date date3 = new Date(300000000);
1082: Date date4 = new Date(150000000);
1083: Date date5 = new Date(250000000);
1084: TestCert cert_1 = new TestCert(date1, date2);
1085: TestCert cert_2 = new TestCert(date2, date3);
1086: X509CertSelector selector = new X509CertSelector();
1087:
1088: selector.setPrivateKeyValid(null);
1089: assertTrue("Any certificate should match in the case of null "
1090: + "privateKeyValid criteria.", selector.match(cert_1)
1091: && selector.match(cert_2));
1092: selector.setPrivateKeyValid(date4);
1093: assertTrue(
1094: "The certificate should match the selection criteria.",
1095: selector.match(cert_1));
1096: assertFalse(
1097: "The certificate should not match the selection criteria.",
1098: selector.match(cert_2));
1099: selector.setPrivateKeyValid(date5);
1100: date5.setTime(date4.getTime());
1101: assertTrue(
1102: "The certificate should match the selection criteria.",
1103: selector.match(cert_2));
1104: }
1105:
1106: /**
1107: * getPrivateKeyValid() method testing.
1108: * Tests if the method return null in the case of not specified criteria,
1109: * if the returned value [does not]corresponds to [not]specified
1110: * and its modification does not cause the modification of internal object.
1111: */
1112: public void testGetPrivateKeyValid() {
1113: Date date1 = new Date(100);
1114: Date date2 = new Date(200);
1115: X509CertSelector selector = new X509CertSelector();
1116:
1117: assertNull("Selector should return null", selector
1118: .getPrivateKeyValid());
1119: selector.setPrivateKeyValid(date1);
1120: assertTrue("The returned date should be equal to specified",
1121: date1.equals(selector.getPrivateKeyValid()));
1122: selector.getPrivateKeyValid().setTime(200);
1123: assertTrue("The returned date should be equal to specified",
1124: date1.equals(selector.getPrivateKeyValid()));
1125: assertFalse("The returned date should differ", date2
1126: .equals(selector.getPrivateKeyValid()));
1127: }
1128:
1129: /**
1130: * setSubjectPublicKeyAlgID(String oid) method testing.
1131: * Tests if any certificates match in the case of null criteria,
1132: * if [not]proper certificates [do not]match
1133: */
1134: public void testSetSubjectPublicKeyAlgID() throws Exception {
1135: String pkaid1 = "1.2.840.113549.1.1.1"; // RSA (source: http://asn1.elibel.tm.fr)
1136: String pkaid2 = "1.2.840.10040.4.1"; // DSA (source: http://asn1.elibel.tm.fr)
1137:
1138: PublicKey pkey1 = new TestKeyPair("RSA").getPublic();
1139: PublicKey pkey2 = new TestKeyPair("DSA").getPublic();
1140:
1141: TestCert cert_1 = new TestCert(pkey1);
1142: TestCert cert_2 = new TestCert(pkey2);
1143: X509CertSelector selector = new X509CertSelector();
1144:
1145: selector.setSubjectPublicKeyAlgID(null);
1146: assertTrue("Any certificate should match in the case of null "
1147: + "subjectPublicKeyAlgID criteria.", selector
1148: .match(cert_1)
1149: && selector.match(cert_2));
1150:
1151: selector.setSubjectPublicKeyAlgID(pkaid1);
1152: assertTrue(
1153: "The certificate should match the selection criteria.",
1154: selector.match(cert_1));
1155: assertFalse(
1156: "The certificate should not match the selection criteria.",
1157: selector.match(cert_2));
1158:
1159: selector.setSubjectPublicKeyAlgID(pkaid2);
1160: assertTrue(
1161: "The certificate should match the selection criteria.",
1162: selector.match(cert_2));
1163: }
1164:
1165: /**
1166: * @tests java.security.cert.X509CertSelector#setSubjectPublicKeyAlgID(java.lang.String)
1167: */
1168: public void test_setSubjectPublicKeyAlgIDLjava_lang_String()
1169: throws Exception {
1170: //Regression for HARMONY-465
1171: X509CertSelector obj = new X509CertSelector();
1172: try {
1173: obj.setSubjectPublicKeyAlgID("abc");
1174: fail("IOException expected");
1175: } catch (IOException e) {
1176: // expected
1177: }
1178: }
1179:
1180: /**
1181: * getSubjectPublicKeyAlgID() method testing.
1182: * Tests if the method return null in the case of not specified criteria,
1183: * if the returned value [does not]corresponds to [not]specified
1184: */
1185: public void testGetSubjectPublicKeyAlgID() throws IOException {
1186: String pkaid1 = "1.2.840.113549.1.1.1"; // RSA encryption (source: http://asn1.elibel.tm.fr)
1187: String pkaid2 = "1.2.840.113549.1.1.2"; // MD2 with RSA encryption (source: http://asn1.elibel.tm.fr)
1188: X509CertSelector selector = new X509CertSelector();
1189:
1190: assertNull("Selector should return null", selector
1191: .getSubjectPublicKeyAlgID());
1192:
1193: selector.setSubjectPublicKeyAlgID(pkaid1);
1194: assertTrue("The returned oid should be equal to specified",
1195: pkaid1.equals(selector.getSubjectPublicKeyAlgID()));
1196: assertFalse("The returned oid should differ", pkaid2
1197: .equals(selector.getSubjectPublicKeyAlgID()));
1198: }
1199:
1200: /**
1201: * setSubjectPublicKey(PublicKey key) method testing.
1202: * Tests if any certificates match in the case of null criteria,
1203: * if [not]proper certificates [do not]match.
1204: */
1205: public void testSetSubjectPublicKey1() throws Exception {
1206: PublicKey pkey1 = new TestKeyPair("RSA").getPublic();
1207: PublicKey pkey2 = new TestKeyPair("DSA").getPublic();
1208:
1209: TestCert cert_1 = new TestCert(pkey1);
1210: TestCert cert_2 = new TestCert(pkey2);
1211: X509CertSelector selector = new X509CertSelector();
1212:
1213: selector.setSubjectPublicKey((PublicKey) null);
1214: assertTrue("Any certificate should match in the case of null "
1215: + "subjectPublicKey criteria.", selector.match(cert_1)
1216: && selector.match(cert_2));
1217: selector.setSubjectPublicKey(pkey1);
1218: assertTrue(
1219: "The certificate should match the selection criteria.",
1220: selector.match(cert_1));
1221: assertFalse(
1222: "The certificate should not match the selection criteria.",
1223: selector.match(cert_2));
1224: selector.setSubjectPublicKey(pkey2);
1225: assertTrue(
1226: "The certificate should match the selection criteria.",
1227: selector.match(cert_2));
1228: }
1229:
1230: /**
1231: * getSubjectPublicKey() method testing.
1232: * Tests if the method return null in the case of not specified criteria,
1233: * if the returned value corresponds to specified
1234: */
1235: public void testGetSubjectPublicKey1() throws Exception {
1236:
1237: PublicKey pkey = new TestKeyPair("RSA").getPublic();
1238:
1239: X509CertSelector selector = new X509CertSelector();
1240:
1241: assertNull("Selector should return null", selector
1242: .getSubjectPublicKey());
1243: selector.setSubjectPublicKey(pkey);
1244: PublicKey result = selector.getSubjectPublicKey();
1245:
1246: assertEquals("The name of algorithm should be RSA", result
1247: .getAlgorithm(), "RSA");
1248: }
1249:
1250: /**
1251: * setSubjectPublicKey(byte[] key) method testing.
1252: * Tests if any certificates match in the case of null criteria,
1253: * if [not]proper certificates [do not]match, and if the initialization
1254: * object are copied during the initialization.
1255: */
1256: public void testSetSubjectPublicKey2() throws Exception {
1257: PublicKey pkey1 = new TestKeyPair("RSA").getPublic();
1258: PublicKey pkey2 = new TestKeyPair("DSA").getPublic();
1259:
1260: byte[] encoding1 = pkey1.getEncoded();
1261: byte[] encoding2 = pkey2.getEncoded();
1262: TestCert cert_1 = new TestCert(pkey1);
1263: TestCert cert_2 = new TestCert(pkey2);
1264: X509CertSelector selector = new X509CertSelector();
1265:
1266: selector.setSubjectPublicKey((byte[]) null);
1267: assertTrue("Any certificate should match in the case of null "
1268: + "subjectPublicKey criteria.", selector.match(cert_1)
1269: && selector.match(cert_2));
1270:
1271: selector.setSubjectPublicKey(encoding1);
1272: assertTrue(
1273: "The certificate should match the selection criteria.",
1274: selector.match(cert_1));
1275:
1276: encoding1[0]++;
1277: assertTrue(
1278: "The certificate should match the selection criteria.",
1279: selector.match(cert_1));
1280: assertFalse(
1281: "The certificate should not match the selection criteria.",
1282: selector.match(cert_2));
1283:
1284: selector.setSubjectPublicKey(encoding2);
1285: assertTrue(
1286: "The certificate should match the selection criteria.",
1287: selector.match(cert_2));
1288: }
1289:
1290: /**
1291: * getSubjectPublicKey() method testing.
1292: * Tests if the method return null in the case of not specified criteria,
1293: * if the returned value corresponds to specified
1294: */
1295: public void testGetSubjectPublicKey2() throws Exception {
1296:
1297: PublicKey pkey = new TestKeyPair("RSA").getPublic();
1298:
1299: X509CertSelector selector = new X509CertSelector();
1300:
1301: assertNull("Selector should return null", selector
1302: .getSubjectPublicKey());
1303:
1304: selector.setSubjectPublicKey(pkey.getEncoded());
1305:
1306: PublicKey result = selector.getSubjectPublicKey();
1307:
1308: assertEquals("The name of algorithm should be RSA", result
1309: .getAlgorithm(), "RSA");
1310: }
1311:
1312: /**
1313: * setKeyUsage(boolean[] keyUsage) method testing.
1314: * Tests if any certificates match in the case of null criteria,
1315: * if [not]proper certificates [do not]match, and if the initialization
1316: * object are copied during the initialization. Also checks if selector
1317: * matches the certificate which does not have a keyUsage extension.
1318: */
1319: public void testSetKeyUsage() {
1320: boolean[] ku1 = new boolean[] { true, true, true, true, true,
1321: true, true, true, true };
1322: // decipherOnly is disallowed
1323: boolean[] ku2 = new boolean[] { true, true, true, true, true,
1324: true, true, true, false };
1325: TestCert cert_1 = new TestCert(ku1);
1326: TestCert cert_2 = new TestCert(ku2);
1327: TestCert cert_3 = new TestCert((boolean[]) null);
1328: X509CertSelector selector = new X509CertSelector();
1329:
1330: selector.setKeyUsage(null);
1331: assertTrue("Any certificate should match in the case of null "
1332: + "keyUsage criteria.", selector.match(cert_1)
1333: && selector.match(cert_2));
1334: selector.setKeyUsage(ku1);
1335: assertTrue(
1336: "The certificate should match the selection criteria.",
1337: selector.match(cert_1));
1338: assertFalse(
1339: "The certificate should not match the selection criteria.",
1340: selector.match(cert_2));
1341: assertTrue(
1342: "The certificate which does not have a keyUsage extension "
1343: + "implicitly allows all keyUsage values.",
1344: selector.match(cert_3));
1345: selector.setKeyUsage(ku2);
1346: ku2[0] = !ku2[0];
1347: assertTrue(
1348: "The certificate should match the selection criteria.",
1349: selector.match(cert_2));
1350: }
1351:
1352: /**
1353: * getKeyUsage() method testing.
1354: * Tests if the method return null in the case of not specified criteria,
1355: * if the returned value [does not]corresponds to [not]specified
1356: * and its modification does not cause the modification of internal object.
1357: */
1358: public void testGetKeyUsage() {
1359: boolean[] ku = new boolean[] { true, false, true, false, true,
1360: false, true, false, true };
1361: X509CertSelector selector = new X509CertSelector();
1362:
1363: assertNull("Selector should return null", selector
1364: .getKeyUsage());
1365: selector.setKeyUsage(ku);
1366: assertTrue("The returned date should be equal to specified",
1367: Arrays.equals(ku, selector.getKeyUsage()));
1368: boolean[] result = selector.getKeyUsage();
1369: result[0] = !result[0];
1370: assertTrue(
1371: "The returned keyUsage should be equal to specified",
1372: Arrays.equals(ku, selector.getKeyUsage()));
1373: }
1374:
1375: /**
1376: * setExtendedKeyUsage(Set<String> keyPurposeSet) method testing.
1377: */
1378: public void testSetExtendedKeyUsage() throws IOException {
1379: HashSet ku1 = new HashSet(Arrays.asList(new String[] {
1380: "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2",
1381: "1.3.6.1.5.5.7.3.3", "1.3.6.1.5.5.7.3.4",
1382: "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9",
1383: "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6",
1384: "1.3.6.1.5.5.7.3.7" }));
1385: HashSet ku2 = new HashSet(Arrays.asList(new String[] {
1386: "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2",
1387: "1.3.6.1.5.5.7.3.3", "1.3.6.1.5.5.7.3.4",
1388: "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9",
1389: "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6" }));
1390: TestCert cert_1 = new TestCert(ku1);
1391: TestCert cert_2 = new TestCert(ku2);
1392: TestCert cert_3 = new TestCert((Set) null);
1393: X509CertSelector selector = new X509CertSelector();
1394:
1395: selector.setExtendedKeyUsage(null);
1396: assertTrue("Any certificate should match in the case of null "
1397: + "extendedKeyUsage criteria.", selector.match(cert_1)
1398: && selector.match(cert_2));
1399:
1400: selector.setExtendedKeyUsage(ku1);
1401: assertTrue(
1402: "The certificate should match the selection criteria.",
1403: selector.match(cert_1));
1404: assertFalse(
1405: "The certificate should not match the selection criteria.",
1406: selector.match(cert_2));
1407: assertTrue(
1408: "The certificate which does not have a keyUsage extension "
1409: + "implicitly allows all keyUsage values.",
1410: selector.match(cert_3));
1411: ku1.remove("1.3.6.1.5.5.7.3.7"); // remove the missing in ku2 keyUsage
1412: assertFalse(
1413: "The modification of initialization object "
1414: + "should not affect the modification of internal object.",
1415: selector.match(cert_2));
1416:
1417: selector.setExtendedKeyUsage(ku2);
1418: assertTrue(
1419: "The certificate should match the selection criteria.",
1420: selector.match(cert_2));
1421: }
1422:
1423: /**
1424: * getExtendedKeyUsage() method testing.
1425: */
1426: public void testGetExtendedKeyUsage() {
1427: HashSet ku = new HashSet(Arrays.asList(new String[] {
1428: "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2",
1429: "1.3.6.1.5.5.7.3.3", "1.3.6.1.5.5.7.3.4",
1430: "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9",
1431: "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6",
1432: "1.3.6.1.5.5.7.3.7" }));
1433: X509CertSelector selector = new X509CertSelector();
1434:
1435: assertNull("Selector should return null", selector
1436: .getExtendedKeyUsage());
1437: try {
1438: selector.setExtendedKeyUsage(ku);
1439: } catch (IOException e) {
1440: e.printStackTrace();
1441: fail("Unexpected IOException was thrown.");
1442: }
1443: assertTrue(
1444: "The returned extendedKeyUsage should be equal to specified",
1445: ku.equals(selector.getExtendedKeyUsage()));
1446: try {
1447: selector.getExtendedKeyUsage().add("KRIBLE-GRABLI");
1448: fail("The returned Set should be immutable.");
1449: } catch (UnsupportedOperationException e) {
1450: }
1451: }
1452:
1453: /**
1454: * setSubjectAlternativeNames(Collection<List<?>> names) method testing.
1455: */
1456: public void testSetSubjectAlternativeNames() {
1457: try {
1458: GeneralName san0 = new GeneralName(new OtherName(
1459: "1.2.3.4.5", new byte[] { 1, 2, 0, 1 }));
1460: GeneralName san1 = new GeneralName(1, "rfc@822.Name");
1461: GeneralName san2 = new GeneralName(2, "dNSName");
1462: GeneralName san3 = new GeneralName(new ORAddress());
1463: GeneralName san4 = new GeneralName(new Name(
1464: "O=Organization"));
1465: GeneralName san5 = new GeneralName(new EDIPartyName(
1466: "assigner", "party"));
1467: GeneralName san6 = new GeneralName(6,
1468: "http://uniform.Resource.Id");
1469: GeneralName san7 = new GeneralName(7, "1.1.1.1");
1470: GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
1471:
1472: GeneralNames sans_1 = new GeneralNames();
1473: sans_1.addName(san0);
1474: sans_1.addName(san1);
1475: sans_1.addName(san2);
1476: sans_1.addName(san3);
1477: sans_1.addName(san4);
1478: sans_1.addName(san5);
1479: sans_1.addName(san6);
1480: sans_1.addName(san7);
1481: sans_1.addName(san8);
1482: GeneralNames sans_2 = new GeneralNames();
1483: sans_2.addName(san0);
1484:
1485: TestCert cert_1 = new TestCert(sans_1);
1486: TestCert cert_2 = new TestCert(sans_2);
1487: X509CertSelector selector = new X509CertSelector();
1488: selector.setMatchAllSubjectAltNames(true);
1489:
1490: selector.setSubjectAlternativeNames(null);
1491: assertTrue(
1492: "Any certificate should match in the case of null "
1493: + "subjectAlternativeNames criteria.",
1494: selector.match(cert_1) && selector.match(cert_2));
1495:
1496: Collection sans = sans_1.getPairsList();
1497: selector.setSubjectAlternativeNames(sans);
1498: assertTrue(
1499: "The certificate should match the selection criteria.",
1500: selector.match(cert_1));
1501: assertFalse("The certificate should not match "
1502: + "the selection criteria.", selector.match(cert_2));
1503: sans.clear();
1504: assertTrue("The modification of initialization object "
1505: + "should not affect the modification "
1506: + "of internal object.", selector.match(cert_1));
1507: selector.setSubjectAlternativeNames(sans_2.getPairsList());
1508: assertTrue(
1509: "The certificate should match the selection criteria.",
1510: selector.match(cert_2));
1511: } catch (IOException e) {
1512: e.printStackTrace();
1513: fail("Unexpected IOException was thrown.");
1514: }
1515: }
1516:
1517: /**
1518: * addSubjectAlternativeName(int type, String name) method testing.
1519: */
1520: public void testAddSubjectAlternativeName1() throws IOException {
1521: String name1 = "rfc@822.Name";
1522: String name2 = "dNSName";
1523: String name4 = "O=Organization";
1524: String name6 = "http://uniform.Resource.Id";
1525: String name7 = "255.255.255.0";
1526: String name8 = "1.2.3.4444.55555";
1527:
1528: GeneralName san1 = new GeneralName(1, name1);
1529: GeneralName san2 = new GeneralName(2, name2);
1530: GeneralName san4 = new GeneralName(4, name4);
1531: GeneralName san6 = new GeneralName(6, name6);
1532: GeneralName san7 = new GeneralName(7, name7);
1533: GeneralName san8 = new GeneralName(8, name8);
1534:
1535: GeneralNames sans_1 = new GeneralNames();
1536: sans_1.addName(san1);
1537: sans_1.addName(san2);
1538: sans_1.addName(san4);
1539: sans_1.addName(san6);
1540: sans_1.addName(san7);
1541: sans_1.addName(san8);
1542: GeneralNames sans_2 = new GeneralNames();
1543: sans_2.addName(san1);
1544: sans_2.addName(san2);
1545:
1546: TestCert cert_1 = new TestCert(sans_1);
1547: TestCert cert_2 = new TestCert(sans_2);
1548: X509CertSelector selector = new X509CertSelector();
1549: selector.setMatchAllSubjectAltNames(true);
1550:
1551: try {
1552: selector.addSubjectAlternativeName(1, name1);
1553: } catch (IOException e) {
1554: e.printStackTrace();
1555: fail("Unexpected IOException was thrown.");
1556: }
1557: assertTrue(
1558: "The certificate should match the selection criteria.",
1559: selector.match(cert_1));
1560: assertTrue(
1561: "The certificate should match the selection criteria.",
1562: selector.match(cert_2));
1563:
1564: try {
1565: selector.addSubjectAlternativeName(2, name2);
1566: } catch (IOException e) {
1567: e.printStackTrace();
1568: fail("Unexpected IOException was thrown.");
1569: }
1570: assertTrue(
1571: "The certificate should match the selection criteria.",
1572: selector.match(cert_1));
1573: assertTrue(
1574: "The certificate should match the selection criteria.",
1575: selector.match(cert_2));
1576:
1577: try {
1578: selector.addSubjectAlternativeName(4, name4);
1579: } catch (IOException e) {
1580: e.printStackTrace();
1581: fail("Unexpected IOException was thrown.");
1582: }
1583: assertTrue(
1584: "The certificate should match the selection criteria.",
1585: selector.match(cert_1));
1586: assertFalse(
1587: "The certificate should not match the selection criteria.",
1588: selector.match(cert_2));
1589: try {
1590: selector.addSubjectAlternativeName(6, name6);
1591: selector.addSubjectAlternativeName(7, name7);
1592: selector.addSubjectAlternativeName(8, name8);
1593: } catch (IOException e) {
1594: e.printStackTrace();
1595: fail("Unexpected IOException was thrown.");
1596: }
1597: assertTrue(
1598: "The certificate should match the selection criteria.",
1599: selector.match(cert_1));
1600: assertFalse(
1601: "The certificate should not match the selection criteria.",
1602: selector.match(cert_2));
1603: }
1604:
1605: /**
1606: * addSubjectAlternativeName(int type, byte[] name) method testing.
1607: */
1608: public void testAddSubjectAlternativeName2() {
1609: try {
1610: GeneralName san0 = new GeneralName(new OtherName(
1611: "1.2.3.4.5", ASN1Integer.getInstance().encode(
1612: BigInteger.valueOf(55L).toByteArray())));
1613: GeneralName san1 = new GeneralName(1, "rfc@822.Name");
1614: GeneralName san2 = new GeneralName(2, "dNSName");
1615: GeneralName san3 = new GeneralName(new ORAddress());
1616: GeneralName san4 = new GeneralName(new Name(
1617: "O=Organization"));
1618: GeneralName san5 = new GeneralName(new EDIPartyName(
1619: "assigner", "party"));
1620: GeneralName san6 = new GeneralName(6,
1621: "http://uniform.Resource.Id");
1622: GeneralName san7 = new GeneralName(
1623: new byte[] { 1, 1, 1, 1 });
1624: GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
1625:
1626: GeneralNames sans_1 = new GeneralNames();
1627: sans_1.addName(san0);
1628: sans_1.addName(san1);
1629: sans_1.addName(san2);
1630: sans_1.addName(san3);
1631: sans_1.addName(san4);
1632: sans_1.addName(san5);
1633: sans_1.addName(san6);
1634: sans_1.addName(san7);
1635: sans_1.addName(san8);
1636: GeneralNames sans_2 = new GeneralNames();
1637: sans_2.addName(san0);
1638: sans_2.addName(san1);
1639: sans_2.addName(san2);
1640:
1641: TestCert cert_1 = new TestCert(sans_1);
1642: TestCert cert_2 = new TestCert(sans_2);
1643: X509CertSelector selector = new X509CertSelector();
1644: selector.setMatchAllSubjectAltNames(true);
1645:
1646: selector
1647: .addSubjectAlternativeName(0, san0.getEncodedName());
1648: assertTrue(
1649: "The certificate should match the selection criteria.",
1650: selector.match(cert_1));
1651: assertTrue(
1652: "The certificate should match the selection criteria.",
1653: selector.match(cert_2));
1654: selector
1655: .addSubjectAlternativeName(1, san1.getEncodedName());
1656: assertTrue(
1657: "The certificate should match the selection criteria.",
1658: selector.match(cert_1));
1659: assertTrue(
1660: "The certificate should match the selection criteria.",
1661: selector.match(cert_2));
1662: selector
1663: .addSubjectAlternativeName(2, san2.getEncodedName());
1664: assertTrue(
1665: "The certificate should match the selection criteria.",
1666: selector.match(cert_1));
1667: assertTrue(
1668: "The certificate should match the selection criteria.",
1669: selector.match(cert_2));
1670: selector
1671: .addSubjectAlternativeName(3, san3.getEncodedName());
1672: assertTrue(
1673: "The certificate should match the selection criteria.",
1674: selector.match(cert_1));
1675: assertFalse(
1676: "The certificate should not match the selection criteria.",
1677: selector.match(cert_2));
1678: selector
1679: .addSubjectAlternativeName(4, san4.getEncodedName());
1680: assertTrue(
1681: "The certificate should match the selection criteria.",
1682: selector.match(cert_1));
1683: assertFalse("The certificate should not match "
1684: + "the selection criteria.", selector.match(cert_2));
1685: selector
1686: .addSubjectAlternativeName(5, san5.getEncodedName());
1687: assertTrue(
1688: "The certificate should match the selection criteria.",
1689: selector.match(cert_1));
1690: assertFalse("The certificate should not match "
1691: + "the selection criteria.", selector.match(cert_2));
1692: selector
1693: .addSubjectAlternativeName(6, san6.getEncodedName());
1694: assertTrue(
1695: "The certificate should match the selection criteria.",
1696: selector.match(cert_1));
1697: assertFalse("The certificate should not match "
1698: + "the selection criteria.", selector.match(cert_2));
1699: selector
1700: .addSubjectAlternativeName(7, san7.getEncodedName());
1701: assertTrue(
1702: "The certificate should match the selection criteria.",
1703: selector.match(cert_1));
1704: assertFalse("The certificate should not match "
1705: + "the selection criteria.", selector.match(cert_2));
1706: byte[] oid = san8.getEncodedName();
1707: selector.addSubjectAlternativeName(8, oid);
1708: assertTrue(
1709: "The certificate should match the selection criteria.",
1710: selector.match(cert_1));
1711: assertFalse("The certificate should not match "
1712: + "the selection criteria.", selector.match(cert_2));
1713: oid[3] += 1;
1714: assertTrue(
1715: "The byte array should be cloned to protect against "
1716: + "subsequent modifications.", selector
1717: .match(cert_1));
1718: } catch (IOException e) {
1719: e.printStackTrace();
1720: fail("Unexpected IOException was thrown.");
1721: }
1722: }
1723:
1724: /**
1725: * getSubjectAlternativeNames() method testing.
1726: */
1727: public void testGetSubjectAlternativeNames() {
1728: try {
1729: GeneralName san1 = new GeneralName(1, "rfc@822.Name");
1730: GeneralName san2 = new GeneralName(2, "dNSName");
1731:
1732: GeneralNames sans = new GeneralNames();
1733: sans.addName(san1);
1734: sans.addName(san2);
1735:
1736: TestCert cert_1 = new TestCert(sans);
1737: X509CertSelector selector = new X509CertSelector();
1738:
1739: assertNull("Selector should return null", selector
1740: .getSubjectAlternativeNames());
1741:
1742: selector.setSubjectAlternativeNames(sans.getPairsList());
1743: assertTrue(
1744: "The certificate should match the selection criteria.",
1745: selector.match(cert_1));
1746: selector.getSubjectAlternativeNames().clear();
1747: assertTrue("The modification of initialization object "
1748: + "should not affect the modification "
1749: + "of internal object.", selector.match(cert_1));
1750: } catch (IOException e) {
1751: e.printStackTrace();
1752: fail("Unexpected IOException was thrown.");
1753: }
1754: }
1755:
1756: /**
1757: * setMatchAllSubjectAltNames(boolean matchAllNames) method testing.
1758: */
1759: public void testSetMatchAllSubjectAltNames() {
1760: try {
1761: GeneralName san1 = new GeneralName(1, "rfc@822.Name");
1762: GeneralName san2 = new GeneralName(2, "dNSName");
1763:
1764: GeneralNames sans_1 = new GeneralNames();
1765: sans_1.addName(san1);
1766: GeneralNames sans_2 = new GeneralNames();
1767: sans_2.addName(san1);
1768: sans_2.addName(san2);
1769:
1770: TestCert cert = new TestCert(sans_1);
1771: X509CertSelector selector = new X509CertSelector();
1772: selector.setMatchAllSubjectAltNames(true);
1773:
1774: selector.setSubjectAlternativeNames(sans_2.getPairsList());
1775: assertFalse(
1776: "Only certificate which contain all of the specified "
1777: + "subject alternative names should match.",
1778: selector.match(cert));
1779: selector.setMatchAllSubjectAltNames(false);
1780: /*
1781: assertTrue("The certificate which contain at least one of the "
1782: + "specified subject alternative names must match.",
1783: selector.match(cert));
1784: */
1785: } catch (IOException e) {
1786: e.printStackTrace();
1787: fail("Unexpected IOException was thrown.");
1788: }
1789: }
1790:
1791: /**
1792: * getMatchAllSubjectAltNames() method testing.
1793: */
1794: public void testGetMatchAllSubjectAltNames() {
1795: X509CertSelector selector = new X509CertSelector();
1796: assertTrue("The matchAllNames initially should be true",
1797: selector.getMatchAllSubjectAltNames());
1798: selector.setMatchAllSubjectAltNames(false);
1799: assertFalse("The value should be false", selector
1800: .getMatchAllSubjectAltNames());
1801: }
1802:
1803: /**
1804: * setNameConstraints(byte[] bytes) method testing.
1805: * Constructs the NameConstraints DER structure with
1806: * GeneralNames of types: 1, 2, 6, 7 and set it as a criterion.
1807: */
1808: public void testSetNameConstraints0() throws IOException {
1809: // Restrictions apply only when the specified name form is present.
1810: // If no name of the type is in the certificate,
1811: // the certificate is acceptable (rfc 3280).
1812:
1813: GeneralName[] name_constraints = new GeneralName[] {
1814: new GeneralName(1, "822.Name"),
1815: new GeneralName(1, "rfc@822.Name"),
1816: new GeneralName(2, "Name.org"),
1817: new GeneralName(2, "dNS.Name.org"),
1818: //new GeneralName(4, "O=Organization"),
1819: new GeneralName(6, "http://.Resource.Id"),
1820: new GeneralName(6, "http://uniform.Resource.Id"),
1821: new GeneralName(7, "1.1.1.1"),
1822: // new GeneralName(7, new byte[] {1, 1, 1, 1, 3, 3, 3, 3}),
1823: new GeneralName(new byte[] { 1, 1, 1, 1, 1, 1, 1, 1, 1,
1824: 1, 1, 1, 1, 1, 1, 1 }),
1825: // new GeneralName(7, new byte[] {1, 1, 1, 1, 1, 1, 1, 1,
1826: // 1, 1, 1, 1, 1, 1, 1, 1,
1827: // 3, 3, 3, 3, 3, 3, 3, 3,
1828: // 3, 3, 3, 3, 3, 3, 3, 3})
1829: };
1830:
1831: // names which should match divided from names which should not
1832: // match by null
1833: GeneralName[][] alternative_names = new GeneralName[][] {
1834: { new GeneralName(1, "rfc@822.Name"), null,
1835: new GeneralName(1, "rfc@Other.Name") },
1836: { new GeneralName(1, "rfc@822.Name"), null,
1837: new GeneralName(1, "rfc@Other.Name") },
1838: { new GeneralName(2, "Name.org"),
1839: new GeneralName(2, "dNS.Name.org"), null,
1840: new GeneralName(2, "dNS.OtherName.org") },
1841: { new GeneralName(2, "dNS.Name.org"), null,
1842: new GeneralName(2, "Name.org"),
1843: new GeneralName(2, "dNS.OtherName.org") },
1844: {
1845:
1846: // new GeneralName(4, "O=Organization"),
1847: // null,
1848: // new GeneralName(4, "O=OtherOrganization")
1849: //}, {
1850:
1851: new GeneralName(6,
1852: "http://uniform.Resource.Id/location"),
1853: null,
1854: //new GeneralName(6, "http://Resource.Id")
1855: },
1856: { new GeneralName(6, "http://uniform.Resource.Id"),
1857: null, new GeneralName(6, "http://Resource.Id") },
1858: { new GeneralName(new byte[] { 1, 1, 1, 1 }), null,
1859: new GeneralName(new byte[] { 2, 2, 2, 2 })
1860: // }, {
1861: // new GeneralName(7, new byte[] {1, 1, 1, 1}),
1862: // new GeneralName(7, new byte[] {2, 2, 2, 2}),
1863: // new GeneralName(7, new byte[] {3, 3, 3, 3}),
1864: // null,
1865: // new GeneralName(7, new byte[] {4, 4, 4, 4})
1866: },
1867: {
1868: new GeneralName(new byte[] { 1, 1, 1, 1, 1, 1,
1869: 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 }),
1870: null,
1871: new GeneralName(new byte[] { 2, 2, 2, 2, 2, 2,
1872: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2 }),
1873: // }, {
1874: // new GeneralName(7, new byte[] {1, 1, 1, 1, 1, 1, 1, 1,
1875: // 1, 1, 1, 1, 1, 1, 1, 1}),
1876: // new GeneralName(7, new byte[] {2, 2, 2, 2, 2, 2, 2, 2,
1877: // 2, 2, 2, 2, 2, 2, 2, 2}),
1878: // new GeneralName(7, new byte[] {3, 3, 3, 3, 3, 3, 3, 3,
1879: // 3, 3, 3, 3, 3, 3, 3, 3}),
1880: // null,
1881: // new GeneralName(7, new byte[] {4, 4, 4, 4, 4, 4, 4, 4,
1882: // 4, 4, 4, 4, 4, 4, 4, 4}),
1883: } };
1884:
1885: X509CertSelector selector = new X509CertSelector();
1886: String subject = "O=Organization";
1887: X500Principal x500Subject = new X500Principal(subject);
1888: try {
1889: Name nameSubject = new Name(subject);
1890: for (int i = 0; i < name_constraints.length; i++) {
1891: // make the subtrees (part of name constraints)
1892: // this subtrees will be used as permited and as excluded
1893: GeneralSubtree subtree = new GeneralSubtree(
1894: name_constraints[i]);
1895: GeneralSubtrees subtrees = new GeneralSubtrees();
1896: NameConstraints constraints;
1897: subtrees.addSubtree(subtree);
1898: // start the checking for each alt. name corresponding
1899: // to current name_constraints[i]
1900: boolean check_matching = true;
1901: for (int j = 0; j < alternative_names[i].length; j++) {
1902: GeneralNames alt_names_extension = new GeneralNames();
1903: if (alternative_names[i][j] == null) {
1904: // double trick: turn the switch and check that the
1905: // restrictions apply only when the specified name
1906: // form is presented. If no name of the type is in the
1907: // certificate, the certificate is acceptable.
1908: check_matching = false;
1909: } else {
1910: alt_names_extension
1911: .addName(alternative_names[i][j]);
1912: }
1913: TestCert certificate = new TestCert(
1914: alt_names_extension);
1915: certificate.setSubject(x500Subject);
1916: certificate.setEncoding(getCertEncoding(
1917: nameSubject, alt_names_extension));
1918: // first check if permited name match
1919: constraints = new NameConstraints(subtrees, null);
1920: selector.setNameConstraints(constraints
1921: .getEncoded());
1922: boolean expected = check_matching
1923: || (alternative_names[i][j] == null);
1924: assertTrue("The method match() for:\n "
1925: + alternative_names[i][j]
1926: + "\nand permited name\n "
1927: + name_constraints[i] + "\nshould return: "
1928: + expected,
1929: selector.match(certificate) == expected);
1930: // second check if excluded name does not match
1931: constraints = (check_matching)
1932: // check for 'Any name matching a
1933: // restriction in the excludedSubtrees
1934: // field is invalid regardless of
1935: // information appearing in the
1936: // permittedSubtrees'.
1937: ? new NameConstraints(subtrees, subtrees)
1938: : new NameConstraints(null, subtrees);
1939: selector.setNameConstraints(constraints
1940: .getEncoded());
1941: expected = !check_matching
1942: || (alternative_names[i][j] == null);
1943: assertTrue("The method match() for:\n "
1944: + alternative_names[i][j]
1945: + "\nand excluded name\n "
1946: + name_constraints[i] + "\nshould return: "
1947: + expected,
1948: selector.match(certificate) == expected);
1949: }
1950: }
1951: } catch (IOException e) {
1952: e.printStackTrace();
1953: fail("Unexpected IOException was thrown.");
1954: }
1955: }
1956:
1957: /**
1958: * setNameConstraints(byte[] bytes) method testing.
1959: * Constructs the NameConstraints DER structure with
1960: * GeneralNames of types: 1, 2, 6, 7 and set it as a criterion.
1961: */
1962: public void testSetNameConstraints1() throws IOException {
1963:
1964: GeneralName[] name_constraints = new GeneralName[] {
1965: new GeneralName(1, "822.Name"),
1966: new GeneralName(1, "rfc@822.Name"),
1967: new GeneralName(2, "Name.org"),
1968: new GeneralName(2, "dNS.Name.org"),
1969: new GeneralName(6, "http://.Resource.Id"),
1970: new GeneralName(6, "http://uniform.Resource.Id"),
1971: new GeneralName(7, "1.1.1.1"),
1972: new GeneralName(7, "1.1.1.1/3.3.3.3"),
1973: new GeneralName(7,
1974: "0101:0101:0101:0101:0101:0101:0101:0101"),
1975: new GeneralName(
1976: 7,
1977: "0101:0101:0101:0101:0101:0101:0101:0101"
1978: + "/0303:0303:0303:0303:0303:0303:0303:0303"), };
1979:
1980: // Names which should match divided from names which should not
1981: // match by null.
1982: // Restrictions apply only when the specified name form is present.
1983: // If no name of the type is in the certificate, the certificate
1984: // is acceptable (rfc 3280). This assertion is checked during processing
1985: // of null GeneralName object (it also serves as separator).
1986: GeneralName[][] alternative_names = new GeneralName[][] {
1987: { new GeneralName(1, "rfc@822.Name"), null,
1988: new GeneralName(1, "rfc@Other.Name") },
1989: { new GeneralName(1, "rfc@822.Name"), null,
1990: new GeneralName(1, "rfc@Other.Name") },
1991: { new GeneralName(2, "Name.org"),
1992: new GeneralName(2, "dNS.Name.org"), null,
1993: new GeneralName(2, "dNS.OtherName.org") },
1994: { new GeneralName(2, "dNS.Name.org"), null,
1995: new GeneralName(2, "Name.org"),
1996: new GeneralName(2, "dNS.OtherName.org") },
1997: {
1998:
1999: new GeneralName(6,
2000: "http://uniform.Resource.Id/location"),
2001: null, new GeneralName(6, "http://Resource.Id") },
2002: { new GeneralName(6, "http://uniform.Resource.Id"),
2003: null, new GeneralName(6, "http://Resource.Id") },
2004: { new GeneralName(new byte[] { 1, 1, 1, 1 }), null,
2005: new GeneralName(new byte[] { 2, 2, 2, 2 }) },
2006: { new GeneralName(new byte[] { 1, 1, 1, 1 }),
2007: new GeneralName(new byte[] { 2, 2, 2, 2 }),
2008: new GeneralName(new byte[] { 3, 3, 3, 3 }),
2009: null,
2010: new GeneralName(new byte[] { 4, 4, 4, 4 }) },
2011: {
2012: new GeneralName(new byte[] { 1, 1, 1, 1, 1, 1,
2013: 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 }),
2014: null,
2015: new GeneralName(new byte[] { 2, 2, 2, 2, 2, 2,
2016: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2 }), },
2017: {
2018: new GeneralName(new byte[] { 1, 1, 1, 1, 1, 1,
2019: 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 }),
2020: new GeneralName(new byte[] { 2, 2, 2, 2, 2, 2,
2021: 2, 2, 2, 2, 2, 2, 2, 2, 2, 2 }),
2022: new GeneralName(new byte[] { 3, 3, 3, 3, 3, 3,
2023: 3, 3, 3, 3, 3, 3, 3, 3, 3, 3 }),
2024: null,
2025: new GeneralName(new byte[] { 4, 4, 4, 4, 4, 4,
2026: 4, 4, 4, 4, 4, 4, 4, 4, 4, 4 }), } };
2027:
2028: X509CertSelector selector = new X509CertSelector();
2029: String subject = "O=Organization";
2030: X500Principal x500Subject = new X500Principal(subject);
2031: try {
2032: Name nameSubject = new Name(subject);
2033: for (int i = 0; i < name_constraints.length; i++) {
2034: // make the subtrees (part of name constraints)
2035: // this subtrees will be used as permited and as excluded
2036: GeneralSubtree subtree = new GeneralSubtree(
2037: name_constraints[i]);
2038: GeneralSubtrees subtrees = new GeneralSubtrees();
2039: NameConstraints constraints;
2040: subtrees.addSubtree(subtree);
2041: // start the checking for each alt. name corresponding
2042: // to current name_constraints[i]
2043: boolean check_matching = true;
2044: for (int j = 0; j < alternative_names[i].length; j++) {
2045: GeneralNames alt_names_extension = new GeneralNames();
2046: if (alternative_names[i][j] == null) {
2047: // double trick: turn the switch and check that the
2048: // restrictions apply only when the specified name
2049: // form is presented. If no name of the type is in the
2050: // certificate, the certificate is acceptable.
2051: check_matching = false;
2052: } else {
2053: alt_names_extension
2054: .addName(alternative_names[i][j]);
2055: }
2056: TestCert certificate = new TestCert(
2057: alt_names_extension);
2058: certificate.setSubject(x500Subject);
2059: certificate.setEncoding(getCertEncoding(
2060: nameSubject, alt_names_extension));
2061: // first check if permited name match
2062: constraints = new NameConstraints(subtrees, null);
2063: selector.setNameConstraints(constraints
2064: .getEncoded());
2065: boolean expected = check_matching
2066: || (alternative_names[i][j] == null);
2067: assertTrue("The method match() for:\n "
2068: + alternative_names[i][j]
2069: + "\nand permited name\n "
2070: + name_constraints[i] + "\nshould return: "
2071: + expected,
2072: selector.match(certificate) == expected);
2073: // second check if excluded name does not match
2074: constraints = (check_matching)
2075: // check for 'Any name matching a
2076: // restriction in the excludedSubtrees
2077: // field is invalid regardless of
2078: // information appearing in the
2079: // permittedSubtrees'.
2080: ? new NameConstraints(subtrees, subtrees)
2081: : new NameConstraints(null, subtrees);
2082: selector.setNameConstraints(constraints
2083: .getEncoded());
2084: expected = !check_matching
2085: || (alternative_names[i][j] == null);
2086: assertTrue("The method match() for:\n "
2087: + alternative_names[i][j]
2088: + "\nand excluded name\n "
2089: + name_constraints[i] + "\nshould return: "
2090: + expected,
2091: selector.match(certificate) == expected);
2092: }
2093: }
2094: } catch (IOException e) {
2095: e.printStackTrace();
2096: fail("Unexpected IOException was thrown.");
2097: }
2098: }
2099:
2100: /**
2101: * setNameConstraints(byte[] bytes) method testing.
2102: * Constructs the different NameConstraints DER structures with
2103: * GeneralNames of type 4 and checks if the different certificates
2104: * matches or does not.
2105: */
2106: public void testSetNameConstraints2() {
2107: // As specified in rfc 3280:
2108: //
2109: // Restrictions apply only when the specified name form is present.
2110: // If no name of the type is in the certificate,
2111: // the certificate is acceptable.
2112: //
2113: // Restrictions of the form directoryName MUST be applied to the
2114: // subject field in the certificate and to the subjectAltName
2115: // extensions of type directoryName.
2116: //
2117: // According to p. 4.1.2.4 comparing the encoded forms of the names.
2118:
2119: String[][] variants = new String[][] {
2120: // subject Alternative Presented name Absent name
2121: // name name perm(t)/excl(f) perm(f)/excl(t)
2122: { "O=Org", "O=Org", "O=Org", "O=Org2" },
2123: { "O=Org", "O=Org1", "O=Org", "O=Org2" },
2124: { "O=Org1", "O=Org", "O=Org", "O=Org2" }, };
2125:
2126: X509CertSelector selector = new X509CertSelector();
2127: try {
2128: for (int i = 0; i < variants.length; i++) {
2129: // make the names objects
2130: X500Principal subject = new X500Principal(
2131: variants[i][0]);
2132: Name subject_name = new Name(variants[i][0]);
2133: GeneralName alt_name = new GeneralName(4,
2134: variants[i][1]);
2135: // make the certificate to be checked
2136: GeneralNames alt_names_extension = new GeneralNames();
2137: alt_names_extension.addName(alt_name);
2138: TestCert certificate = new TestCert(alt_names_extension);
2139: certificate.setSubject(subject);
2140: certificate.setEncoding(getCertEncoding(subject_name,
2141: alt_names_extension));
2142: // make the subtrees (part of name constraints)
2143: // this subtrees will be used as permited and as excluded
2144: // name which is presented in certificate:
2145: GeneralSubtrees pos_subtrees = new GeneralSubtrees();
2146: pos_subtrees.addSubtree(new GeneralSubtree(
2147: new GeneralName(4, variants[i][2])));
2148: // name which is absent in certificate:
2149: GeneralSubtrees neg_subtrees = new GeneralSubtrees();
2150: neg_subtrees.addSubtree(new GeneralSubtree(
2151: new GeneralName(4, variants[i][3])));
2152:
2153: NameConstraints constraints;
2154: // Work with name which is presented in certificate
2155: // first check if certificate with permited name matches:
2156: constraints = new NameConstraints(pos_subtrees, null);
2157: selector.setNameConstraints(constraints.getEncoded());
2158: assertTrue("The method match() for certificate "
2159: + "with subject:\n " + variants[i][0]
2160: + "\nand with alternative name:\n "
2161: + variants[i][1]
2162: + "\nand permited name\n "
2163: + variants[i][2] + "\nshould return true",
2164: selector.match(certificate));
2165: // second check if certificate with excluded name doesn't match:
2166: constraints = new NameConstraints(pos_subtrees,
2167: pos_subtrees);
2168: selector.setNameConstraints(constraints.getEncoded());
2169: assertTrue("The method match() for certificate "
2170: + "with subject:\n " + variants[i][0]
2171: + "\nand with alternative name:\n "
2172: + variants[i][1]
2173: + "\nand excluded name\n "
2174: + variants[i][2] + "\nshould return false",
2175: !selector.match(certificate));
2176: // Work with name which is not presented in certificate
2177: // first check if the certificate without permited name
2178: // does not match:
2179: constraints = new NameConstraints(neg_subtrees, null);
2180: selector.setNameConstraints(constraints.getEncoded());
2181: assertTrue("The method match() for certificate "
2182: + "with subject:\n " + variants[i][0]
2183: + "\nand with alternative name:\n "
2184: + variants[i][1]
2185: + "\nand permited name\n "
2186: + variants[i][3] + "\nshould return false",
2187: !selector.match(certificate));
2188: // second check if certificate without excluded name matches:
2189: constraints = new NameConstraints(neg_subtrees,
2190: neg_subtrees);
2191: selector.setNameConstraints(constraints.getEncoded());
2192: assertTrue("The method match() for certificate "
2193: + "with subject:\n " + variants[i][0]
2194: + "\nand with alternative name:\n "
2195: + variants[i][1]
2196: + "\nand excluded name\n "
2197: + variants[i][3] + "\nshould return false",
2198: !selector.match(certificate));
2199: }
2200: } catch (IOException e) {
2201: e.printStackTrace();
2202: fail("Unexpected IOException was thrown.");
2203: }
2204: }
2205:
2206: /**
2207: * Constructs the encoded form of certificate with specified subject field
2208: * of TBSCertificate and specified alternative names.
2209: */
2210: private byte[] getCertEncoding(Name subject,
2211: GeneralNames subjectAltNames) throws IOException {
2212: // make the TBSCertificate for Certificate
2213: int version = 2; //v3
2214: BigInteger serialNumber = BigInteger.valueOf(555L);
2215: AlgorithmIdentifier signature = new AlgorithmIdentifier(
2216: "1.2.3.44.555");
2217: Name issuer = new Name("O=Certificate Issuer");
2218: Validity validity = new Validity(new Date(100000000), new Date(
2219: 200000000));
2220: SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(
2221: new AlgorithmIdentifier("1.2.840.113549.1.1.2"),
2222: new byte[10]);
2223: boolean[] issuerUniqueID = new boolean[] { true, false, true,
2224: false, true, false, true, false };
2225: boolean[] subjectUniqueID = new boolean[] { false, true, false,
2226: true, false, true, false, true };
2227:
2228: Extension extension = new Extension("2.5.29.17", true,
2229: subjectAltNames.getEncoded());
2230: Extensions extensions = new Extensions();
2231: extensions.addExtension(extension);
2232:
2233: TBSCertificate tbsCertificate = new TBSCertificate(version,
2234: serialNumber, signature, issuer, validity, subject,
2235: subjectPublicKeyInfo, issuerUniqueID, subjectUniqueID,
2236: extensions);
2237:
2238: // make the Certificate
2239: org.apache.harmony.security.x509.Certificate certificate = new org.apache.harmony.security.x509.Certificate(
2240: tbsCertificate, signature, new byte[10]);
2241:
2242: return certificate.getEncoded();
2243: }
2244:
2245: /**
2246: * getNameConstraints() method testing.
2247: */
2248: public void testGetNameConstraints() {
2249: }
2250:
2251: /**
2252: * setBasicConstraints(int minMaxPathLen) method testing.
2253: */
2254: public void testSetBasicConstraints() {
2255: try {
2256: new X509CertSelector().setBasicConstraints(-3);
2257: fail("IllegalArgumentException should be thrown.");
2258: } catch (IllegalArgumentException e) {
2259: }
2260:
2261: int plen1 = 2;
2262: int plen2 = -1;
2263: TestCert cert_1 = new TestCert(plen1);
2264: TestCert cert_2 = new TestCert(plen2);
2265: X509CertSelector selector = new X509CertSelector();
2266:
2267: selector.setBasicConstraints(-1);
2268: assertTrue("Any certificate should match in the case of -1 "
2269: + "pathLen criteria.", selector.match(cert_1)
2270: && selector.match(cert_2));
2271: selector.setBasicConstraints(plen1);
2272: assertTrue(
2273: "The certificate should match the selection criteria.",
2274: selector.match(cert_1));
2275: assertFalse(
2276: "The certificate should not match the selection criteria.",
2277: selector.match(cert_2));
2278: selector.setBasicConstraints(plen2);
2279: assertTrue(
2280: "The certificate should match the selection criteria.",
2281: selector.match(cert_2));
2282: }
2283:
2284: /**
2285: * getBasicConstraints() method testing.
2286: */
2287: public void testGetBasicConstraints() {
2288: int plen1 = 2;
2289: int plen2 = -1;
2290: X509CertSelector selector = new X509CertSelector();
2291:
2292: assertEquals("Selector should return -1", selector
2293: .getBasicConstraints(), -1);
2294: selector.setBasicConstraints(plen1);
2295: assertEquals("The returned value should be equal to specified",
2296: plen1, selector.getBasicConstraints());
2297: assertFalse("The returned value should differ",
2298: plen2 == selector.getBasicConstraints());
2299: }
2300:
2301: /**
2302: * setPolicy(Set<String> certPolicySet) method testing.
2303: */
2304: public void testSetPolicy() {
2305: String[] policies_1 = new String[] { "0.0.0.0.0.0",
2306: "1.1.1.1.1.1", };
2307: String[] policies_2 = new String[] { "0.0.0.0.0.0",
2308: "1.1.1.1.1.1", "2.2.2.2.2.2" };
2309: String[] policies_3 = new String[] { "2.2.2.2.2.2" };
2310: String[] policies_4 = new String[] {};
2311: X509CertSelector selector = new X509CertSelector();
2312: HashSet set = new HashSet(Arrays.asList(policies_1));
2313: try {
2314: selector.setPolicy(set);
2315: } catch (IOException e) {
2316: e.printStackTrace();
2317: fail("Unexpected IOException was thrown.");
2318: }
2319: TestCert cert_1 = new TestCert(policies_1);
2320: TestCert cert_2 = new TestCert(policies_2);
2321: TestCert cert_3 = new TestCert(policies_3);
2322: TestCert cert_4 = new TestCert(policies_4);
2323: assertTrue(
2324: "The certificate should match the specified criteria",
2325: selector.match(cert_1));
2326: assertTrue(
2327: "The certificate should match the specified criteria",
2328: selector.match(cert_2));
2329: assertFalse(
2330: "The certificate should not match the specified criteria",
2331: selector.match(cert_3));
2332: assertFalse(
2333: "The certificate should not match the specified criteria",
2334: selector.match(cert_4));
2335: set.add("2.2.2.2.2.2");
2336: assertFalse("The modification of the set should not cause the "
2337: + "modification of internal object", selector
2338: .match(cert_3));
2339: set = new HashSet();
2340: try {
2341: selector.setPolicy(set);
2342: } catch (IOException e) {
2343: e.printStackTrace();
2344: fail("Unexpected IOException was thrown.");
2345: }
2346: assertTrue(
2347: "The certificate should match the specified criteria",
2348: selector.match(cert_1));
2349: assertTrue(
2350: "The certificate should match the specified criteria",
2351: selector.match(cert_2));
2352: assertTrue(
2353: "The certificate should match the specified criteria",
2354: selector.match(cert_3));
2355: assertFalse(
2356: "The certificate should not match the specified criteria",
2357: selector.match(cert_4));
2358: set.add("2.2.2.2.2.2");
2359: try {
2360: selector.setPolicy(set);
2361: } catch (IOException e) {
2362: e.printStackTrace();
2363: fail("Unexpected IOException was thrown.");
2364: }
2365: assertFalse(
2366: "The certificate should not match the specified criteria",
2367: selector.match(cert_1));
2368: assertTrue(
2369: "The certificate should match the specified criteria",
2370: selector.match(cert_2));
2371: assertTrue(
2372: "The certificate should match the specified criteria",
2373: selector.match(cert_3));
2374: assertFalse(
2375: "The certificate should not match the specified criteria",
2376: selector.match(cert_4));
2377: }
2378:
2379: /**
2380: * getPolicy() method testing.
2381: */
2382: public void testGetPolicy() {
2383: String[] policies = new String[] { "0.0.0.0.0.0",
2384: "1.1.1.1.1.1", "2.2.2.2.2.2" };
2385: X509CertSelector selector = new X509CertSelector();
2386: HashSet set = new HashSet(Arrays.asList(policies));
2387: try {
2388: selector.setPolicy(set);
2389: } catch (IOException e) {
2390: e.printStackTrace();
2391: fail("Unexpected IOException was thrown.");
2392: }
2393: Set result = selector.getPolicy();
2394: try {
2395: result.remove(policies[0]);
2396: fail("An immutable set should be returned.");
2397: } catch (UnsupportedOperationException e) {
2398: }
2399: if (result.size() != 3) {
2400: fail("The size of returned set differs from specified.");
2401: }
2402: for (int i = 0; i < policies.length; i++) {
2403: if (!result.contains(policies[i])) {
2404: fail("The set does not have specified policy.");
2405: }
2406: }
2407: }
2408:
2409: /**
2410: * setPathToNames(Collection<List<?>> names) method testing.
2411: */
2412: public void testSetPathToNames() {
2413: try {
2414: GeneralName[] names = new GeneralName[] {
2415: new GeneralName(1, "rfc@822.Name"),
2416: new GeneralName(1, "rfc@822.AnotherName"),
2417: new GeneralName(2, "dNSName"),
2418: new GeneralName(2, "AnotherdNSName"),
2419: new GeneralName(4, "O=Organization"),
2420: new GeneralName(4, "O=Another Organization"),
2421: new GeneralName(6, "http://uniform.Resource.Id"),
2422: new GeneralName(6,
2423: "http://another.uniform.Resource.Id"),
2424: new GeneralName(7, "1.1.1.1"),
2425: new GeneralName(7, "2.2.2.2") };
2426:
2427: X509CertSelector selector = new X509CertSelector();
2428:
2429: TestCert cert;
2430: GeneralSubtrees subtrees;
2431: NameConstraints constraints;
2432: for (int i = 0; i < names.length; i += 2) {
2433: // Set up the pathToNames criterion
2434: ArrayList pathToNames = new ArrayList();
2435: pathToNames.add(names[i].getAsList());
2436: selector.setPathToNames(pathToNames);
2437:
2438: // Construct the subtrees without the current name
2439: subtrees = new GeneralSubtrees();
2440: for (int j = 0; j < names.length; j++) {
2441: if (i != j && i + 1 != j) {
2442: subtrees
2443: .addSubtree(new GeneralSubtree(names[j]));
2444: }
2445: }
2446: constraints = new NameConstraints(subtrees, null);
2447: cert = new TestCert(constraints);
2448: assertTrue("The Name Constraints Extension of the "
2449: + "certificate does not contain the names "
2450: + "of such type so method match() should "
2451: + "return true.", selector.match(cert));
2452:
2453: constraints = new NameConstraints(subtrees, subtrees);
2454: cert = new TestCert(constraints);
2455: assertTrue("The Name Constraints Extension of the "
2456: + "certificate does not contain the names "
2457: + "of such type so method match() should "
2458: + "return true.", selector.match(cert));
2459:
2460: constraints = new NameConstraints(null, subtrees);
2461: cert = new TestCert(constraints);
2462: assertTrue("The Name Constraints Extension of the "
2463: + "certificate does not contain the names "
2464: + "of such type so method match() should "
2465: + "return true.", selector.match(cert));
2466:
2467: subtrees.addSubtree(new GeneralSubtree(names[i + 1]));
2468:
2469: constraints = new NameConstraints(subtrees, null);
2470: cert = new TestCert(constraints);
2471: assertFalse("The Name Constraints Extension of the "
2472: + "certificate does not contain the name "
2473: + "as a permitted name so method match() "
2474: + "should return false", selector.match(cert));
2475:
2476: constraints = new NameConstraints(subtrees, subtrees);
2477: cert = new TestCert(constraints);
2478: assertFalse("The Name Constraints Extension of the "
2479: + "certificate does not contain the name "
2480: + "as an excluded name but it does not "
2481: + "contain this name as a permitted so match()"
2482: + "should return false", selector.match(cert));
2483:
2484: constraints = new NameConstraints(null, subtrees);
2485: cert = new TestCert(constraints);
2486: assertTrue("The Name Constraints Extension of the "
2487: + "certificate does not contain the name "
2488: + "as an excluded name so method match() "
2489: + "should return true", selector.match(cert));
2490:
2491: subtrees.addSubtree(new GeneralSubtree(names[i]));
2492:
2493: constraints = new NameConstraints(subtrees, null);
2494: cert = new TestCert(constraints);
2495: assertTrue("The Name Constraints Extension of the "
2496: + "certificate contains the name "
2497: + "as a permitted name so method match() "
2498: + "should return true", selector.match(cert));
2499:
2500: constraints = new NameConstraints(subtrees, subtrees);
2501: cert = new TestCert(constraints);
2502: assertFalse("The Name Constraints Extension of the "
2503: + "certificate contains the name "
2504: + "as an excluded name so method match() "
2505: + "should return false", selector.match(cert));
2506:
2507: constraints = new NameConstraints(null, subtrees);
2508: cert = new TestCert(constraints);
2509: assertFalse("The Name Constraints Extension of the "
2510: + "certificate contains the name "
2511: + "as an excluded name so method match() "
2512: + "should return false", selector.match(cert));
2513:
2514: pathToNames.clear();
2515: assertFalse(
2516: "The modification of initialization parameter "
2517: + "should not cause the modification of "
2518: + "internal object ", selector
2519: .match(cert));
2520: }
2521: } catch (IOException e) {
2522: e.printStackTrace();
2523: fail("Unexpected IOException was thrown.");
2524: }
2525: }
2526:
2527: /**
2528: * addPathToName(int type, String name) method testing.
2529: */
2530: public void testAddPathToName1() {
2531: try {
2532: int[] types = new int[] { 1, 1, 2, 2, 4, 4, 6, 6, 7, 7 };
2533: String[] names = new String[] { "rfc@822.Name",
2534: "rfc@822.AnotherName", "dNSName", "AnotherdNSName",
2535: "O=Organization", "O=Another Organization",
2536: "http://uniform.Resource.Id",
2537: "http://another.uniform.Resource.Id", "1.1.1.1",
2538: "2.2.2.2" };
2539:
2540: X509CertSelector selector = new X509CertSelector();
2541:
2542: TestCert cert;
2543: GeneralSubtrees subtrees;
2544: NameConstraints constraints;
2545: for (int i = 0; i < names.length - 2; i += 2) {
2546: // Set up the pathToNames criterion
2547: selector.addPathToName(types[i], names[i]);
2548:
2549: // Construct the subtrees without the current name
2550: subtrees = new GeneralSubtrees();
2551: for (int j = i + 2; j < names.length; j++) {
2552: if (i != j && i + 1 != j) {
2553: subtrees.addSubtree(new GeneralSubtree(
2554: new GeneralName(types[j], names[j])));
2555: }
2556: }
2557: constraints = new NameConstraints(subtrees, null);
2558: cert = new TestCert(constraints);
2559: assertTrue("The Name Constraints Extension of the "
2560: + "certificate does not contain the names "
2561: + "of such type so method match() should "
2562: + "return true.", selector.match(cert));
2563:
2564: constraints = new NameConstraints(subtrees, subtrees);
2565: cert = new TestCert(constraints);
2566: assertTrue("The Name Constraints Extension of the "
2567: + "certificate does not contain the names "
2568: + "of such type so method match() should "
2569: + "return true.", selector.match(cert));
2570:
2571: constraints = new NameConstraints(null, subtrees);
2572: cert = new TestCert(constraints);
2573: assertTrue("The Name Constraints Extension of the "
2574: + "certificate does not contain the names "
2575: + "of such type so method match() should "
2576: + "return true.", selector.match(cert));
2577:
2578: subtrees.addSubtree(new GeneralSubtree(new GeneralName(
2579: types[i + 1], names[i + 1])));
2580:
2581: constraints = new NameConstraints(subtrees, null);
2582: cert = new TestCert(constraints);
2583: assertFalse("The Name Constraints Extension of the "
2584: + "certificate does not contain the name "
2585: + "as a permitted name so method match() "
2586: + "should return false", selector.match(cert));
2587:
2588: constraints = new NameConstraints(subtrees, subtrees);
2589: cert = new TestCert(constraints);
2590: assertFalse("The Name Constraints Extension of the "
2591: + "certificate does not contain the name "
2592: + "as an excluded name but it does not "
2593: + "contain this name as a permitted so match()"
2594: + "should return false", selector.match(cert));
2595:
2596: constraints = new NameConstraints(null, subtrees);
2597: cert = new TestCert(constraints);
2598: assertTrue("The Name Constraints Extension of the "
2599: + "certificate does not contain the name "
2600: + "as an excluded name so method match() "
2601: + "should return true", selector.match(cert));
2602:
2603: subtrees.addSubtree(new GeneralSubtree(new GeneralName(
2604: types[i], names[i])));
2605:
2606: constraints = new NameConstraints(subtrees, null);
2607: cert = new TestCert(constraints);
2608: assertTrue("The Name Constraints Extension of the "
2609: + "certificate contains the name "
2610: + "as a permitted name so method match() "
2611: + "should return true", selector.match(cert));
2612:
2613: constraints = new NameConstraints(subtrees, subtrees);
2614: cert = new TestCert(constraints);
2615: assertFalse("The Name Constraints Extension of the "
2616: + "certificate contains the name "
2617: + "as an excluded name so method match() "
2618: + "should return false", selector.match(cert));
2619:
2620: constraints = new NameConstraints(null, subtrees);
2621: cert = new TestCert(constraints);
2622: assertFalse("The Name Constraints Extension of the "
2623: + "certificate contains the name "
2624: + "as an excluded name so method match() "
2625: + "should return false", selector.match(cert));
2626: }
2627: } catch (IOException e) {
2628: e.printStackTrace();
2629: fail("Unexpected IOException was thrown.");
2630: }
2631: }
2632:
2633: /**
2634: * addPathToName(int type, byte[] name) method testing.
2635: */
2636: public void testAddPathToName2() {
2637: try {
2638: int[] types = new int[] { 1, 1, 2, 2, 4, 4, 6, 6, 7, 7 };
2639: byte[][] names = new byte[][] {
2640: new GeneralName(1, "rfc@822.Name").getEncodedName(),
2641: new GeneralName(1, "rfc@822.AnotherName")
2642: .getEncodedName(),
2643: new GeneralName(2, "dNSName").getEncodedName(),
2644: new GeneralName(2, "AnotherdNSName")
2645: .getEncodedName(),
2646: new GeneralName(4, "O=Organization")
2647: .getEncodedName(),
2648: new GeneralName(4, "O=Another Organization")
2649: .getEncodedName(),
2650: new GeneralName(6, "http://uniform.Resource.Id")
2651: .getEncodedName(),
2652: new GeneralName(6,
2653: "http://another.uniform.Resource.Id")
2654: .getEncodedName(),
2655: new GeneralName(7, "1.1.1.1").getEncodedName(),
2656: new GeneralName(7, "2.2.2.2").getEncodedName() };
2657:
2658: X509CertSelector selector = new X509CertSelector();
2659:
2660: TestCert cert;
2661: GeneralSubtrees subtrees;
2662: NameConstraints constraints;
2663: for (int i = 0; i < names.length - 2; i += 2) {
2664: // Set up the pathToNames criterion
2665: selector.addPathToName(types[i], names[i]);
2666:
2667: // Construct the subtrees without the current name
2668: subtrees = new GeneralSubtrees();
2669: for (int j = i + 2; j < names.length; j++) {
2670: if (i != j && i + 1 != j) {
2671: subtrees.addSubtree(new GeneralSubtree(
2672: new GeneralName(types[j], names[j])));
2673: }
2674: }
2675: constraints = new NameConstraints(subtrees, null);
2676: cert = new TestCert(constraints);
2677: assertTrue("The Name Constraints Extension of the "
2678: + "certificate does not contain the names "
2679: + "of such type so method match() should "
2680: + "return true.", selector.match(cert));
2681:
2682: constraints = new NameConstraints(subtrees, subtrees);
2683: cert = new TestCert(constraints);
2684: assertTrue("The Name Constraints Extension of the "
2685: + "certificate does not contain the names "
2686: + "of such type so method match() should "
2687: + "return true.", selector.match(cert));
2688:
2689: constraints = new NameConstraints(null, subtrees);
2690: cert = new TestCert(constraints);
2691: assertTrue("The Name Constraints Extension of the "
2692: + "certificate does not contain the names "
2693: + "of such type so method match() should "
2694: + "return true.", selector.match(cert));
2695:
2696: subtrees.addSubtree(new GeneralSubtree(new GeneralName(
2697: types[i + 1], names[i + 1])));
2698:
2699: constraints = new NameConstraints(subtrees, null);
2700: cert = new TestCert(constraints);
2701: assertFalse("The Name Constraints Extension of the "
2702: + "certificate does not contain the name "
2703: + "as a permitted name so method match() "
2704: + "should return false", selector.match(cert));
2705:
2706: constraints = new NameConstraints(subtrees, subtrees);
2707: cert = new TestCert(constraints);
2708: assertFalse("The Name Constraints Extension of the "
2709: + "certificate does not contain the name "
2710: + "as an excluded name but it does not "
2711: + "contain this name as a permitted so match()"
2712: + "should return false", selector.match(cert));
2713:
2714: constraints = new NameConstraints(null, subtrees);
2715: cert = new TestCert(constraints);
2716: assertTrue("The Name Constraints Extension of the "
2717: + "certificate does not contain the name "
2718: + "as an excluded name so method match() "
2719: + "should return true", selector.match(cert));
2720:
2721: subtrees.addSubtree(new GeneralSubtree(new GeneralName(
2722: types[i], names[i])));
2723:
2724: constraints = new NameConstraints(subtrees, null);
2725: cert = new TestCert(constraints);
2726: assertTrue("The Name Constraints Extension of the "
2727: + "certificate contains the name "
2728: + "as a permitted name so method match() "
2729: + "should return true", selector.match(cert));
2730:
2731: constraints = new NameConstraints(subtrees, subtrees);
2732: cert = new TestCert(constraints);
2733: assertFalse("The Name Constraints Extension of the "
2734: + "certificate contains the name "
2735: + "as an excluded name so method match() "
2736: + "should return false", selector.match(cert));
2737:
2738: constraints = new NameConstraints(null, subtrees);
2739: cert = new TestCert(constraints);
2740: assertFalse("The Name Constraints Extension of the "
2741: + "certificate contains the name "
2742: + "as an excluded name so method match() "
2743: + "should return false", selector.match(cert));
2744: }
2745: } catch (IOException e) {
2746: e.printStackTrace();
2747: fail("Unexpected IOException was thrown.");
2748: }
2749: }
2750:
2751: /**
2752: * getPathToNames() method testing.
2753: */
2754: public void testGetPathToNames() {
2755: try {
2756: byte[] encoding = new GeneralName(1, "rfc@822.Name")
2757: .getEncodedName();
2758:
2759: X509CertSelector selector = new X509CertSelector();
2760:
2761: selector.addPathToName(1, encoding);
2762: encoding[0]++;
2763: Collection coll = selector.getPathToNames();
2764: Iterator it = coll.iterator();
2765: List list = (List) it.next();
2766: Object result = list.get(1);
2767: if ((result instanceof byte[])
2768: && (encoding[0] == ((byte[]) result)[0])) {
2769: fail("Deep copy should be performed on pathToNames.");
2770: }
2771: } catch (IOException e) {
2772: e.printStackTrace();
2773: fail("Unexpected IOException was thrown.");
2774: }
2775: }
2776:
2777: /**
2778: * toString() method testing.
2779: */
2780: public void testToString() throws Exception {
2781: BigInteger serial = new BigInteger("10000");
2782: X500Principal issuer = new X500Principal("O=Issuer Org.");
2783: X500Principal subject = new X500Principal("O=Subject Org.");
2784: byte[] subject_auth_KeyID = new byte[] { 1, 2, 3, 4, 5 };
2785: Date certValid = new Date(2000000000);
2786: Date[] privateKeyValid = new Date[] { new Date(100000000L),
2787: new Date(200000000L), new Date(300000000L) };
2788: String pkAlgID = "1.2.840.113549.1.1.4"; // MD5 with RSA encryption (source: http://asn1.elibel.tm.fr)
2789: PublicKey pkey;
2790:
2791: pkey = new TestKeyPair("RSA").getPublic();
2792:
2793: boolean[] keyUsage = new boolean[] { true, true, true, true,
2794: true, true, true, true, false };
2795: // OID values was taken from rfc 3280
2796: HashSet extKeyUsage = new HashSet(Arrays.asList(new String[] {
2797: "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2",
2798: "1.3.6.1.5.5.7.3.3", "1.3.6.1.5.5.7.3.4",
2799: "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9",
2800: "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6",
2801: "1.3.6.1.5.5.7.3.7" }));
2802: GeneralNames subjectAltNames = new GeneralNames(
2803: Arrays
2804: .asList(new GeneralName[] {
2805: new GeneralName(1, "rfc@822.Name"),
2806: new GeneralName(2, "dNSName"),
2807: new GeneralName(6,
2808: "http://uniform.Resource.Id"),
2809: new GeneralName(7, "1.1.1.1") }));
2810: String[] policies = new String[] { "0.0.0.0.0.0",
2811: "1.1.1.1.1.1", };
2812: TestCert cert = new TestCert("certificate equality criteria");
2813:
2814: X509CertSelector selector = new X509CertSelector();
2815: selector.setCertificate(cert);
2816: selector.setSerialNumber(serial);
2817: selector.setIssuer(issuer);
2818: selector.setSubject(subject);
2819: selector.setSubjectKeyIdentifier(subject_auth_KeyID);
2820: selector.setAuthorityKeyIdentifier(subject_auth_KeyID);
2821: selector.setCertificateValid(certValid);
2822: selector.setPrivateKeyValid(privateKeyValid[1]);
2823: selector.setSubjectPublicKey(pkey);
2824: selector.setSubjectPublicKeyAlgID(pkAlgID);
2825: selector.setKeyUsage(keyUsage);
2826: selector.setExtendedKeyUsage(extKeyUsage);
2827: selector.setSubjectAlternativeNames(subjectAltNames
2828: .getPairsList());
2829: selector.setMatchAllSubjectAltNames(true);
2830: selector.setPolicy(new HashSet(Arrays.asList(policies)));
2831:
2832: assertNotNull("The result should not be null.", selector
2833: .toString());
2834: }
2835:
2836: /**
2837: * match(Certificate cert) method testing.
2838: * Tests if the null object matches to the selector or does not,
2839: * and if the certificate conforming to the multiple matching criteria
2840: * matches or does not..
2841: */
2842: public void testMatch() throws Exception {
2843: BigInteger serial = new BigInteger("10000");
2844: X500Principal issuer = new X500Principal("O=Issuer Org.");
2845: X500Principal subject = new X500Principal("O=Subject Org.");
2846: byte[] subject_auth_KeyID = new byte[] { 1, 2, 3, 4, 5 }; // random value
2847: Date certValid = new Date(2000000000);
2848: Date[] privateKeyValid = new Date[] { new Date(100000000L),
2849: new Date(200000000L), new Date(300000000L) };
2850: String pkAlgID = "1.2.840.113549.1.1.1"; // RSA encryption (source: http://asn1.elibel.tm.fr)
2851: PublicKey pkey;
2852:
2853: pkey = new TestKeyPair("RSA").getPublic();
2854:
2855: boolean[] keyUsage = new boolean[] { true, true, true, true,
2856: true, true, true, true, false };
2857: // OID values was taken from rfc 3280
2858: HashSet extKeyUsage = new HashSet(Arrays.asList(new String[] {
2859: "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2",
2860: "1.3.6.1.5.5.7.3.3", "1.3.6.1.5.5.7.3.4",
2861: "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9",
2862: "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6",
2863: "1.3.6.1.5.5.7.3.7" }));
2864: GeneralNames subjectAltNames = new GeneralNames(
2865: Arrays
2866: .asList(new GeneralName[] {
2867: new GeneralName(1, "rfc@822.Name"),
2868: new GeneralName(2, "dNSName"),
2869: new GeneralName(6,
2870: "http://uniform.Resource.Id"),
2871: new GeneralName(7, "1.1.1.1") }));
2872: String[] policies = new String[] { "0.0.0.0.0.0",
2873: "1.1.1.1.1.1", };
2874:
2875: TestCert cert = new TestCert("certificate equality criteria");
2876: cert.setSerialNumber(serial);
2877: cert.setIssuer(issuer);
2878: cert.setSubject(subject);
2879: cert.setKeyIdentifier(subject_auth_KeyID);
2880: cert.setDate(certValid);
2881: cert.setPeriod(privateKeyValid[0], privateKeyValid[2]);
2882: cert.setPublicKey(pkey);
2883: cert.setKeyUsage(keyUsage);
2884: cert.setExtendedKeyUsage(extKeyUsage);
2885: cert.setSubjectAlternativeNames(subjectAltNames);
2886: cert.setPolicies(policies);
2887:
2888: X509CertSelector selector = new X509CertSelector();
2889: selector.setCertificate(cert);
2890: selector.setSerialNumber(serial);
2891: selector.setIssuer(issuer);
2892: selector.setSubject(subject);
2893: selector.setSubjectKeyIdentifier(subject_auth_KeyID);
2894: selector.setAuthorityKeyIdentifier(subject_auth_KeyID);
2895: selector.setCertificateValid(certValid);
2896: selector.setPrivateKeyValid(privateKeyValid[1]);
2897: selector.setSubjectPublicKey(pkey);
2898: selector.setSubjectPublicKeyAlgID(pkAlgID);
2899: selector.setKeyUsage(keyUsage);
2900: selector.setExtendedKeyUsage(extKeyUsage);
2901: selector.setSubjectAlternativeNames(subjectAltNames
2902: .getPairsList());
2903: selector.setMatchAllSubjectAltNames(true);
2904: selector.setPolicy(new HashSet(Arrays.asList(policies)));
2905:
2906: assertFalse("The null object should not match", selector
2907: .match((X509Certificate) null));
2908: assertTrue("The certificate should match the selector",
2909: selector.match(cert));
2910: }
2911:
2912: /**
2913: * @tests java.security.cert.X509CertSelector#match(java.security.cert.Certificate)
2914: */
2915: public void test_matchLjava_security_cert_Certificate() {
2916:
2917: // Regression for HARMONY-186
2918: TestCert cert = new TestCert();
2919: cert.setKeyUsage(new boolean[] { true, false, true, false,
2920: false, false, false, false, false });
2921:
2922: X509CertSelector certSelector = new X509CertSelector();
2923:
2924: certSelector.setKeyUsage(new boolean[] { true, false, true });
2925: assertTrue("Assert 1: ", certSelector.match(cert));
2926:
2927: certSelector.setKeyUsage(new boolean[] { true, true, true });
2928: assertFalse("Assert 2: ", certSelector.match(cert));
2929: }
2930:
2931: /**
2932: * clone() method testing.
2933: */
2934: public void testClone() throws Exception {
2935: BigInteger serial = new BigInteger("10000");
2936: X500Principal issuer = new X500Principal("O=Issuer Org.");
2937: X500Principal subject = new X500Principal("O=Subject Org.");
2938: byte[] subject_auth_KeyID = new byte[] { 1, 2, 3, 4, 5 }; // random value
2939: Date certValid = new Date(2000000000);
2940: Date[] privateKeyValid = new Date[] { new Date(100000000L),
2941: new Date(200000000L), new Date(300000000L) };
2942: String pkAlgID = "1.2.840.113549.1.1.1"; // RSA encryption (source: http://asn1.elibel.tm.fr)
2943: PublicKey pkey;
2944:
2945: pkey = new TestKeyPair("RSA").getPublic();
2946:
2947: boolean[] keyUsage = new boolean[] { true, true, true, true,
2948: true, true, true, true, false };
2949: // OID values was taken from rfc 3280
2950: HashSet extKeyUsage = new HashSet(Arrays.asList(new String[] {
2951: "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2",
2952: "1.3.6.1.5.5.7.3.3", "1.3.6.1.5.5.7.3.4",
2953: "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9",
2954: "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6",
2955: "1.3.6.1.5.5.7.3.7" }));
2956: GeneralNames subjectAltNames = new GeneralNames(
2957: Arrays
2958: .asList(new GeneralName[] {
2959: new GeneralName(1, "rfc@822.Name"),
2960: new GeneralName(2, "dNSName"),
2961: new GeneralName(6,
2962: "http://uniform.Resource.Id"),
2963: new GeneralName(7, "1.1.1.1") }));
2964: String[] policies = new String[] { "0.0.0.0.0.0",
2965: "1.1.1.1.1.1", };
2966:
2967: TestCert cert = new TestCert("certificate equality criteria");
2968: cert.setSerialNumber(serial);
2969: cert.setIssuer(issuer);
2970: cert.setSubject(subject);
2971: cert.setKeyIdentifier(subject_auth_KeyID);
2972: cert.setDate(certValid);
2973: cert.setPeriod(privateKeyValid[0], privateKeyValid[2]);
2974: cert.setPublicKey(pkey);
2975: cert.setKeyUsage(keyUsage);
2976: cert.setExtendedKeyUsage(extKeyUsage);
2977: cert.setSubjectAlternativeNames(subjectAltNames);
2978: cert.setPolicies(policies);
2979:
2980: X509CertSelector selector = new X509CertSelector();
2981: selector.setCertificate(cert);
2982: selector.setSerialNumber(serial);
2983: selector.setIssuer(issuer);
2984: selector.setSubject(subject);
2985: selector.setSubjectKeyIdentifier(subject_auth_KeyID);
2986: selector.setAuthorityKeyIdentifier(subject_auth_KeyID);
2987: selector.setCertificateValid(certValid);
2988: selector.setPrivateKeyValid(privateKeyValid[1]);
2989: selector.setSubjectPublicKey(pkey);
2990: selector.setSubjectPublicKeyAlgID(pkAlgID);
2991: selector.setKeyUsage(keyUsage);
2992: selector.setExtendedKeyUsage(extKeyUsage);
2993: selector.setSubjectAlternativeNames(subjectAltNames
2994: .getPairsList());
2995: selector.setMatchAllSubjectAltNames(true);
2996: selector.setPolicy(new HashSet(Arrays.asList(policies)));
2997:
2998: assertTrue("The certificate should match the selector",
2999: ((X509CertSelector) selector.clone()).match(cert));
3000: }
3001:
3002: public static Test suite() {
3003: return new TestSuite(X509CertSelectorTest.class);
3004: }
3005:
3006: public static void main(String[] args) {
3007: //new X509CertSelectorTest().testSetSubjectPublicKey1();
3008: junit.textui.TestRunner.run(suite());
3009: }
3010: }
|