001: package org.bouncycastle.jce.provider.test;
002:
003: import java.io.IOException;
004: import java.math.BigInteger;
005: import java.security.InvalidAlgorithmParameterException;
006: import java.security.KeyFactory;
007: import java.security.NoSuchAlgorithmException;
008: import java.security.NoSuchProviderException;
009: import java.security.PrivateKey;
010: import java.security.PublicKey;
011: import java.security.Security;
012: import java.security.cert.CertPathBuilder;
013: import java.security.cert.CertStore;
014: import java.security.cert.CollectionCertStoreParameters;
015: import java.security.cert.PKIXBuilderParameters;
016: import java.security.cert.PKIXCertPathBuilderResult;
017: import java.security.cert.TrustAnchor;
018: import java.security.cert.X509CertSelector;
019: import java.security.cert.X509Certificate;
020: import java.security.spec.RSAPrivateCrtKeySpec;
021: import java.security.spec.RSAPublicKeySpec;
022: import java.util.Date;
023: import java.util.HashSet;
024: import java.util.Hashtable;
025: import java.util.Set;
026:
027: import org.bouncycastle.asn1.ASN1EncodableVector;
028: import org.bouncycastle.asn1.DERObjectIdentifier;
029: import org.bouncycastle.asn1.DERSequence;
030: import org.bouncycastle.asn1.x509.BasicConstraints;
031: import org.bouncycastle.asn1.x509.PolicyInformation;
032: import org.bouncycastle.asn1.x509.PolicyMappings;
033: import org.bouncycastle.asn1.x509.X509Extensions;
034: import org.bouncycastle.jce.X509Principal;
035: import org.bouncycastle.jce.provider.BouncyCastleProvider;
036: import org.bouncycastle.util.test.SimpleTest;
037: import org.bouncycastle.util.test.TestFailedException;
038: import org.bouncycastle.x509.X509V3CertificateGenerator;
039:
040: public class PKIXPolicyMappingTest extends SimpleTest {
041: static X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
042:
043: public String getName() {
044: return "PKIXPolicyMapping";
045: }
046:
047: /**
048: * TrustAnchor's Cert
049: */
050: private X509Certificate createTrustCert(PublicKey pubKey,
051: PrivateKey privKey) throws Exception {
052: String issuer = "C=JP, O=policyMappingAdditionalTest, OU=trustAnchor";
053: String subject = "C=JP, O=policyMappingAdditionalTest, OU=trustAnchor";
054: v3CertGen.setSerialNumber(BigInteger.valueOf(10));
055: v3CertGen.setIssuerDN(new X509Principal(issuer));
056: v3CertGen.setNotBefore(new Date(System.currentTimeMillis()
057: - 1000L * 60 * 60 * 24 * 30));
058: v3CertGen.setNotAfter(new Date(System.currentTimeMillis()
059: + (1000L * 60 * 60 * 24 * 30)));
060: v3CertGen.setSubjectDN(new X509Principal(subject));
061: v3CertGen.setPublicKey(pubKey);
062: v3CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
063: X509Certificate cert = v3CertGen
064: .generateX509Certificate(privKey);
065: return cert;
066: }
067:
068: /**
069: * intermediate cert
070: */
071: private X509Certificate createIntmedCert(PublicKey pubKey,
072: PrivateKey caPrivKey, PublicKey caPubKey,
073: ASN1EncodableVector policies, Hashtable policyMap)
074: throws Exception {
075: String issuer = "C=JP, O=policyMappingAdditionalTest, OU=trustAnchor";
076: String subject = "C=JP, O=policyMappingAdditionalTest, OU=intmedCA";
077: v3CertGen.reset();
078: v3CertGen.setSerialNumber(BigInteger.valueOf(20));
079: v3CertGen.setIssuerDN(new X509Principal(issuer));
080: v3CertGen.setNotBefore(new Date(System.currentTimeMillis()
081: - 1000L * 60 * 60 * 24 * 30));
082: v3CertGen.setNotAfter(new Date(System.currentTimeMillis()
083: + (1000L * 60 * 60 * 24 * 30)));
084: v3CertGen.setSubjectDN(new X509Principal(subject));
085: v3CertGen.setPublicKey(pubKey);
086: v3CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
087: v3CertGen.addExtension(X509Extensions.CertificatePolicies,
088: true, new DERSequence(policies));
089: v3CertGen.addExtension(X509Extensions.BasicConstraints, true,
090: new BasicConstraints(true));
091: v3CertGen.addExtension(X509Extensions.PolicyMappings, true,
092: new PolicyMappings(policyMap));
093: X509Certificate cert = v3CertGen
094: .generateX509Certificate(caPrivKey);
095: return cert;
096: }
097:
098: /**
099: * endEntity cert
100: */
101: private X509Certificate createEndEntityCert(PublicKey pubKey,
102: PrivateKey caPrivKey, PublicKey caPubKey,
103: ASN1EncodableVector policies) throws Exception {
104: String issuer = "C=JP, O=policyMappingAdditionalTest, OU=intMedCA";
105: String subject = "C=JP, O=policyMappingAdditionalTest, OU=endEntity";
106: v3CertGen.reset();
107: v3CertGen.setSerialNumber(BigInteger.valueOf(20));
108: v3CertGen.setIssuerDN(new X509Principal(issuer));
109: v3CertGen.setNotBefore(new Date(System.currentTimeMillis()
110: - 1000L * 60 * 60 * 24 * 30));
111: v3CertGen.setNotAfter(new Date(System.currentTimeMillis()
112: + (1000L * 60 * 60 * 24 * 30)));
113: v3CertGen.setSubjectDN(new X509Principal(subject));
114: v3CertGen.setPublicKey(pubKey);
115: v3CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
116: v3CertGen.addExtension(X509Extensions.CertificatePolicies,
117: true, new DERSequence(policies));
118: X509Certificate cert = v3CertGen
119: .generateX509Certificate(caPrivKey);
120: return cert;
121: }
122:
123: private String testPolicies(int index, X509Certificate trustCert,
124: X509Certificate intCert, X509Certificate endCert,
125: Set requirePolicies, boolean okay) throws IOException,
126: InvalidAlgorithmParameterException,
127: NoSuchAlgorithmException, NoSuchProviderException {
128: Set trust = new HashSet();
129: trust.add(new TrustAnchor(trustCert, null));
130: X509CertSelector targetConstraints = new X509CertSelector();
131: targetConstraints.setSubject(endCert.getSubjectX500Principal()
132: .getEncoded());
133: PKIXBuilderParameters params = new PKIXBuilderParameters(trust,
134: targetConstraints);
135:
136: Set certs = new HashSet();
137: certs.add(intCert);
138: certs.add(endCert);
139: CollectionCertStoreParameters pr = new CollectionCertStoreParameters(
140: certs);
141: CertStore store = CertStore.getInstance("Collection", pr);
142: params.addCertStore(store);
143:
144: params.setRevocationEnabled(false);
145: if (requirePolicies != null) {
146: params.setExplicitPolicyRequired(true);
147: params.setInitialPolicies(requirePolicies);
148: }
149:
150: CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX", "BC");
151: // CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX","SUN");
152: PKIXCertPathBuilderResult result = null;
153: try {
154: result = (PKIXCertPathBuilderResult) cpb.build(params);
155:
156: if (!okay) {
157: fail(index + ": path validated when failure expected.");
158: }
159:
160: // if (result.getPolicyTree() != null)
161: // {
162: // System.out.println("OK");
163: // System.out.println("policy: " + result.getPolicyTree());
164: // }
165: // else
166: // {
167: // System.out.println("OK: policy tree = null");
168: // }
169:
170: return "";
171: } catch (TestFailedException e) {
172: throw e;
173: } catch (Exception e) {
174: if (okay) {
175: fail(index
176: + ": path failed to validate when success expected.");
177: }
178:
179: Throwable ee = e.getCause();
180: if (ee != null) {
181: return ee.getMessage();
182: }
183:
184: return e.getMessage();
185: }
186: }
187:
188: public void performTest() throws Exception {
189: //
190: // personal keys
191: //
192: RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
193: new BigInteger(
194: "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
195: 16), new BigInteger("11", 16));
196:
197: RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
198: new BigInteger(
199: "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
200: 16),
201: new BigInteger("11", 16),
202: new BigInteger(
203: "9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89",
204: 16),
205: new BigInteger(
206: "c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb",
207: 16),
208: new BigInteger(
209: "f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5",
210: 16),
211: new BigInteger(
212: "b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391",
213: 16),
214: new BigInteger(
215: "d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd",
216: 16),
217: new BigInteger(
218: "b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19",
219: 16));
220:
221: //
222: // intermediate keys.
223: //
224: RSAPublicKeySpec intPubKeySpec = new RSAPublicKeySpec(
225: new BigInteger(
226: "8de0d113c5e736969c8d2b047a243f8fe18edad64cde9e842d3669230ca486f7cfdde1f8eec54d1905fff04acc85e61093e180cadc6cea407f193d44bb0e9449b8dbb49784cd9e36260c39e06a947299978c6ed8300724e887198cfede20f3fbde658fa2bd078be946a392bd349f2b49c486e20c405588e306706c9017308e69",
227: 16), new BigInteger("ffff", 16));
228:
229: RSAPrivateCrtKeySpec intPrivKeySpec = new RSAPrivateCrtKeySpec(
230: new BigInteger(
231: "8de0d113c5e736969c8d2b047a243f8fe18edad64cde9e842d3669230ca486f7cfdde1f8eec54d1905fff04acc85e61093e180cadc6cea407f193d44bb0e9449b8dbb49784cd9e36260c39e06a947299978c6ed8300724e887198cfede20f3fbde658fa2bd078be946a392bd349f2b49c486e20c405588e306706c9017308e69",
232: 16),
233: new BigInteger("ffff", 16),
234: new BigInteger(
235: "7deb1b194a85bcfd29cf871411468adbc987650903e3bacc8338c449ca7b32efd39ffc33bc84412fcd7df18d23ce9d7c25ea910b1ae9985373e0273b4dca7f2e0db3b7314056ac67fd277f8f89cf2fd73c34c6ca69f9ba477143d2b0e2445548aa0b4a8473095182631da46844c356f5e5c7522eb54b5a33f11d730ead9c0cff",
236: 16),
237: new BigInteger(
238: "ef4cede573cea47f83699b814de4302edb60eefe426c52e17bd7870ec7c6b7a24fe55282ebb73775f369157726fcfb988def2b40350bdca9e5b418340288f649",
239: 16),
240: new BigInteger(
241: "97c7737d1b9a0088c3c7b528539247fd2a1593e7e01cef18848755be82f4a45aa093276cb0cbf118cb41117540a78f3fc471ba5d69f0042274defc9161265721",
242: 16),
243: new BigInteger(
244: "6c641094e24d172728b8da3c2777e69adfd0839085be7e38c7c4a2dd00b1ae969f2ec9d23e7e37090fcd449a40af0ed463fe1c612d6810d6b4f58b7bfa31eb5f",
245: 16),
246: new BigInteger(
247: "70b7123e8e69dfa76feb1236d0a686144b00e9232ed52b73847e74ef3af71fb45ccb24261f40d27f98101e230cf27b977a5d5f1f15f6cf48d5cb1da2a3a3b87f",
248: 16),
249: new BigInteger(
250: "e38f5750d97e270996a286df2e653fd26c242106436f5bab0f4c7a9e654ce02665d5a281f2c412456f2d1fa26586ef04a9adac9004ca7f913162cb28e13bf40d",
251: 16));
252:
253: //
254: // ca keys
255: //
256: RSAPublicKeySpec caPubKeySpec = new RSAPublicKeySpec(
257: new BigInteger(
258: "b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5",
259: 16), new BigInteger("11", 16));
260:
261: RSAPrivateCrtKeySpec caPrivKeySpec = new RSAPrivateCrtKeySpec(
262: new BigInteger(
263: "b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5",
264: 16),
265: new BigInteger("11", 16),
266: new BigInteger(
267: "92e08f83cc9920746989ca5034dcb384a094fb9c5a6288fcc4304424ab8f56388f72652d8fafc65a4b9020896f2cde297080f2a540e7b7ce5af0b3446e1258d1dd7f245cf54124b4c6e17da21b90a0ebd22605e6f45c9f136d7a13eaac1c0f7487de8bd6d924972408ebb58af71e76fd7b012a8d0e165f3ae2e5077a8648e619",
268: 16),
269: new BigInteger(
270: "f75e80839b9b9379f1cf1128f321639757dba514642c206bbbd99f9a4846208b3e93fbbe5e0527cc59b1d4b929d9555853004c7c8b30ee6a213c3d1bb7415d03",
271: 16),
272: new BigInteger(
273: "b892d9ebdbfc37e397256dd8a5d3123534d1f03726284743ddc6be3a709edb696fc40c7d902ed804c6eee730eee3d5b20bf6bd8d87a296813c87d3b3cc9d7947",
274: 16),
275: new BigInteger(
276: "1d1a2d3ca8e52068b3094d501c9a842fec37f54db16e9a67070a8b3f53cc03d4257ad252a1a640eadd603724d7bf3737914b544ae332eedf4f34436cac25ceb5",
277: 16),
278: new BigInteger(
279: "6c929e4e81672fef49d9c825163fec97c4b7ba7acb26c0824638ac22605d7201c94625770984f78a56e6e25904fe7db407099cad9b14588841b94f5ab498dded",
280: 16),
281: new BigInteger(
282: "dae7651ee69ad1d081ec5e7188ae126f6004ff39556bde90e0b870962fa7b926d070686d8244fe5a9aa709a95686a104614834b0ada4b10f53197a5cb4c97339",
283: 16));
284:
285: //
286: // set up the keys
287: //
288: KeyFactory fact = KeyFactory.getInstance("RSA", "BC");
289: PrivateKey caPrivKey = fact.generatePrivate(caPrivKeySpec);
290: PublicKey caPubKey = fact.generatePublic(caPubKeySpec);
291: PrivateKey intPrivKey = fact.generatePrivate(intPrivKeySpec);
292: PublicKey intPubKey = fact.generatePublic(intPubKeySpec);
293: PrivateKey privKey = fact.generatePrivate(privKeySpec);
294: PublicKey pubKey = fact.generatePublic(pubKeySpec);
295:
296: X509Certificate trustCert = createTrustCert(caPubKey, caPrivKey);
297: ASN1EncodableVector intPolicies = null;
298: Hashtable map = null;
299: ASN1EncodableVector policies = null;
300: Set requirePolicies = null;
301: X509Certificate intCert = null;
302: X509Certificate endCert = null;
303:
304: /**
305: * valid test_00
306: */
307: intPolicies = new ASN1EncodableVector();
308: intPolicies.add(new PolicyInformation(new DERObjectIdentifier(
309: "2.5.29.32.0")));
310: map = new Hashtable();
311: map.put("2.16.840.1.101.3.2.1.48.1",
312: "2.16.840.1.101.3.2.1.48.2");
313: intCert = createIntmedCert(intPubKey, caPrivKey, caPubKey,
314: intPolicies, map);
315:
316: policies = new ASN1EncodableVector();
317: policies.add(new PolicyInformation(new DERObjectIdentifier(
318: "2.16.840.1.101.3.2.1.48.2")));
319: endCert = createEndEntityCert(pubKey, intPrivKey, intPubKey,
320: policies);
321:
322: requirePolicies = null;
323: String msg = testPolicies(0, trustCert, intCert, endCert,
324: requirePolicies, true);
325: checkMessage(0, msg, "");
326:
327: /**
328: * test_01
329: */
330: intPolicies = new ASN1EncodableVector();
331: intPolicies.add(new PolicyInformation(new DERObjectIdentifier(
332: "2.5.29.32.0")));
333: map = new Hashtable();
334: map.put("2.16.840.1.101.3.2.1.48.1",
335: "2.16.840.1.101.3.2.1.48.2");
336: intCert = createIntmedCert(intPubKey, caPrivKey, caPubKey,
337: intPolicies, map);
338:
339: policies = new ASN1EncodableVector();
340: policies.add(new PolicyInformation(new DERObjectIdentifier(
341: "2.16.840.1.101.3.2.1.48.2")));
342: endCert = createEndEntityCert(pubKey, intPrivKey, intPubKey,
343: policies);
344:
345: requirePolicies = new HashSet();
346: requirePolicies.add("2.16.840.1.101.3.2.1.48.1");
347: msg = testPolicies(1, trustCert, intCert, endCert,
348: requirePolicies, true);
349: checkMessage(1, msg, "");
350:
351: /**
352: * test_02
353: */
354: intPolicies = new ASN1EncodableVector();
355: intPolicies.add(new PolicyInformation(new DERObjectIdentifier(
356: "2.5.29.32.0")));
357: map = new Hashtable();
358: map.put("2.16.840.1.101.3.2.1.48.1",
359: "2.16.840.1.101.3.2.1.48.2");
360: intCert = createIntmedCert(intPubKey, caPrivKey, caPubKey,
361: intPolicies, map);
362:
363: policies = new ASN1EncodableVector();
364: policies.add(new PolicyInformation(new DERObjectIdentifier(
365: "2.16.840.1.101.3.2.1.48.2")));
366: endCert = createEndEntityCert(pubKey, intPrivKey, intPubKey,
367: policies);
368:
369: requirePolicies = new HashSet();
370: requirePolicies.add("2.5.29.32.0");
371: msg = testPolicies(2, trustCert, intCert, endCert,
372: requirePolicies, true);
373: checkMessage(2, msg, "");
374:
375: /**
376: * test_03
377: */
378: intPolicies = new ASN1EncodableVector();
379: intPolicies.add(new PolicyInformation(new DERObjectIdentifier(
380: "2.16.840.1.101.3.2.1.48.3")));
381: intPolicies.add(new PolicyInformation(new DERObjectIdentifier(
382: "2.5.29.32.0")));
383: map = new Hashtable();
384: map.put("2.16.840.1.101.3.2.1.48.1",
385: "2.16.840.1.101.3.2.1.48.2");
386: intCert = createIntmedCert(intPubKey, caPrivKey, caPubKey,
387: intPolicies, map);
388:
389: policies = new ASN1EncodableVector();
390: policies.add(new PolicyInformation(new DERObjectIdentifier(
391: "2.16.840.1.101.3.2.1.48.2")));
392: endCert = createEndEntityCert(pubKey, intPrivKey, intPubKey,
393: policies);
394:
395: requirePolicies = new HashSet();
396: requirePolicies.add("2.16.840.1.101.3.2.1.48.1");
397: msg = testPolicies(3, trustCert, intCert, endCert,
398: requirePolicies, true);
399: checkMessage(3, msg, "");
400:
401: /**
402: * test_04
403: */
404: intPolicies = new ASN1EncodableVector();
405: intPolicies.add(new PolicyInformation(new DERObjectIdentifier(
406: "2.16.840.1.101.3.2.1.48.3")));
407: intPolicies.add(new PolicyInformation(new DERObjectIdentifier(
408: "2.5.29.32.0")));
409: map = new Hashtable();
410: map.put("2.16.840.1.101.3.2.1.48.1",
411: "2.16.840.1.101.3.2.1.48.2");
412: intCert = createIntmedCert(intPubKey, caPrivKey, caPubKey,
413: intPolicies, map);
414:
415: policies = new ASN1EncodableVector();
416: policies.add(new PolicyInformation(new DERObjectIdentifier(
417: "2.16.840.1.101.3.2.1.48.3")));
418: endCert = createEndEntityCert(pubKey, intPrivKey, intPubKey,
419: policies);
420:
421: requirePolicies = new HashSet();
422: requirePolicies.add("2.16.840.1.101.3.2.1.48.3");
423: msg = testPolicies(4, trustCert, intCert, endCert,
424: requirePolicies, true);
425: checkMessage(4, msg, "");
426:
427: /**
428: * test_05
429: */
430: intPolicies = new ASN1EncodableVector();
431: intPolicies.add(new PolicyInformation(new DERObjectIdentifier(
432: "2.5.29.32.0")));
433: map = new Hashtable();
434: map.put("2.16.840.1.101.3.2.1.48.1",
435: "2.16.840.1.101.3.2.1.48.2");
436: intCert = createIntmedCert(intPubKey, caPrivKey, caPubKey,
437: intPolicies, map);
438:
439: policies = new ASN1EncodableVector();
440: policies.add(new PolicyInformation(new DERObjectIdentifier(
441: "2.16.840.1.101.3.2.1.48.2")));
442: endCert = createEndEntityCert(pubKey, intPrivKey, intPubKey,
443: policies);
444:
445: requirePolicies = new HashSet();
446: requirePolicies.add("2.16.840.1.101.3.2.1.48.2");
447: msg = testPolicies(5, trustCert, intCert, endCert,
448: requirePolicies, false);
449: checkMessage(5, msg, "Path processing failed on policy.");
450:
451: /**
452: * test_06
453: */
454: intPolicies = new ASN1EncodableVector();
455: intPolicies.add(new PolicyInformation(new DERObjectIdentifier(
456: "2.5.29.32.0")));
457: map = new Hashtable();
458: map.put("2.16.840.1.101.3.2.1.48.1",
459: "2.16.840.1.101.3.2.1.48.2");
460: intCert = createIntmedCert(intPubKey, caPrivKey, caPubKey,
461: intPolicies, map);
462:
463: policies = new ASN1EncodableVector();
464: policies.add(new PolicyInformation(new DERObjectIdentifier(
465: "2.16.840.1.101.3.2.1.48.1")));
466: endCert = createEndEntityCert(pubKey, intPrivKey, intPubKey,
467: policies);
468:
469: requirePolicies = new HashSet();
470: requirePolicies.add("2.16.840.1.101.3.2.1.48.1");
471: msg = testPolicies(6, trustCert, intCert, endCert,
472: requirePolicies, true);
473: checkMessage(6, msg, "");
474:
475: /**
476: * test_07
477: */
478: intPolicies = new ASN1EncodableVector();
479: intPolicies.add(new PolicyInformation(new DERObjectIdentifier(
480: "2.5.29.32.0")));
481: map = new Hashtable();
482: map.put("2.16.840.1.101.3.2.1.48.1",
483: "2.16.840.1.101.3.2.1.48.2");
484: intCert = createIntmedCert(intPubKey, caPrivKey, caPubKey,
485: intPolicies, map);
486:
487: policies = new ASN1EncodableVector();
488: policies.add(new PolicyInformation(new DERObjectIdentifier(
489: "2.16.840.1.101.3.2.1.48.2")));
490: endCert = createEndEntityCert(pubKey, intPrivKey, intPubKey,
491: policies);
492:
493: requirePolicies = new HashSet();
494: requirePolicies.add("2.16.840.1.101.3.2.1.48.3");
495: msg = testPolicies(7, trustCert, intCert, endCert,
496: requirePolicies, false);
497: checkMessage(7, msg, "Path processing failed on policy.");
498:
499: /**
500: * test_08
501: */
502: intPolicies = new ASN1EncodableVector();
503: intPolicies.add(new PolicyInformation(new DERObjectIdentifier(
504: "2.5.29.32.0")));
505: map = new Hashtable();
506: map.put("2.16.840.1.101.3.2.1.48.1",
507: "2.16.840.1.101.3.2.1.48.2");
508: intCert = createIntmedCert(intPubKey, caPrivKey, caPubKey,
509: intPolicies, map);
510:
511: policies = new ASN1EncodableVector();
512: policies.add(new PolicyInformation(new DERObjectIdentifier(
513: "2.16.840.1.101.3.2.1.48.3")));
514: endCert = createEndEntityCert(pubKey, intPrivKey, intPubKey,
515: policies);
516:
517: requirePolicies = new HashSet();
518: requirePolicies.add("2.16.840.1.101.3.2.1.48.1");
519: msg = testPolicies(8, trustCert, intCert, endCert,
520: requirePolicies, false);
521: checkMessage(8, msg, "Path processing failed on policy.");
522: }
523:
524: private void checkMessage(int index, String msg, String expected) {
525: if (!msg.equals(expected)) {
526: fail("test " + index + " failed got: " + msg
527: + " expected: " + expected);
528: }
529: }
530:
531: public static void main(String[] args) {
532: Security.addProvider(new BouncyCastleProvider());
533:
534: runTest(new PKIXPolicyMappingTest());
535: }
536: }
|