001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017:
018: /**
019: * @author Alexander Y. Kleymenov
020: * @version $Revision$
021: */package org.apache.harmony.security.tests.x509;
022:
023: import java.io.ByteArrayInputStream;
024: import java.io.IOException;
025: import java.math.BigInteger;
026: import java.security.cert.CertificateFactory;
027: import java.util.Arrays;
028: import java.util.Date;
029:
030: import junit.framework.Test;
031: import junit.framework.TestCase;
032: import junit.framework.TestSuite;
033:
034: import org.apache.harmony.security.asn1.ASN1Integer;
035: import org.apache.harmony.security.x501.Name;
036: import org.apache.harmony.security.x509.AlgorithmIdentifier;
037: import org.apache.harmony.security.x509.Certificate;
038: import org.apache.harmony.security.x509.EDIPartyName;
039: import org.apache.harmony.security.x509.Extension;
040: import org.apache.harmony.security.x509.Extensions;
041: import org.apache.harmony.security.x509.GeneralName;
042: import org.apache.harmony.security.x509.GeneralNames;
043: import org.apache.harmony.security.x509.NameConstraints;
044: import org.apache.harmony.security.x509.ORAddress;
045: import org.apache.harmony.security.x509.OtherName;
046: import org.apache.harmony.security.x509.SubjectPublicKeyInfo;
047: import org.apache.harmony.security.x509.TBSCertificate;
048: import org.apache.harmony.security.x509.Validity;
049:
050: /**
051: * Testing the encoding/decoding work of the following structure:
052: * (as specified in RFC 3280 -
053: * Internet X.509 Public Key Infrastructure.
054: * Certificate and Certificate Revocation List (CRL) Profile.
055: * http://www.ietf.org/rfc/rfc3280.txt):
056: *
057: * <pre>
058: * Certificate ::= SEQUENCE {
059: * tbsCertificate TBSCertificate,
060: * signatureAlgorithm AlgorithmIdentifier,
061: * signatureValue BIT STRING
062: * }
063: *
064: * TBSCertificate ::= SEQUENCE {
065: * version [0] EXPLICIT Version DEFAULT v1,
066: * serialNumber CertificateSerialNumber,
067: * signature AlgorithmIdentifier,
068: * issuer Name,
069: * validity Validity,
070: * subject Name,
071: * subjectPublicKeyInfo SubjectPublicKeyInfo,
072: * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
073: * -- If present, version MUST be v2 or v3
074: * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
075: * -- If present, version MUST be v2 or v3
076: * extensions [3] EXPLICIT Extensions OPTIONAL
077: * -- If present, version MUST be v3
078: * }
079: *
080: * Version ::= INTEGER { v1(0), v2(1), v3(2) }
081: *
082: * CertificateSerialNumber ::= INTEGER
083: *
084: * Validity ::= SEQUENCE {
085: * notBefore Time,
086: * notAfter Time
087: * }
088: *
089: * Time ::= CHOICE {
090: * utcTime UTCTime,
091: * generalTime GeneralizedTime
092: * }
093: *
094: * UniqueIdentifier ::= BIT STRING
095: *
096: * SubjectPublicKeyInfo ::= SEQUENCE {
097: * algorithm AlgorithmIdentifier,
098: * subjectPublicKey BIT STRING
099: * }
100: *
101: * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
102: *
103: * Extension ::= SEQUENCE {
104: * extnID OBJECT IDENTIFIER,
105: * critical BOOLEAN DEFAULT FALSE,
106: * extnValue OCTET STRING
107: * }
108: * </pre>
109: */
110:
111: public class CertificateTest extends TestCase {
112:
113: /**
114: * Certificate(TBSCertificate tbsCertificate, AlgorithmIdentifier
115: * signatureAlgorithm, byte[] signatureValue) method testing.
116: * Makes the certificate, gets its encoded form, makes new certificate
117: * from this encoded form by CertificateFactory, and decodes encoded
118: * form.
119: */
120: public void testCertificate() throws Exception {
121: // make the TBSCertificate for Certificate
122: int version = 2; //v3
123: BigInteger serialNumber = BigInteger.valueOf(555L);
124: AlgorithmIdentifier signature = new AlgorithmIdentifier(
125: "1.2.3.44.555"); // random value
126: Name issuer = new Name("O=Certificate Issuer");
127: Validity validity = new Validity(new Date(100000000), new Date(
128: 200000000));
129: Name subject = new Name("O=Subject Organization");
130: SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(
131: new AlgorithmIdentifier("1.2.840.113549.1.1.2"),
132: new byte[10]);
133: boolean[] issuerUniqueID = new boolean[] { true, false, true,
134: false, true, false, true, false }; // random value
135: boolean[] subjectUniqueID = new boolean[] { false, true, false,
136: true, false, true, false, true }; // random value
137: // make the Extensions for TBSCertificate
138: // Subject Alternative Names
139: GeneralName[] san = new GeneralName[] {
140: new GeneralName(new OtherName("1.2.3.4.5", ASN1Integer
141: .getInstance().encode(
142: BigInteger.valueOf(55L).toByteArray()))),
143: new GeneralName(1, "rfc@822.Name"),
144: new GeneralName(2, "dNSName"),
145: new GeneralName(new ORAddress()),
146: new GeneralName(4, "O=Organization"),
147: new GeneralName(new EDIPartyName("assigner", "party")),
148: new GeneralName(6, "http://Resource.Id"),
149: new GeneralName(new byte[] { 1, 1, 1, 1 }),
150: new GeneralName(8, "1.2.3.4444.55555") };
151: GeneralNames sans = new GeneralNames(Arrays.asList(san));
152: Extension extension = new Extension("2.5.29.17", true, sans
153: .getEncoded());
154: Extensions extensions = new Extensions();
155: extensions.addExtension(extension);
156:
157: byte[] encoding = extensions.getEncoded();
158: Extensions.ASN1.decode(encoding);
159:
160: TBSCertificate tbsCertificate = new TBSCertificate(version,
161: serialNumber, signature, issuer, validity, subject,
162: subjectPublicKeyInfo, issuerUniqueID, subjectUniqueID,
163: extensions);
164:
165: encoding = tbsCertificate.getEncoded();
166: TBSCertificate.ASN1.decode(encoding);
167:
168: Certificate certificate = new Certificate(tbsCertificate,
169: signature, new byte[10]);
170:
171: encoding = certificate.getEncoded();
172:
173: Certificate.ASN1.decode(encoding);
174:
175: encoding = Certificate.ASN1.encode(certificate);
176:
177: ByteArrayInputStream bais = new ByteArrayInputStream(encoding);
178:
179: //try {
180: CertificateFactory cf = CertificateFactory.getInstance("X.509");
181: cf.generateCertificate(bais);
182: //} catch (CertificateException e) {
183: // there is no X.509 certificate factory implementation installed
184: //}
185: }
186:
187: /**
188: * getTbsCertificate() method testing.
189: */
190: public void testGetTbsCertificate() throws IOException {
191: // manually derived data:
192: byte[] encoding = new byte[] { (byte) 0x30, (byte) 0x13, // NameConstraints
193: (byte) 0xa1, (byte) 0x11, // GeneralSubtrees (excludedSubtrees)
194: (byte) 0x30, (byte) 0x0f, // GeneralSubtree
195: (byte) 0xa0, (byte) 0x0a, // GeneralName
196: // OtherName:
197: (byte) 0x06, (byte) 0x03, // type-id (OID)
198: (byte) 0x00, (byte) 0x01, (byte) 0x02, // oid
199: (byte) 0xA0, (byte) 0x03, // value (raw)
200: 1, 1, (byte) 0xff, // boolean
201: (byte) 0x80, (byte) 0x01, (byte) 0x00 // minimum
202: };
203: NameConstraints.ASN1.decode(encoding);
204: }
205:
206: /**
207: * getSignatureAlgorithm() method testing.
208: */
209: public void testGetSignatureAlgorithm() {
210: }
211:
212: /**
213: * getSignatureValue() method testing.
214: */
215: public void testGetSignatureValue() {
216: }
217:
218: /**
219: * getValue() method testing.
220: */
221: public void testGetValue() {
222: }
223:
224: public static Test suite() {
225: return new TestSuite(CertificateTest.class);
226: }
227:
228: public static void main(String[] args) {
229: junit.textui.TestRunner.run(suite());
230: }
231: }
|