001: package org.bouncycastle.jce.provider.test;
002:
003: import org.bouncycastle.jce.PrincipalUtil;
004: import org.bouncycastle.jce.X509Principal;
005: import org.bouncycastle.jce.provider.BouncyCastleProvider;
006: import org.bouncycastle.util.test.SimpleTest;
007: import org.bouncycastle.x509.X509AttributeCertStoreSelector;
008: import org.bouncycastle.x509.X509AttributeCertificate;
009: import org.bouncycastle.x509.X509CRLStoreSelector;
010: import org.bouncycastle.x509.X509CertPairStoreSelector;
011: import org.bouncycastle.x509.X509CertStoreSelector;
012: import org.bouncycastle.x509.X509CertificatePair;
013: import org.bouncycastle.x509.X509CollectionStoreParameters;
014: import org.bouncycastle.x509.X509Store;
015: import org.bouncycastle.x509.X509V2AttributeCertificate;
016:
017: import java.io.ByteArrayInputStream;
018: import java.math.BigInteger;
019: import java.security.Security;
020: import java.security.cert.CertificateFactory;
021: import java.security.cert.X509CRL;
022: import java.security.cert.X509Certificate;
023: import java.util.ArrayList;
024: import java.util.Collection;
025: import java.util.Collections;
026: import java.util.Date;
027: import java.util.List;
028:
029: public class X509StoreTest extends SimpleTest {
030: private void certPairTest() throws Exception {
031: CertificateFactory cf = CertificateFactory.getInstance("X.509",
032: "BC");
033:
034: X509Certificate rootCert = (X509Certificate) cf
035: .generateCertificate(new ByteArrayInputStream(
036: CertPathTest.rootCertBin));
037: X509Certificate interCert = (X509Certificate) cf
038: .generateCertificate(new ByteArrayInputStream(
039: CertPathTest.interCertBin));
040: X509Certificate finalCert = (X509Certificate) cf
041: .generateCertificate(new ByteArrayInputStream(
042: CertPathTest.finalCertBin));
043:
044: // Testing CollectionCertStore generation from List
045: X509CertificatePair pair1 = new X509CertificatePair(rootCert,
046: interCert);
047: List certList = new ArrayList();
048:
049: certList.add(pair1);
050: certList.add(new X509CertificatePair(interCert, finalCert));
051:
052: X509CollectionStoreParameters ccsp = new X509CollectionStoreParameters(
053: certList);
054:
055: X509Store certStore = X509Store.getInstance(
056: "CertificatePair/Collection", ccsp, "BC");
057: X509CertPairStoreSelector selector = new X509CertPairStoreSelector();
058: X509CertStoreSelector fwSelector = new X509CertStoreSelector();
059:
060: fwSelector.setSerialNumber(rootCert.getSerialNumber());
061:
062: selector.setForwardSelector(fwSelector);
063:
064: Collection col = certStore.getMatches(selector);
065:
066: if (col.size() != 1 || !col.contains(pair1)) {
067: fail("failed pair1 test");
068: }
069:
070: col = certStore.getMatches(null);
071:
072: if (col.size() != 2) {
073: fail("failed null test");
074: }
075: }
076:
077: public void performTest() throws Exception {
078: CertificateFactory cf = CertificateFactory.getInstance("X.509",
079: "BC");
080:
081: X509Certificate rootCert = (X509Certificate) cf
082: .generateCertificate(new ByteArrayInputStream(
083: CertPathTest.rootCertBin));
084: X509Certificate interCert = (X509Certificate) cf
085: .generateCertificate(new ByteArrayInputStream(
086: CertPathTest.interCertBin));
087: X509Certificate finalCert = (X509Certificate) cf
088: .generateCertificate(new ByteArrayInputStream(
089: CertPathTest.finalCertBin));
090: X509CRL rootCrl = (X509CRL) cf
091: .generateCRL(new ByteArrayInputStream(
092: CertPathTest.rootCrlBin));
093: X509CRL interCrl = (X509CRL) cf
094: .generateCRL(new ByteArrayInputStream(
095: CertPathTest.interCrlBin));
096:
097: // Testing CollectionCertStore generation from List
098: List certList = new ArrayList();
099: certList.add(rootCert);
100: certList.add(interCert);
101: certList.add(finalCert);
102: X509CollectionStoreParameters ccsp = new X509CollectionStoreParameters(
103: certList);
104: X509Store certStore = X509Store.getInstance(
105: "Certificate/Collection", ccsp, "BC");
106: // set default to be the same as for SUN X500 name
107: X509Principal.DefaultReverse = true;
108:
109: // Searching for rootCert by subjectDN
110:
111: X509CertStoreSelector targetConstraints = new X509CertStoreSelector();
112: targetConstraints.setSubject(PrincipalUtil
113: .getSubjectX509Principal(rootCert).getEncoded());
114: Collection certs = certStore.getMatches(targetConstraints);
115: if (certs.size() != 1 || !certs.contains(rootCert)) {
116: fail("rootCert not found by subjectDN");
117: }
118:
119: // Searching for rootCert by subjectDN encoded as byte
120: targetConstraints = new X509CertStoreSelector();
121: targetConstraints.setSubject(PrincipalUtil
122: .getSubjectX509Principal(rootCert).getEncoded());
123: certs = certStore.getMatches(targetConstraints);
124: if (certs.size() != 1 || !certs.contains(rootCert)) {
125: fail("rootCert not found by encoded subjectDN");
126: }
127:
128: X509Principal.DefaultReverse = false;
129:
130: // Searching for rootCert by public key encoded as byte
131: targetConstraints = new X509CertStoreSelector();
132: targetConstraints.setSubjectPublicKey(rootCert.getPublicKey()
133: .getEncoded());
134: certs = certStore.getMatches(targetConstraints);
135: if (certs.size() != 1 || !certs.contains(rootCert)) {
136: fail("rootCert not found by encoded public key");
137: }
138:
139: // Searching for interCert by issuerDN
140: targetConstraints = new X509CertStoreSelector();
141: targetConstraints.setIssuer(PrincipalUtil
142: .getSubjectX509Principal(rootCert).getEncoded());
143: certs = certStore.getMatches(targetConstraints);
144: if (certs.size() != 2) {
145: fail("did not found 2 certs");
146: }
147: if (!certs.contains(rootCert)) {
148: fail("rootCert not found");
149: }
150: if (!certs.contains(interCert)) {
151: fail("interCert not found");
152: }
153:
154: // Searching for rootCrl by issuerDN
155: List crlList = new ArrayList();
156: crlList.add(rootCrl);
157: crlList.add(interCrl);
158: ccsp = new X509CollectionStoreParameters(crlList);
159: X509Store store = X509Store.getInstance("CRL/Collection", ccsp,
160: "BC");
161: X509CRLStoreSelector targetConstraintsCRL = new X509CRLStoreSelector();
162: targetConstraintsCRL.setIssuers(Collections.singleton(rootCrl
163: .getIssuerX500Principal()));
164: Collection crls = store.getMatches(targetConstraintsCRL);
165: if (crls.size() != 1 || !crls.contains(rootCrl)) {
166: fail("rootCrl not found");
167: }
168:
169: crls = certStore.getMatches(targetConstraintsCRL);
170: if (crls.size() != 0) {
171: fail("error using wrong selector (CRL)");
172: }
173: certs = store.getMatches(targetConstraints);
174: if (certs.size() != 0) {
175: fail("error using wrong selector (certs)");
176: }
177: // Searching for attribute certificates
178: X509V2AttributeCertificate attrCert = new X509V2AttributeCertificate(
179: AttrCertTest.attrCert);
180: X509AttributeCertificate attrCert2 = new X509V2AttributeCertificate(
181: AttrCertTest.certWithBaseCertificateID);
182:
183: List attrList = new ArrayList();
184: attrList.add(attrCert);
185: attrList.add(attrCert2);
186: ccsp = new X509CollectionStoreParameters(attrList);
187: store = X509Store.getInstance(
188: "AttributeCertificate/Collection", ccsp, "BC");
189: X509AttributeCertStoreSelector attrSelector = new X509AttributeCertStoreSelector();
190: attrSelector.setHolder(attrCert.getHolder());
191: if (!attrSelector.getHolder().equals(attrCert.getHolder())) {
192: fail("holder get not correct");
193: }
194: Collection attrs = store.getMatches(attrSelector);
195: if (attrs.size() != 1 || !attrs.contains(attrCert)) {
196: fail("attrCert not found on holder");
197: }
198: attrSelector.setHolder(attrCert2.getHolder());
199: if (attrSelector.getHolder().equals(attrCert.getHolder())) {
200: fail("holder get not correct");
201: }
202: attrs = store.getMatches(attrSelector);
203: if (attrs.size() != 1 || !attrs.contains(attrCert2)) {
204: fail("attrCert2 not found on holder");
205: }
206: attrSelector = new X509AttributeCertStoreSelector();
207: attrSelector.setIssuer(attrCert.getIssuer());
208: if (!attrSelector.getIssuer().equals(attrCert.getIssuer())) {
209: fail("issuer get not correct");
210: }
211: attrs = store.getMatches(attrSelector);
212: if (attrs.size() != 1 || !attrs.contains(attrCert)) {
213: fail("attrCert not found on issuer");
214: }
215: attrSelector.setIssuer(attrCert2.getIssuer());
216: if (attrSelector.getIssuer().equals(attrCert.getIssuer())) {
217: fail("issuer get not correct");
218: }
219: attrs = store.getMatches(attrSelector);
220: if (attrs.size() != 1 || !attrs.contains(attrCert2)) {
221: fail("attrCert2 not found on issuer");
222: }
223: attrSelector = new X509AttributeCertStoreSelector();
224: attrSelector.setAttributeCert(attrCert);
225: if (!attrSelector.getAttributeCert().equals(attrCert)) {
226: fail("attrCert get not correct");
227: }
228: attrs = store.getMatches(attrSelector);
229: if (attrs.size() != 1 || !attrs.contains(attrCert)) {
230: fail("attrCert not found on attrCert");
231: }
232: attrSelector = new X509AttributeCertStoreSelector();
233: attrSelector.setSerialNumber(attrCert.getSerialNumber());
234: if (!attrSelector.getSerialNumber().equals(
235: attrCert.getSerialNumber())) {
236: fail("serial number get not correct");
237: }
238: attrs = store.getMatches(attrSelector);
239: if (attrs.size() != 1 || !attrs.contains(attrCert)) {
240: fail("attrCert not found on serial number");
241: }
242: attrSelector = (X509AttributeCertStoreSelector) attrSelector
243: .clone();
244: if (!attrSelector.getSerialNumber().equals(
245: attrCert.getSerialNumber())) {
246: fail("serial number get not correct");
247: }
248: attrs = store.getMatches(attrSelector);
249: if (attrs.size() != 1 || !attrs.contains(attrCert)) {
250: fail("attrCert not found on serial number");
251: }
252:
253: attrSelector = new X509AttributeCertStoreSelector();
254: attrSelector.setAttributeCertificateValid(attrCert
255: .getNotBefore());
256: if (!attrSelector.getAttributeCertificateValid().equals(
257: attrCert.getNotBefore())) {
258: fail("valid get not correct");
259: }
260: attrs = store.getMatches(attrSelector);
261: if (attrs.size() != 1 || !attrs.contains(attrCert)) {
262: fail("attrCert not found on valid");
263: }
264: attrSelector = new X509AttributeCertStoreSelector();
265: attrSelector.setAttributeCertificateValid(new Date(attrCert
266: .getNotBefore().getTime() - 100));
267: attrs = store.getMatches(attrSelector);
268: if (attrs.size() != 0) {
269: fail("attrCert found on before");
270: }
271: attrSelector.setAttributeCertificateValid(new Date(attrCert
272: .getNotAfter().getTime() + 100));
273: attrs = store.getMatches(attrSelector);
274: if (attrs.size() != 0) {
275: fail("attrCert found on after");
276: }
277: attrSelector.setSerialNumber(BigInteger.valueOf(10000));
278: attrs = store.getMatches(attrSelector);
279: if (attrs.size() != 0) {
280: fail("attrCert found on wrong serial number");
281: }
282:
283: attrSelector.setAttributeCert(null);
284: attrSelector.setAttributeCertificateValid(null);
285: attrSelector.setHolder(null);
286: attrSelector.setIssuer(null);
287: attrSelector.setSerialNumber(null);
288: if (attrSelector.getAttributeCert() != null) {
289: fail("null attrCert");
290: }
291: if (attrSelector.getAttributeCertificateValid() != null) {
292: fail("null attrCertValid");
293: }
294: if (attrSelector.getHolder() != null) {
295: fail("null attrCert holder");
296: }
297: if (attrSelector.getIssuer() != null) {
298: fail("null attrCert issuer");
299: }
300: if (attrSelector.getSerialNumber() != null) {
301: fail("null attrCert serial");
302: }
303:
304: attrs = certStore.getMatches(attrSelector);
305: if (attrs.size() != 0) {
306: fail("error using wrong selector (attrs)");
307: }
308:
309: certPairTest();
310: }
311:
312: public String getName() {
313: return "X509Store";
314: }
315:
316: public static void main(String[] args) {
317: Security.addProvider(new BouncyCastleProvider());
318:
319: runTest(new X509StoreTest());
320: }
321:
322: }
|