/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package tests.security.cert;
import org.apache.harmony.security.tests.support.cert.TestUtils;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
public class X509Certificate2Test extends junit.framework.TestCase {
/**
* Test for X.509 Certificate provider
*/
public void test_toString() throws Exception {
// Regression for HARMONY-3384
CertificateFactory certFact = CertificateFactory.getInstance("X509");
X509Certificate pemCert = (X509Certificate) certFact
.generateCertificate(new ByteArrayInputStream(TestUtils
.getX509Certificate_v3()));
// extension value is empty sequence
byte[] extnValue = pemCert.getExtensionValue("2.5.29.35");
assertTrue(Arrays
.equals(new byte[] {0x04, 0x02, 0x30, 0x00}, extnValue));
assertNotNull(pemCert.toString());
// End regression for HARMONY-3384
}
/**
* java.security.cert.X509Certificate#X509Certificate()
*/
public void test_X509Certificate() {
MyX509Certificate s = null;
try {
s = new MyX509Certificate();
} catch (Exception e) {
fail("Unexpected exception " + e.getMessage());
}
assertEquals("X.509", s.getType());
}
public void testAbstractMethods() {
MyX509Certificate s = new MyX509Certificate();
try {
s.checkValidity();
s.checkValidity(new Date());
s.getBasicConstraints();
s.getIssuerDN();
s.getIssuerUniqueID();
s.getKeyUsage();
s.getNotAfter();
s.getNotBefore();
s.getSerialNumber();
s.getSigAlgName();
s.getSigAlgOID();
s.getSigAlgParams();
s.getSignature();
s.getSubjectDN();
s.getSubjectUniqueID();
s.getTBSCertificate();
s.getVersion();
} catch (Exception e) {
fail("Unexpected exception " + e.getMessage());
}
}
// Base64 encoded form of ASN.1 DER encoded X.509 Certificate
// (see RFC 3280 at http://www.ietf.org/rfc/rfc3280.txt)
// (generated by using of classes from
// org.apache.harmony.security.x509 package)
static String base64cert =
"MIIByzCCATagAwIBAgICAiswCwYJKoZIhvcNAQEFMB0xGzAZBgNVBAoT"
+ "EkNlcnRpZmljYXRlIElzc3VlcjAeFw0wNjA0MjYwNjI4MjJaFw0zMzAz"
+ "MDExNjQ0MDlaMB0xGzAZBgNVBAoTEkNlcnRpZmljYXRlIElzc3VlcjCB"
+ "nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAkLGLsPdSPDMyP1OUOKu"
+ "U3cvbNK5RGaQ3bXc5aDjvApx43BcaoXgt6YD/5yXz0OsIooj5yA37bY"
+ "JGcVrvFD5FMPdDd3vjNPQOep0MzG4CdbkaZde5SigPabOMQYS4oUyLBx"
+ "W3LGG0mUODe5AGGqtqXU0GlKg4K2je6cCtookCUCAwEAAaMeMBwwGgYD"
+ "VR0RAQH/BBAwDoEMcmZjQDgyMi5OYW1lMAsGCSqGSIb3DQEBBQOBgQBZ"
+ "pVXj01dOpqnZErUQb50j8lJD1dIaz1eJTvJCSadj7ziV1VtnnapI07c"
+ "XEa7ONzcHQTYTG10poHfOK/a0BaULF3GlctDESilwQYbW5BdfpAlZpbH"
+ "AFLcUDh6Eq50kc0A/anh/j3mgBNuvbIMo7hHNnZB6k/prswm2BszyLD"
+ "yw==";
static String base64certCorrect =
"-----BEGIN CERTIFICATE-----\n"
+ "MIIC+jCCAragAwIBAgICAiswDAYHKoZIzjgEAwEBADAdMRswGQYDVQQKExJDZXJ0a"
+ "WZpY2F0ZSBJc3N1ZXIwIhgPMTk3MDAxMTIxMzQ2NDBaGA8xOTcwMDEyNDAzMzMyMF"
+ "owHzEdMBsGA1UEChMUU3ViamVjdCBPcmdhbml6YXRpb24wGTAMBgcqhkjOOAQDAQE"
+ "AAwkAAQIDBAUGBwiBAgCqggIAVaOCAhQwggIQMA8GA1UdDwEB/wQFAwMBqoAwEgYD"
+ "VR0TAQH/BAgwBgEB/wIBBTAUBgNVHSABAf8ECjAIMAYGBFUdIAAwZwYDVR0RAQH/B"
+ "F0wW4EMcmZjQDgyMi5OYW1lggdkTlNOYW1lpBcxFTATBgNVBAoTDE9yZ2FuaXphdG"
+ "lvboYaaHR0cDovL3VuaWZvcm0uUmVzb3VyY2UuSWSHBP///wCIByoDolyDsgMwDAY"
+ "DVR0eAQH/BAIwADAMBgNVHSQBAf8EAjAAMIGZBgNVHSUBAf8EgY4wgYsGBFUdJQAG"
+ "CCsGAQUFBwMBBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDB"
+ "AYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEFBQcDBwYIKwYBBQUHAwgGCCsGAQUFBw"
+ "MJBggrBgEFBQgCAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GA1UdNgEB/wQDAgE"
+ "BMA4GBCpNhgkBAf8EAwEBATBkBgNVHRIEXTBbgQxyZmNAODIyLk5hbWWCB2ROU05h"
+ "bWWkFzEVMBMGA1UEChMMT3JnYW5pemF0aW9uhhpodHRwOi8vdW5pZm9ybS5SZXNvd"
+ "XJjZS5JZIcE////AIgHKgOiXIOyAzAJBgNVHR8EAjAAMAoGA1UdIwQDAQEBMAoGA1"
+ "UdDgQDAQEBMAoGA1UdIQQDAQEBMAwGByqGSM44BAMBAQADMAAwLQIUAL4QvoazNWP"
+ "7jrj84/GZlhm09DsCFQCBKGKCGbrP64VtUt4JPmLjW1VxQA==\n"
+ "-----END CERTIFICATE-----";
private X509Certificate cert;
static String base64certTampered = "-----BEGIN CERTIFICATE-----\n"
+ "MIIC+jCCAragAwIBAgICAiswDAYHKoZIzjgEAwEBADAdMRswGQYDVQQKExJDZXJ0a"
+ "WZpY2F0ZSBJc3N1ZXIwIhgPMTk3MDAxMTIxMzQ2NDBaGA8xOTcwMDEyNDAzMzMyMF"
+ "owHzEdMBsGA1UEChMUU3ViamVjdCBPcmdhbml6YXRpb24wGTAMBgcqhkjOOAQDAQE"
+ "AAwkAAQIDBAUGBwiBAgCqggIAVaOCAhQwggIQMA8GA1UdDwEB/wQFAwMBqoAwEgYD"
+ "VR0TAQH/BAgwBgEB/wIBBTAUBgNVHSABAf8ECjAIMAyGBFUdIAAwZwYDVR0RAQH/B"
+ "F0wW4EMcmZjQDgyMi5OYW1lggdkTlNOYW1lpBcxFTATBgNVBAoTDE9yZ2FuaXphdG"
+ "lvboYaaHR0cDovL3VuaWZvcm0uUmVzb3VyY2UuSWSHBP///wCIByoDolyDsgMwDAY"
+ "DVR0eAQH/BAIwADAMBgNVHSQBAf8EAjAAMIGZBgNVHSUBAf8EgY4wgYsGBFUdJQAG"
+ "CCsGAQUFBwMBBggrBgEFBQcDAQYIKxYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDB"
+ "AYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEFBQcDBwYIKwYBBQUHAwgGCCsGAQUFBw"
+ "MJBggrBgEFBQgCAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GA1UdNgEB/wQDAgE"
+ "BMA4GBCpNhgkBAf8EAwEBATBkBgNVHRIEXTBbgQxyZmNAODIyLk5hbWWCB2ROU05h"
+ "bWWkFzEVMBMGA1UEChMMT3JnYW5pemF0aW9uhhpodHRwOi8vdW5pZm9ybS5SZXNvd"
+ "XJjZS5JZIcE////AIgHKgOiXIOyAzAJBgNVHR8EAjAAMAoGA1UdIwQDAQEBMAoGA1"
+ "UdDgQDAQEBMAoGA1UdIQQDAQEBMAwHByqGSM44BAMBAQADMAAwLQIUAL4QvoazNWP"
+ "7jrj84/GZlhm09DsCFQCBKGKCGbrP64VtUt4JPmLjW1VxQA==\n"
+ "-----END CERTIFICATE-----";
// Base64 encoded form of ASN.1 DER encoded X.509 CRL
// (see RFC 3280 at http://www.ietf.org/rfc/rfc3280.txt)
// (generated by using of classes from
// org.apache.harmony.security.x509 package)
static String base64crl =
"MIHXMIGXAgEBMAkGByqGSM44BAMwFTETMBEGA1UEChMKQ1JMIElzc3Vl"
+ "chcNMDYwNDI3MDYxMzQ1WhcNMDYwNDI3MDYxNTI1WjBBMD8CAgIrFw0w"
+ "NjA0MjcwNjEzNDZaMCowCgYDVR0VBAMKAQEwHAYDVR0YBBUYEzIwMDYw"
+ "NDI3MDYxMzQ1LjQ2OFqgDzANMAsGA1UdFAQEBAQEBDAJBgcqhkjOOAQD"
+ "AzAAMC0CFQCk0t0DTyu82QpajbBlxX9uXvUDSgIUSBN4g+xTEeexs/0k"
+ "9AkjBhjF0Es=";
// has stub implementation for abstract methods
private static class MyX509Certificate extends X509Certificate implements
X509Extension {
private static final long serialVersionUID = -7196694072296607007L;
public void checkValidity() {
}
public void checkValidity(Date date) {
}
public int getVersion() {
return 3;
}
public BigInteger getSerialNumber() {
return null;
}
public Principal getIssuerDN() {
return null;
}
public Principal getSubjectDN() {
return null;
}
public Date getNotBefore() {
return null;
}
public Date getNotAfter() {
return null;
}
public byte[] getTBSCertificate() {
return null;
}
public byte[] getSignature() {
return null;
}
public String getSigAlgName() {
return null;
}
public String getSigAlgOID() {
return null;
}
public byte[] getSigAlgParams() {
return null;
}
public boolean[] getIssuerUniqueID() {
return null;
}
public boolean[] getSubjectUniqueID() {
return null;
}
public boolean[] getKeyUsage() {
return null;
}
public int getBasicConstraints() {
return 0;
}
public void verify(PublicKey key) {
}
public void verify(PublicKey key, String sigProvider) {
}
public String toString() {
return "";
}
public PublicKey getPublicKey() {
return null;
}
public byte[] getEncoded() {
return null;
}
public Set<String> getNonCriticalExtensionOIDs() {
return null;
}
public Set<String> getCriticalExtensionOIDs() {
return null;
}
public byte[] getExtensionValue(String oid) {
return null;
}
public boolean hasUnsupportedCriticalExtension() {
return false;
}
}
/**
* java.security.cert.X509Certificate#getType()
*/
public void testGetType() {
assertEquals("X.509", new MyX509Certificate().getType());
}
/**
* java.security.cert.X509Certificate#getIssuerX500Principal()
*/
public void testGetIssuerX500Principal() {
// return valid encoding
MyX509Certificate cert = new MyX509Certificate() {
private static final long serialVersionUID = 638659908323741165L;
public byte[] getEncoded() {
return TestUtils.getX509Certificate_v1();
}
};
assertEquals(new X500Principal("CN=Z"), cert.getIssuerX500Principal());
}
/**
* java.security.cert.X509Certificate#getSubjectX500Principal()
*/
public void testGetSubjectX500Principal() {
// return valid encoding
MyX509Certificate cert = new MyX509Certificate() {
private static final long serialVersionUID = -3625913637413840694L;
public byte[] getEncoded() {
return TestUtils.getX509Certificate_v1();
}
};
assertEquals(new X500Principal("CN=Y"), cert.getSubjectX500Principal());
}
/**
* @throws CertificateException
* java.security.cert.X509Certificate#getExtendedKeyUsage()
*/
public void testGetExtendedKeyUsage() throws CertificateException {
assertNull(new MyX509Certificate().getExtendedKeyUsage());
List<String> l = cert.getExtendedKeyUsage();
assertNotNull(l);
try {
l.clear();
} catch (Exception e) {
// ok
}
try {
l.add("Test");
} catch (Exception e) {
// ok
}
try {
if (l.size() > 0) {
l.remove(0);
}
} catch (Exception e) {
// ok
}
}
/**
* java.security.cert.X509Certificate#getSubjectAlternativeNames()
*/
public void testGetSubjectAlternativeNames()
throws CertificateParsingException {
assertNull(new MyX509Certificate().getSubjectAlternativeNames());
Collection<List<?>> coll = cert.getSubjectAlternativeNames();
//getSubjectAlternativeNames method is not supported
assertNotNull(coll);
try {
coll.clear();
} catch (Exception e) {
// ok
}
try {
if (coll.size() > 0) {
coll.remove(0);
}
} catch (Exception e) {
// ok
}
assertTrue(coll.size() < 10);
}
/**
* java.security.cert.X509Certificate#getIssuerAlternativeNames()
*/
public void testGetIssuerAlternativeNames()
throws CertificateParsingException {
assertNull(new MyX509Certificate().getIssuerAlternativeNames());
Collection<List<?>> coll = cert.getIssuerAlternativeNames();
// getIssuerAlternativeNames returns null.
assertNotNull(coll);
try {
coll.clear();
} catch (Exception e) {
// ok
}
try {
if (coll.size() > 0) {
coll.remove(0);
}
} catch (Exception e) {
// ok
}
assertTrue(coll.size() < 10);
}
public void testCerficateException() {
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bais = new ByteArrayInputStream(
base64certTampered.getBytes());
cert = (X509Certificate) cf.generateCertificate(bais);
} catch (CertificateException e) {
// ok
}
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bais = new ByteArrayInputStream(base64cert
.getBytes());
cert = (X509Certificate) cf.generateCertificate(bais);
} catch (CertificateException e) {
// ok
}
}
public void setUp() throws Exception {
super.setUp();
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bais = new ByteArrayInputStream(base64certCorrect
.getBytes());
cert = (X509Certificate) cf.generateCertificate(bais);
assertNotNull(cert);
}
}