/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* @author Vladimir N. Molotkov
* @version $Revision$
*/
package tests.security.cert;
import dalvik.annotation.AndroidOnly;
import dalvik.annotation.KnownFailure;
import dalvik.annotation.TestLevel;
import dalvik.annotation.TestTargetNew;
import dalvik.annotation.TestTargetClass;
import dalvik.annotation.TestTargets;
import junit.framework.TestCase;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.ObjectStreamException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Arrays;
import org.apache.harmony.security.tests.support.cert.MyCertificate;
import org.apache.harmony.security.tests.support.cert.MyFailingCertificate;
import org.apache.harmony.security.tests.support.cert.TestUtils;
import org.apache.harmony.testframework.serialization.SerializationTest;
/**
* Tests for <code>Certificate</code> fields and methods
*
*/
@TestTargetClass(Certificate.class)
public class CertificateTest extends TestCase {
/**
* Meaningless cert encoding just for testing purposes
*/
private static final byte[] testEncoding = new byte[] { (byte) 1, (byte) 2,
(byte) 3, (byte) 4, (byte) 5 };
//
// Tests
//
/**
* Test for <code>Certificate(String type)</code> method<br>
*/
@TestTargetNew(
level = TestLevel.SUFFICIENT,
notes = "",
method = "Certificate",
args = {java.lang.String.class}
)
@AndroidOnly("Gets security providers with specific signature algorithm: " +
"Security.getProviders(\"Signature.sha1WithRSAEncryption\")")
public final void testCertificate() {
try {
Certificate c1 = new MyCertificate("TEST_TYPE", testEncoding);
assertTrue(Arrays.equals(testEncoding, c1.getEncoded()));
assertEquals("TEST", c1.getPublicKey().getAlgorithm());
assertTrue(Arrays.equals(
new byte[] { (byte) 1, (byte) 2, (byte) 3 }, c1
.getPublicKey().getEncoded()));
assertEquals("TEST_FORMAT", c1.getPublicKey().getFormat());
assertEquals("TEST_TYPE", c1.getType());
} catch (CertificateEncodingException e) {
fail("Unexpected CertificateEncodingException " + e.getMessage());
}
}
/**
* Test for <code>hashCode()</code> method<br>
* Assertion: returns hash of the <code>Certificate</code> instance
* @throws CertificateEncodingException
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "",
method = "hashCode",
args = {}
)
@AndroidOnly("Gets security providers with specific signature algorithm: " +
"Security.getProviders(\"Signature.sha1WithRSAEncryption\")")
public final void testHashCode() throws CertificateEncodingException {
Certificate c1 = new MyCertificate("TEST_TYPE", testEncoding);
Certificate c2 = new MyCertificate("TEST_TYPE", testEncoding);
assertTrue(c1.hashCode() == c2.hashCode());
assertFalse(c1.hashCode() == new MyCertificate("TEST_TYPE", cert
.getEncoded()).hashCode());
assertFalse(c1.hashCode() == cert.hashCode());
}
/**
* Test for <code>hashCode()</code> method<br>
* Assertion: hash code of equal objects should be the same
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "",
method = "hashCode",
args = {}
)
@AndroidOnly("Gets security providers with specific signature algorithm: " +
"Security.getProviders(\"Signature.sha1WithRSAEncryption\")")
public final void testHashCodeEqualsObject() {
Certificate c1 = new MyCertificate("TEST_TYPE", testEncoding);
Certificate c2 = new MyCertificate("TEST_TYPE", testEncoding);
assertTrue((c1.hashCode() == c2.hashCode()) && c1.equals(c2));
assertFalse(cert.equals(c1));
}
/**
* Test for <code>getType()</code> method<br>
* Assertion: returns this certificate type
*/
@TestTargetNew(
level = TestLevel.COMPLETE,
notes = "",
method = "getType",
args = {}
)
@AndroidOnly("Gets security providers with specific signature algorithm: " +
"Security.getProviders(\"Signature.sha1WithRSAEncryption\")")
public final void testGetType() {
Certificate c1 = new MyCertificate("TEST_TYPE", testEncoding);
assertEquals("TEST_TYPE", c1.getType());
}
/**
* Test #1 for <code>equals(Object)</code> method<br>
* Assertion: object equals to itself
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "Verifies positive case.",
method = "equals",
args = {java.lang.Object.class}
)
@AndroidOnly("Gets security providers with specific signature algorithm: " +
"Security.getProviders(\"Signature.sha1WithRSAEncryption\")")
public final void testEqualsObject01() {
Certificate c1 = new MyCertificate("TEST_TYPE", testEncoding);
assertTrue(c1.equals(c1));
}
/**
* Test for <code>equals(Object)</code> method<br>
* Assertion: object equals to other <code>Certificate</code>
* instance with the same state
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "Verifies positive case.",
method = "equals",
args = {java.lang.Object.class}
)
@AndroidOnly("Gets security providers with specific signature algorithm: " +
"Security.getProviders(\"Signature.sha1WithRSAEncryption\")")
public final void testEqualsObject02() {
Certificate c1 = new MyCertificate("TEST_TYPE", testEncoding);
Certificate c2 = new MyCertificate("TEST_TYPE", testEncoding);
assertTrue(c1.equals(c2) && c2.equals(c1));
}
/**
* Test for <code>equals(Object)</code> method<br>
* Assertion: object not equals to <code>null</code>
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "Verifies equals method with null as a parameter.",
method = "equals",
args = {java.lang.Object.class}
)
@AndroidOnly("Gets security providers with specific signature algorithm: " +
"Security.getProviders(\"Signature.sha1WithRSAEncryption\")")
public final void testEqualsObject03() {
Certificate c1 = new MyCertificate("TEST_TYPE", testEncoding);
assertFalse(c1.equals(null));
}
/**
* Test for <code>equals(Object)</code> method<br>
* Assertion: object not equals to other which is not
* instance of <code>Certificate</code>
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "Verifies negative case.",
method = "equals",
args = {java.lang.Object.class}
)
@AndroidOnly("Gets security providers with specific signature algorithm: " +
"Security.getProviders(\"Signature.sha1WithRSAEncryption\")")
public final void testEqualsObject04() {
Certificate c1 = new MyCertificate("TEST_TYPE", testEncoding);
assertFalse(c1.equals("TEST_TYPE"));
}
//
// the following tests just call methods
// that are abstract in <code>Certificate</code>
// (So they just like signature tests)
//
/**
* This test just calls <code>getEncoded()</code> method<br>
* @throws CertificateException
*/
@TestTargetNew(
level = TestLevel.SUFFICIENT,
notes = "Can not verify CertificateEncodingException. indirectly tested",
method = "getEncoded",
args = {}
)
@AndroidOnly("Gets security providers with specific signature algorithm: " +
"Security.getProviders(\"Signature.sha1WithRSAEncryption\")")
@KnownFailure("Assertion does not evaluate to true... Works in javax.Certificate")
public final void testGetEncoded() throws CertificateException {
Certificate c1 = new MyCertificate("TEST_TYPE", testEncoding);
assertNotNull(c1.getEncoded());
assertTrue(Arrays.equals(TestUtils.rootCert.getBytes(),cert.getEncoded()));
byte[] b = TestUtils.rootCert.getBytes();
b[4] = (byte) 200;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream stream = new ByteArrayInputStream(b);
cert = cf.generateCertificate(stream);
} catch (CertificateException e) {
//ok
}
}
/**
* This test just calls <code>verify(PublicKey)</code> method<br>
*
* @throws InvalidKeyException
* @throws CertificateException
* @throws NoSuchAlgorithmException
* @throws NoSuchProviderException
* @throws SignatureException
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "Verifies only null as a parameter.",
method = "verify",
args = {java.security.PublicKey.class}
)
@AndroidOnly("Gets security providers with specific signature algorithm: " +
"Security.getProviders(\"Signature.sha1WithRSAEncryption\")")
public final void testVerifyPublicKey()
throws InvalidKeyException,
CertificateException,
NoSuchAlgorithmException,
NoSuchProviderException,
SignatureException {
Certificate c1 = new MyCertificate("TEST_TYPE", testEncoding);
c1.verify(null);
}
/**
* This test just calls <code>verify(PublicKey,String)</code> method<br>
*
* @throws InvalidKeyException
* @throws CertificateException
* @throws NoSuchAlgorithmException
* @throws NoSuchProviderException
* @throws SignatureException
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "Verifies only null as parameters.",
method = "verify",
args = {java.security.PublicKey.class, java.lang.String.class}
)
@AndroidOnly("Gets security providers with specific signature algorithm: " +
"Security.getProviders(\"Signature.sha1WithRSAEncryption\")")
public final void testVerifyPublicKeyString()
throws InvalidKeyException,
CertificateException,
NoSuchAlgorithmException,
NoSuchProviderException,
SignatureException {
Certificate c1 = new MyCertificate("TEST_TYPE", testEncoding);
c1.verify(null, null);
}
/**
* This test just calls <code>toString()</code> method<br>
*/
@TestTargetNew(
level = TestLevel.COMPLETE,
notes = "",
method = "toString",
args = {}
)
@AndroidOnly("Gets security providers with specific signature algorithm: " +
"Security.getProviders(\"Signature.sha1WithRSAEncryption\")")
public final void testToString() {
Certificate c1 = new MyCertificate("TEST_TYPE", testEncoding);
c1.toString();
}
/**
* This test just calls <code>testGetPublicKey()</code> method<br>
*/
@TestTargetNew(
level = TestLevel.COMPLETE,
notes = "",
method = "getPublicKey",
args = {}
)
@AndroidOnly("Gets security providers with specific signature algorithm: " +
"Security.getProviders(\"Signature.sha1WithRSAEncryption\")")
public final void testGetPublicKey() {
Certificate c1 = new MyCertificate("TEST_TYPE", testEncoding);
c1.getPublicKey();
}
/**
* This test just calls <code>writeReplace()</code> method<br>
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "Doesn't verify ObjectStreamException.",
method = "writeReplace",
args = {}
)
@AndroidOnly("Gets security providers with specific signature algorithm: " +
"Security.getProviders(\"Signature.sha1WithRSAEncryption\")")
public final void testWriteReplace() {
MyCertificate c1 = new MyCertificate("TEST_TYPE", testEncoding);
try {
Object obj = c1.writeReplace();
assertTrue(obj.toString().contains(
"java.security.cert.Certificate$CertificateRep"));
} catch (ObjectStreamException e) {
fail("Unexpected ObjectStreamException " + e.getMessage());
}
}
public class MyModifiablePublicKey implements PublicKey {
private PublicKey key;
private boolean modifiedAlgo;
private String algo;
private String format;
private boolean modifiedFormat;
private boolean modifiedEncoding;
private byte[] encoding;
public MyModifiablePublicKey(PublicKey k) {
super();
this.key = k;
}
public String getAlgorithm() {
if (modifiedAlgo) {
return algo;
} else {
return key.getAlgorithm();
}
}
public String getFormat() {
if (modifiedFormat) {
return this.format;
} else {
return key.getFormat();
}
}
public byte[] getEncoded() {
if (modifiedEncoding) {
return this.encoding;
} else {
return key.getEncoded();
}
}
public long getSerVerUID() {
return key.serialVersionUID;
}
public void setAlgorithm(String myAlgo) {
modifiedAlgo = true;
this.algo = myAlgo;
}
public void setFormat(String myFormat) {
modifiedFormat = true;
format = myFormat;
}
public void setEncoding(byte[] myEncoded) {
modifiedEncoding = true;
encoding = myEncoded;
}
}
private Certificate cert;
private Provider wrongProvider;
private Provider useFulProvider;
public void setUp() throws Exception {
super.setUp();
TestUtils.initCertPathSSCertChain();
cert = TestUtils.rootCertificateSS;
CertificateFactory cf = CertificateFactory.getInstance("X.509");
wrongProvider = cf.getProvider();
useFulProvider = Security.getProviders("Signature.sha1WithRSAEncryption")[0];
}
/**
* This test just calls <code>verify(PublicKey,String)</code> method<br>
*
* @throws InvalidKeyException
* @throws CertificateException
* @throws NoSuchAlgorithmException
* @throws NoSuchProviderException
* @throws SignatureException
*/
@TestTargetNew(
level = TestLevel.SUFFICIENT,
notes = "Test fails: ClassCastException when SignatureException is expected",
method = "verify",
args = {java.security.PublicKey.class, java.lang.String.class}
)
@AndroidOnly("Gets security providers with specific signature algorithm: " +
"Security.getProviders(\"Signature.sha1WithRSAEncryption\")")
public final void testVerifyPublicKeyString2() throws InvalidKeyException,
CertificateException, NoSuchAlgorithmException,
NoSuchProviderException, SignatureException {
// real test
cert.verify(cert.getPublicKey(), useFulProvider.getName());
// Exception tests
try {
cert.verify(cert.getPublicKey(), "UnknownProvider");
} catch (NoSuchProviderException e) {
// ok
}
// This test has side effects affecting all other tests running later
// on in the same vm instance. Maybe a better way would be to first add
// a new provider, test if it works, then remove it and test if the
// exception is thrown.
//
// Security.removeProvider(wrongProvider.getName());
//
// try {
// cert.verify(cert.getPublicKey(), wrongProvider.getName());
// } catch (NoSuchAlgorithmException e) {
// // ok
// }
//
// Security.insertProviderAt(wrongProvider, oldPosition);
/*
PublicKey k = cert.getPublicKey();
MyModifiablePublicKey tamperedKey = new MyModifiablePublicKey(k);
tamperedKey.setAlgorithm("wrongAlgo");
try {
cert.verify(tamperedKey, provs[0].getName());
} catch (SignatureException e) {
// ok
}
try {
cert.verify(c1.getPublicKey(), provs[0].getName());
} catch (InvalidKeyException e) {
// ok
}
*/
}
/**
* This test just calls <code>verify(PublicKey)</code> method<br>
*
* @throws InvalidKeyException
* @throws CertificateException
* @throws NoSuchAlgorithmException
* @throws NoSuchProviderException
* @throws SignatureException
* @throws IOException
* @throws InvalidAlgorithmParameterException
*/
@TestTargetNew(
level = TestLevel.SUFFICIENT,
notes = "Can't test exception for cases where the algorithm is unknown",
method = "verify",
args = {java.security.PublicKey.class}
)
@AndroidOnly("Gets security providers with specific signature algorithm: " +
"Security.getProviders(\"Signature.sha1WithRSAEncryption\")")
public final void testVerifyPublicKey2() throws InvalidKeyException,
CertificateException, NoSuchAlgorithmException,
NoSuchProviderException, SignatureException, InvalidAlgorithmParameterException, IOException {
Certificate c1 = new MyCertificate("TEST_TYPE", testEncoding);
c1.verify(null);
cert.verify(cert.getPublicKey());
PublicKey k = cert.getPublicKey();
MyModifiablePublicKey changedEncoding = new MyModifiablePublicKey(k);
changedEncoding
.setEncoding(new byte[cert.getEncoded().length - 1]);
try {
cert.verify(c1.getPublicKey());
fail("expected InvalidKeyException");
} catch (InvalidKeyException e) {
// ok
}
try {
cert.verify(changedEncoding);
fail("Exception expected");
} catch (Exception e) {
// ok
}
}
/**
* This test just calls <code>writeReplace()</code> method<br>
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "",
method = "writeReplace",
args = {}
)
@AndroidOnly("Gets security providers with specific signature algorithm: " +
"Security.getProviders(\"Signature.sha1WithRSAEncryption\")")
public final void testWriteReplace2() {
MyCertificate c1 = new MyFailingCertificate("TEST_TYPE", testEncoding);
try {
Object obj = c1.writeReplace();
} catch (ObjectStreamException e) {
//ok
}
}
/**
* @tests serialization/deserialization compatibility.
*/
@TestTargets({
@TestTargetNew(
level = TestLevel.COMPLETE,
notes = "Verifies serialization/deserialization compatibility. And tests default constructor",
method = "!SerializationSelf",
args = {}
),
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "",
method = "writeReplace",
args = {}
),
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "",
method = "Certificate.CertificateRep.readResolve",
args = {}
)
})
@AndroidOnly("Gets security providers with specific signature algorithm: " +
"Security.getProviders(\"Signature.sha1WithRSAEncryption\")")
public void testSerializationSelf() throws Exception {
TestUtils.initCertPathSSCertChain();
SerializationTest.verifySelf(TestUtils.rootCertificateSS);
}
/**
* @tests serialization/deserialization compatibility with RI.
*/
@TestTargets({
@TestTargetNew(
level = TestLevel.COMPLETE,
notes = "Verifies serialization/deserialization compatibility.",
method = "!SerializationGolden",
args = {}
),
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "",
method = "writeReplace",
args = {}
),
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "",
method = "Certificate.CertificateRep.readResolve",
args = {}
)
})
@AndroidOnly("Gets security providers with specific signature algorithm: " +
"Security.getProviders(\"Signature.sha1WithRSAEncryption\")")
public void testSerializationCompatibility() throws Exception {
//create test file (once)
// SerializationTest.createGoldenFile("device/dalvik/libcore/security/src/test/resources/serialization", this, TestUtils.rootCertificateSS);
TestUtils.initCertPathSSCertChain();
SerializationTest.verifyGolden(this, TestUtils.rootCertificateSS);
}
}