harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From telli...@apache.org
Subject svn commit: r390246 [12/15] - in /incubator/harmony/enhanced/classlib/trunk: archive/modules/security/src/main/java/java/security/ modules/archive/src/main/java/java/util/jar/ modules/archive/src/test/java/tests/api/java/util/zip/ modules/beans/src/mai...
Date Thu, 30 Mar 2006 21:34:28 GMT
Modified: incubator/harmony/enhanced/classlib/trunk/modules/security/test/common/unit/java/security/cert/X509CertSelectorTest.java
URL: http://svn.apache.org/viewcvs/incubator/harmony/enhanced/classlib/trunk/modules/security/test/common/unit/java/security/cert/X509CertSelectorTest.java?rev=390246&r1=390245&r2=390246&view=diff
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/security/test/common/unit/java/security/cert/X509CertSelectorTest.java (original)
+++ incubator/harmony/enhanced/classlib/trunk/modules/security/test/common/unit/java/security/cert/X509CertSelectorTest.java Thu Mar 30 13:34:23 2006
@@ -1,3047 +1,3047 @@
-/*
- *  Copyright 2005 The Apache Software Foundation or its licensors, as applicable.
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-/**
-* @author Alexander Y. Kleymenov
-* @version $Revision$
-*/
-
-package java.security.cert;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Principal;
-import java.security.PublicKey;
-import java.security.SignatureException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-import java.util.Set;
-import java.util.HashSet;
-import java.util.Arrays;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Iterator;
-import java.util.Collection;
-import javax.security.auth.x500.X500Principal;
-
-import org.apache.harmony.security.TestKeyPair;
-import org.apache.harmony.security.asn1.ASN1Boolean;
-import org.apache.harmony.security.asn1.ASN1Integer;
-import org.apache.harmony.security.asn1.ASN1OctetString;
-import org.apache.harmony.security.asn1.ASN1Oid;
-import org.apache.harmony.security.asn1.ASN1Sequence;
-import org.apache.harmony.security.asn1.ASN1Type;
-
-import org.apache.harmony.security.asn1.*;
-import org.apache.harmony.security.x501.Name;
-import org.apache.harmony.security.x509.*;
-
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-/**
- * X509CertSelectorTest
- */
-public class X509CertSelectorTest extends TestCase {
-
-    /**
-     * The abstract class stub implementation.
-     */
-    private class TestCert extends X509Certificate {
-    
-        /* Stuff fields */
-        protected String equalCriteria = null; // to simplify method equals()
-        protected BigInteger serialNumber = null;
-        protected X500Principal issuer = null;
-        protected X500Principal subject = null;
-        protected byte[] keyIdentifier = null;
-        protected Date date = null;
-        protected Date notBefore = null;
-        protected Date notAfter = null;
-        protected PublicKey key = null;
-        protected boolean[] keyUsage = null;
-        protected List extKeyUsage = null;
-        protected int pathLen = -1;
-        protected GeneralNames sans = null;
-        protected byte[] encoding = null;
-        protected String[] policies = null;
-        protected NameConstraints nameConstraints = null;
-        
-        /* Stuff methods */
-        public TestCert() {};
-        
-        public TestCert(GeneralNames sans) {
-            setSubjectAlternativeNames(sans);
-        };
-
-        public TestCert(NameConstraints nameConstraints) {
-            this.nameConstraints = nameConstraints;
-        };
-
-        public TestCert(String equalCriteria) {
-            setEqualCriteria(equalCriteria);
-        };
-        
-        public TestCert(String[] policies) {
-            setPolicies(policies);
-        };
-        
-        public TestCert(BigInteger serial) {
-            setSerialNumber(serial);
-        };
-        
-        public TestCert(X500Principal principal) {
-            setIssuer(principal);
-            setSubject(principal);
-        };
-        
-        public TestCert(byte[] array) {
-            setKeyIdentifier(array);
-        };
-        
-        public TestCert(Date date) {
-            setDate(date);
-        };
-        
-        public TestCert(Date notBefore, Date notAfter) {
-            setPeriod(notBefore, notAfter);
-        };
-        
-        public TestCert(PublicKey key) {
-            setPublicKey(key);
-        };
-        
-        public TestCert(boolean[] keyUsage) {
-            setKeyUsage(keyUsage);
-        };
-        
-        public TestCert(Set extKeyUsage) {
-            setExtendedKeyUsage(extKeyUsage);
-        };
-        
-        public TestCert(int pathLen) {
-            this.pathLen = pathLen;
-        };
-        
-        public void setPolicies(String[] policies) {
-            this.policies = policies;
-        };
-        
-        public void setSubjectAlternativeNames(GeneralNames sans) {
-            this.sans = sans;
-        };
-
-        public void setExtendedKeyUsage(Set extKeyUsage) {
-            this.extKeyUsage = (extKeyUsage == null) 
-                                ? null 
-                                : new ArrayList(extKeyUsage);
-        };
-        
-        public void setKeyUsage(boolean[] keyUsage) {
-            this.keyUsage = (keyUsage == null) ? null
-                                               : (boolean[]) keyUsage.clone();
-        };
-        
-        public void setPublicKey(PublicKey key) {
-            this.key = key;
-        }
-        
-        public void setPeriod(Date notBefore, Date notAfter) {
-            this.notBefore = notBefore;
-            this.notAfter = notAfter;
-        }
-            
-        public void setSerialNumber(BigInteger serial) {
-            this.serialNumber = serial;
-        };
-
-        public void setEqualCriteria(String equalCriteria) {
-            this.equalCriteria = equalCriteria; 
-        }
-        
-        public void setIssuer(X500Principal issuer) {
-            this.issuer = issuer; 
-        }
-        
-        public void setSubject(X500Principal subject) {
-            this.subject = subject; 
-        }
-        
-        public void setKeyIdentifier(byte[] subjectKeyID) {
-            this.keyIdentifier = (byte[]) subjectKeyID.clone(); 
-        }
-        
-        public void setDate(Date date) {
-            this.date = new Date(date.getTime()); 
-        }
-
-        public void setEncoding(byte[] encoding) {
-            this.encoding = encoding;
-        }
-        
-        /* Method implementations */    
-        public boolean equals(Object cert) {
-            if (cert == null) {
-                return false;
-            }
-            if ((equalCriteria == null) 
-                    || (((TestCert)cert).equalCriteria == null)) {
-                return false;
-            } else {
-                return equalCriteria.equals(((TestCert)cert).equalCriteria);
-            }
-        }
-        
-        public String toString() {
-            if (equalCriteria != null) {
-                return equalCriteria;
-            }
-            return "";
-        }
-        
-        public void checkValidity() throws CertificateExpiredException,
-                                           CertificateNotYetValidException {};
-
-        public void checkValidity(Date date) 
-                                    throws CertificateExpiredException, 
-                                           CertificateNotYetValidException {
-            if (this.date == null) {
-                throw new CertificateExpiredException();
-            }
-            int result = this.date.compareTo(date);
-            if (result > 0) {
-                throw new CertificateExpiredException();
-            }
-            if (result < 0) {
-                throw new CertificateNotYetValidException();
-            }
-        };
-
-        public int getVersion() {
-            return 3;
-        };
-
-        public BigInteger getSerialNumber() {
-            return (serialNumber == null) 
-                    ? new BigInteger("1111") 
-                    : serialNumber;
-        };
-
-        public Principal getIssuerDN() {
-            return issuer;
-        };
-        
-        public X500Principal getIssuerX500Principal() {
-            return issuer;
-        }
-            
-        public Principal getSubjectDN() {
-            return subject;
-        };
-
-        public X500Principal getSubjectX500Principal() {
-            return subject;
-        }
-
-        public Date getNotBefore() {
-            return null;
-        };
-
-        public Date getNotAfter() {
-            return null;
-        };
-
-        public byte[] getTBSCertificate()
-                            throws CertificateEncodingException
-        {
-            return null;
-        };
-
-        public byte[] getSignature() {
-            return null;
-        };
-
-        public String getSigAlgName() {
-            return null;
-        };
-
-        public String getSigAlgOID() {
-            return null;
-        };
-
-        public byte[] getSigAlgParams() {
-            return null;
-        };
-
-        public boolean[] getIssuerUniqueID() {
-            return null;
-        };
-
-        public boolean[] getSubjectUniqueID() {
-            return null;
-        };
-
-        public boolean[] getKeyUsage() {
-            return keyUsage;
-        };
-
-        public List/*<String>*/ getExtendedKeyUsage()
-                                    throws CertificateParsingException {
-            return extKeyUsage;
-        }
-
-        public int getBasicConstraints() {
-            return pathLen;
-        };
-
-        public Collection/*<List<?>>*/ getSubjectAlternativeNames()
-                                    throws CertificateParsingException {
-            return sans.getPairsList();
-        }
-        
-        
-        public void verify(PublicKey key)
-                     throws CertificateException, NoSuchAlgorithmException,
-                            InvalidKeyException, NoSuchProviderException,
-                            SignatureException
-        {
-        }
-
-        public void verify(PublicKey key,
-                                    String sigProvider)
-                     throws CertificateException, NoSuchAlgorithmException,
-                            InvalidKeyException, NoSuchProviderException,
-                            SignatureException
-        {
-        }
-
-        public PublicKey getPublicKey() {
-            return key;
-        }
-
-        public byte[] getEncoded() throws CertificateEncodingException
-        {
-            return encoding;
-        }
-
-        public Set getNonCriticalExtensionOIDs() {
-            return null;
-        }
-
-        public Set getCriticalExtensionOIDs() {
-            return null;
-        }
-
-        public byte[] getExtensionValue(String oid) {
-            if (("2.5.29.14".equals(oid)) || ("2.5.29.35".equals(oid))) {
-                // Extension value is represented as an OctetString
-                return (byte[]) 
-                    ASN1OctetString.getInstance().encode(keyIdentifier);
-            }
-            if ("2.5.29.16".equals(oid)) {
-                PrivateKeyUsagePeriod pkup = 
-                                new PrivateKeyUsagePeriod(notBefore, notAfter);
-                byte[] encoded = pkup.getEncoded();
-                return (byte[]) 
-                    ASN1OctetString.getInstance().encode(encoded);
-            }
-            if (("2.5.29.37".equals(oid)) && (extKeyUsage != null)) {
-                ASN1Oid[] oa = new ASN1Oid[extKeyUsage.size()];
-                String[] val = new String[extKeyUsage.size()];
-                Iterator it = extKeyUsage.iterator();
-                int id = 0;
-                while (it.hasNext()) {
-                    oa[id] = ASN1Oid.getInstanceForString();
-                    val[id++] = (String) it.next();
-                }
-                return (byte[]) 
-                    ASN1OctetString.getInstance().encode(
-                    new ASN1Sequence(oa).encode(val));
-            }
-            if ("2.5.29.19".equals(oid)) {
-                return (byte[]) 
-                    ASN1OctetString.getInstance().encode(
-                            new ASN1Sequence(
-                                    new ASN1Type[] {
-                                            ASN1Boolean.getInstance(),
-                                            ASN1Integer.getInstance()
-                                    }).encode(
-                                           new Object[] {
-                                                   new Boolean(pathLen != -1),
-                                                   BigInteger.valueOf(pathLen).
-                                                   toByteArray()
-                                           })
-                            );
-            }
-            if ("2.5.29.17".equals(oid) && (sans != null)) {
-                if (sans.getNames() == null) {
-                    return null;
-                }
-                return (byte[]) 
-                    ASN1OctetString.getInstance().encode(
-                            GeneralNames.ASN1.encode(sans));
-            }
-            if ("2.5.29.32".equals(oid) && (policies != null) 
-                                                    && (policies.length > 0)) {
-                //  Certificate Policies Extension (as specified in rfc 3280)
-                CertificatePolicies certificatePolicies = 
-                                                new CertificatePolicies();
-                for (int i=0; i<policies.length; i++) {
-                    PolicyInformation policyInformation =
-                                            new PolicyInformation(policies[i]);
-                    certificatePolicies.addPolicyInformation(policyInformation);
-                }
-                return (byte[]) 
-                    ASN1OctetString.getInstance().encode(
-                            certificatePolicies.getEncoded());
-            }
-            if ("2.5.29.30".equals(oid) && (nameConstraints != null)) {
-                // Name Constraints Extension (as specified in rfc 3280)
-                return (byte[]) 
-                    ASN1OctetString.getInstance().encode(
-                            nameConstraints.getEncoded());
-            }
-            return null;
-        }
-
-        public boolean hasUnsupportedCriticalExtension() {
-            return false;
-        }
-    };
-
-    /* ********************************************************************** */
-    /* ************************* Test implementation ************************ */
-    /* ********************************************************************** */
-    
-    /**
-     * setCertificate(X509Certificate certificate) method testing.
-     * Tests if any certificates match in the case of null criteria,
-     * if [not]proper certificates [do not]match
-     */
-    public void testSetCertificate() {
-        TestCert cert_1 = new TestCert("same certificate");
-        TestCert cert_2 = new TestCert("other certificate");
-        X509CertSelector selector = new X509CertSelector();
-
-        selector.setCertificate(null);
-        assertTrue("Any certificates should match in the case of null "
-                                                + "certificateEquals criteria.",
-                            selector.match(cert_1) && selector.match(cert_2));
-        selector.setCertificate(cert_1);
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-        assertFalse("The certificate should not match the selection criteria.",
-                                                        selector.match(cert_2));
-        selector.setCertificate(cert_2);
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_2));
-    }
-
-    /**
-     * getCertificate() method testing.
-     * Tests if the method return null in the case of not specified criteria,
-     * if the returned value [does not]corresponds to [not]specified 
-     */
-    public void testGetCertificate() {
-        TestCert cert_1 = new TestCert("same certificate");
-        TestCert cert_2 = new TestCert("other certificate");
-        X509CertSelector selector = new X509CertSelector();
-
-        assertNull("Selector should return null", selector.getCertificate());
-        selector.setCertificate(cert_1);
-        assertEquals("The returned certificate should be equal to specified",
-                                        cert_1, selector.getCertificate());
-        assertFalse("The returned certificate should differ",
-                                cert_2.equals(selector.getCertificate()));
-    }
-
-    /**
-     * setSerialNumber(BigInteger serial) method testing.
-     * Tests if any certificates match in the case of null criteria,
-     * if [not]proper certificates [do not]match
-     */
-    public void testSetSerialNumber() {
-        BigInteger ser1 = new BigInteger("10000");
-        BigInteger ser2 = new BigInteger("10001");
-        TestCert cert_1 = new TestCert(ser1);
-        TestCert cert_2 = new TestCert(ser2);
-        X509CertSelector selector = new X509CertSelector();
-
-        selector.setSerialNumber(null);
-        assertTrue("Any certificate should match in the case of null "
-                                                + "serialNumber criteria.",
-                    selector.match(cert_1) && selector.match(cert_2));
-        selector.setSerialNumber(ser1);
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-        assertFalse("The certificate should not match the selection criteria.",
-                                                        selector.match(cert_2));
-        selector.setSerialNumber(ser2);
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_2));
-    }
-
-    /**
-     * getSerialNumber() method testing.
-     * Tests if the method return null in the case of not specified criteria,
-     * if the returned value [does not]corresponds to [not]specified 
-     */
-    public void testGetSerialNumber() {
-        BigInteger ser1 = new BigInteger("10000");
-        BigInteger ser2 = new BigInteger("10001");
-        X509CertSelector selector = new X509CertSelector();
-
-        assertNull("Selector should return null", selector.getSerialNumber());
-        selector.setSerialNumber(ser1);
-        assertEquals("The returned serial number should be equal to specified",
-                                        ser1, selector.getSerialNumber());
-        assertFalse("The returned serial number should differ",
-                                    ser2.equals(selector.getSerialNumber()));
-    }
-
-    /**
-     * setIssuer(X500Principal issuer) method testing.
-     * Tests if any certificates match in the case of null criteria,
-     * if [not]proper certificates [do not]match
-     */
-    public void testSetIssuer1() {
-        X500Principal iss1 = new X500Principal("O=First Org.");
-        X500Principal iss2 = new X500Principal("O=Second Org.");
-        TestCert cert_1 = new TestCert(iss1);
-        TestCert cert_2 = new TestCert(iss2);
-        X509CertSelector selector = new X509CertSelector();
-
-        selector.setIssuer((X500Principal) null);
-        assertTrue("Any certificates should match "
-                                + "in the case of null issuer criteria.",
-                    selector.match(cert_1) && selector.match(cert_2));
-        selector.setIssuer(iss1);
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-        assertFalse("The certificate should not match the selection criteria.",
-                                                        selector.match(cert_2));
-        selector.setIssuer(iss2);
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_2));
-    }
-
-    /**
-     * getIssuer() method testing.
-     * Tests if the method return null in the case of not specified criteria,
-     * if the returned value [does not]corresponds to [not]specified 
-     */
-    public void testGetIssuer() {
-        X500Principal iss1 = new X500Principal("O=First Org.");
-        X500Principal iss2 = new X500Principal("O=Second Org.");
-        X509CertSelector selector = new X509CertSelector();
-
-        assertNull("Selector should return null", selector.getIssuer());
-        selector.setIssuer(iss1);
-        assertEquals("The returned issuer should be equal to specified",
-                                        iss1, selector.getIssuer());
-        assertFalse("The returned issuer should differ",
-                                        iss2.equals(selector.getIssuer()));
-    }
-
-    /**
-     * setIssuer(String issuerDN) method testing.
-     * Tests if any certificates match in the case of null criteria,
-     * if [not]proper certificates [do not]match
-     */
-    public void testSetIssuer2() {
-        String name1 = "O=First Org.";
-        String name2 = "O=Second Org.";
-        X500Principal iss1 = new X500Principal(name1);
-        X500Principal iss2 = new X500Principal(name2);
-        TestCert cert_1 = new TestCert(iss1);
-        TestCert cert_2 = new TestCert(iss2);
-        X509CertSelector selector = new X509CertSelector();
-
-        try {
-            selector.setIssuer((String) null);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("Any certificates should match "
-                                + "in the case of null issuer criteria.",
-                    selector.match(cert_1) && selector.match(cert_2));
-        try {
-            selector.setIssuer(name1);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-        assertFalse("The certificate should not match the selection criteria.",
-                                                        selector.match(cert_2));
-        try {
-            selector.setIssuer(name2);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_2));
-    }
-
-    /**
-     * getIssuerAsString() method testing.
-     * Tests if the method return null in the case of not specified criteria,
-     * if the returned value [does not]corresponds to [not]specified 
-     */
-    public void testGetIssuerAsString() {
-        String name1 = "O=First Org.";
-        String name2 = "O=Second Org.";
-        X500Principal iss1 = new X500Principal(name1);
-        X500Principal iss2 = new X500Principal(name2);
-        X509CertSelector selector = new X509CertSelector();
-
-        assertNull("Selector should return null", selector.getIssuerAsString());
-        selector.setIssuer(iss1);
-        assertEquals("The returned issuer should be equal to specified",
-                                        name1, selector.getIssuerAsString());
-        assertFalse("The returned issuer should differ",
-                                    name2.equals(selector.getIssuerAsString()));
-        selector.setIssuer(iss2);
-        assertEquals("The returned issuer should be equal to specified",
-                                        name2, selector.getIssuerAsString());
-    }
-
-    /**
-     * setIssuer(byte[] issuerDN) method testing.
-     * Tests if any certificates match in the case of null criteria,
-     * if [not]proper certificates [do not]match
-     */
-    public void testSetIssuer3() {
-        byte[] name1 = new byte[]
-            //manually obtained DER encoding of "O=First Org." issuer name;
-            {48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10,
-                70, 105, 114, 115, 116, 32, 79, 114, 103, 46};
-        byte[] name2 = new byte[]
-            //manually obtained DER encoding of "O=Second Org." issuer name;
-            {48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11,
-            83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46};
-        X500Principal iss1 = new X500Principal(name1);
-        X500Principal iss2 = new X500Principal(name2);
-        TestCert cert_1 = new TestCert(iss1);
-        TestCert cert_2 = new TestCert(iss2);
-        X509CertSelector selector = new X509CertSelector();
-
-        try {
-            selector.setIssuer((byte[]) null);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("Any certificates should match "
-                                + "in the case of null issuer criteria.",
-                    selector.match(cert_1) && selector.match(cert_2));
-        try {
-            selector.setIssuer(name1);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-        assertFalse("The certificate should not match the selection criteria.",
-                                                        selector.match(cert_2));
-        try {
-            selector.setIssuer(name2);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_2));
-    }
-
-    /**
-     * getIssuerAsBytes() method testing.
-     * Tests if the method return null in the case of not specified criteria,
-     * if the returned value [does not]corresponds to [not]specified 
-     */
-    public void testGetIssuerAsBytes() {
-        byte[] name1 = new byte[]
-            //manually obtained DER encoding of "O=First Org." issuer name;
-            {48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10,
-                70, 105, 114, 115, 116, 32, 79, 114, 103, 46};
-        byte[] name2 = new byte[]
-            //manually obtained DER encoding of "O=Second Org." issuer name;
-            {48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11,
-            83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46};
-        X500Principal iss1 = new X500Principal(name1);
-        X500Principal iss2 = new X500Principal(name2);
-        X509CertSelector selector = new X509CertSelector();
-
-        try {
-            assertNull("Selector should return null", 
-                                                selector.getIssuerAsBytes());
-            selector.setIssuer(iss1);
-            assertTrue("The returned issuer should be equal to specified",
-                            Arrays.equals(name1, selector.getIssuerAsBytes()));
-            assertFalse("The returned issuer should differ",
-                                    name2.equals(selector.getIssuerAsBytes()));
-            selector.setIssuer(iss2);
-            assertTrue("The returned issuer should be equal to specified",
-                            Arrays.equals(name2, selector.getIssuerAsBytes()));
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-    }
-
-    /**
-     * setSubject(X500Principal subject) method testing.
-     * Tests if any certificates match in the case of null criteria,
-     * if [not]proper certificates [do not]match
-     */
-    public void testSetSubject1() {
-        X500Principal sub1 = new X500Principal("O=First Org.");
-        X500Principal sub2 = new X500Principal("O=Second Org.");
-        TestCert cert_1 = new TestCert(sub1);
-        TestCert cert_2 = new TestCert(sub2);
-        X509CertSelector selector = new X509CertSelector();
-
-        selector.setSubject((X500Principal) null);
-        assertTrue("Any certificates should match "
-                                + "in the case of null subjcet criteria.",
-                    selector.match(cert_1) && selector.match(cert_2));
-        selector.setSubject(sub1);
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-        assertFalse("The certificate should not match the selection criteria.",
-                                                        selector.match(cert_2));
-        selector.setSubject(sub2);
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_2));
-    }
-
-    /**
-     * getSubject() method testing.
-     * Tests if the method return null in the case of not specified criteria,
-     * if the returned value [does not]corresponds to [not]specified 
-     */
-    public void testGetSubject() {
-        X500Principal sub1 = new X500Principal("O=First Org.");
-        X500Principal sub2 = new X500Principal("O=Second Org.");
-        X509CertSelector selector = new X509CertSelector();
-
-        assertNull("Selector should return null", selector.getSubject());
-        selector.setSubject(sub1);
-        assertEquals("The returned subject should be equal to specified",
-                                        sub1, selector.getSubject());
-        assertFalse("The returned subject should differ",
-                                        sub2.equals(selector.getSubject()));
-    }
-
-    /**
-     * setSubject(String subjectDN) method testing.
-     * Tests if any certificates match in the case of null criteria,
-     * if [not]proper certificates [do not]match
-     */
-    public void testSetSubject2() {
-        String name1 = "O=First Org.";
-        String name2 = "O=Second Org.";
-        X500Principal sub1 = new X500Principal(name1);
-        X500Principal sub2 = new X500Principal(name2);
-        TestCert cert_1 = new TestCert(sub1);
-        TestCert cert_2 = new TestCert(sub2);
-        X509CertSelector selector = new X509CertSelector();
-
-        try {
-            selector.setSubject((String) null);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("Any certificates should match "
-                                + "in the case of null subject criteria.",
-                    selector.match(cert_1) && selector.match(cert_2));
-        try {
-            selector.setSubject(name1);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-        assertFalse("The certificate should not match the selection criteria.",
-                                                        selector.match(cert_2));
-        try {
-            selector.setSubject(name2);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_2));
-    }
-
-    /**
-     * getSubjectAsString() method testing.
-     * Tests if the method return null in the case of not specified criteria,
-     * if the returned value [does not]corresponds to [not]specified 
-     */
-    public void testGetSubjectAsString() {
-        String name1 = "O=First Org.";
-        String name2 = "O=Second Org.";
-        X500Principal sub1 = new X500Principal(name1);
-        X500Principal sub2 = new X500Principal(name2);
-        X509CertSelector selector = new X509CertSelector();
-
-        assertNull("Selector should return null", 
-                                                selector.getSubjectAsString());
-        selector.setSubject(sub1);
-        assertEquals("The returned subject should be equal to specified",
-                                        name1, selector.getSubjectAsString());
-        assertFalse("The returned subject should differ",
-                                name2.equals(selector.getSubjectAsString()));
-        selector.setSubject(sub2);
-        assertEquals("The returned subject should be equal to specified",
-                                        name2, selector.getSubjectAsString());
-    }
-
-    /**
-     * setSubject(byte[] subjectDN) method testing.
-     * Tests if any certificates match in the case of null criteria,
-     * if [not]proper certificates [do not]match
-     */
-    public void testSetSubject3() {
-        byte[] name1 = new byte[]
-            //manually obtained DER encoding of "O=First Org." issuer name;
-            {48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10,
-                70, 105, 114, 115, 116, 32, 79, 114, 103, 46};
-        byte[] name2 = new byte[]
-            //manually obtained DER encoding of "O=Second Org." issuer name;
-            {48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11,
-            83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46};
-        X500Principal sub1 = new X500Principal(name1);
-        X500Principal sub2 = new X500Principal(name2);
-        TestCert cert_1 = new TestCert(sub1);
-        TestCert cert_2 = new TestCert(sub2);
-        X509CertSelector selector = new X509CertSelector();
-
-        try {
-            selector.setSubject((byte[]) null);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("Any certificates should match "
-                                + "in the case of null issuer criteria.",
-                    selector.match(cert_1) && selector.match(cert_2));
-        try {
-            selector.setSubject(name1);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-        assertFalse("The certificate should not match the selection criteria.",
-                                                        selector.match(cert_2));
-        try {
-            selector.setSubject(name2);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_2));
-    }
-
-    /**
-     * getSubjectAsBytes() method testing.
-     * Tests if the method return null in the case of not specified criteria,
-     * if the returned value [does not]corresponds to [not]specified 
-     */
-    public void testGetSubjectAsBytes() {
-        byte[] name1 = new byte[]
-            //manually obtained DER encoding of "O=First Org." issuer name;
-            {48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10,
-                70, 105, 114, 115, 116, 32, 79, 114, 103, 46};
-        byte[] name2 = new byte[]
-            //manually obtained DER encoding of "O=Second Org." issuer name;
-            {48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11,
-            83, 101, 99, 111, 110, 100, 32, 79, 114, 103, 46};
-        X500Principal sub1 = new X500Principal(name1);
-        X500Principal sub2 = new X500Principal(name2);
-        X509CertSelector selector = new X509CertSelector();
-
-        try {
-            assertNull("Selector should return null", 
-                                                selector.getSubjectAsBytes());
-            selector.setSubject(sub1);
-            assertTrue("The returned issuer should be equal to specified",
-                            Arrays.equals(name1, selector.getSubjectAsBytes()));
-            assertFalse("The returned issuer should differ",
-                                    name2.equals(selector.getSubjectAsBytes()));
-            selector.setSubject(sub2);
-            assertTrue("The returned issuer should be equal to specified",
-                            Arrays.equals(name2, selector.getSubjectAsBytes()));
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-    }
-
-    /**
-     * setSubjectKeyIdentifier(byte[] subjectKeyID) method testing.
-     * Tests if any certificates match in the case of null criteria,
-     * if [not]proper certificates [do not]match, and if the initialization 
-     * object are copied during the initialization.
-     */
-    public void testSetSubjectKeyIdentifier() {
-        byte[] skid1 = new byte[] {1, 2, 3, 4, 5}; // random value
-        byte[] skid2 = new byte[] {5, 4, 3, 2, 1}; // random value
-        TestCert cert_1 = new TestCert(skid1);
-        TestCert cert_2 = new TestCert(skid2);
-        X509CertSelector selector = new X509CertSelector();
-
-        selector.setSubjectKeyIdentifier(null);
-        assertTrue("Any certificate should match in the case of null "
-                                                + "serialNumber criteria.",
-                    selector.match(cert_1) && selector.match(cert_2));
-        selector.setSubjectKeyIdentifier(skid1);
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-        assertFalse("The certificate should not match the selection criteria.",
-                                                        selector.match(cert_2));
-        selector.setSubjectKeyIdentifier(skid2);
-        skid2[0] ++;
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_2));
-    }
-
-    /**
-     * getSubjectKeyIdentifier() method testing.
-     * Tests if the method return null in the case of not specified criteria,
-     * if the returned value [does not]corresponds to [not]specified 
-     * and its modification does not cause the modification of internal object.
-     */
-    public void testGetSubjectKeyIdentifier() {
-        byte[] skid1 = new byte[] {1, 2, 3, 4, 5}; // random value
-        byte[] skid2 = new byte[] {4, 5, 5, 4, 3, 2, 1}; // random value
-        X509CertSelector selector = new X509CertSelector();
-
-        assertNull("Selector should return null", 
-                                            selector.getSubjectKeyIdentifier());
-        selector.setSubjectKeyIdentifier(skid1);
-        assertTrue("The returned keyID should be equal to specified",
-                    Arrays.equals(skid1, selector.getSubjectKeyIdentifier()));
-        selector.getSubjectKeyIdentifier()[0] ++;
-        assertTrue("The returned keyID should be equal to specified",
-                    Arrays.equals(skid1, selector.getSubjectKeyIdentifier()));
-        assertFalse("The returned keyID should differ",
-                    Arrays.equals(skid2, selector.getSubjectKeyIdentifier()));
-    }
-
-    /**
-     * setAuthorityKeyIdentifier(byte[] authorityKeyID) method testing.
-     * Tests if any certificates match in the case of null criteria,
-     * if [not]proper certificates [do not]match, and if the initialization 
-     * object are copied during the initialization.
-     */
-    public void testSetAuthorityKeyIdentifier() {
-        byte[] akid1 = new byte[] {1, 2, 3, 4, 5}; // random value
-        byte[] akid2 = new byte[] {5, 4, 3, 2, 1}; // random value
-        TestCert cert_1 = new TestCert(akid1);
-        TestCert cert_2 = new TestCert(akid2);
-        X509CertSelector selector = new X509CertSelector();
-
-        selector.setAuthorityKeyIdentifier(null);
-        assertTrue("Any certificate should match in the case of null "
-                                                + "serialNumber criteria.",
-                    selector.match(cert_1) && selector.match(cert_2));
-        selector.setAuthorityKeyIdentifier(akid1);
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-        assertFalse("The certificate should not match the selection criteria.",
-                                                        selector.match(cert_2));
-        selector.setAuthorityKeyIdentifier(akid2);
-        akid2[0] ++;
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_2));
-    }
-
-    /**
-     * getAuthorityKeyIdentifier() method testing.
-     * Tests if the method return null in the case of not specified criteria,
-     * if the returned value [does not]corresponds to [not]specified 
-     * and its modification does not cause the modification of internal object.
-     */
-    public void testGetAuthorityKeyIdentifier() {
-        byte[] akid1 = new byte[] {4, 5, 1, 2, 3, 4, 5}; // random value
-        byte[] akid2 = new byte[] {4, 5, 5, 4, 3, 2, 1}; // random value
-        X509CertSelector selector = new X509CertSelector();
-
-        assertNull("Selector should return null", 
-                                        selector.getAuthorityKeyIdentifier());
-        selector.setAuthorityKeyIdentifier(akid1);
-        assertTrue("The returned keyID should be equal to specified",
-                    Arrays.equals(akid1, selector.getAuthorityKeyIdentifier()));
-        selector.getAuthorityKeyIdentifier()[0] ++;
-        assertTrue("The returned keyID should be equal to specified",
-                    Arrays.equals(akid1, selector.getAuthorityKeyIdentifier()));
-        assertFalse("The returned keyID should differ",
-                    Arrays.equals(akid2, selector.getAuthorityKeyIdentifier()));
-    }
-
-    /**
-     * setCertificateValid(Date certificateValid) method testing.
-     * Tests if any certificates match in the case of null criteria,
-     * if [not]proper certificates [do not]match, and if the initialization 
-     * object are copied during the initialization.
-     */
-    public void testSetCertificateValid() {
-        Date date1 = new Date(100);
-        Date date2 = new Date(200);
-        TestCert cert_1 = new TestCert(date1);
-        TestCert cert_2 = new TestCert(date2);
-        X509CertSelector selector = new X509CertSelector();
-
-        selector.setCertificateValid(null);
-        assertTrue("Any certificate should match in the case of null "
-                                                + "serialNumber criteria.",
-                    selector.match(cert_1) && selector.match(cert_2));
-        selector.setCertificateValid(date1);
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-        assertFalse("The certificate should not match the selection criteria.",
-                                                        selector.match(cert_2));
-        selector.setCertificateValid(date2);
-        date2.setTime(300);
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_2));
-    }
-
-    /**
-     * getCertificateValid() method testing.
-     * Tests if the method return null in the case of not specified criteria,
-     * if the returned value [does not]corresponds to [not]specified 
-     * and its modification does not cause the modification of internal object.
-     */
-    public void testGetCertificateValid() {
-        Date date1 = new Date(100);
-        Date date2 = new Date(200);
-        X509CertSelector selector = new X509CertSelector();
-
-        assertNull("Selector should return null", 
-                                        selector.getCertificateValid());
-        selector.setCertificateValid(date1);
-        assertTrue("The returned date should be equal to specified",
-                    date1.equals(selector.getCertificateValid()));
-        selector.getCertificateValid().setTime(200);
-        assertTrue("The returned date should be equal to specified",
-                    date1.equals(selector.getCertificateValid()));
-        assertFalse("The returned date should differ",
-                    date2.equals(selector.getCertificateValid()));
-    }
-
-    /**
-     * setPrivateKeyValid(Date privateKeyValid) method testing.
-     * Tests if any certificates match in the case of null criteria,
-     * if [not]proper certificates [do not]match, and if the initialization 
-     * object are copied during the initialization.
-     */
-    public void testSetPrivateKeyValid() {
-        Date date1 = new Date(100000000);
-        Date date2 = new Date(200000000);
-        Date date3 = new Date(300000000);
-        Date date4 = new Date(150000000);
-        Date date5 = new Date(250000000);
-        TestCert cert_1 = new TestCert(date1, date2);
-        TestCert cert_2 = new TestCert(date2, date3);
-        X509CertSelector selector = new X509CertSelector();
-
-        selector.setPrivateKeyValid(null);
-        assertTrue("Any certificate should match in the case of null "
-                                            + "privateKeyValid criteria.",
-                    selector.match(cert_1) && selector.match(cert_2));
-        selector.setPrivateKeyValid(date4);
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-        assertFalse("The certificate should not match the selection criteria.",
-                                                        selector.match(cert_2));
-        selector.setPrivateKeyValid(date5);
-        date5.setTime(date4.getTime());
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_2));
-    }
-
-    /**
-     * getPrivateKeyValid() method testing.
-     * Tests if the method return null in the case of not specified criteria,
-     * if the returned value [does not]corresponds to [not]specified 
-     * and its modification does not cause the modification of internal object.
-     */
-    public void testGetPrivateKeyValid() {
-        Date date1 = new Date(100);
-        Date date2 = new Date(200);
-        X509CertSelector selector = new X509CertSelector();
-
-        assertNull("Selector should return null", 
-                                        selector.getPrivateKeyValid());
-        selector.setPrivateKeyValid(date1);
-        assertTrue("The returned date should be equal to specified",
-                    date1.equals(selector.getPrivateKeyValid()));
-        selector.getPrivateKeyValid().setTime(200);
-        assertTrue("The returned date should be equal to specified",
-                    date1.equals(selector.getPrivateKeyValid()));
-        assertFalse("The returned date should differ",
-                    date2.equals(selector.getPrivateKeyValid()));
-    }
-
-    /**
-     * setSubjectPublicKeyAlgID(String oid) method testing.
-     * Tests if any certificates match in the case of null criteria,
-     * if [not]proper certificates [do not]match
-     */
-    public void testSetSubjectPublicKeyAlgID() {
-        String pkaid1 = "1.2.840.113549.1.1.1"; // RSA (source: http://asn1.elibel.tm.fr)
-        String pkaid2 = "1.2.840.10040.4.1"; // DSA (source: http://asn1.elibel.tm.fr)
-        PublicKey pkey1;
-        PublicKey pkey2;
-        try {
-            pkey1 = new TestKeyPair("RSA").getPublic();
-            pkey2 = new TestKeyPair("DSA").getPublic();
-        } catch (Exception e) {
-            e.printStackTrace();
-            fail("Unexpected Exception was thrown: "
-                    + e.getMessage());
-            return;
-        }
-        TestCert cert_1 = new TestCert(pkey1);
-        TestCert cert_2 = new TestCert(pkey2);
-        X509CertSelector selector = new X509CertSelector();
-
-        try {
-            selector.setSubjectPublicKeyAlgID(null);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("Any certificate should match in the case of null "
-                                            + "subjectPublicKeyAlgID criteria.",
-                    selector.match(cert_1) && selector.match(cert_2));
-        try {
-            selector.setSubjectPublicKeyAlgID(pkaid1);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-        assertFalse("The certificate should not match the selection criteria.",
-                                                        selector.match(cert_2));
-        try {
-            selector.setSubjectPublicKeyAlgID(pkaid2);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_2));
-    }
-
-    /**
-     * getSubjectPublicKeyAlgID() method testing.
-     * Tests if the method return null in the case of not specified criteria,
-     * if the returned value [does not]corresponds to [not]specified 
-     */
-    public void testGetSubjectPublicKeyAlgID() {
-        String pkaid1 = "1.2.840.113549.1.1.1"; // RSA encryption (source: http://asn1.elibel.tm.fr)
-        String pkaid2 = "1.2.840.113549.1.1.2"; // MD2 with RSA encryption (source: http://asn1.elibel.tm.fr)
-        X509CertSelector selector = new X509CertSelector();
-
-        assertNull("Selector should return null", 
-                                        selector.getSubjectPublicKeyAlgID());
-        try {
-            selector.setSubjectPublicKeyAlgID(pkaid1);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("The returned oid should be equal to specified",
-                    pkaid1.equals(selector.getSubjectPublicKeyAlgID()));
-        assertFalse("The returned oid should differ",
-                    pkaid2.equals(selector.getSubjectPublicKeyAlgID()));
-    }
-
-    /**
-     * setSubjectPublicKey(PublicKey key) method testing.
-     * Tests if any certificates match in the case of null criteria,
-     * if [not]proper certificates [do not]match.
-     */
-    public void testSetSubjectPublicKey1() {
-        PublicKey pkey1;
-        PublicKey pkey2;
-        try {
-            pkey1 = new TestKeyPair("RSA").getPublic();
-            pkey2 = new TestKeyPair("DSA").getPublic();
-        } catch (Exception e) {
-            e.printStackTrace();
-            fail("Unexpected Exception was thrown: "
-                    + e.getMessage());
-            return;
-        }
-
-        TestCert cert_1 = new TestCert(pkey1);
-        TestCert cert_2 = new TestCert(pkey2);
-        X509CertSelector selector = new X509CertSelector();
-
-        selector.setSubjectPublicKey((PublicKey) null);
-        assertTrue("Any certificate should match in the case of null "
-                                            + "subjectPublicKey criteria.",
-                    selector.match(cert_1) && selector.match(cert_2));
-        selector.setSubjectPublicKey(pkey1);
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-        assertFalse("The certificate should not match the selection criteria.",
-                                                        selector.match(cert_2));
-        selector.setSubjectPublicKey(pkey2);
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_2));
-    }
-
-    /**
-     * getSubjectPublicKey() method testing.
-     * Tests if the method return null in the case of not specified criteria,
-     * if the returned value corresponds to specified 
-     */
-    public void testGetSubjectPublicKey1() {
-        PublicKey pkey;
-        try {
-            pkey = new TestKeyPair("RSA").getPublic();
-        } catch (Exception e) {
-            e.printStackTrace();
-            fail("Unexpected Exception was thrown: " + e.getMessage());
-            return;
-        }
-        X509CertSelector selector = new X509CertSelector();
-
-        assertNull("Selector should return null", 
-                                            selector.getSubjectPublicKey());
-        selector.setSubjectPublicKey(pkey);
-        PublicKey result = selector.getSubjectPublicKey();
-        
-        assertEquals("The name of algorithm should be RSA",
-                                        result.getAlgorithm(), "RSA");
-    }
-
-    /**
-     * setSubjectPublicKey(byte[] key) method testing.
-     * Tests if any certificates match in the case of null criteria,
-     * if [not]proper certificates [do not]match, and if the initialization 
-     * object are copied during the initialization.
-     */
-    public void testSetSubjectPublicKey2() {
-        PublicKey pkey1;
-        PublicKey pkey2;
-        try {
-            pkey1 = new TestKeyPair("RSA").getPublic();
-            pkey2 = new TestKeyPair("DSA").getPublic();
-        } catch (Exception e) {
-            e.printStackTrace();
-            fail("Unexpected Exception was thrown: "
-                    + e.getMessage());
-            return;
-        }
-
-        byte[] encoding1 = pkey1.getEncoded();
-        byte[] encoding2 = pkey2.getEncoded();
-        TestCert cert_1 = new TestCert(pkey1);
-        TestCert cert_2 = new TestCert(pkey2);
-        X509CertSelector selector = new X509CertSelector();
-
-        try {
-            selector.setSubjectPublicKey((byte[]) null);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("Any certificate should match in the case of null "
-                                            + "subjectPublicKey criteria.",
-                    selector.match(cert_1) && selector.match(cert_2));
-        try {
-            selector.setSubjectPublicKey(encoding1);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-        encoding1[0] ++;
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-        assertFalse("The certificate should not match the selection criteria.",
-                                                        selector.match(cert_2));
-        try {
-            selector.setSubjectPublicKey(encoding2);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_2));
-    }
-
-    /**
-     * getSubjectPublicKey() method testing.
-     * Tests if the method return null in the case of not specified criteria,
-     * if the returned value corresponds to specified 
-     */
-    public void testGetSubjectPublicKey2() {
-        PublicKey pkey;
-        try {
-            pkey = new TestKeyPair("RSA").getPublic();
-        } catch (Exception e) {
-            e.printStackTrace();
-            fail("Unexpected Exception was thrown: " + e.getMessage());
-            return;
-        }
-        X509CertSelector selector = new X509CertSelector();
-
-        assertNull("Selector should return null", 
-                                            selector.getSubjectPublicKey());
-        try {
-            selector.setSubjectPublicKey(pkey.getEncoded());
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        PublicKey result = selector.getSubjectPublicKey();
-        
-        assertEquals("The name of algorithm should be RSA",
-                                        result.getAlgorithm(), "RSA");
-    }
-
-    /**
-     * setKeyUsage(boolean[] keyUsage) method testing.
-     * Tests if any certificates match in the case of null criteria,
-     * if [not]proper certificates [do not]match, and if the initialization 
-     * object are copied during the initialization. Also checks if selector
-     * matches the certificate which does not have a keyUsage extension.
-     */
-    public void testSetKeyUsage() {
-        boolean[] ku1 = new boolean[] 
-                    {true, true, true, true, true, true, true, true, true};
-        // decipherOnly is disallowed
-        boolean[] ku2 = new boolean[]
-                    {true, true, true, true, true, true, true, true, false};
-        TestCert cert_1 = new TestCert(ku1);
-        TestCert cert_2 = new TestCert(ku2);
-        TestCert cert_3 = new TestCert((boolean[]) null);
-        X509CertSelector selector = new X509CertSelector();
-
-        selector.setKeyUsage(null);
-        assertTrue("Any certificate should match in the case of null "
-                                                        + "keyUsage criteria.",
-                            selector.match(cert_1) && selector.match(cert_2));
-        selector.setKeyUsage(ku1);
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-        assertFalse("The certificate should not match the selection criteria.",
-                                                        selector.match(cert_2));
-        assertTrue("The certificate which does not have a keyUsage extension "
-                   + "implicitly allows all keyUsage values.",
-                                                        selector.match(cert_3));
-        selector.setKeyUsage(ku2);
-        ku2[0] = !ku2[0];
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_2));
-    }
-
-    /**
-     * getKeyUsage() method testing.
-     * Tests if the method return null in the case of not specified criteria,
-     * if the returned value [does not]corresponds to [not]specified 
-     * and its modification does not cause the modification of internal object.
-     */
-    public void testGetKeyUsage() {
-        boolean[] ku = new boolean[]
-                    {true, false, true, false, true, false, true, false, true};
-        X509CertSelector selector = new X509CertSelector();
-
-        assertNull("Selector should return null", selector.getKeyUsage());
-        selector.setKeyUsage(ku);
-        assertTrue("The returned date should be equal to specified",
-                                    Arrays.equals(ku, selector.getKeyUsage()));
-        boolean[] result = selector.getKeyUsage();
-        result[0] = !result[0];
-        assertTrue("The returned keyUsage should be equal to specified",
-                                    Arrays.equals(ku, selector.getKeyUsage()));
-    }
-
-    /**
-     * setExtendedKeyUsage(Set<String> keyPurposeSet) method testing.
-     */
-    public void testSetExtendedKeyUsage() {
-        HashSet ku1 = new HashSet(Arrays.asList(new String[] {
-                "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", 
-                "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", 
-                "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7"}
-                              ));
-        HashSet ku2 = new HashSet(Arrays.asList(new String[] {
-                "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", 
-                "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", 
-                "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6"}));
-        TestCert cert_1 = new TestCert(ku1);
-        TestCert cert_2 = new TestCert(ku2);
-        TestCert cert_3 = new TestCert((Set) null);
-        X509CertSelector selector = new X509CertSelector();
-
-        try {
-            selector.setExtendedKeyUsage(null);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("Any certificate should match in the case of null "
-                                                + "extendedKeyUsage criteria.",
-                            selector.match(cert_1) && selector.match(cert_2));
-        try {
-            selector.setExtendedKeyUsage(ku1);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-        assertFalse("The certificate should not match the selection criteria.",
-                                                        selector.match(cert_2));
-        assertTrue("The certificate which does not have a keyUsage extension "
-                   + "implicitly allows all keyUsage values.",
-                                                        selector.match(cert_3));
-        ku1.remove("1.3.6.1.5.5.7.3.7"); // remove the missing in ku2 keyUsage
-        assertFalse("The modification of initialization object "
-                    + "should not affect the modification of internal object.",
-                                                        selector.match(cert_2));
-        try {
-            selector.setExtendedKeyUsage(ku2);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_2));
-    }
-
-    /**
-     * getExtendedKeyUsage() method testing.
-     */
-    public void testGetExtendedKeyUsage() {
-        HashSet ku = new HashSet(Arrays.asList(new String[] {
-                "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", 
-                "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", 
-                "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7"}
-                            ));
-        X509CertSelector selector = new X509CertSelector();
-
-        assertNull("Selector should return null", 
-                                                selector.getExtendedKeyUsage());
-        try {
-            selector.setExtendedKeyUsage(ku);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("The returned extendedKeyUsage should be equal to specified",
-                            ku.equals(selector.getExtendedKeyUsage()));
-        try {
-            selector.getExtendedKeyUsage().add("KRIBLE-GRABLI");
-            fail("The returned Set should be immutable.");
-        } catch (UnsupportedOperationException e) {
-        }
-    }
-    
-    /**
-     * setSubjectAlternativeNames(Collection<List<?>> names) method testing.
-     */
-    public void testSetSubjectAlternativeNames() {
-        try {
-            GeneralName san0 = 
-                new GeneralName(new OtherName("1.2.3.4.5", 
-                            new byte[] {1, 2, 0, 1}));
-            GeneralName san1 = new GeneralName(1, "rfc@822.Name");
-            GeneralName san2 = new GeneralName(2, "dNSName");
-            GeneralName san3 = new GeneralName(new ORAddress());
-            GeneralName san4 = new GeneralName(new Name("O=Organization"));
-            GeneralName san5 = 
-                new GeneralName(new EDIPartyName("assigner", "party"));
-            GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
-            GeneralName san7 = new GeneralName(7, "1.1.1.1");
-            GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
-
-            GeneralNames sans_1 = new GeneralNames();
-            sans_1.addName(san0);
-            sans_1.addName(san1);
-            sans_1.addName(san2);
-            sans_1.addName(san3);
-            sans_1.addName(san4);
-            sans_1.addName(san5);
-            sans_1.addName(san6);
-            sans_1.addName(san7);
-            sans_1.addName(san8);
-            GeneralNames sans_2 = new GeneralNames();
-            sans_2.addName(san0);
-            
-            TestCert cert_1 = new TestCert(sans_1);
-            TestCert cert_2 = new TestCert(sans_2);
-            X509CertSelector selector = new X509CertSelector();
-            selector.setMatchAllSubjectAltNames(true);
-
-            selector.setSubjectAlternativeNames(null);
-            assertTrue("Any certificate should match in the case of null "
-                                        + "subjectAlternativeNames criteria.",
-                            selector.match(cert_1) && selector.match(cert_2));
-            
-            Collection sans = sans_1.getPairsList();
-            selector.setSubjectAlternativeNames(sans);
-            assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-            assertFalse("The certificate should not match "
-                        + "the selection criteria.",    selector.match(cert_2));
-            sans.clear();
-            assertTrue("The modification of initialization object "
-                        + "should not affect the modification "
-                        + "of internal object.",        selector.match(cert_1));
-            selector.setSubjectAlternativeNames(sans_2.getPairsList());
-            assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_2));
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-    }
-
-    /**
-     * addSubjectAlternativeName(int type, String name) method testing.
-     */
-    public void testAddSubjectAlternativeName1() throws IOException {
-        String name1 = "rfc@822.Name";
-        String name2 = "dNSName";
-        String name4 = "O=Organization";
-        String name6 = "http://uniform.Resource.Id";
-        String name7 = "255.255.255.0";
-        String name8 = "1.2.3.4444.55555";
-
-        GeneralName san1 = new GeneralName(1, name1);
-        GeneralName san2 = new GeneralName(2, name2);
-        GeneralName san4 = new GeneralName(4, name4);
-        GeneralName san6 = new GeneralName(6, name6);
-        GeneralName san7 = new GeneralName(7, name7);
-        GeneralName san8 = new GeneralName(8, name8);
-
-        GeneralNames sans_1 = new GeneralNames();
-        sans_1.addName(san1);
-        sans_1.addName(san2);
-        sans_1.addName(san4);
-        sans_1.addName(san6);
-        sans_1.addName(san7);
-        sans_1.addName(san8);
-        GeneralNames sans_2 = new GeneralNames();
-        sans_2.addName(san1);
-        sans_2.addName(san2);
-        
-        TestCert cert_1 = new TestCert(sans_1);
-        TestCert cert_2 = new TestCert(sans_2);
-        X509CertSelector selector = new X509CertSelector();
-        selector.setMatchAllSubjectAltNames(true);
-
-        try {
-            selector.addSubjectAlternativeName(1, name1);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_2));
-
-        try {
-            selector.addSubjectAlternativeName(2, name2);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_2));
-
-        try {
-            selector.addSubjectAlternativeName(4, name4);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-        assertFalse("The certificate should not match the selection criteria.",
-                                                        selector.match(cert_2));
-        try {
-            selector.addSubjectAlternativeName(6, name6);
-            selector.addSubjectAlternativeName(7, name7);
-            selector.addSubjectAlternativeName(8, name8);
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-        assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-        assertFalse("The certificate should not match the selection criteria.",
-                                                        selector.match(cert_2));
-    }
-
-    /**
-     * addSubjectAlternativeName(int type, byte[] name) method testing.
-     */
-    public void testAddSubjectAlternativeName2() {
-        try {
-            GeneralName san0 = 
-                new GeneralName(new OtherName("1.2.3.4.5", 
-                        ASN1Integer.getInstance().encode(
-                                BigInteger.valueOf(55L).toByteArray())
-                            ));
-            GeneralName san1 = new GeneralName(1, "rfc@822.Name");
-            GeneralName san2 = new GeneralName(2, "dNSName");
-            GeneralName san3 = new GeneralName(new ORAddress());
-            GeneralName san4 = new GeneralName(new Name("O=Organization"));
-            GeneralName san5 = 
-                new GeneralName(new EDIPartyName("assigner", "party"));
-            GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id");
-            GeneralName san7 = new GeneralName(new byte[] {1, 1, 1, 1});
-            GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555");
-
-            GeneralNames sans_1 = new GeneralNames();
-            sans_1.addName(san0);
-            sans_1.addName(san1);
-            sans_1.addName(san2);
-            sans_1.addName(san3);
-            sans_1.addName(san4);
-            sans_1.addName(san5);
-            sans_1.addName(san6);
-            sans_1.addName(san7);
-            sans_1.addName(san8);
-            GeneralNames sans_2 = new GeneralNames();
-            sans_2.addName(san0);
-            sans_2.addName(san1);
-            sans_2.addName(san2);
-            
-            TestCert cert_1 = new TestCert(sans_1);
-            TestCert cert_2 = new TestCert(sans_2);
-            X509CertSelector selector = new X509CertSelector();
-            selector.setMatchAllSubjectAltNames(true);
-
-            selector.addSubjectAlternativeName(0, san0.getEncodedName());
-            assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-            assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_2));
-            selector.addSubjectAlternativeName(1, san1.getEncodedName());
-            assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-            assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_2));
-            selector.addSubjectAlternativeName(2, san2.getEncodedName());
-            assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-            assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_2));
-            selector.addSubjectAlternativeName(3, san3.getEncodedName());
-            assertTrue("The certificate should match the selection criteria.",
-                                                    selector.match(cert_1));
-            assertFalse("The certificate should not match the selection criteria.",
-                                                    selector.match(cert_2));
-            selector.addSubjectAlternativeName(4, san4.getEncodedName());
-            assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-            assertFalse("The certificate should not match "
-                        + "the selection criteria.",    selector.match(cert_2));
-            selector.addSubjectAlternativeName(5, san5.getEncodedName());
-            assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-            assertFalse("The certificate should not match "
-                        + "the selection criteria.",    selector.match(cert_2));
-            selector.addSubjectAlternativeName(6, san6.getEncodedName());
-            assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-            assertFalse("The certificate should not match "
-                        + "the selection criteria.",    selector.match(cert_2));
-            selector.addSubjectAlternativeName(7, san7.getEncodedName());
-            assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-            assertFalse("The certificate should not match "
-                        + "the selection criteria.",    selector.match(cert_2));
-            byte[] oid = san8.getEncodedName();
-            selector.addSubjectAlternativeName(8, oid);
-            assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-            assertFalse("The certificate should not match "
-                        + "the selection criteria.",    selector.match(cert_2));
-            oid[3] += 1;
-            assertTrue("The byte array should be cloned to protect against "
-                       + "subsequent modifications.",   selector.match(cert_1));
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-    }
-
-    /**
-     * getSubjectAlternativeNames() method testing.
-     */
-    public void testGetSubjectAlternativeNames() {
-        try {
-            GeneralName san1 = new GeneralName(1, "rfc@822.Name");
-            GeneralName san2 = new GeneralName(2, "dNSName");
-
-            GeneralNames sans = new GeneralNames();
-            sans.addName(san1);
-            sans.addName(san2);
-
-            TestCert cert_1 = new TestCert(sans);
-            X509CertSelector selector = new X509CertSelector();
-
-            assertNull("Selector should return null", 
-                                        selector.getSubjectAlternativeNames());
-
-            selector.setSubjectAlternativeNames(sans.getPairsList());
-            assertTrue("The certificate should match the selection criteria.",
-                                                        selector.match(cert_1));
-            selector.getSubjectAlternativeNames().clear();
-            assertTrue("The modification of initialization object "
-                        + "should not affect the modification "
-                        + "of internal object.",        selector.match(cert_1));
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-    }
-
-    /**
-     * setMatchAllSubjectAltNames(boolean matchAllNames) method testing.
-     */
-    public void testSetMatchAllSubjectAltNames() {
-        try {
-            GeneralName san1 = new GeneralName(1, "rfc@822.Name");
-            GeneralName san2 = new GeneralName(2, "dNSName");
-
-            GeneralNames sans_1 = new GeneralNames();
-            sans_1.addName(san1);
-            GeneralNames sans_2 = new GeneralNames();
-            sans_2.addName(san1);
-            sans_2.addName(san2);
-
-            TestCert cert = new TestCert(sans_1);
-            X509CertSelector selector = new X509CertSelector();
-            selector.setMatchAllSubjectAltNames(true);
-
-            selector.setSubjectAlternativeNames(sans_2.getPairsList());
-            assertFalse("Only certificate which contain all of the specified "
-                       + "subject alternative names should match.",
-                                                        selector.match(cert));
-            selector.setMatchAllSubjectAltNames(false);
-            /*
-            assertTrue("The certificate which contain at least one of the "
-                       + "specified subject alternative names must match.",
-                                                        selector.match(cert));
-                                                        */
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-    }
-
-    /**
-     * getMatchAllSubjectAltNames() method testing.
-     */
-    public void testGetMatchAllSubjectAltNames() {
-        X509CertSelector selector = new X509CertSelector();
-        assertTrue("The matchAllNames initially should be true", 
-                selector.getMatchAllSubjectAltNames());
-        selector.setMatchAllSubjectAltNames(false);
-        assertFalse("The value should be false",
-                selector.getMatchAllSubjectAltNames());
-    }
-
-    /**
-     * setNameConstraints(byte[] bytes) method testing.
-     * Constructs the NameConstraints DER structure with
-     * GeneralNames of types: 1, 2, 6, 7 and set it as a criterion.
-     */
-    public void testSetNameConstraints0() throws IOException {
-        // Restrictions apply only when the specified name form is present.  
-        // If no name of the type is in the certificate, 
-        // the certificate is acceptable (rfc 3280).
-        
-        GeneralName [] name_constraints = new GeneralName[] {
-            new GeneralName(1, "822.Name"),
-            new GeneralName(1, "rfc@822.Name"),
-            new GeneralName(2, "Name.org"),
-            new GeneralName(2, "dNS.Name.org"),
-            //new GeneralName(4, "O=Organization"),
-            new GeneralName(6, "http://.Resource.Id"),
-            new GeneralName(6, "http://uniform.Resource.Id"),
-            new GeneralName(7, "1.1.1.1"),
-            // new GeneralName(7, new byte[] {1, 1, 1, 1, 3, 3, 3, 3}),
-            new GeneralName(new byte[] {1, 1, 1, 1, 1, 1, 1, 1,
-                                        1, 1, 1, 1, 1, 1, 1, 1}),
-            // new GeneralName(7, new byte[] {1, 1, 1, 1, 1, 1, 1, 1,
-            //                                1, 1, 1, 1, 1, 1, 1, 1,
-            //                                3, 3, 3, 3, 3, 3, 3, 3,
-            //                                3, 3, 3, 3, 3, 3, 3, 3})
-        };
-
-        // names which should match divided from names which should not 
-        // match by null
-        GeneralName[][] alternative_names = new GeneralName[][] {
-            {
-                new GeneralName(1, "rfc@822.Name"),
-                null,
-                new GeneralName(1, "rfc@Other.Name")
-            }, {
-                new GeneralName(1, "rfc@822.Name"),
-                null,
-                new GeneralName(1, "rfc@Other.Name")
-            }, {
-                new GeneralName(2, "Name.org"),
-                new GeneralName(2, "dNS.Name.org"),
-                null,
-                new GeneralName(2, "dNS.OtherName.org")
-            }, {
-                new GeneralName(2, "dNS.Name.org"),
-                null,
-                new GeneralName(2, "Name.org"),
-                new GeneralName(2, "dNS.OtherName.org")
-            }, {
-                
-            //    new GeneralName(4, "O=Organization"),
-            //    null,
-            //    new GeneralName(4, "O=OtherOrganization")
-            //}, {
-            
-                new GeneralName(6, "http://uniform.Resource.Id/location"),
-                null,
-                //new GeneralName(6, "http://Resource.Id")
-            }, {
-                new GeneralName(6, "http://uniform.Resource.Id"),
-                null,
-                new GeneralName(6, "http://Resource.Id")
-            }, {
-                new GeneralName(new byte[] {1, 1, 1, 1}),
-                null,
-                new GeneralName(new byte[] {2, 2, 2, 2})
-            // }, {
-            //     new GeneralName(7, new byte[] {1, 1, 1, 1}),
-            //     new GeneralName(7, new byte[] {2, 2, 2, 2}),
-            //     new GeneralName(7, new byte[] {3, 3, 3, 3}),
-            //     null,
-            //     new GeneralName(7, new byte[] {4, 4, 4, 4})
-            }, {
-                new GeneralName(new byte[] {1, 1, 1, 1, 1, 1, 1, 1,
-                                            1, 1, 1, 1, 1, 1, 1, 1}),
-                null,
-                new GeneralName(new byte[] {2, 2, 2, 2, 2, 2, 2, 2,
-                                            2, 2, 2, 2, 2, 2, 2, 2}),
-            // }, {
-            //     new GeneralName(7, new byte[] {1, 1, 1, 1, 1, 1, 1, 1,
-            //                                    1, 1, 1, 1, 1, 1, 1, 1}),
-            //     new GeneralName(7, new byte[] {2, 2, 2, 2, 2, 2, 2, 2,
-            //                                    2, 2, 2, 2, 2, 2, 2, 2}),
-            //     new GeneralName(7, new byte[] {3, 3, 3, 3, 3, 3, 3, 3,
-            //                                    3, 3, 3, 3, 3, 3, 3, 3}),
-            //     null,
-            //     new GeneralName(7, new byte[] {4, 4, 4, 4, 4, 4, 4, 4,
-            //                                    4, 4, 4, 4, 4, 4, 4, 4}),
-            }
-        };
-
-        X509CertSelector selector = new X509CertSelector();
-        String subject = "O=Organization";
-        X500Principal x500Subject = new X500Principal(subject);
-        try {
-            Name nameSubject = new Name(subject);
-            for (int i=0; i<name_constraints.length; i++) {
-                // make the subtrees (part of name constraints)
-                // this subrtees will be used as permited and as excluded
-                GeneralSubtree subtree = 
-                    new GeneralSubtree(name_constraints[i]);
-                GeneralSubtrees subtrees = new GeneralSubtrees();
-                NameConstraints constraints;
-                subtrees.addSubtree(subtree);
-                // start the checking for each alt. name corresponding
-                // to curent name_constraints[i]
-                boolean check_matching = true;
-                for (int j=0; j<alternative_names[i].length; j++) {
-                    GeneralNames alt_names_extension = new GeneralNames();
-                    if (alternative_names[i][j] == null) {
-                        // double trick: turn the switch and check that the 
-                        // restrictions apply only when the specified name 
-                        // form is presented.  If no name of the type is in the
-                        // certificate, the certificate is acceptable. 
-                        check_matching = false;
-                    } else {
-                        alt_names_extension.addName(alternative_names[i][j]);
-                    }
-                    TestCert certificate = new TestCert(alt_names_extension);
-                    certificate.setSubject(x500Subject);
-                    certificate.setEncoding(getCertEncoding(nameSubject, 
-                                                     alt_names_extension));
-                    // first check if permited name match
-                    constraints = new NameConstraints(subtrees, null);
-                    selector.setNameConstraints(constraints.getEncoded());
-                    boolean expected = check_matching
-                                       || (alternative_names[i][j] == null);
-                    assertTrue("The method match() for:\n        " 
-                               + alternative_names[i][j] 
-                               + "\nand permited name\n        "
-                               + name_constraints[i]
-                               + "\nshould return: "+expected, 
-                               selector.match(certificate) == expected);
-                    // second check if excluded name does not match
-                    constraints = (check_matching) 
-                                    // check for 'Any name matching a 
-                                    // restriction in the excludedSubtrees
-                                    // field is invalid regardless of 
-                                    // information appearing in the  
-                                    // permittedSubtrees'.
-                                    ? new NameConstraints(subtrees, subtrees)
-                                    : new NameConstraints(null, subtrees);
-                    selector.setNameConstraints(constraints.getEncoded());
-                    expected = !check_matching
-                               || (alternative_names[i][j] == null);
-                    assertTrue("The method match() for:\n        " 
-                               + alternative_names[i][j] 
-                               + "\nand excluded name\n        "
-                               + name_constraints[i]
-                               + "\nshould return: "+expected, 
-                               selector.match(certificate) == expected);
-                }
-            }
-        } catch (IOException e) {
-            e.printStackTrace();
-            fail("Unexpected IOException was thrown.");
-        }
-    }
-
-    /**
-     * setNameConstraints(byte[] bytes) method testing.
-     * Constructs the NameConstraints DER structure with
-     * GeneralNames of types: 1, 2, 6, 7 and set it as a criterion.
-     */
-    public void testSetNameConstraints1() throws IOException {
-
-        GeneralName [] name_constraints = new GeneralName[] {
-            new GeneralName(1, "822.Name"),
-            new GeneralName(1, "rfc@822.Name"),
-            new GeneralName(2, "Name.org"),
-            new GeneralName(2, "dNS.Name.org"),

[... 4129 lines stripped ...]


Mime
View raw message