Return-Path: Delivered-To: apmail-incubator-harmony-commits-archive@www.apache.org Received: (qmail 77473 invoked from network); 30 Mar 2006 21:35:29 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 30 Mar 2006 21:35:29 -0000 Received: (qmail 94090 invoked by uid 500); 30 Mar 2006 21:35:24 -0000 Delivered-To: apmail-incubator-harmony-commits-archive@incubator.apache.org Received: (qmail 93621 invoked by uid 500); 30 Mar 2006 21:35:21 -0000 Mailing-List: contact harmony-commits-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: harmony-dev@incubator.apache.org Delivered-To: mailing list harmony-commits@incubator.apache.org Received: (qmail 93075 invoked by uid 99); 30 Mar 2006 21:35:17 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 30 Mar 2006 13:35:17 -0800 X-ASF-Spam-Status: No, hits=-9.4 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.29) with SMTP; Thu, 30 Mar 2006 13:35:05 -0800 Received: (qmail 76736 invoked by uid 65534); 30 Mar 2006 21:34:44 -0000 Message-ID: <20060330213444.76735.qmail@minotaur.apache.org> Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r390246 [12/15] - in /incubator/harmony/enhanced/classlib/trunk: archive/modules/security/src/main/java/java/security/ modules/archive/src/main/java/java/util/jar/ modules/archive/src/test/java/tests/api/java/util/zip/ modules/beans/src/mai... Date: Thu, 30 Mar 2006 21:34:28 -0000 To: harmony-commits@incubator.apache.org From: tellison@apache.org X-Mailer: svnmailer-1.0.7 X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Modified: incubator/harmony/enhanced/classlib/trunk/modules/security/test/common/unit/java/security/cert/X509CertSelectorTest.java URL: http://svn.apache.org/viewcvs/incubator/harmony/enhanced/classlib/trunk/modules/security/test/common/unit/java/security/cert/X509CertSelectorTest.java?rev=390246&r1=390245&r2=390246&view=diff ============================================================================== --- incubator/harmony/enhanced/classlib/trunk/modules/security/test/common/unit/java/security/cert/X509CertSelectorTest.java (original) +++ incubator/harmony/enhanced/classlib/trunk/modules/security/test/common/unit/java/security/cert/X509CertSelectorTest.java Thu Mar 30 13:34:23 2006 @@ -1,3047 +1,3047 @@ -/* - * Copyright 2005 The Apache Software Foundation or its licensors, as applicable. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** -* @author Alexander Y. Kleymenov -* @version $Revision$ -*/ - -package java.security.cert; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Principal; -import java.security.PublicKey; -import java.security.SignatureException; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.X509Certificate; -import java.util.Date; -import java.util.Set; -import java.util.HashSet; -import java.util.Arrays; -import java.util.ArrayList; -import java.util.List; -import java.util.Iterator; -import java.util.Collection; -import javax.security.auth.x500.X500Principal; - -import org.apache.harmony.security.TestKeyPair; -import org.apache.harmony.security.asn1.ASN1Boolean; -import org.apache.harmony.security.asn1.ASN1Integer; -import org.apache.harmony.security.asn1.ASN1OctetString; -import org.apache.harmony.security.asn1.ASN1Oid; -import org.apache.harmony.security.asn1.ASN1Sequence; -import org.apache.harmony.security.asn1.ASN1Type; - -import org.apache.harmony.security.asn1.*; -import org.apache.harmony.security.x501.Name; -import org.apache.harmony.security.x509.*; - - -import junit.framework.Test; -import junit.framework.TestCase; -import junit.framework.TestSuite; - -/** - * X509CertSelectorTest - */ -public class X509CertSelectorTest extends TestCase { - - /** - * The abstract class stub implementation. - */ - private class TestCert extends X509Certificate { - - /* Stuff fields */ - protected String equalCriteria = null; // to simplify method equals() - protected BigInteger serialNumber = null; - protected X500Principal issuer = null; - protected X500Principal subject = null; - protected byte[] keyIdentifier = null; - protected Date date = null; - protected Date notBefore = null; - protected Date notAfter = null; - protected PublicKey key = null; - protected boolean[] keyUsage = null; - protected List extKeyUsage = null; - protected int pathLen = -1; - protected GeneralNames sans = null; - protected byte[] encoding = null; - protected String[] policies = null; - protected NameConstraints nameConstraints = null; - - /* Stuff methods */ - public TestCert() {}; - - public TestCert(GeneralNames sans) { - setSubjectAlternativeNames(sans); - }; - - public TestCert(NameConstraints nameConstraints) { - this.nameConstraints = nameConstraints; - }; - - public TestCert(String equalCriteria) { - setEqualCriteria(equalCriteria); - }; - - public TestCert(String[] policies) { - setPolicies(policies); - }; - - public TestCert(BigInteger serial) { - setSerialNumber(serial); - }; - - public TestCert(X500Principal principal) { - setIssuer(principal); - setSubject(principal); - }; - - public TestCert(byte[] array) { - setKeyIdentifier(array); - }; - - public TestCert(Date date) { - setDate(date); - }; - - public TestCert(Date notBefore, Date notAfter) { - setPeriod(notBefore, notAfter); - }; - - public TestCert(PublicKey key) { - setPublicKey(key); - }; - - public TestCert(boolean[] keyUsage) { - setKeyUsage(keyUsage); - }; - - public TestCert(Set extKeyUsage) { - setExtendedKeyUsage(extKeyUsage); - }; - - public TestCert(int pathLen) { - this.pathLen = pathLen; - }; - - public void setPolicies(String[] policies) { - this.policies = policies; - }; - - public void setSubjectAlternativeNames(GeneralNames sans) { - this.sans = sans; - }; - - public void setExtendedKeyUsage(Set extKeyUsage) { - this.extKeyUsage = (extKeyUsage == null) - ? null - : new ArrayList(extKeyUsage); - }; - - public void setKeyUsage(boolean[] keyUsage) { - this.keyUsage = (keyUsage == null) ? null - : (boolean[]) keyUsage.clone(); - }; - - public void setPublicKey(PublicKey key) { - this.key = key; - } - - public void setPeriod(Date notBefore, Date notAfter) { - this.notBefore = notBefore; - this.notAfter = notAfter; - } - - public void setSerialNumber(BigInteger serial) { - this.serialNumber = serial; - }; - - public void setEqualCriteria(String equalCriteria) { - this.equalCriteria = equalCriteria; - } - - public void setIssuer(X500Principal issuer) { - this.issuer = issuer; - } - - public void setSubject(X500Principal subject) { - this.subject = subject; - } - - public void setKeyIdentifier(byte[] subjectKeyID) { - this.keyIdentifier = (byte[]) subjectKeyID.clone(); - } - - public void setDate(Date date) { - this.date = new Date(date.getTime()); - } - - public void setEncoding(byte[] encoding) { - this.encoding = encoding; - } - - /* Method implementations */ - public boolean equals(Object cert) { - if (cert == null) { - return false; - } - if ((equalCriteria == null) - || (((TestCert)cert).equalCriteria == null)) { - return false; - } else { - return equalCriteria.equals(((TestCert)cert).equalCriteria); - } - } - - public String toString() { - if (equalCriteria != null) { - return equalCriteria; - } - return ""; - } - - public void checkValidity() throws CertificateExpiredException, - CertificateNotYetValidException {}; - - public void checkValidity(Date date) - throws CertificateExpiredException, - CertificateNotYetValidException { - if (this.date == null) { - throw new CertificateExpiredException(); - } - int result = this.date.compareTo(date); - if (result > 0) { - throw new CertificateExpiredException(); - } - if (result < 0) { - throw new CertificateNotYetValidException(); - } - }; - - public int getVersion() { - return 3; - }; - - public BigInteger getSerialNumber() { - return (serialNumber == null) - ? new BigInteger("1111") - : serialNumber; - }; - - public Principal getIssuerDN() { - return issuer; - }; - - public X500Principal getIssuerX500Principal() { - return issuer; - } - - public Principal getSubjectDN() { - return subject; - }; - - public X500Principal getSubjectX500Principal() { - return subject; - } - - public Date getNotBefore() { - return null; - }; - - public Date getNotAfter() { - return null; - }; - - public byte[] getTBSCertificate() - throws CertificateEncodingException - { - return null; - }; - - public byte[] getSignature() { - return null; - }; - - public String getSigAlgName() { - return null; - }; - - public String getSigAlgOID() { - return null; - }; - - public byte[] getSigAlgParams() { - return null; - }; - - public boolean[] getIssuerUniqueID() { - return null; - }; - - public boolean[] getSubjectUniqueID() { - return null; - }; - - public boolean[] getKeyUsage() { - return keyUsage; - }; - - public List/**/ getExtendedKeyUsage() - throws CertificateParsingException { - return extKeyUsage; - } - - public int getBasicConstraints() { - return pathLen; - }; - - public Collection/*>*/ getSubjectAlternativeNames() - throws CertificateParsingException { - return sans.getPairsList(); - } - - - public void verify(PublicKey key) - throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, - SignatureException - { - } - - public void verify(PublicKey key, - String sigProvider) - throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, - SignatureException - { - } - - public PublicKey getPublicKey() { - return key; - } - - public byte[] getEncoded() throws CertificateEncodingException - { - return encoding; - } - - public Set getNonCriticalExtensionOIDs() { - return null; - } - - public Set getCriticalExtensionOIDs() { - return null; - } - - public byte[] getExtensionValue(String oid) { - if (("2.5.29.14".equals(oid)) || ("2.5.29.35".equals(oid))) { - // Extension value is represented as an OctetString - return (byte[]) - ASN1OctetString.getInstance().encode(keyIdentifier); - } - if ("2.5.29.16".equals(oid)) { - PrivateKeyUsagePeriod pkup = - new PrivateKeyUsagePeriod(notBefore, notAfter); - byte[] encoded = pkup.getEncoded(); - return (byte[]) - ASN1OctetString.getInstance().encode(encoded); - } - if (("2.5.29.37".equals(oid)) && (extKeyUsage != null)) { - ASN1Oid[] oa = new ASN1Oid[extKeyUsage.size()]; - String[] val = new String[extKeyUsage.size()]; - Iterator it = extKeyUsage.iterator(); - int id = 0; - while (it.hasNext()) { - oa[id] = ASN1Oid.getInstanceForString(); - val[id++] = (String) it.next(); - } - return (byte[]) - ASN1OctetString.getInstance().encode( - new ASN1Sequence(oa).encode(val)); - } - if ("2.5.29.19".equals(oid)) { - return (byte[]) - ASN1OctetString.getInstance().encode( - new ASN1Sequence( - new ASN1Type[] { - ASN1Boolean.getInstance(), - ASN1Integer.getInstance() - }).encode( - new Object[] { - new Boolean(pathLen != -1), - BigInteger.valueOf(pathLen). - toByteArray() - }) - ); - } - if ("2.5.29.17".equals(oid) && (sans != null)) { - if (sans.getNames() == null) { - return null; - } - return (byte[]) - ASN1OctetString.getInstance().encode( - GeneralNames.ASN1.encode(sans)); - } - if ("2.5.29.32".equals(oid) && (policies != null) - && (policies.length > 0)) { - // Certificate Policies Extension (as specified in rfc 3280) - CertificatePolicies certificatePolicies = - new CertificatePolicies(); - for (int i=0; i keyPurposeSet) method testing. - */ - public void testSetExtendedKeyUsage() { - HashSet ku1 = new HashSet(Arrays.asList(new String[] { - "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", - "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", - "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7"} - )); - HashSet ku2 = new HashSet(Arrays.asList(new String[] { - "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", - "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", - "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6"})); - TestCert cert_1 = new TestCert(ku1); - TestCert cert_2 = new TestCert(ku2); - TestCert cert_3 = new TestCert((Set) null); - X509CertSelector selector = new X509CertSelector(); - - try { - selector.setExtendedKeyUsage(null); - } catch (IOException e) { - e.printStackTrace(); - fail("Unexpected IOException was thrown."); - } - assertTrue("Any certificate should match in the case of null " - + "extendedKeyUsage criteria.", - selector.match(cert_1) && selector.match(cert_2)); - try { - selector.setExtendedKeyUsage(ku1); - } catch (IOException e) { - e.printStackTrace(); - fail("Unexpected IOException was thrown."); - } - assertTrue("The certificate should match the selection criteria.", - selector.match(cert_1)); - assertFalse("The certificate should not match the selection criteria.", - selector.match(cert_2)); - assertTrue("The certificate which does not have a keyUsage extension " - + "implicitly allows all keyUsage values.", - selector.match(cert_3)); - ku1.remove("1.3.6.1.5.5.7.3.7"); // remove the missing in ku2 keyUsage - assertFalse("The modification of initialization object " - + "should not affect the modification of internal object.", - selector.match(cert_2)); - try { - selector.setExtendedKeyUsage(ku2); - } catch (IOException e) { - e.printStackTrace(); - fail("Unexpected IOException was thrown."); - } - assertTrue("The certificate should match the selection criteria.", - selector.match(cert_2)); - } - - /** - * getExtendedKeyUsage() method testing. - */ - public void testGetExtendedKeyUsage() { - HashSet ku = new HashSet(Arrays.asList(new String[] { - "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2", "1.3.6.1.5.5.7.3.3", - "1.3.6.1.5.5.7.3.4", "1.3.6.1.5.5.7.3.8", "1.3.6.1.5.5.7.3.9", - "1.3.6.1.5.5.7.3.5", "1.3.6.1.5.5.7.3.6", "1.3.6.1.5.5.7.3.7"} - )); - X509CertSelector selector = new X509CertSelector(); - - assertNull("Selector should return null", - selector.getExtendedKeyUsage()); - try { - selector.setExtendedKeyUsage(ku); - } catch (IOException e) { - e.printStackTrace(); - fail("Unexpected IOException was thrown."); - } - assertTrue("The returned extendedKeyUsage should be equal to specified", - ku.equals(selector.getExtendedKeyUsage())); - try { - selector.getExtendedKeyUsage().add("KRIBLE-GRABLI"); - fail("The returned Set should be immutable."); - } catch (UnsupportedOperationException e) { - } - } - - /** - * setSubjectAlternativeNames(Collection> names) method testing. - */ - public void testSetSubjectAlternativeNames() { - try { - GeneralName san0 = - new GeneralName(new OtherName("1.2.3.4.5", - new byte[] {1, 2, 0, 1})); - GeneralName san1 = new GeneralName(1, "rfc@822.Name"); - GeneralName san2 = new GeneralName(2, "dNSName"); - GeneralName san3 = new GeneralName(new ORAddress()); - GeneralName san4 = new GeneralName(new Name("O=Organization")); - GeneralName san5 = - new GeneralName(new EDIPartyName("assigner", "party")); - GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id"); - GeneralName san7 = new GeneralName(7, "1.1.1.1"); - GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555"); - - GeneralNames sans_1 = new GeneralNames(); - sans_1.addName(san0); - sans_1.addName(san1); - sans_1.addName(san2); - sans_1.addName(san3); - sans_1.addName(san4); - sans_1.addName(san5); - sans_1.addName(san6); - sans_1.addName(san7); - sans_1.addName(san8); - GeneralNames sans_2 = new GeneralNames(); - sans_2.addName(san0); - - TestCert cert_1 = new TestCert(sans_1); - TestCert cert_2 = new TestCert(sans_2); - X509CertSelector selector = new X509CertSelector(); - selector.setMatchAllSubjectAltNames(true); - - selector.setSubjectAlternativeNames(null); - assertTrue("Any certificate should match in the case of null " - + "subjectAlternativeNames criteria.", - selector.match(cert_1) && selector.match(cert_2)); - - Collection sans = sans_1.getPairsList(); - selector.setSubjectAlternativeNames(sans); - assertTrue("The certificate should match the selection criteria.", - selector.match(cert_1)); - assertFalse("The certificate should not match " - + "the selection criteria.", selector.match(cert_2)); - sans.clear(); - assertTrue("The modification of initialization object " - + "should not affect the modification " - + "of internal object.", selector.match(cert_1)); - selector.setSubjectAlternativeNames(sans_2.getPairsList()); - assertTrue("The certificate should match the selection criteria.", - selector.match(cert_2)); - } catch (IOException e) { - e.printStackTrace(); - fail("Unexpected IOException was thrown."); - } - } - - /** - * addSubjectAlternativeName(int type, String name) method testing. - */ - public void testAddSubjectAlternativeName1() throws IOException { - String name1 = "rfc@822.Name"; - String name2 = "dNSName"; - String name4 = "O=Organization"; - String name6 = "http://uniform.Resource.Id"; - String name7 = "255.255.255.0"; - String name8 = "1.2.3.4444.55555"; - - GeneralName san1 = new GeneralName(1, name1); - GeneralName san2 = new GeneralName(2, name2); - GeneralName san4 = new GeneralName(4, name4); - GeneralName san6 = new GeneralName(6, name6); - GeneralName san7 = new GeneralName(7, name7); - GeneralName san8 = new GeneralName(8, name8); - - GeneralNames sans_1 = new GeneralNames(); - sans_1.addName(san1); - sans_1.addName(san2); - sans_1.addName(san4); - sans_1.addName(san6); - sans_1.addName(san7); - sans_1.addName(san8); - GeneralNames sans_2 = new GeneralNames(); - sans_2.addName(san1); - sans_2.addName(san2); - - TestCert cert_1 = new TestCert(sans_1); - TestCert cert_2 = new TestCert(sans_2); - X509CertSelector selector = new X509CertSelector(); - selector.setMatchAllSubjectAltNames(true); - - try { - selector.addSubjectAlternativeName(1, name1); - } catch (IOException e) { - e.printStackTrace(); - fail("Unexpected IOException was thrown."); - } - assertTrue("The certificate should match the selection criteria.", - selector.match(cert_1)); - assertTrue("The certificate should match the selection criteria.", - selector.match(cert_2)); - - try { - selector.addSubjectAlternativeName(2, name2); - } catch (IOException e) { - e.printStackTrace(); - fail("Unexpected IOException was thrown."); - } - assertTrue("The certificate should match the selection criteria.", - selector.match(cert_1)); - assertTrue("The certificate should match the selection criteria.", - selector.match(cert_2)); - - try { - selector.addSubjectAlternativeName(4, name4); - } catch (IOException e) { - e.printStackTrace(); - fail("Unexpected IOException was thrown."); - } - assertTrue("The certificate should match the selection criteria.", - selector.match(cert_1)); - assertFalse("The certificate should not match the selection criteria.", - selector.match(cert_2)); - try { - selector.addSubjectAlternativeName(6, name6); - selector.addSubjectAlternativeName(7, name7); - selector.addSubjectAlternativeName(8, name8); - } catch (IOException e) { - e.printStackTrace(); - fail("Unexpected IOException was thrown."); - } - assertTrue("The certificate should match the selection criteria.", - selector.match(cert_1)); - assertFalse("The certificate should not match the selection criteria.", - selector.match(cert_2)); - } - - /** - * addSubjectAlternativeName(int type, byte[] name) method testing. - */ - public void testAddSubjectAlternativeName2() { - try { - GeneralName san0 = - new GeneralName(new OtherName("1.2.3.4.5", - ASN1Integer.getInstance().encode( - BigInteger.valueOf(55L).toByteArray()) - )); - GeneralName san1 = new GeneralName(1, "rfc@822.Name"); - GeneralName san2 = new GeneralName(2, "dNSName"); - GeneralName san3 = new GeneralName(new ORAddress()); - GeneralName san4 = new GeneralName(new Name("O=Organization")); - GeneralName san5 = - new GeneralName(new EDIPartyName("assigner", "party")); - GeneralName san6 = new GeneralName(6, "http://uniform.Resource.Id"); - GeneralName san7 = new GeneralName(new byte[] {1, 1, 1, 1}); - GeneralName san8 = new GeneralName(8, "1.2.3.4444.55555"); - - GeneralNames sans_1 = new GeneralNames(); - sans_1.addName(san0); - sans_1.addName(san1); - sans_1.addName(san2); - sans_1.addName(san3); - sans_1.addName(san4); - sans_1.addName(san5); - sans_1.addName(san6); - sans_1.addName(san7); - sans_1.addName(san8); - GeneralNames sans_2 = new GeneralNames(); - sans_2.addName(san0); - sans_2.addName(san1); - sans_2.addName(san2); - - TestCert cert_1 = new TestCert(sans_1); - TestCert cert_2 = new TestCert(sans_2); - X509CertSelector selector = new X509CertSelector(); - selector.setMatchAllSubjectAltNames(true); - - selector.addSubjectAlternativeName(0, san0.getEncodedName()); - assertTrue("The certificate should match the selection criteria.", - selector.match(cert_1)); - assertTrue("The certificate should match the selection criteria.", - selector.match(cert_2)); - selector.addSubjectAlternativeName(1, san1.getEncodedName()); - assertTrue("The certificate should match the selection criteria.", - selector.match(cert_1)); - assertTrue("The certificate should match the selection criteria.", - selector.match(cert_2)); - selector.addSubjectAlternativeName(2, san2.getEncodedName()); - assertTrue("The certificate should match the selection criteria.", - selector.match(cert_1)); - assertTrue("The certificate should match the selection criteria.", - selector.match(cert_2)); - selector.addSubjectAlternativeName(3, san3.getEncodedName()); - assertTrue("The certificate should match the selection criteria.", - selector.match(cert_1)); - assertFalse("The certificate should not match the selection criteria.", - selector.match(cert_2)); - selector.addSubjectAlternativeName(4, san4.getEncodedName()); - assertTrue("The certificate should match the selection criteria.", - selector.match(cert_1)); - assertFalse("The certificate should not match " - + "the selection criteria.", selector.match(cert_2)); - selector.addSubjectAlternativeName(5, san5.getEncodedName()); - assertTrue("The certificate should match the selection criteria.", - selector.match(cert_1)); - assertFalse("The certificate should not match " - + "the selection criteria.", selector.match(cert_2)); - selector.addSubjectAlternativeName(6, san6.getEncodedName()); - assertTrue("The certificate should match the selection criteria.", - selector.match(cert_1)); - assertFalse("The certificate should not match " - + "the selection criteria.", selector.match(cert_2)); - selector.addSubjectAlternativeName(7, san7.getEncodedName()); - assertTrue("The certificate should match the selection criteria.", - selector.match(cert_1)); - assertFalse("The certificate should not match " - + "the selection criteria.", selector.match(cert_2)); - byte[] oid = san8.getEncodedName(); - selector.addSubjectAlternativeName(8, oid); - assertTrue("The certificate should match the selection criteria.", - selector.match(cert_1)); - assertFalse("The certificate should not match " - + "the selection criteria.", selector.match(cert_2)); - oid[3] += 1; - assertTrue("The byte array should be cloned to protect against " - + "subsequent modifications.", selector.match(cert_1)); - } catch (IOException e) { - e.printStackTrace(); - fail("Unexpected IOException was thrown."); - } - } - - /** - * getSubjectAlternativeNames() method testing. - */ - public void testGetSubjectAlternativeNames() { - try { - GeneralName san1 = new GeneralName(1, "rfc@822.Name"); - GeneralName san2 = new GeneralName(2, "dNSName"); - - GeneralNames sans = new GeneralNames(); - sans.addName(san1); - sans.addName(san2); - - TestCert cert_1 = new TestCert(sans); - X509CertSelector selector = new X509CertSelector(); - - assertNull("Selector should return null", - selector.getSubjectAlternativeNames()); - - selector.setSubjectAlternativeNames(sans.getPairsList()); - assertTrue("The certificate should match the selection criteria.", - selector.match(cert_1)); - selector.getSubjectAlternativeNames().clear(); - assertTrue("The modification of initialization object " - + "should not affect the modification " - + "of internal object.", selector.match(cert_1)); - } catch (IOException e) { - e.printStackTrace(); - fail("Unexpected IOException was thrown."); - } - } - - /** - * setMatchAllSubjectAltNames(boolean matchAllNames) method testing. - */ - public void testSetMatchAllSubjectAltNames() { - try { - GeneralName san1 = new GeneralName(1, "rfc@822.Name"); - GeneralName san2 = new GeneralName(2, "dNSName"); - - GeneralNames sans_1 = new GeneralNames(); - sans_1.addName(san1); - GeneralNames sans_2 = new GeneralNames(); - sans_2.addName(san1); - sans_2.addName(san2); - - TestCert cert = new TestCert(sans_1); - X509CertSelector selector = new X509CertSelector(); - selector.setMatchAllSubjectAltNames(true); - - selector.setSubjectAlternativeNames(sans_2.getPairsList()); - assertFalse("Only certificate which contain all of the specified " - + "subject alternative names should match.", - selector.match(cert)); - selector.setMatchAllSubjectAltNames(false); - /* - assertTrue("The certificate which contain at least one of the " - + "specified subject alternative names must match.", - selector.match(cert)); - */ - } catch (IOException e) { - e.printStackTrace(); - fail("Unexpected IOException was thrown."); - } - } - - /** - * getMatchAllSubjectAltNames() method testing. - */ - public void testGetMatchAllSubjectAltNames() { - X509CertSelector selector = new X509CertSelector(); - assertTrue("The matchAllNames initially should be true", - selector.getMatchAllSubjectAltNames()); - selector.setMatchAllSubjectAltNames(false); - assertFalse("The value should be false", - selector.getMatchAllSubjectAltNames()); - } - - /** - * setNameConstraints(byte[] bytes) method testing. - * Constructs the NameConstraints DER structure with - * GeneralNames of types: 1, 2, 6, 7 and set it as a criterion. - */ - public void testSetNameConstraints0() throws IOException { - // Restrictions apply only when the specified name form is present. - // If no name of the type is in the certificate, - // the certificate is acceptable (rfc 3280). - - GeneralName [] name_constraints = new GeneralName[] { - new GeneralName(1, "822.Name"), - new GeneralName(1, "rfc@822.Name"), - new GeneralName(2, "Name.org"), - new GeneralName(2, "dNS.Name.org"), - //new GeneralName(4, "O=Organization"), - new GeneralName(6, "http://.Resource.Id"), - new GeneralName(6, "http://uniform.Resource.Id"), - new GeneralName(7, "1.1.1.1"), - // new GeneralName(7, new byte[] {1, 1, 1, 1, 3, 3, 3, 3}), - new GeneralName(new byte[] {1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1}), - // new GeneralName(7, new byte[] {1, 1, 1, 1, 1, 1, 1, 1, - // 1, 1, 1, 1, 1, 1, 1, 1, - // 3, 3, 3, 3, 3, 3, 3, 3, - // 3, 3, 3, 3, 3, 3, 3, 3}) - }; - - // names which should match divided from names which should not - // match by null - GeneralName[][] alternative_names = new GeneralName[][] { - { - new GeneralName(1, "rfc@822.Name"), - null, - new GeneralName(1, "rfc@Other.Name") - }, { - new GeneralName(1, "rfc@822.Name"), - null, - new GeneralName(1, "rfc@Other.Name") - }, { - new GeneralName(2, "Name.org"), - new GeneralName(2, "dNS.Name.org"), - null, - new GeneralName(2, "dNS.OtherName.org") - }, { - new GeneralName(2, "dNS.Name.org"), - null, - new GeneralName(2, "Name.org"), - new GeneralName(2, "dNS.OtherName.org") - }, { - - // new GeneralName(4, "O=Organization"), - // null, - // new GeneralName(4, "O=OtherOrganization") - //}, { - - new GeneralName(6, "http://uniform.Resource.Id/location"), - null, - //new GeneralName(6, "http://Resource.Id") - }, { - new GeneralName(6, "http://uniform.Resource.Id"), - null, - new GeneralName(6, "http://Resource.Id") - }, { - new GeneralName(new byte[] {1, 1, 1, 1}), - null, - new GeneralName(new byte[] {2, 2, 2, 2}) - // }, { - // new GeneralName(7, new byte[] {1, 1, 1, 1}), - // new GeneralName(7, new byte[] {2, 2, 2, 2}), - // new GeneralName(7, new byte[] {3, 3, 3, 3}), - // null, - // new GeneralName(7, new byte[] {4, 4, 4, 4}) - }, { - new GeneralName(new byte[] {1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1}), - null, - new GeneralName(new byte[] {2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2}), - // }, { - // new GeneralName(7, new byte[] {1, 1, 1, 1, 1, 1, 1, 1, - // 1, 1, 1, 1, 1, 1, 1, 1}), - // new GeneralName(7, new byte[] {2, 2, 2, 2, 2, 2, 2, 2, - // 2, 2, 2, 2, 2, 2, 2, 2}), - // new GeneralName(7, new byte[] {3, 3, 3, 3, 3, 3, 3, 3, - // 3, 3, 3, 3, 3, 3, 3, 3}), - // null, - // new GeneralName(7, new byte[] {4, 4, 4, 4, 4, 4, 4, 4, - // 4, 4, 4, 4, 4, 4, 4, 4}), - } - }; - - X509CertSelector selector = new X509CertSelector(); - String subject = "O=Organization"; - X500Principal x500Subject = new X500Principal(subject); - try { - Name nameSubject = new Name(subject); - for (int i=0; i