harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smish...@apache.org
Subject svn commit: r412002 - in /incubator/harmony/enhanced/classlib/trunk/modules/security/src: main/java/common/org/apache/harmony/security/asn1/ main/java/common/org/apache/harmony/security/pkcs7/ main/java/common/org/apache/harmony/security/provider/cert/...
Date Tue, 06 Jun 2006 04:49:58 GMT
Author: smishura
Date: Mon Jun  5 21:49:57 2006
New Revision: 412002

URL: http://svn.apache.org/viewvc?rev=412002&view=rev
Log:
Apply patch for HARMONY-537 ([classlib] X.509 CertificateFactory implementation does not support
PKCS7 Data)

Added:
    incubator/harmony/enhanced/classlib/trunk/modules/security/src/test/api/java/org/
    incubator/harmony/enhanced/classlib/trunk/modules/security/src/test/api/java/org/apache/
    incubator/harmony/enhanced/classlib/trunk/modules/security/src/test/api/java/org/apache/harmony/
    incubator/harmony/enhanced/classlib/trunk/modules/security/src/test/api/java/org/apache/harmony/security/
    incubator/harmony/enhanced/classlib/trunk/modules/security/src/test/api/java/org/apache/harmony/security/tests/
    incubator/harmony/enhanced/classlib/trunk/modules/security/src/test/api/java/org/apache/harmony/security/tests/java/
    incubator/harmony/enhanced/classlib/trunk/modules/security/src/test/api/java/org/apache/harmony/security/tests/java/security/
    incubator/harmony/enhanced/classlib/trunk/modules/security/src/test/api/java/org/apache/harmony/security/tests/java/security/cert/
    incubator/harmony/enhanced/classlib/trunk/modules/security/src/test/api/java/org/apache/harmony/security/tests/java/security/cert/CertificateFactoryTest.java
  (with props)
Modified:
    incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/asn1/BerInputStream.java
    incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/asn1/DerInputStream.java
    incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/pkcs7/SignedData.java
    incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/provider/cert/X509CertFactoryImpl.java
    incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/provider/cert/X509CertPathImpl.java

Modified: incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/asn1/BerInputStream.java
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/asn1/BerInputStream.java?rev=412002&r1=412001&r2=412002&view=diff
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/asn1/BerInputStream.java
(original)
+++ incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/asn1/BerInputStream.java
Mon Jun  5 21:49:57 2006
@@ -185,7 +185,7 @@
      * @return next decoded tag
      * @throws IOException - if error occured
      */
-    protected int next() throws IOException {
+    public int next() throws IOException {
 
         tagOffset = offset;
 

Modified: incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/asn1/DerInputStream.java
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/asn1/DerInputStream.java?rev=412002&r1=412001&r2=412002&view=diff
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/asn1/DerInputStream.java
(original)
+++ incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/asn1/DerInputStream.java
Mon Jun  5 21:49:57 2006
@@ -48,7 +48,7 @@
     /**
      * @see org.apache.harmony.security.asn1.BerInputStream#next()
      */
-    protected final int next() throws IOException {
+    public final int next() throws IOException {
 
         int tag = super.next();
 

Modified: incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/pkcs7/SignedData.java
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/pkcs7/SignedData.java?rev=412002&r1=412001&r2=412002&view=diff
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/pkcs7/SignedData.java
(original)
+++ incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/pkcs7/SignedData.java
Mon Jun  5 21:49:57 2006
@@ -31,6 +31,7 @@
 import org.apache.harmony.security.asn1.BerInputStream;
 import org.apache.harmony.security.x509.AlgorithmIdentifier;
 import org.apache.harmony.security.x509.Certificate;
+import org.apache.harmony.security.x509.CertificateList;
 
 
 /**
@@ -73,6 +74,10 @@
         return certificates;
     }
 
+    public List getCRLs() {
+        return crls;
+    }
+
     public List getSignerInfos() {
         return signerInfos;
     }
@@ -105,7 +110,7 @@
             new ASN1SetOf(AlgorithmIdentifier.ASN1),
             ContentInfo.ASN1,
             new ASN1Implicit(0, new ASN1SetOf(Certificate.ASN1)),
-            new ASN1Implicit(1, new ASN1SetOf(ASN1Any.getInstance())),
+            new ASN1Implicit(1, new ASN1SetOf(CertificateList.ASN1)),
             new ASN1SetOf(SignerInfo.ASN1) 
 			}) {
         {
@@ -113,6 +118,16 @@
             setOptional(4); // crls is optional
         }
 
+        protected void getValues(Object object, Object[] values) {
+            SignedData sd = (SignedData) object;
+            values[0] = new byte[] {(byte)sd.version};
+            values[1] = sd.digestAlgorithms;
+            values[2] = sd.contentInfo;
+            values[3] = sd.certificates;
+            values[4] = sd.crls;
+            values[5] = sd.signerInfos;
+        }
+
         protected Object getDecodedObject(BerInputStream in) {
             Object[] values = (Object[]) in.content;
             return new SignedData(
@@ -126,4 +141,4 @@
         }
     };
 
-}
\ No newline at end of file
+}

Modified: incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/provider/cert/X509CertFactoryImpl.java
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/provider/cert/X509CertFactoryImpl.java?rev=412002&r1=412001&r2=412002&view=diff
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/provider/cert/X509CertFactoryImpl.java
(original)
+++ incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/provider/cert/X509CertFactoryImpl.java
Mon Jun  5 21:49:57 2006
@@ -37,7 +37,11 @@
 import java.util.List;
 
 import org.apache.harmony.luni.util.Base64;
+import org.apache.harmony.security.asn1.ASN1Constants;
 import org.apache.harmony.security.asn1.BerInputStream;
+import org.apache.harmony.security.pkcs7.ContentInfo;
+import org.apache.harmony.security.pkcs7.SignedData;
+import org.apache.harmony.security.x509.CertificateList;
 
 /**
  * X509 Certificate Factory Service Provider Interface Implementation.
@@ -95,64 +99,18 @@
             }
             // check whether the provided certificate is in PEM encoded form
             if ("-----BEGIN CERTIFICATE-----".equals(new String(buff, 0, 27))) {
-                // read PEM encoded form
-                int size = inStream.available();
-                if (size == 0) {
-                    size = 2048;
-                }
-                buff = new byte[size];
-                int index=0, ch;
-                // read the Base64 encoded certificate into the buffer
-                // expect "-----END CERTIFICATE-----" at the end
-                while ((ch = inStream.read()) != '-') {
-                    if (ch == -1) {
-                        throw new CertificateException(
-                                "Incorrect Base64 encoding: unexpected EOF.");
-                    }
-                    buff[index++] = (byte) ch;
-                    // enlarge the buffer if needed
-                    if (index == size) {
-                        byte[] newbuff = new byte[size+1024];
-                        System.arraycopy(buff, 0, newbuff, 0, size);
-                        buff = newbuff;
-                    }
-                }
-                byte[] tmp = new byte[25];
-                inStream.read(tmp);
-                // check the trailing sequence
-                if (!new String(tmp).startsWith("----END CERTIFICATE-----")) {
-                    throw new CertificateException(
-                    "Incorrect Base64 encoding: 'END CERTIFICATE' expected.");
-                }
-                // skip new line: set the position to the next certificate:
-                inStream.mark(1);
-                while (((ch = inStream.read()) != -1) 
-                        && (ch == '\n' || ch == '\r')) {
-                    inStream.mark(1);
-                }
-                inStream.reset();
-                // retrieve the ASN.1 DER encoded form
-                buff = Base64.decode(buff, index);
-                if (buff == null) {
-                    throw new CertificateException(
-                            "Incorrect Base64 encoding.");
-                }
-                // check whether certificate has already been generated and
-                // stored in the cache
-                long hash = CERT_CASHE.getHash(buff);
+                byte[] encoding = decodePEM(inStream, "CERTIFICATE");
+                
+                long hash = CERT_CASHE.getHash(encoding);
                 if (CERT_CASHE.contains(hash)) {
-                    // preliminary check is successful, do more accurate check
-                    Certificate res = (Certificate) CERT_CASHE.get(hash, buff);
+                    Certificate res = 
+                        (Certificate) CERT_CASHE.get(hash, encoding);
                     if (res != null) {
-                        // found in the cache
                         return res;
                     }
                 }
-                // there is no generated certificate in the cache,
-                // so generate it
-                Certificate res = new X509CertImpl(buff);
-                // put newly generated certificate in the cache
-                CERT_CASHE.put(hash, buff, res);
+                Certificate res = new X509CertImpl(encoding);
+                CERT_CASHE.put(hash, encoding, res);
                 return res;
             } else {
                 // read ASN.1 DER encoded form
@@ -207,13 +165,60 @@
                 // create the mark supporting wrapper
                 inStream = new RestoringInputStream(inStream);
             }
-            inStream.mark(1);
-            // until the end of the stream is not reached ..
-            while (inStream.read() != -1) {
+            boolean isPKCS7 = false;
+            boolean isPEM = false;
+            // check whether it is a PKCS7 structure
+            inStream.mark(33);
+            if (inStream.read() == '-') { // it is Base64 encoded form
+                // check the boundary delimiter
+                byte[] delimiter = new byte[20];
+                inStream.read(delimiter);
+                if (new String(delimiter).startsWith("----BEGIN PKCS7-----")) {
+                    // this is PEM encoded PKCS7 structure
+                    isPKCS7 = true;
+                    isPEM = true;
+                } else {
+                    inStream.reset();
+                }
+            } else {
+                // it is plain ASN.1 DER encoded form, 
+                // so reset the stream and check the structure
+                inStream.reset();
+                BerInputStream in = new BerInputStream(inStream);
+                if (in.next() == ASN1Constants.TAG_OID) { 
+                    // this is PKCS7 structure
+                    isPKCS7 = true;
+                }
                 inStream.reset();
-                // .. generate the certificate and add it to the resulting list
-                result.add(engineGenerateCertificate(inStream));
+            }
+            if (isPKCS7) {
+                ContentInfo info;
+                if (isPEM) {
+                    info = (ContentInfo) 
+                        ContentInfo.ASN1.decode(decodePEM(inStream, "PKCS7"));
+                } else {
+                    info = (ContentInfo) ContentInfo.ASN1.decode(inStream);
+                }
+                SignedData data = info.getSignedData();
+                if (data == null) {
+                    throw new CertificateException("Invalid PKCS7 data provided");
+                }
+                List certificates = data.getCertificates();
+                if (certificates != null) {
+                    for (int i = 0; i < certificates.size(); i++) {
+                        result.add(new X509CertImpl(
+                            (org.apache.harmony.security.x509.Certificate)
+                            certificates.get(i)));
+                    }
+                }
+                return result;
+            } else {
                 inStream.mark(1);
+                while (inStream.read() != -1) {
+                    inStream.reset();
+                    result.add(engineGenerateCertificate(inStream));
+                    inStream.mark(1);
+                }
             }
         } catch (IOException e) {
             throw new CertificateException(e);
@@ -243,52 +248,16 @@
             }
             // check whether the provided crl is in PEM encoded form
             if ("-----BEGIN X509 CRL-----".equals(new String(buff, 0, 24))) {
-                // read PEM encoded form
-                int size = inStream.available();
-                if (size == 0) {
-                    size = 1024;
-                }
-                buff = new byte[size];
-                int index=0, ch;
-                // read the Base64 encoded crl into the buffer
-                while ((ch = inStream.read()) != '-') {
-                    if (ch == -1) {
-                        throw new CRLException(
-                                "Incorrect Base64 encoding: unexpected EOF.");
-                    }
-                    buff[index++] = (byte) ch;
-                    // enlarge the buffer if needed
-                    if (index == size) {
-                        byte[] newbuff = new byte[size+1024];
-                        System.arraycopy(buff, 0, newbuff, 0, size);
-                        buff = newbuff;
-                    }
-                }
-                byte[] tmp = new byte[21];
-                inStream.read(tmp);
-                if (!new String(tmp).startsWith("----END X509 CRL-----")) {
-                    throw new CRLException(
-                    "Incorrect Base64 encoding: 'END X509 CRL' expected.");
-                }
-                // skip new line: set the position to the next certificate:
-                inStream.mark(1);
-                while (((ch = inStream.read()) != -1) && (ch == '\n' || ch == '\r'))
{
-                    inStream.mark(1);
-                }
-                inStream.reset();
-                buff = Base64.decode(buff, index);
-                if (buff == null) {
-                    throw new CRLException("Incorrect Base64 encoding.");
-                }
-                long hash = CRL_CASHE.getHash(buff);
+                byte[] encoding = decodePEM(inStream, "X509 CRL");
+                long hash = CRL_CASHE.getHash(encoding);
                 if (CRL_CASHE.contains(hash)) {
-                    X509CRL res = (X509CRL) CRL_CASHE.get(hash, buff);
+                    X509CRL res = (X509CRL) CRL_CASHE.get(hash, encoding);
                     if (res != null) {
                         return res;
                     }
                 }
-                X509CRL res = new X509CRLImpl(buff);
-                CRL_CASHE.put(hash, buff, res);
+                X509CRL res = new X509CRLImpl(encoding);
+                CRL_CASHE.put(hash, encoding, res);
                 return res;
             } else {
                 inStream.reset();
@@ -329,15 +298,63 @@
             if (!inStream.markSupported()) {
                 inStream = new RestoringInputStream(inStream);
             }
-            inStream.mark(1);
-            // FIXME: Check if it is a PKCS7 structure, if not, do following:
-            while (inStream.read() != -1) {
+            boolean isPKCS7 = false;
+            boolean isPEM = false;
+            // check whether it is a PKCS7 structure
+            inStream.mark(33);
+            if (inStream.read() == '-') { // it is Base64 encoded form
+                // check the boundary delimiter
+                byte[] delimiter = new byte[20];
+                inStream.read(delimiter);
+                if (new String(delimiter).startsWith("----BEGIN PKCS7-----")) {
+                    // this is PEM encoded PKCS7 structure
+                    isPKCS7 = true;
+                    isPEM = true;
+                } else {
+                    inStream.reset();
+                }
+            } else {
+                // it is plain ASN.1 DER encoded form, 
+                // so reset the stream and check the structure
                 inStream.reset();
-                result.add(engineGenerateCRL(inStream));
+                BerInputStream in = new BerInputStream(inStream);
+                if (in.next() == ASN1Constants.TAG_OID) { 
+                    // this is PKCS7 structure
+                    isPKCS7 = true;
+                }
+                inStream.reset();
+            }
+            if (isPKCS7) {
+                // decode ContentInfo structure
+                ContentInfo info;
+                if (isPEM) {
+                    info = (ContentInfo) 
+                        ContentInfo.ASN1.decode(decodePEM(inStream, "PKCS7"));
+                } else {
+                    info = (ContentInfo) ContentInfo.ASN1.decode(inStream);
+                }
+                // retrieve SignedData
+                SignedData data = info.getSignedData();
+                if (data == null) {
+                    throw new CRLException("Invalid PKCS7 data provided");
+                }
+                List crls = data.getCRLs();
+                if (crls != null) {
+                    for (int i = 0; i < crls.size(); i++) {
+                        result.add(new X509CRLImpl(
+                            (CertificateList) crls.get(i)));
+                    }
+                }
+                return result;
+            } else {
                 inStream.mark(1);
+                while (inStream.read() != -1) {
+                    inStream.reset();
+                    result.add(engineGenerateCRL(inStream));
+                    inStream.mark(1);
+                }
             }
         } catch (IOException e) {
-            e.printStackTrace();
             throw new CRLException(e);
         }
         return result;
@@ -378,6 +395,53 @@
         return X509CertPathImpl.encodings.iterator();
     }
 
+    // Method retirieves the PEM encoded data from the stream 
+    // and returns its decoded representation.
+    // It is supposed that the data is bounded by
+    // "-----END" + boundary_mark + "-----" at the end.
+    private byte[] decodePEM(InputStream inStream, String boundary_mark) 
+                                                        throws IOException {
+        int size = 1024; // the size of the buffer containing Base64 data
+        byte[] buff = new byte[size];
+        int index=0, ch;
+        // read bytes while boundary delimiter is not reached
+        while ((ch = inStream.read()) != '-') {
+            if (ch == -1) {
+                throw new IOException(
+                        "Incorrect Base64 encoding: unexpected EOF.");
+            }
+            buff[index++] = (byte) ch;
+            if (index == size) {
+                // enlarge the buffer
+                byte[] newbuff = new byte[size+1024];
+                System.arraycopy(buff, 0, newbuff, 0, size);
+                buff = newbuff;
+                size += 1024;
+            }
+        }
+        // Check the boundary delimiter 
+        // one '-' has been already read
+        String boundary_delimiter = "----END " + boundary_mark + "-----";
+        byte[] tmp = new byte[boundary_delimiter.length()];
+        inStream.read(tmp);
+        if (!new String(tmp).startsWith(boundary_delimiter)) {
+            throw new IOException(
+                "Incorrect Base64 encoding: boundary delimiter expected '"
+                + boundary_delimiter + "'");
+        }
+        // skip trailing line breaks
+        inStream.mark(1);
+        while (((ch = inStream.read()) != -1) && (ch == '\n' || ch == '\r')) {
+            inStream.mark(1);
+        }
+        inStream.reset();
+        buff = Base64.decode(buff, index);
+        if (buff == null) {
+            throw new IOException("Incorrect Base64 encoding.");
+        }
+        return buff;
+    };
+    
     /*
      * This class extends any existing input stream with
      * mark functionality. It acts as a wrapper over the

Modified: incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/provider/cert/X509CertPathImpl.java
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/provider/cert/X509CertPathImpl.java?rev=412002&r1=412001&r2=412002&view=diff
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/provider/cert/X509CertPathImpl.java
(original)
+++ incubator/harmony/enhanced/classlib/trunk/modules/security/src/main/java/common/org/apache/harmony/security/provider/cert/X509CertPathImpl.java
Mon Jun  5 21:49:57 2006
@@ -176,7 +176,11 @@
                     // empty chain of certificates
                     certs = new ArrayList();
                 }
-                return new X509CertPathImpl(certs, PKCS7, ci.getEncoded());
+                List result = new ArrayList();
+                for (int i=0; i<certs.size(); i++) {
+                    result.add(new X509CertImpl((Certificate) certs.get(i)));
+                }
+                return new X509CertPathImpl(result, PKCS7, ci.getEncoded());
             }
         } catch (IOException e) {
             throw new CertificateException("Incorrect encoded form: "
@@ -229,7 +233,11 @@
                 if (certs == null) {
                     certs = new ArrayList();
                 }
-                return new X509CertPathImpl(certs, PKCS7, ci.getEncoded());
+                List result = new ArrayList();
+                for (int i=0; i<certs.size(); i++) {
+                    result.add(new X509CertImpl((Certificate) certs.get(i)));
+                }
+                return new X509CertPathImpl(result, PKCS7, ci.getEncoded());
             }
         } catch (IOException e) {
             throw new CertificateException("Incorrect encoded form: "

Added: incubator/harmony/enhanced/classlib/trunk/modules/security/src/test/api/java/org/apache/harmony/security/tests/java/security/cert/CertificateFactoryTest.java
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/modules/security/src/test/api/java/org/apache/harmony/security/tests/java/security/cert/CertificateFactoryTest.java?rev=412002&view=auto
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/security/src/test/api/java/org/apache/harmony/security/tests/java/security/cert/CertificateFactoryTest.java
(added)
+++ incubator/harmony/enhanced/classlib/trunk/modules/security/src/test/api/java/org/apache/harmony/security/tests/java/security/cert/CertificateFactoryTest.java
Mon Jun  5 21:49:57 2006
@@ -0,0 +1,222 @@
+/*
+ *  Copyright 2006 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+ * @author Alexander Y. Kleymenov
+ * @version $Revision$
+ */
+
+package org.apache.harmony.security.tests.java.security.cert;
+
+import java.io.ByteArrayInputStream;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509CRL;
+import java.security.cert.X509Certificate;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.Collection;
+import java.util.Iterator;
+import org.apache.harmony.luni.util.Base64;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * X.509 CertificateFactory provider implementation test.<br>
+ * See RFC 3280 (http://www.ietf.org/rfc/rfc3280.txt) for
+ * more information on X.509, and
+ * http://www.rsasecurity.com/rsalabs/node.asp?id=2129
+ * for more information on PKCS #7.
+ * The testing data was generated by use of classes from
+ * org.apache.harmony.security.x509 package.
+ */
+public class CertificateFactoryTest extends TestCase {
+
+    /**
+     * Base64 encoded PKCS7 SignedObject containing two X.509 CRLs.
+     */
+    private static String pkcs7so =
+          "MIIHBQYJKoZIhvcNAQcCoIIG9jCCBvICAQExADALBgkqhkiG9w0BBwGg"
+        + "ggUkMIICjjCCAk6gAwIBAgICAiswCQYHKoZIzjgEAzAdMRswGQYDVQQK"
+        + "ExJDZXJ0aWZpY2F0ZSBJc3N1ZXIwHhcNMDYwNTE4MDUxMzQzWhcNMzMx"
+        + "MDA3MDQxNzM5WjAdMRswGQYDVQQKExJDZXJ0aWZpY2F0ZSBJc3N1ZXIw"
+        + "ggG4MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YR"
+        + "t1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv"
+        + "8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7D"
+        + "AjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi"
+        + "64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeC"
+        + "Z1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjg"
+        + "o64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8Gkotm"
+        + "XoB7VSVkAUw7/s9JKgOBhQACgYEA8EFZqbP1i1VG045DPX+glAxnOs3C"
+        + "PKiX9vnqWbDh4EVANHgCq9fwsuFModO1OTc0tA7CY386PJKGppcELlva"
+        + "foPw6Qsp59980E7mwa6deTmdwdjXH9uP7/niZ4hVA+xHiFXl4oJeroq/"
+        + "/pcNOCjo7ZujYc954kDiyUsGBsP0uaejHjAcMBoGA1UdEQEB/wQQMA6B"
+        + "DHJmY0A4MjIuTmFtZTAJBgcqhkjOOAQDAy8AMCwCFB5XdhSOXmUNJfRL"
+        + "l5gYDo4XsZeJAhR6Yueam/MwyEcA8/SG1Xr1/WJnlDCCAo4wggJOoAMC"
+        + "AQICAgIrMAkGByqGSM44BAMwHTEbMBkGA1UEChMSQ2VydGlmaWNhdGUg"
+        + "SXNzdWVyMB4XDTA2MDUxODA1MTM0M1oXDTMzMTAwNzA0MTczOVowHTEb"
+        + "MBkGA1UEChMSQ2VydGlmaWNhdGUgSXNzdWVyMIIBuDCCASwGByqGSM44"
+        + "BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZp"
+        + "RV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7"
+        + "ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith"
+        + "1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+Gg"
+        + "hdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCB"
+        + "gLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/oh"
+        + "NWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoD"
+        + "gYUAAoGBAPBBWamz9YtVRtOOQz1/oJQMZzrNwjyol/b56lmw4eBFQDR4"
+        + "AqvX8LLhTKHTtTk3NLQOwmN/OjyShqaXBC5b2n6D8OkLKefffNBO5sGu"
+        + "nXk5ncHY1x/bj+/54meIVQPsR4hV5eKCXq6Kv/6XDTgo6O2bo2HPeeJA"
+        + "4slLBgbD9Lmnox4wHDAaBgNVHREBAf8EEDAOgQxyZmNAODIyLk5hbWUw"
+        + "CQYHKoZIzjgEAwMvADAsAhQeV3YUjl5lDSX0S5eYGA6OF7GXiQIUemLn"
+        + "mpvzMMhHAPP0htV69f1iZ5ShggGyMIHWMIGWAgEBMAkGByqGSM44BAMw"
+        + "FTETMBEGA1UEChMKQ1JMIElzc3VlchcNMDYwNTE4MDUxMzQ0WhcNMDYw"
+        + "NTE4MDUxNTI0WjBAMD4CAgIrFw0wNjA1MTgwNTEzNDVaMCkwCgYDVR0V"
+        + "BAMKAQEwGwYDVR0YBBQYEjIwMDYwNTE4MDUxMzQ0Ljg5WqAPMA0wCwYD"
+        + "VR0UBAQCAhFcMAkGByqGSM44BAMDMAAwLQIVAIkFZCysgzWYGxIXf+pc"
+        + "jMDniwHyAhQfeuU5AQucvJKodpN+yfbQRoFEHTCB1jCBlgIBATAJBgcq"
+        + "hkjOOAQDMBUxEzARBgNVBAoTCkNSTCBJc3N1ZXIXDTA2MDUxODA1MTM0"
+        + "NFoXDTA2MDUxODA1MTUyNFowQDA+AgICKxcNMDYwNTE4MDUxMzQ1WjAp"
+        + "MAoGA1UdFQQDCgEBMBsGA1UdGAQUGBIyMDA2MDUxODA1MTM0NC44OVqg"
+        + "DzANMAsGA1UdFAQEAgIRXDAJBgcqhkjOOAQDAzAAMC0CFQCJBWQsrIM1"
+        + "mBsSF3/qXIzA54sB8gIUH3rlOQELnLySqHaTfsn20EaBRB0xAA==";
+
+    /**
+     * Base64 encoded Public Key for signature verification.
+     * Key corresponds to the CRLs and Certificates in PKCS7 SignedObject.
+     */
+    private static String b64PublicKeySpec =
+          "MIIBuDCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2"
+        + "EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00"
+        + "b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208Ue"
+        + "wwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmC"
+        + "ouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0H"
+        + "gmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o"
+        + "4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKL"
+        + "Zl6Ae1UlZAFMO/7PSSoDgYUAAoGBAPBBWamz9YtVRtOOQz1/oJQMZzrN"
+        + "wjyol/b56lmw4eBFQDR4AqvX8LLhTKHTtTk3NLQOwmN/OjyShqaXBC5b"
+        + "2n6D8OkLKefffNBO5sGunXk5ncHY1x/bj+/54meIVQPsR4hV5eKCXq6K"
+        + "v/6XDTgo6O2bo2HPeeJA4slLBgbD9Lmn";
+
+    /**
+     * The name of the algorithm used for Certificate/CRL signing.
+     */
+    private static String publicKeyAlgorithm = "DSA";
+
+    /**
+     * The public key to verify generated Certificates and CRLs.
+     */
+    private static PublicKey publicKey;
+
+    static {
+        try {
+            X509EncodedKeySpec publicKeySpec =
+                new X509EncodedKeySpec(
+                        Base64.decode(b64PublicKeySpec.getBytes()));
+            KeyFactory keyFactory =
+                KeyFactory.getInstance(publicKeyAlgorithm);
+            publicKey = keyFactory.generatePublic(publicKeySpec);
+        } catch (NoSuchAlgorithmException e) {
+            // provider is not installed, will not verify the generated data
+            publicKey = null;
+        } catch (Exception e) {
+            // problems with a representation of the key
+            e.printStackTrace();
+            publicKey = null;
+        }
+    }
+
+    /**
+     * generateCRLs method testing.
+     */
+    public void testGenerateCRLs() throws Exception {
+        CertificateFactory factory = CertificateFactory.getInstance("X.509");
+
+        // Testing the CRLs generation on the base of PKCS7 SignedData object
+        ByteArrayInputStream bais = new ByteArrayInputStream(
+                Base64.decode(pkcs7so.getBytes()));
+
+        Collection crls = factory.generateCRLs(bais);
+        assertNotNull("Factory returned null on correct PKCS7 data", crls);
+        assertEquals("The size of collection differs from expected",
+                2, crls.size());
+
+        if (publicKey != null) {
+            // verify the signatures
+            for (Iterator i = crls.iterator(); i.hasNext();) {
+                ((X509CRL) i.next()).verify(publicKey);
+            }
+        }
+    }
+
+    /**
+     * generateCertificates method testing.
+     */
+    public void testGenerateCertificates() throws Exception {
+        CertificateFactory factory = CertificateFactory.getInstance("X.509");
+
+        // Testing the Certificates generation
+        // on the base of PKCS7 SignedData object
+        ByteArrayInputStream bais = new ByteArrayInputStream(
+                Base64.decode(pkcs7so.getBytes()));
+
+        Collection certs = factory.generateCertificates(bais);
+        assertNotNull("Factory returned null on correct PKCS7 data", certs);
+        assertEquals("The size of collection differs from expected",
+                2, certs.size());
+
+        if (publicKey != null) {
+            // verify the signatures
+            for (Iterator i = certs.iterator(); i.hasNext();) {
+                ((X509Certificate) i.next()).verify(publicKey);
+            }
+        }
+    }
+
+    /**
+     * generateCertificates method testing.
+     */
+    public void testGenerateCertPath() throws Exception {
+        CertificateFactory factory = CertificateFactory.getInstance("X.509");
+
+        // Testing the CertPath generation
+        // on the base of PKCS7 SignedData object
+        ByteArrayInputStream bais = new ByteArrayInputStream(
+                Base64.decode(pkcs7so.getBytes()));
+
+        Collection certPath =
+            factory.generateCertPath(bais, "PKCS7").getCertificates();
+        assertEquals("The size of collection differs from expected",
+                2, certPath.size());
+
+        if (publicKey != null) {
+            // verify the signatures
+            for (Iterator i = certPath.iterator(); i.hasNext();) {
+                ((X509Certificate) i.next()).verify(publicKey);
+            }
+        }
+    }
+
+    public static Test suite() {
+        return new TestSuite(CertificateFactoryTest.class);
+    }
+
+    public static void main(String[] args) {
+        junit.textui.TestRunner.run(suite());
+    }
+}

Propchange: incubator/harmony/enhanced/classlib/trunk/modules/security/src/test/api/java/org/apache/harmony/security/tests/java/security/cert/CertificateFactoryTest.java
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message