| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| /** |
| * @author Alexander Y. Kleymenov |
| */ |
| |
| package org.apache.harmony.security.tests.x509; |
| |
| |
| import java.io.ByteArrayInputStream; |
| import java.io.IOException; |
| import java.math.BigInteger; |
| import java.security.cert.CertificateFactory; |
| import java.security.cert.X509CRL; |
| import java.security.cert.X509CRLEntry; |
| import java.util.Arrays; |
| import java.util.Date; |
| import java.util.List; |
| import java.util.Set; |
| |
| import junit.framework.Test; |
| import junit.framework.TestCase; |
| import junit.framework.TestSuite; |
| |
| import org.apache.harmony.security.asn1.ASN1GeneralizedTime; |
| import org.apache.harmony.security.asn1.ASN1Integer; |
| import org.apache.harmony.security.x501.Name; |
| import org.apache.harmony.security.x509.AlgorithmIdentifier; |
| import org.apache.harmony.security.x509.CertificateList; |
| import org.apache.harmony.security.x509.Extension; |
| import org.apache.harmony.security.x509.Extensions; |
| import org.apache.harmony.security.x509.GeneralName; |
| import org.apache.harmony.security.x509.GeneralNames; |
| import org.apache.harmony.security.x509.TBSCertList; |
| |
| /** |
| * CertificateListTest |
| */ |
| public class CertificateListTest extends TestCase { |
| |
| // OID was taken from http://oid.elibel.tm.fr |
| private static String algOID = "1.2.840.10040.4.3"; |
| //private static String algName = "SHA1withDSA"; |
| private static byte[] algParams = { 1, 1, 0 }; // DER boolean false encoding |
| private static AlgorithmIdentifier signature; |
| private static byte[] signatureValue = new byte[10]; |
| |
| static { |
| signature = new AlgorithmIdentifier(algOID, algParams); |
| } |
| |
| private static String issuerName = "O=Certificate Issuer"; |
| private static Date thisUpdate = new Date(); |
| private static Date nextUpdate; |
| |
| static { |
| nextUpdate = new Date(thisUpdate.getTime() + 100000); |
| } |
| |
| private static Extension crlEntryExtension; |
| |
| static { |
| // Invalidity Date Extension (rfc 3280) |
| crlEntryExtension = new Extension("2.5.29.24", |
| ASN1GeneralizedTime.getInstance().encode(new Date())); |
| } |
| |
| private static Extensions crlEntryExtensions = new Extensions(); |
| |
| static { |
| //* |
| crlEntryExtensions.addExtension(crlEntryExtension); |
| // add the Certificate Issuer Extension to check if implementation |
| // support indirect CRLs. As says rfc 3280 (p.62): |
| // "If used by conforming CRL issuers, this extension MUST always be |
| // critical. If an implementation ignored this extension it could not |
| // correctly attribute CRL entries to certificates. This specification |
| // RECOMMENDS that implementations recognize this extension." |
| try { |
| crlEntryExtensions.addExtension( |
| new Extension("2.5.29.29", true, |
| //* |
| //ASN1OctetString.getInstance().encode( |
| GeneralNames.ASN1.encode( |
| new GeneralNames(Arrays.asList( |
| new GeneralName[] { |
| new GeneralName(new Name("O=Cert Organization"))//new GeneralName(4, "O=Organization") |
| }) |
| ) |
| ) |
| //) |
| //*/ |
| ) |
| ); |
| } catch (Exception e) { |
| e.printStackTrace(); |
| } |
| //*/ |
| } |
| |
| private static Date revocationDate = new Date(); |
| private static List revokedCertificates = Arrays.asList( |
| new TBSCertList.RevokedCertificate[] { |
| new TBSCertList.RevokedCertificate(BigInteger.valueOf(555), |
| revocationDate, null),//crlEntryExtensions), |
| new TBSCertList.RevokedCertificate(BigInteger.valueOf(666), |
| revocationDate, crlEntryExtensions), |
| new TBSCertList.RevokedCertificate(BigInteger.valueOf(777), |
| revocationDate, null),//crlEntryExtensions) |
| }); |
| private static Extensions crlExtensions = new Extensions( |
| Arrays.asList(new Extension[] { |
| new Extension("2.5.29.20", // CRL Number Extension (rfc 3280) |
| ASN1Integer.getInstance().encode( |
| BigInteger.valueOf(4444).toByteArray())), |
| })); |
| |
| private CertificateList certificateList; |
| private TBSCertList tbscertlist; |
| private byte[] encoding; |
| |
| protected void setUp() throws java.lang.Exception { |
| try { |
| Name issuer = new Name(issuerName); |
| |
| tbscertlist = |
| new TBSCertList(2, signature, issuer, thisUpdate, |
| nextUpdate, revokedCertificates, crlExtensions); |
| |
| certificateList = |
| new CertificateList(tbscertlist, signature, signatureValue); |
| |
| encoding = CertificateList.ASN1.encode(certificateList); |
| |
| certificateList = (CertificateList) |
| CertificateList.ASN1.decode(encoding); |
| |
| } catch (IOException e) { |
| e.printStackTrace(); |
| fail("Unexpected IOException was thrown: " + e.getMessage()); |
| } |
| } |
| |
| |
| /** |
| * CertificateList(TBSCertList tbsCertList, AlgorithmIdentifier |
| * signatureAlgorithm, byte[] signatureValue) method testing. |
| */ |
| public void testCertificateList() { |
| try { |
| AlgorithmIdentifier signature = |
| new AlgorithmIdentifier(algOID, algParams); |
| Name issuer = new Name(issuerName); |
| TBSCertList tbscl = |
| new TBSCertList(signature, issuer, thisUpdate); |
| CertificateList cl = |
| new CertificateList(tbscl, signature, new byte[] { 0 }); |
| |
| byte[] encoding = CertificateList.ASN1.encode(cl); |
| CertificateList.ASN1.decode(encoding); |
| |
| tbscl = new TBSCertList(2, signature, issuer, thisUpdate, |
| nextUpdate, revokedCertificates, crlExtensions); |
| |
| cl = new CertificateList(tbscl, signature, new byte[] { 0 }); |
| |
| encoding = CertificateList.ASN1.encode(cl); |
| CertificateList.ASN1.decode(encoding); |
| |
| } catch (IOException e) { |
| e.printStackTrace(); |
| fail("Unexpected IOException was thrown: " + e.getMessage()); |
| } |
| } |
| |
| /** |
| * getTbsCertList() method testing. |
| */ |
| public void testGetTbsCertList() { |
| assertTrue("Returned tbsCertList value is incorrect", |
| tbscertlist.equals(certificateList.getTbsCertList())); |
| } |
| |
| /** |
| * getSignatureAlgorithm() method testing. |
| */ |
| public void testGetSignatureAlgorithm() { |
| assertTrue("Returned signatureAlgorithm value is incorrect", |
| signature.equals(certificateList.getSignatureAlgorithm())); |
| } |
| |
| /** |
| * getSignatureValue() method testing. |
| */ |
| public void testGetSignatureValue() { |
| assertTrue("Returned signatureAlgorithm value is incorrect", |
| Arrays.equals(signatureValue, certificateList.getSignatureValue())); |
| } |
| |
| public void testSupportIndirectCRLs() throws Exception { |
| X509CRL crl = (X509CRL) |
| CertificateFactory.getInstance("X.509").generateCRL( |
| new ByteArrayInputStream(encoding)); |
| Set rcerts = crl.getRevokedCertificates(); |
| System.out.println(">> rcerts:" + rcerts); |
| |
| System.out.println("}>> " + rcerts.toArray()[0]); |
| System.out.println("}>> " + ((X509CRLEntry) rcerts.toArray()[0]).getCertificateIssuer()); |
| System.out.println("}>> " + ((X509CRLEntry) rcerts.toArray()[1]).getCertificateIssuer()); |
| System.out.println("}>> " + ((X509CRLEntry) rcerts.toArray()[2]).getCertificateIssuer()); |
| System.out.println(">> " + crl.getRevokedCertificate( |
| BigInteger.valueOf(555)).getCertificateIssuer()); |
| } |
| |
| public static Test suite() { |
| return new TestSuite(CertificateListTest.class); |
| } |
| |
| } |