| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| /** |
| * @author Vladimir N. Molotkov |
| */ |
| |
| package org.apache.harmony.security.tests.java.security.cert; |
| |
| import java.security.KeyStore; |
| import java.security.KeyStoreException; |
| import java.security.PublicKey; |
| import java.security.cert.TrustAnchor; |
| import java.security.cert.X509Certificate; |
| import java.security.spec.InvalidKeySpecException; |
| import java.util.Arrays; |
| |
| import javax.security.auth.x500.X500Principal; |
| |
| import org.apache.harmony.security.tests.support.TestKeyPair; |
| import org.apache.harmony.security.tests.support.cert.TestUtils; |
| |
| import junit.framework.TestCase; |
| |
| /** |
| * Unit tests for <code>TrustAnchor</code> |
| */ |
| public class TrustAnchor_ImplTest extends TestCase { |
| private static final String keyAlg = "DSA"; |
| // Sample of some valid CA name |
| private static final String validCaNameRfc2253 = |
| "CN=Test CA," + |
| "OU=Testing Division," + |
| "O=Test It All," + |
| "L=Test Town," + |
| "ST=Testifornia," + |
| "C=Testland"; |
| |
| /** |
| * Test #1 for <code>TrustAnchor(X509Certificate, byte[])</code> constructor<br> |
| * Assertion: creates <code>TrustAnchor</code> instance<br> |
| * Test preconditions: valid parameters passed<br> |
| * Expected: must pass without any exceptions |
| */ |
| public final void testTrustAnchorX509CertificatebyteArray01() |
| throws KeyStoreException { |
| KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); |
| if (ks == null) { |
| fail(getName() + ": not performed (could not create test KeyStore)"); |
| } |
| |
| String certAlias = "testca1"; |
| // sub testcase 1 |
| new TrustAnchor( |
| (X509Certificate) ks.getCertificate(certAlias), |
| getFullEncoding()); |
| // sub testcase 2 |
| new TrustAnchor( |
| (X509Certificate) ks.getCertificate(certAlias), |
| getEncodingPSOnly()); |
| // sub testcase 3 |
| new TrustAnchor( |
| (X509Certificate) ks.getCertificate(certAlias), |
| getEncodingESOnly()); |
| // sub testcase 4 |
| new TrustAnchor( |
| (X509Certificate) ks.getCertificate(certAlias), |
| getEncodingNoMinMax()); |
| } |
| |
| /** |
| * Test #2 for <code>TrustAnchor(X509Certificate, byte[])</code> constructor<br> |
| * Assertion: creates <code>TrustAnchor</code> instance<br> |
| * Test preconditions: <code>null</code> as nameConstraints passed<br> |
| * Expected: must pass without any exceptions |
| */ |
| public final void testTrustAnchorX509CertificatebyteArray02() |
| throws KeyStoreException { |
| KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); |
| if (ks == null) { |
| fail(getName() + ": not performed (could not create test KeyStore)"); |
| } |
| |
| String certAlias = "testca1"; |
| new TrustAnchor( |
| (X509Certificate) ks.getCertificate(certAlias), |
| null); |
| } |
| |
| /** |
| * Test #3 for <code>TrustAnchor(X509Certificate, byte[])</code> constructor<br> |
| * Assertion: nameConstraints cloned by the constructor<br> |
| * Test preconditions: modify passed nameConstraints<br> |
| * Expected: modification must not change object internal state |
| */ |
| public final void testTrustAnchorX509CertificatebyteArray03() |
| throws KeyStoreException { |
| KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); |
| if (ks == null) { |
| fail(getName() + ": not performed (could not create test KeyStore)"); |
| } |
| |
| String certAlias = "testca1"; |
| byte[] nc = getEncodingPSOnly(); |
| byte[] ncCopy = nc.clone(); |
| // sub testcase 5 - nameConstraints can be null |
| TrustAnchor ta = new TrustAnchor( |
| (X509Certificate) ks.getCertificate(certAlias), |
| ncCopy); |
| // modify |
| ncCopy[0] = (byte) 0; |
| // check that above modification did not change |
| // object internal state |
| assertTrue(Arrays.equals(nc, ta.getNameConstraints())); |
| } |
| |
| /** |
| * Test #4 for <code>TrustAnchor(X509Certificate, byte[])</code> constructor<br> |
| * Assertion: <code>NullPointerException</code> if <code>X509Certificate</code> |
| * parameter is <code>null</code><br> |
| * Test preconditions: pass <code>null</code> as <code>X509Certificate</code><br> |
| * Expected: NullPointerException |
| */ |
| public final void testTrustAnchorX509CertificatebyteArray04() |
| throws KeyStoreException { |
| KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); |
| if (ks == null) { |
| fail(getName() + ": not performed (could not create test KeyStore)"); |
| } |
| |
| try { |
| new TrustAnchor(null, getFullEncoding()); |
| fail("NullPointerException has not been thrown"); |
| } catch (NullPointerException ok) { |
| } |
| } |
| |
| /** |
| * Test #5 for <code>TrustAnchor(X509Certificate, byte[])</code> constructor<br> |
| * Assertion: <code>IllegalArgumentException</code> if nameConstraints |
| * parameter can not be decoded<br> |
| * Test preconditions: pass invalid nameConstraints encoding<br> |
| * Expected: IllegalArgumentException |
| */ |
| public final void testTrustAnchorX509CertificatebyteArray05() |
| throws KeyStoreException { |
| KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); |
| if (ks == null) { |
| fail(getName() + ": not performed (could not create test KeyStore)"); |
| } |
| |
| String certAlias = "testca1"; |
| |
| // sub testcase 1: |
| byte[] nameConstraints = getFullEncoding(); |
| // corrupt encoding: |
| // set wrong root seq length |
| nameConstraints[2] = (byte) 0x8d; |
| try { |
| new TrustAnchor( |
| (X509Certificate) ks.getCertificate(certAlias), |
| nameConstraints); |
| fail("IllegalArgumentException has not been thrown"); |
| } catch (IllegalArgumentException ok) { |
| } |
| |
| // sub testcase 2: |
| nameConstraints = getFullEncoding(); |
| // corrupt encoding: |
| // set wrong root seq length |
| nameConstraints[2] = (byte) 0x8b; |
| try { |
| new TrustAnchor( |
| (X509Certificate) ks.getCertificate(certAlias), |
| nameConstraints); |
| fail("IllegalArgumentException has not been thrown"); |
| } catch (IllegalArgumentException ok) { |
| } |
| |
| // sub testcase 3: |
| nameConstraints = getFullEncoding(); |
| // corrupt encoding: |
| // remove right class from seq tag |
| nameConstraints[3] &= (byte) 0x3f; |
| try { |
| new TrustAnchor( |
| (X509Certificate) ks.getCertificate(certAlias), |
| nameConstraints); |
| fail("IllegalArgumentException has not been thrown"); |
| } catch (IllegalArgumentException ok) { |
| } |
| |
| // sub testcase 4: |
| nameConstraints = getEncodingESOnly(); |
| // corrupt encoding: |
| // set wrong tagged value (excludedSubtrees SEQ OF) tag [2] |
| nameConstraints[2] = (byte) 0xa2; |
| try { |
| new TrustAnchor( |
| (X509Certificate) ks.getCertificate(certAlias), |
| nameConstraints); |
| fail("IllegalArgumentException has not been thrown"); |
| } catch (IllegalArgumentException ok) { |
| } |
| |
| // sub testcase 5: |
| nameConstraints = getEncodingESOnly(); |
| // corrupt encoding: |
| // remove CONSTRUCTED flag from tagged value (excludedSubtrees SEQ OF) tag |
| nameConstraints[2] &= (byte) 0xdf; |
| try { |
| new TrustAnchor( |
| (X509Certificate) ks.getCertificate(certAlias), |
| nameConstraints); |
| fail("IllegalArgumentException has not been thrown"); |
| } catch (IllegalArgumentException ok) { |
| } |
| |
| // sub testcase 6: |
| nameConstraints = getEncodingESOnly(); |
| // corrupt encoding: |
| // set CONSTRUCTED flag for PROMITIVE tagged value tag |
| // (generalSubtree's 'base' as IA5String) |
| nameConstraints[5] |= (byte) 0x20; |
| try { |
| new TrustAnchor( |
| (X509Certificate) ks.getCertificate(certAlias), |
| nameConstraints); |
| fail("IllegalArgumentException has not been thrown"); |
| } catch (IllegalArgumentException ok) { |
| } |
| |
| // sub testcase 7: |
| nameConstraints = getEncodingESOnly(); |
| // corrupt encoding: |
| // remove scheme from URI |
| // (generalSubtree's 'base' as IA5String (uniformResourceIdentifier)) |
| nameConstraints[12] = nameConstraints[13] = nameConstraints[14] = |
| (byte) 0x6f; |
| try { |
| new TrustAnchor( |
| (X509Certificate) ks.getCertificate(certAlias), |
| nameConstraints); |
| fail("IllegalArgumentException has not been thrown"); |
| } catch (IllegalArgumentException ok) { |
| } |
| } |
| |
| /** |
| * Test #6 for <code>TrustAnchor(X509Certificate, byte[])</code> constructor<br> |
| * Assertion: creates <code>TrustAnchor</code> instance<br> |
| * Test preconditions: valid parameters passed (base as OID)<br> |
| * Expected: must pass without any exceptions |
| */ |
| public final void testTrustAnchorX509CertificatebyteArray06() |
| throws KeyStoreException { |
| KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); |
| if (ks == null) { |
| fail(getName() + ": not performed (could not create test KeyStore)"); |
| } |
| |
| String certAlias = "testca1"; |
| byte[] nameConstraints = getEncodingOid(); |
| new TrustAnchor( |
| (X509Certificate) ks.getCertificate(certAlias), |
| nameConstraints); |
| } |
| |
| /** |
| * Test #7 for <code>TrustAnchor(X509Certificate, byte[])</code> constructor<br> |
| * Assertion: <code>IllegalArgumentException</code> if nameConstraints |
| * parameter can not be decoded<br> |
| * Test preconditions: pass invalid nameConstraints (OID) encoding<br> |
| * Expected: IllegalArgumentException |
| */ |
| public final void testTrustAnchorX509CertificatebyteArray07() |
| throws KeyStoreException { |
| KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); |
| if (ks == null) { |
| fail(getName() + ": not performed (could not create test KeyStore)"); |
| } |
| |
| String certAlias = "testca1"; |
| byte[] nameConstraints = getEncodingOid(); |
| //corrupt Oid |
| nameConstraints[10] = (byte) 0xFF; |
| try { |
| new TrustAnchor( |
| (X509Certificate) ks.getCertificate(certAlias), |
| nameConstraints); |
| fail("IllegalArgumentException has not been thrown"); |
| } catch (IllegalArgumentException ok) { |
| } |
| } |
| |
| /** |
| * Test #8 for <code>TrustAnchor(X509Certificate, byte[])</code> constructor<br> |
| * Assertion: <code>IllegalArgumentException</code> if nameConstraints |
| * parameter can not be decoded<br> |
| * Test preconditions: pass invalid nameConstraints encodings<br> |
| * Expected: IllegalArgumentException |
| */ |
| public final void testTrustAnchorX509CertificatebyteArray08() |
| throws KeyStoreException { |
| KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); |
| if (ks == null) { |
| fail(getName() + ": not performed (could not create test KeyStore)"); |
| } |
| |
| String certAlias = "testca1"; |
| // GeneralName tags for this test (1,2 and 3 are omitted) |
| byte[] generalNameTag = new byte[] { |
| (byte) 0xa0, (byte) 0xa4, (byte) 0xa5, |
| (byte) 0x86, (byte) 0x87, (byte) 0x88 |
| }; |
| // wrong (for above tags) nameConstraints encoding |
| byte[] wrongEncoding = new byte[] { |
| (byte) 0x30, (byte) 0x0c, // sequence + length |
| (byte) 0xa1, (byte) 0x0a, // excluded subtrees, tag, len |
| (byte) 0x30, (byte) 0x08, // sequence of, tag, len |
| (byte) 0xa0, // element 6 - tag identifying GeneralName choice |
| (byte) 0x03, // GeneralName length |
| (byte) 0x01, (byte) 0x01, (byte) 0xff, // wrong GeneralName for any choice |
| (byte) 0x80, (byte) 0x01, (byte) 0x00 // minimum |
| }; |
| for (int i = 0; i < generalNameTag.length; i++) { |
| wrongEncoding[6] = generalNameTag[i]; |
| try { |
| new TrustAnchor( |
| (X509Certificate) ks.getCertificate(certAlias), |
| wrongEncoding); |
| fail("IllegalArgumentException has not been thrown for tag " + |
| (generalNameTag[i] & 0xff)); |
| } catch (IllegalArgumentException ok) { |
| } |
| } |
| } |
| |
| /** |
| * Test #9 for <code>TrustAnchor(X509Certificate, byte[])</code> constructor<br> |
| * Assertion: <code>IllegalArgumentException</code> if nameConstraints |
| * parameter can not be decoded<br> |
| * Test preconditions: pass valid and then invalid nameConstraints encodings |
| * (GeneralName choice is [0] OtherName)<br> |
| * Expected: no exception for valid encoding and IllegalArgumentException for invalid |
| * |
| * @throws KeyStoreException |
| */ |
| public final void testTrustAnchorX509CertificatebyteArray09() |
| throws KeyStoreException { |
| KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); |
| if (ks == null) { |
| fail(getName() + ": not performed (could not create test KeyStore)"); |
| } |
| |
| String certAlias = "testca1"; |
| byte[] encoding = new byte[] { |
| (byte) 0x30, (byte) 0x13, (byte) 0xa1, (byte) 0x11, |
| (byte) 0x30, (byte) 0x0f, (byte) 0xa0, (byte) 0x0a, |
| (byte) 0x06, (byte) 0x03, (byte) 0x00, (byte) 0x01, (byte) 0x02, |
| (byte) 0xA0, (byte) 0x03, 1, 1, (byte) 0xff, |
| (byte) 0x80, (byte) 0x01, (byte) 0x00 |
| }; |
| try { |
| new TrustAnchor( |
| (X509Certificate) ks.getCertificate(certAlias), encoding); |
| } catch (IllegalArgumentException failed) { |
| fail("valid encoding not accepted"); |
| } |
| // now corrupt encoding: set OtherName value tag to 1 (must be 0) |
| encoding[13] = 1; |
| try { |
| new TrustAnchor( |
| (X509Certificate) ks.getCertificate(certAlias), encoding); |
| fail("invalid encoding accepted"); |
| } catch (IllegalArgumentException ok) { |
| } |
| } |
| |
| /** |
| * Test for <code>getNameConstraints()</code> method<br> |
| * Assertion: returns <code>nameConstraints</code> der encoding<br> |
| * Test preconditions: valid nameConstraints parameter passed (not null)<br> |
| * Expected: encoding passed to the ctor must match returned one<br> |
| * Assertion: returns new <code>nameConstraints</code> der encoding each time<br> |
| * Test preconditions: valid nameConstraints parameter passed (not null)<br> |
| * Expected: must return new reference each time called |
| */ |
| public final void testGetNameConstraints() |
| throws KeyStoreException { |
| KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); |
| if (ks == null) { |
| fail(getName() + ": not performed (could not create test KeyStore)"); |
| } |
| |
| String certAlias = "testca1"; |
| byte[] nc = getFullEncoding(); |
| // sub testcase 1 |
| TrustAnchor ta = new TrustAnchor( |
| (X509Certificate) ks.getCertificate(certAlias), nc); |
| byte[] ncRet = ta.getNameConstraints(); |
| // assert 1 |
| assertTrue(Arrays.equals(nc, ncRet)); |
| assertNotSame(nc, ncRet); |
| // assert 2 |
| assertNotSame(ncRet, ta.getNameConstraints()); |
| } |
| |
| /** |
| * Test #2 for <code>getCAName()</code> method<br> |
| * <p/> |
| * Assertion: returns ... <code>null</code> if <code>TrustAnchor</code> |
| * was not specified as public key and CA name or CA principal pair<br> |
| * Test preconditions: test object is not specified as public key |
| * and CA name or CA principal pair<br> |
| * Expected: <code>null</code> as return value<br> |
| * |
| * @throws KeyStoreException |
| */ |
| public final void testGetCAPublicKey02() |
| throws InvalidKeySpecException, KeyStoreException { |
| KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); |
| if (ks == null) { |
| fail(getName() + ": not performed (could not create test KeyStore)"); |
| } |
| |
| TrustAnchor ta = new TrustAnchor( |
| (X509Certificate) ks.getCertificate("testca1"), |
| null); |
| assertNull(ta.getCAPublicKey()); |
| } |
| |
| /** |
| * Test #2 for <code>getCAName()</code> method<br> |
| * <p/> |
| * Assertion: returns ... <code>null</code> if <code>TrustAnchor</code> |
| * was not specified as public key and CA name or CA principal pair<br> |
| * Test preconditions: test object is not specified as public key |
| * and CA name or CA principal pair<br> |
| * Expected: <code>null</code> as return value<br> |
| * |
| * @throws KeyStoreException |
| */ |
| public final void testGetCAName02() |
| throws KeyStoreException { |
| KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); |
| if (ks == null) { |
| fail(getName() + ": not performed (could not create test KeyStore)"); |
| } |
| |
| TrustAnchor ta = new TrustAnchor( |
| (X509Certificate) ks.getCertificate("testca1"), |
| null); |
| assertNull(ta.getCAName()); |
| } |
| |
| /** |
| * Test #1 for <code>getCAName()</code> method<br> |
| * <p/> |
| * Assertion: returns most trusted CA certificate<br> |
| * Test preconditions: valid certificate passed to the constructor<br> |
| * Expected: the same certificate must be returned by the method<br> |
| * |
| * @throws KeyStoreException |
| */ |
| public final void testGetTrustedCert01() |
| throws KeyStoreException { |
| KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); |
| if (ks == null) { |
| fail(getName() + ": not performed (could not create test KeyStore)"); |
| } |
| |
| X509Certificate cert = |
| (X509Certificate) ks.getCertificate("testca1"); |
| TrustAnchor ta = new TrustAnchor(cert, null); |
| assertEquals(cert, ta.getTrustedCert()); |
| } |
| |
| /** |
| * Test #2 for <code>getCA()</code> method<br> |
| * <p/> |
| * Assertion: returns ... <code>null</code> if <code>TrustAnchor</code> |
| * was not specified as public key and CA name or CA principal pair<br> |
| * Test preconditions: test object is not specified as public key |
| * and CA name or CA principal pair<br> |
| * Expected: <code>null</code> as return value<br> |
| * |
| * @throws KeyStoreException |
| */ |
| public final void testGetCA02() |
| throws KeyStoreException { |
| KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); |
| if (ks == null) { |
| fail(getName() + ": not performed (could not create test KeyStore)"); |
| } |
| |
| TrustAnchor ta = new TrustAnchor( |
| (X509Certificate) ks.getCertificate("testca1"), |
| null); |
| assertNull(ta.getCA()); |
| } |
| |
| /** |
| * Test for <code>toString()</code> method<br> |
| * <p/> |
| * Assertion: returns string representation of this <code>TrustAnchor</code> |
| * Test preconditions: several valid test objects created<br> |
| * Expected: method returns not <code>null</code> in all cases<br> |
| */ |
| public final void testToString() throws Exception { |
| |
| KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED); |
| if (ks == null) { |
| fail(getName() + ": not performed (could not create test KeyStore)"); |
| } |
| |
| String certAlias = "test"; |
| |
| // sub testcase 1 |
| TrustAnchor ta = new TrustAnchor( |
| (X509Certificate) ks.getCertificate(certAlias), |
| getFullEncoding()); |
| |
| assertNotNull("#1", ta.toString()); |
| |
| PublicKey pk = new TestKeyPair(keyAlg).getPublic(); |
| |
| |
| // sub testcase 2 |
| ta = new TrustAnchor(validCaNameRfc2253, pk, getEncodingESOnly()); |
| |
| assertNotNull("#2", ta.toString()); |
| |
| // sub testcase 3 |
| X500Principal x500p = new X500Principal(validCaNameRfc2253); |
| ta = new TrustAnchor(x500p, pk, getEncodingNoMinMax()); |
| |
| assertNotNull("#3", ta.toString()); |
| |
| // sub testcase 4 |
| ta = new TrustAnchor(x500p, pk, null); |
| assertNotNull("#4", ta.toString()); |
| } |
| |
| // |
| // Private stuff |
| // |
| |
| /* |
| * The following methods return valid DER encoding |
| * for the following ASN.1 definition (as specified in RFC 3280 - |
| * Internet X.509 Public Key Infrastructure. |
| * Certificate and Certificate Revocation List (CRL) Profile. |
| * http://www.ietf.org/rfc/rfc3280.txt): |
| * |
| * NameConstraints ::= SEQUENCE { |
| * permittedSubtrees [0] GeneralSubtrees OPTIONAL, |
| * excludedSubtrees [1] GeneralSubtrees OPTIONAL } |
| * |
| * GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree |
| * |
| * GeneralSubtree ::= SEQUENCE { |
| * base GeneralName, |
| * minimum [0] BaseDistance DEFAULT 0, |
| * maximum [1] BaseDistance OPTIONAL } |
| * |
| * BaseDistance ::= INTEGER (0..MAX) |
| * |
| * GeneralName ::= CHOICE { |
| * otherName [0] OtherName, |
| * rfc822Name [1] IA5String, |
| * dNSName [2] IA5String, |
| * x400Address [3] ORAddress, |
| * directoryName [4] Name, |
| * ediPartyName [5] EDIPartyName, |
| * uniformResourceIdentifier [6] IA5String, |
| * iPAddress [7] OCTET STRING, |
| * registeredID [8] OBJECT IDENTIFIER} |
| */ |
| |
| // |
| // Full NameConstraints encoding |
| // (generated by own encoder class created during test development) |
| // |
| // @return Full NameConstraints encoding |
| // with all OPTIONAL values presented. |
| // |
| private static final byte[] getFullEncoding() { |
| // DO NOT MODIFY! |
| return new byte[] { |
| (byte) 0x30, (byte) 0x81, (byte) 0x8c, (byte) 0xa0, |
| (byte) 0x44, (byte) 0x30, (byte) 0x16, (byte) 0x86, |
| (byte) 0x0e, (byte) 0x66, (byte) 0x69, (byte) 0x6c, |
| (byte) 0x65, (byte) 0x3a, (byte) 0x2f, (byte) 0x2f, |
| (byte) 0x66, (byte) 0x6f, (byte) 0x6f, (byte) 0x2e, |
| (byte) 0x63, (byte) 0x6f, (byte) 0x6d, (byte) 0x80, |
| (byte) 0x01, (byte) 0x00, (byte) 0x81, (byte) 0x01, |
| (byte) 0x01, (byte) 0x30, (byte) 0x16, (byte) 0x86, |
| (byte) 0x0e, (byte) 0x66, (byte) 0x69, (byte) 0x6c, |
| (byte) 0x65, (byte) 0x3a, (byte) 0x2f, (byte) 0x2f, |
| (byte) 0x62, (byte) 0x61, (byte) 0x72, (byte) 0x2e, |
| (byte) 0x63, (byte) 0x6f, (byte) 0x6d, (byte) 0x80, |
| (byte) 0x01, (byte) 0x00, (byte) 0x81, (byte) 0x01, |
| (byte) 0x01, (byte) 0x30, (byte) 0x12, (byte) 0x86, |
| (byte) 0x0a, (byte) 0x66, (byte) 0x69, (byte) 0x6c, |
| (byte) 0x65, (byte) 0x3a, (byte) 0x2f, (byte) 0x2f, |
| (byte) 0x6d, (byte) 0x75, (byte) 0x75, (byte) 0x80, |
| (byte) 0x01, (byte) 0x00, (byte) 0x81, (byte) 0x01, |
| (byte) 0x01, (byte) 0xa1, (byte) 0x44, (byte) 0x30, |
| (byte) 0x16, (byte) 0x86, (byte) 0x0e, (byte) 0x68, |
| (byte) 0x74, (byte) 0x74, (byte) 0x70, (byte) 0x3a, |
| (byte) 0x2f, (byte) 0x2f, (byte) 0x66, (byte) 0x6f, |
| (byte) 0x6f, (byte) 0x2e, (byte) 0x63, (byte) 0x6f, |
| (byte) 0x6d, (byte) 0x80, (byte) 0x01, (byte) 0x00, |
| (byte) 0x81, (byte) 0x01, (byte) 0x01, (byte) 0x30, |
| (byte) 0x16, (byte) 0x86, (byte) 0x0e, (byte) 0x68, |
| (byte) 0x74, (byte) 0x74, (byte) 0x70, (byte) 0x3a, |
| (byte) 0x2f, (byte) 0x2f, (byte) 0x62, (byte) 0x61, |
| (byte) 0x72, (byte) 0x2e, (byte) 0x63, (byte) 0x6f, |
| (byte) 0x6d, (byte) 0x80, (byte) 0x01, (byte) 0x00, |
| (byte) 0x81, (byte) 0x01, (byte) 0x01, (byte) 0x30, |
| (byte) 0x12, (byte) 0x86, (byte) 0x0a, (byte) 0x68, |
| (byte) 0x74, (byte) 0x74, (byte) 0x70, (byte) 0x3a, |
| (byte) 0x2f, (byte) 0x2f, (byte) 0x6d, (byte) 0x75, |
| (byte) 0x75, (byte) 0x80, (byte) 0x01, (byte) 0x00, |
| (byte) 0x81, (byte) 0x01, (byte) 0x01 |
| }; |
| } |
| |
| // |
| // NameConstraints encoding without excludedSubtrees |
| // (generated by own encoder class created during test development) |
| // |
| // @return NameConstraints encoding with |
| // permittedSubtrees only; all OPTIONAL |
| // values in permittedSubtrees are presented. |
| // |
| private static final byte[] getEncodingPSOnly() { |
| // DO NOT MODIFY! |
| return new byte[] { |
| (byte) 0x30, (byte) 0x46, (byte) 0xa0, (byte) 0x44, |
| (byte) 0x30, (byte) 0x16, (byte) 0x86, (byte) 0x0e, |
| (byte) 0x66, (byte) 0x69, (byte) 0x6c, (byte) 0x65, |
| (byte) 0x3a, (byte) 0x2f, (byte) 0x2f, (byte) 0x66, |
| (byte) 0x6f, (byte) 0x6f, (byte) 0x2e, (byte) 0x63, |
| (byte) 0x6f, (byte) 0x6d, (byte) 0x80, (byte) 0x01, |
| (byte) 0x00, (byte) 0x81, (byte) 0x01, (byte) 0x01, |
| (byte) 0x30, (byte) 0x16, (byte) 0x86, (byte) 0x0e, |
| (byte) 0x66, (byte) 0x69, (byte) 0x6c, (byte) 0x65, |
| (byte) 0x3a, (byte) 0x2f, (byte) 0x2f, (byte) 0x62, |
| (byte) 0x61, (byte) 0x72, (byte) 0x2e, (byte) 0x63, |
| (byte) 0x6f, (byte) 0x6d, (byte) 0x80, (byte) 0x01, |
| (byte) 0x00, (byte) 0x81, (byte) 0x01, (byte) 0x01, |
| (byte) 0x30, (byte) 0x12, (byte) 0x86, (byte) 0x0a, |
| (byte) 0x66, (byte) 0x69, (byte) 0x6c, (byte) 0x65, |
| (byte) 0x3a, (byte) 0x2f, (byte) 0x2f, (byte) 0x6d, |
| (byte) 0x75, (byte) 0x75, (byte) 0x80, (byte) 0x01, |
| (byte) 0x00, (byte) 0x81, (byte) 0x01, (byte) 0x01, |
| }; |
| } |
| |
| // |
| // NameConstraints encoding without permittedSubtrees |
| // (generated by own encoder class created during test development) |
| // |
| // @return NameConstraints encoding with |
| // excludedSubtrees only; all OPTIONAL |
| // values in excludedSubtrees are presented. |
| // |
| private static final byte[] getEncodingESOnly() { |
| // DO NOT MODIFY! |
| return new byte[] { |
| (byte) 0x30, (byte) 0x46, (byte) 0xa1, (byte) 0x44, |
| (byte) 0x30, (byte) 0x16, (byte) 0x86, (byte) 0x0e, |
| (byte) 0x68, (byte) 0x74, (byte) 0x74, (byte) 0x70, // http |
| (byte) 0x3a, (byte) 0x2f, (byte) 0x2f, (byte) 0x66, // ://f |
| (byte) 0x6f, (byte) 0x6f, (byte) 0x2e, (byte) 0x63, // oo.c |
| (byte) 0x6f, (byte) 0x6d, (byte) 0x80, (byte) 0x01, // om |
| (byte) 0x00, (byte) 0x81, (byte) 0x01, (byte) 0x01, |
| (byte) 0x30, (byte) 0x16, (byte) 0x86, (byte) 0x0e, |
| (byte) 0x68, (byte) 0x74, (byte) 0x74, (byte) 0x70, |
| (byte) 0x3a, (byte) 0x2f, (byte) 0x2f, (byte) 0x62, |
| (byte) 0x61, (byte) 0x72, (byte) 0x2e, (byte) 0x63, |
| (byte) 0x6f, (byte) 0x6d, (byte) 0x80, (byte) 0x01, |
| (byte) 0x00, (byte) 0x81, (byte) 0x01, (byte) 0x01, |
| (byte) 0x30, (byte) 0x12, (byte) 0x86, (byte) 0x0a, |
| (byte) 0x68, (byte) 0x74, (byte) 0x74, (byte) 0x70, |
| (byte) 0x3a, (byte) 0x2f, (byte) 0x2f, (byte) 0x6d, |
| (byte) 0x75, (byte) 0x75, (byte) 0x80, (byte) 0x01, |
| (byte) 0x00, (byte) 0x81, (byte) 0x01, (byte) 0x01, |
| }; |
| } |
| |
| // |
| // NameConstraints full encoding with all (OPTIONAL) |
| // minimum/maximum GeneralSubtree fields OMITTED |
| // (generated by own encoder class created during test development) |
| // |
| // @return Full NameConstraints encoding |
| // with all (OPTIONAL) minimum/maximum |
| // GeneralSubtree fields OMITTED |
| // |
| private static final byte[] getEncodingNoMinMax() { |
| // DO NOT MODIFY! |
| return new byte[] { |
| (byte) 0x30, (byte) 0x68, (byte) 0xa0, (byte) 0x32, |
| (byte) 0x30, (byte) 0x10, (byte) 0x86, (byte) 0x0e, |
| (byte) 0x66, (byte) 0x69, (byte) 0x6c, (byte) 0x65, |
| (byte) 0x3a, (byte) 0x2f, (byte) 0x2f, (byte) 0x66, |
| (byte) 0x6f, (byte) 0x6f, (byte) 0x2e, (byte) 0x63, |
| (byte) 0x6f, (byte) 0x6d, (byte) 0x30, (byte) 0x10, |
| (byte) 0x86, (byte) 0x0e, (byte) 0x66, (byte) 0x69, |
| (byte) 0x6c, (byte) 0x65, (byte) 0x3a, (byte) 0x2f, |
| (byte) 0x2f, (byte) 0x62, (byte) 0x61, (byte) 0x72, |
| (byte) 0x2e, (byte) 0x63, (byte) 0x6f, (byte) 0x6d, |
| (byte) 0x30, (byte) 0x0c, (byte) 0x86, (byte) 0x0a, |
| (byte) 0x66, (byte) 0x69, (byte) 0x6c, (byte) 0x65, |
| (byte) 0x3a, (byte) 0x2f, (byte) 0x2f, (byte) 0x6d, |
| (byte) 0x75, (byte) 0x75, (byte) 0xa1, (byte) 0x32, |
| (byte) 0x30, (byte) 0x10, (byte) 0x86, (byte) 0x0e, |
| (byte) 0x68, (byte) 0x74, (byte) 0x74, (byte) 0x70, |
| (byte) 0x3a, (byte) 0x2f, (byte) 0x2f, (byte) 0x66, |
| (byte) 0x6f, (byte) 0x6f, (byte) 0x2e, (byte) 0x63, |
| (byte) 0x6f, (byte) 0x6d, (byte) 0x30, (byte) 0x10, |
| (byte) 0x86, (byte) 0x0e, (byte) 0x68, (byte) 0x74, |
| (byte) 0x74, (byte) 0x70, (byte) 0x3a, (byte) 0x2f, |
| (byte) 0x2f, (byte) 0x62, (byte) 0x61, (byte) 0x72, |
| (byte) 0x2e, (byte) 0x63, (byte) 0x6f, (byte) 0x6d, |
| (byte) 0x30, (byte) 0x0c, (byte) 0x86, (byte) 0x0a, |
| (byte) 0x68, (byte) 0x74, (byte) 0x74, (byte) 0x70, |
| (byte) 0x3a, (byte) 0x2f, (byte) 0x2f, (byte) 0x6d, |
| (byte) 0x75, (byte) 0x75, |
| }; |
| } |
| |
| // Returns OID encoding |
| // (generated by own encoder class created during test development) |
| private static final byte[] getEncodingOid() { |
| // DO NOT MODIFY! |
| return new byte[] { |
| (byte) 0x30, (byte) 0x09, (byte) 0xA0, (byte) 0x07, |
| (byte) 0x30, (byte) 0x05, (byte) 0x88, (byte) 0x03, |
| (byte) 0x2A, (byte) 0x03, (byte) 0x04 |
| }; |
| } |
| } |