| /* |
| * Copyright (C) 2013 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package libcore.java.security.cert; |
| |
| import java.io.File; |
| import java.io.FileInputStream; |
| import java.io.IOException; |
| import java.io.InputStream; |
| import java.security.InvalidAlgorithmParameterException; |
| import java.security.NoSuchAlgorithmException; |
| import java.security.cert.CertPath; |
| import java.security.cert.CertPathValidator; |
| import java.security.cert.CertPathValidatorException; |
| import java.security.cert.CertStore; |
| import java.security.cert.CertificateFactory; |
| import java.security.cert.CollectionCertStoreParameters; |
| import java.security.cert.PKIXCertPathValidatorResult; |
| import java.security.cert.PKIXParameters; |
| import java.security.cert.TrustAnchor; |
| import java.security.cert.X509CRL; |
| import java.security.cert.X509Certificate; |
| import java.util.ArrayList; |
| import java.util.Arrays; |
| import java.util.Calendar; |
| import java.util.Collection; |
| import java.util.Collections; |
| import java.util.Date; |
| import java.util.HashSet; |
| import java.util.Set; |
| import java.util.TimeZone; |
| |
| import junit.framework.TestCase; |
| |
| public class X509CertificateNistPkitsTest extends TestCase { |
| public static final String ANY_POLICY_OID = "2.5.29.32.0"; |
| public static final String RESOURCE_PACKAGE = "/tests/resources/"; |
| |
| /* |
| * All the certificates in this test should be verified with the same date. |
| * Since none of the built-in roots-of-trust (CA cerificates) are needed, |
| * it should be safe to set this to a fixed date until the certificates |
| * in the tests are updated. |
| */ |
| private static final Date TEST_DATE; |
| static { |
| Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("UTC")); |
| cal.set(2015, 0, 1); |
| TEST_DATE = cal.getTime(); |
| } |
| |
| public static InputStream getStream(String name) { |
| // If we have the resources packaged up in our jar file, get them that way. |
| String path = RESOURCE_PACKAGE + name; |
| InputStream result = X509CertificateNistPkitsTest.class.getResourceAsStream(path); |
| if (result != null) { |
| return result; |
| } |
| // Otherwise, if we're in an Android build tree, get the files directly. |
| String ANDROID_BUILD_TOP = System.getenv("ANDROID_BUILD_TOP"); |
| if (ANDROID_BUILD_TOP != null) { |
| File resource = new File(ANDROID_BUILD_TOP + "/external/nist-pkits/res" + path); |
| if (resource.exists()) { |
| try { |
| return new FileInputStream(resource); |
| } catch (IOException ex) { |
| throw new IllegalArgumentException("Couldn't open: " + resource, ex); |
| } |
| } |
| } |
| throw new IllegalArgumentException("No such resource: " + path); |
| } |
| |
| private final X509Certificate getCertificate(CertificateFactory f, String name) |
| throws Exception { |
| final String fileName = "nist-pkits/certs/" + name; |
| final InputStream is = getStream(fileName); |
| assertNotNull("File does not exist: " + fileName, is); |
| try { |
| return (X509Certificate) f.generateCertificate(is); |
| } finally { |
| try { |
| is.close(); |
| } catch (IOException ignored) { |
| } |
| } |
| } |
| |
| private final X509Certificate[] getCertificates(CertificateFactory f, String[] names) |
| throws Exception { |
| X509Certificate[] certs = new X509Certificate[names.length]; |
| |
| for (int i = 0; i < names.length; i++) { |
| certs[i] = getCertificate(f, names[i]); |
| } |
| |
| return certs; |
| } |
| |
| private final X509CRL getCRL(CertificateFactory f, String name) throws Exception { |
| final String fileName = "nist-pkits/crls/" + name; |
| final InputStream is = getStream(fileName); |
| assertNotNull("File does not exist: " + fileName, is); |
| try { |
| return (X509CRL) f.generateCRL(is); |
| } finally { |
| try { |
| is.close(); |
| } catch (IOException ignored) { |
| } |
| } |
| } |
| |
| private final X509CRL[] getCRLs(CertificateFactory f, String[] names) throws Exception { |
| X509CRL[] crls = new X509CRL[names.length]; |
| |
| for (int i = 0; i < names.length; i++) { |
| crls[i] = getCRL(f, names[i]); |
| } |
| |
| return crls; |
| } |
| |
| private CertPath getTestPath(CertificateFactory f, String[] pathCerts) throws Exception { |
| X509Certificate[] certs = getCertificates(f, pathCerts); |
| return f.generateCertPath(Arrays.asList(certs)); |
| } |
| |
| private PKIXParameters getTestPathParams(CertificateFactory f, String trustedCAName, |
| String[] pathCerts, String[] pathCRLs) throws Exception { |
| X509Certificate[] certs = getCertificates(f, pathCerts); |
| X509CRL[] crls = getCRLs(f, pathCRLs); |
| X509Certificate trustedCA = getCertificate(f, trustedCAName); |
| |
| Collection<Object> certCollection = new ArrayList<Object>(); |
| certCollection.addAll(Arrays.asList(crls)); |
| certCollection.addAll(Arrays.asList(certs)); |
| certCollection.add(trustedCA); |
| CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters( |
| certCollection); |
| CertStore certStore = CertStore.getInstance("Collection", certStoreParams); |
| |
| Set<TrustAnchor> anchors = new HashSet<TrustAnchor>(); |
| anchors.add(new TrustAnchor(trustedCA, null)); |
| |
| PKIXParameters params = new PKIXParameters(anchors); |
| params.addCertStore(certStore); |
| params.setExplicitPolicyRequired(false); |
| params.setInitialPolicies(Collections.singleton(ANY_POLICY_OID)); |
| params.setPolicyMappingInhibited(false); |
| params.setAnyPolicyInhibited(false); |
| params.setDate(TEST_DATE); |
| |
| return params; |
| } |
| |
| private void assertInvalidPath(String trustAnchor, String[] certs, String[] crls) |
| throws Exception, NoSuchAlgorithmException, InvalidAlgorithmParameterException { |
| assertInvalidPath(trustAnchor, certs, certs, crls); |
| } |
| |
| private void assertInvalidPath(String trustAnchor, String[] path, String[] certs, |
| String[] crls) throws Exception, NoSuchAlgorithmException, |
| InvalidAlgorithmParameterException { |
| CertificateFactory f = CertificateFactory.getInstance("X.509"); |
| |
| PKIXParameters params = getTestPathParams(f, trustAnchor, certs, crls); |
| CertPath cp = getTestPath(f, certs); |
| CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); |
| |
| try { |
| PKIXCertPathValidatorResult cpvResult = (PKIXCertPathValidatorResult) cpv.validate(cp, |
| params); |
| fail(); |
| } catch (CertPathValidatorException expected) { |
| } |
| } |
| |
| private void assertValidPath(String trustAnchor, String[] certs, String[] crls) |
| throws Exception, NoSuchAlgorithmException, CertPathValidatorException, |
| InvalidAlgorithmParameterException { |
| assertValidPath(trustAnchor, certs, certs, crls); |
| } |
| |
| private void assertValidPath(String trustAnchor, String[] path, String[] certs, String[] crls) |
| throws Exception, NoSuchAlgorithmException, CertPathValidatorException, |
| InvalidAlgorithmParameterException { |
| CertificateFactory f = CertificateFactory.getInstance("X.509"); |
| |
| PKIXParameters params = getTestPathParams(f, trustAnchor, certs, crls); |
| CertPath cp = getTestPath(f, path); |
| CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); |
| |
| PKIXCertPathValidatorResult cpvResult = (PKIXCertPathValidatorResult) cpv.validate(cp, |
| params); |
| } |
| |
| /* DO NOT MANUALLY EDIT -- BEGIN AUTOMATICALLY GENERATED TESTS */ |
| /** NIST PKITS test 4.1.1 */ |
| public void testSignatureVerification_ValidSignaturesTest1() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidCertificatePathTest1EE.crt", |
| "GoodCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "GoodCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.1.2 */ |
| public void testSignatureVerification_InvalidCASignatureTest2() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidCASignatureTest2EE.crt", |
| "BadSignedCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "BadSignedCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.1.3 */ |
| public void testSignatureVerification_InvalidEESignatureTest3() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidEESignatureTest3EE.crt", |
| "GoodCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "GoodCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.1.4 */ |
| public void testSignatureVerification_ValidDSASignaturesTest4() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidDSASignaturesTest4EE.crt", |
| "DSACACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "DSACACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.1.5 */ |
| public void testSignatureVerification_ValidDSAParameterInheritanceTest5() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidDSAParameterInheritanceTest5EE.crt", |
| "DSAParametersInheritedCACert.crt", |
| "DSACACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "DSACACRL.crl", |
| "DSAParametersInheritedCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.1.6 */ |
| public void testSignatureVerification_InvalidDSASignatureTest6() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidDSASignatureTest6EE.crt", |
| "DSACACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "DSACACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.2.1 */ |
| public void testValidityPeriods_InvalidCAnotBeforeDateTest1() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidCAnotBeforeDateTest1EE.crt", |
| "BadnotBeforeDateCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "BadnotBeforeDateCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.2.2 */ |
| public void testValidityPeriods_InvalidEEnotBeforeDateTest2() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidEEnotBeforeDateTest2EE.crt", |
| "GoodCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "GoodCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.2.3 */ |
| public void testValidityPeriods_Validpre2000UTCnotBeforeDateTest3() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "Validpre2000UTCnotBeforeDateTest3EE.crt", |
| "GoodCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "GoodCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.2.4 */ |
| public void testValidityPeriods_ValidGeneralizedTimenotBeforeDateTest4() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidGeneralizedTimenotBeforeDateTest4EE.crt", |
| "GoodCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "GoodCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.2.5 */ |
| public void testValidityPeriods_InvalidCAnotAfterDateTest5() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidCAnotAfterDateTest5EE.crt", |
| "BadnotAfterDateCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "BadnotAfterDateCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.2.6 */ |
| public void testValidityPeriods_InvalidEEnotAfterDateTest6() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidEEnotAfterDateTest6EE.crt", |
| "GoodCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "GoodCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.2.7 */ |
| public void testValidityPeriods_Invalidpre2000UTCEEnotAfterDateTest7() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "Invalidpre2000UTCEEnotAfterDateTest7EE.crt", |
| "GoodCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "GoodCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.2.8 */ |
| public void testValidityPeriods_ValidGeneralizedTimenotAfterDateTest8() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidGeneralizedTimenotAfterDateTest8EE.crt", |
| "GoodCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "GoodCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.3.1 */ |
| public void testVerifyingNameChaining_InvalidNameChainingEETest1() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidNameChainingTest1EE.crt", |
| "GoodCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "GoodCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.3.2 */ |
| public void testVerifyingNameChaining_InvalidNameChainingOrderTest2() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidNameChainingOrderTest2EE.crt", |
| "NameOrderingCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "NameOrderCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.3.3 */ |
| public void testVerifyingNameChaining_ValidNameChainingWhitespaceTest3() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidNameChainingWhitespaceTest3EE.crt", |
| "GoodCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "GoodCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.3.4 */ |
| public void testVerifyingNameChaining_ValidNameChainingWhitespaceTest4() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidNameChainingWhitespaceTest4EE.crt", |
| "GoodCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "GoodCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.3.5 */ |
| public void testVerifyingNameChaining_ValidNameChainingCapitalizationTest5() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidNameChainingCapitalizationTest5EE.crt", |
| "GoodCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "GoodCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.3.6 */ |
| public void testVerifyingNameChaining_ValidNameChainingUIDsTest6() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidNameUIDsTest6EE.crt", |
| "UIDCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "UIDCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.3.7 */ |
| public void testVerifyingNameChaining_ValidRFC3280MandatoryAttributeTypesTest7() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidRFC3280MandatoryAttributeTypesTest7EE.crt", |
| "RFC3280MandatoryAttributeTypesCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "RFC3280MandatoryAttributeTypesCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.3.8 */ |
| public void testVerifyingNameChaining_ValidRFC3280OptionalAttributeTypesTest8() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidRFC3280OptionalAttributeTypesTest8EE.crt", |
| "RFC3280OptionalAttributeTypesCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "RFC3280OptionalAttributeTypesCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.3.9 */ |
| public void testVerifyingNameChaining_ValidUTF8StringEncodedNamesTest9() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidUTF8StringEncodedNamesTest9EE.crt", |
| "UTF8StringEncodedNamesCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "UTF8StringEncodedNamesCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.3.10 */ |
| public void testVerifyingNameChaining_ValidRolloverfromPrintableStringtoUTF8StringTest10() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt", |
| "RolloverfromPrintableStringtoUTF8StringCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "RolloverfromPrintableStringtoUTF8StringCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.3.11 */ |
| public void testVerifyingNameChaining_ValidUTF8StringCaseInsensitiveMatchTest11() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidUTF8StringCaseInsensitiveMatchTest11EE.crt", |
| "UTF8StringCaseInsensitiveMatchCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "UTF8StringCaseInsensitiveMatchCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.4.1 */ |
| public void testBasicCertificateRevocationTests_MissingCRLTest1() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidMissingCRLTest1EE.crt", |
| "NoCRLCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.4.2 */ |
| public void testBasicCertificateRevocationTests_InvalidRevokedCATest2() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidRevokedCATest2EE.crt", |
| "RevokedsubCACert.crt", |
| "GoodCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "GoodCACRL.crl", |
| "RevokedsubCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.4.3 */ |
| public void testBasicCertificateRevocationTests_InvalidRevokedEETest3() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidRevokedEETest3EE.crt", |
| "GoodCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "GoodCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.4.4 */ |
| public void testBasicCertificateRevocationTests_InvalidBadCRLSignatureTest4() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidBadCRLSignatureTest4EE.crt", |
| "BadCRLSignatureCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "BadCRLSignatureCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.4.5 */ |
| public void testBasicCertificateRevocationTests_InvalidBadCRLIssuerNameTest5() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidBadCRLIssuerNameTest5EE.crt", |
| "BadCRLIssuerNameCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "BadCRLIssuerNameCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.4.6 */ |
| public void testBasicCertificateRevocationTests_InvalidWrongCRLTest6() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidWrongCRLTest6EE.crt", |
| "WrongCRLCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "WrongCRLCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.4.7 */ |
| public void testBasicCertificateRevocationTests_ValidTwoCRLsTest7() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidTwoCRLsTest7EE.crt", |
| "TwoCRLsCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "TwoCRLsCAGoodCRL.crl", |
| "TwoCRLsCABadCRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.4.8 */ |
| public void testBasicCertificateRevocationTests_InvalidUnknownCRLEntryExtensionTest8() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidUnknownCRLEntryExtensionTest8EE.crt", |
| "UnknownCRLEntryExtensionCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "UnknownCRLEntryExtensionCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.4.9 */ |
| public void testBasicCertificateRevocationTests_InvalidUnknownCRLExtensionTest9() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidUnknownCRLExtensionTest9EE.crt", |
| "UnknownCRLExtensionCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "UnknownCRLExtensionCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.4.10 */ |
| public void testBasicCertificateRevocationTests_InvalidUnknownCRLExtensionTest10() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidUnknownCRLExtensionTest10EE.crt", |
| "UnknownCRLExtensionCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "UnknownCRLExtensionCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.4.11 */ |
| public void testBasicCertificateRevocationTests_InvalidOldCRLnextUpdateTest11() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidOldCRLnextUpdateTest11EE.crt", |
| "OldCRLnextUpdateCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "OldCRLnextUpdateCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.4.12 */ |
| public void testBasicCertificateRevocationTests_Invalidpre2000CRLnextUpdateTest12() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "Invalidpre2000CRLnextUpdateTest12EE.crt", |
| "pre2000CRLnextUpdateCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "pre2000CRLnextUpdateCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.4.13 */ |
| public void testBasicCertificateRevocationTests_ValidGeneralizedTimeCRLnextUpdateTest13() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidGeneralizedTimeCRLnextUpdateTest13EE.crt", |
| "GeneralizedTimeCRLnextUpdateCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "GeneralizedTimeCRLnextUpdateCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.4.14 */ |
| public void testBasicCertificateRevocationTests_ValidNegativeSerialNumberTest14() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidNegativeSerialNumberTest14EE.crt", |
| "NegativeSerialNumberCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "NegativeSerialNumberCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.4.15 */ |
| public void testBasicCertificateRevocationTests_InvalidNegativeSerialNumberTest15() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidNegativeSerialNumberTest15EE.crt", |
| "NegativeSerialNumberCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "NegativeSerialNumberCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.4.16 */ |
| public void testBasicCertificateRevocationTests_ValidLongSerialNumberTest16() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidLongSerialNumberTest16EE.crt", |
| "LongSerialNumberCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "LongSerialNumberCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.4.17 */ |
| public void testBasicCertificateRevocationTests_ValidLongSerialNumberTest17() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidLongSerialNumberTest17EE.crt", |
| "LongSerialNumberCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "LongSerialNumberCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.4.18 */ |
| public void testBasicCertificateRevocationTests_InvalidLongSerialNumberTest18() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidLongSerialNumberTest18EE.crt", |
| "LongSerialNumberCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "LongSerialNumberCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.4.19 */ |
| public void testBasicCertificateRevocationTests_ValidSeparateCertificateandCRLKeysTest19() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] path = { |
| "ValidSeparateCertificateandCRLKeysTest19EE.crt", |
| "SeparateCertificateandCRLKeysCertificateSigningCACert.crt", |
| }; |
| |
| String[] certs = { |
| "ValidSeparateCertificateandCRLKeysTest19EE.crt", |
| "SeparateCertificateandCRLKeysCRLSigningCert.crt", |
| "SeparateCertificateandCRLKeysCertificateSigningCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "SeparateCertificateandCRLKeysCRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, path, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.4.20 */ |
| public void testBasicCertificateRevocationTests_InvalidSeparateCertificateandCRLKeysTest20() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] path = { |
| "InvalidSeparateCertificateandCRLKeysTest20EE.crt", |
| "SeparateCertificateandCRLKeysCertificateSigningCACert.crt", |
| }; |
| |
| String[] certs = { |
| "InvalidSeparateCertificateandCRLKeysTest20EE.crt", |
| "SeparateCertificateandCRLKeysCRLSigningCert.crt", |
| "SeparateCertificateandCRLKeysCertificateSigningCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "SeparateCertificateandCRLKeysCRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, path, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.4.21 */ |
| public void testBasicCertificateRevocationTests_InvalidSeparateCertificateandCRLKeysTest21() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] path = { |
| "InvalidSeparateCertificateandCRLKeysTest21EE.crt", |
| "SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt", |
| }; |
| |
| String[] certs = { |
| "InvalidSeparateCertificateandCRLKeysTest21EE.crt", |
| "SeparateCertificateandCRLKeysCA2CRLSigningCert.crt", |
| "SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "SeparateCertificateandCRLKeysCA2CRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, path, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.5.1 */ |
| public void testVerifyingPathswithSelfIssuedCertificates_ValidBasicSelfIssuedOldWithNewTest1() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidBasicSelfIssuedOldWithNewTest1EE.crt", |
| "BasicSelfIssuedNewKeyOldWithNewCACert.crt", |
| "BasicSelfIssuedNewKeyCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "BasicSelfIssuedNewKeyCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.5.2 */ |
| public void testVerifyingPathswithSelfIssuedCertificates_InvalidBasicSelfIssuedOldWithNewTest2() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidBasicSelfIssuedOldWithNewTest2EE.crt", |
| "BasicSelfIssuedNewKeyOldWithNewCACert.crt", |
| "BasicSelfIssuedNewKeyCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "BasicSelfIssuedNewKeyCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.5.3 */ |
| public void testVerifyingPathswithSelfIssuedCertificates_ValidBasicSelfIssuedNewWithOldTest3() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidBasicSelfIssuedNewWithOldTest3EE.crt", |
| "BasicSelfIssuedOldKeyNewWithOldCACert.crt", |
| "BasicSelfIssuedOldKeyCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "BasicSelfIssuedOldKeySelfIssuedCertCRL.crl", |
| "BasicSelfIssuedOldKeyCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.5.4 */ |
| public void testVerifyingPathswithSelfIssuedCertificates_ValidBasicSelfIssuedNewWithOldTest4() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] path = { |
| "ValidBasicSelfIssuedNewWithOldTest4EE.crt", |
| "BasicSelfIssuedOldKeyCACert.crt", |
| }; |
| |
| String[] certs = { |
| "ValidBasicSelfIssuedNewWithOldTest4EE.crt", |
| "BasicSelfIssuedOldKeyNewWithOldCACert.crt", |
| "BasicSelfIssuedOldKeyCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "BasicSelfIssuedOldKeySelfIssuedCertCRL.crl", |
| "BasicSelfIssuedOldKeyCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, path, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.5.5 */ |
| public void testVerifyingPathswithSelfIssuedCertificates_InvalidBasicSelfIssuedNewWithOldTest5() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidBasicSelfIssuedNewWithOldTest5EE.crt", |
| "BasicSelfIssuedOldKeyNewWithOldCACert.crt", |
| "BasicSelfIssuedOldKeyCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "BasicSelfIssuedOldKeySelfIssuedCertCRL.crl", |
| "BasicSelfIssuedOldKeyCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.5.6 */ |
| public void testVerifyingPathswithSelfIssuedCertificates_ValidBasicSelfIssuedCRLSigningKeyTest6() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] path = { |
| "ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt", |
| "BasicSelfIssuedCRLSigningKeyCACert.crt", |
| }; |
| |
| String[] certs = { |
| "ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt", |
| "BasicSelfIssuedCRLSigningKeyCRLCert.crt", |
| "BasicSelfIssuedCRLSigningKeyCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl", |
| "BasicSelfIssuedCRLSigningKeyCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, path, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.5.7 */ |
| public void testVerifyingPathswithSelfIssuedCertificates_InvalidBasicSelfIssuedCRLSigningKeyTest7() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt", |
| "BasicSelfIssuedCRLSigningKeyCRLCert.crt", |
| "BasicSelfIssuedCRLSigningKeyCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl", |
| "BasicSelfIssuedCRLSigningKeyCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.5.8 */ |
| public void testVerifyingPathswithSelfIssuedCertificates_InvalidBasicSelfIssuedCRLSigningKeyTest8() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt", |
| "BasicSelfIssuedCRLSigningKeyCRLCert.crt", |
| "BasicSelfIssuedCRLSigningKeyCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl", |
| "BasicSelfIssuedCRLSigningKeyCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.6.1 */ |
| public void testVerifyingBasicConstraints_InvalidMissingbasicConstraintsTest1() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidMissingbasicConstraintsTest1EE.crt", |
| "MissingbasicConstraintsCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "MissingbasicConstraintsCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.6.2 */ |
| public void testVerifyingBasicConstraints_InvalidcAFalseTest2() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidcAFalseTest2EE.crt", |
| "basicConstraintsCriticalcAFalseCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "basicConstraintsCriticalcAFalseCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.6.3 */ |
| public void testVerifyingBasicConstraints_InvalidcAFalseTest3() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidcAFalseTest3EE.crt", |
| "basicConstraintsNotCriticalcAFalseCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "basicConstraintsNotCriticalcAFalseCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.6.4 */ |
| public void testVerifyingBasicConstraints_ValidbasicConstraintsNotCriticalTest4() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidbasicConstraintsNotCriticalTest4EE.crt", |
| "basicConstraintsNotCriticalCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "basicConstraintsNotCriticalCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.6.5 */ |
| public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest5() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidpathLenConstraintTest5EE.crt", |
| "pathLenConstraint0subCACert.crt", |
| "pathLenConstraint0CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "pathLenConstraint0CACRL.crl", |
| "pathLenConstraint0subCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.6.6 */ |
| public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest6() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidpathLenConstraintTest6EE.crt", |
| "pathLenConstraint0subCACert.crt", |
| "pathLenConstraint0CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "pathLenConstraint0CACRL.crl", |
| "pathLenConstraint0subCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.6.7 */ |
| public void testVerifyingBasicConstraints_ValidpathLenConstraintTest7() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidpathLenConstraintTest7EE.crt", |
| "pathLenConstraint0CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "pathLenConstraint0CACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.6.8 */ |
| public void testVerifyingBasicConstraints_ValidpathLenConstraintTest8() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidpathLenConstraintTest8EE.crt", |
| "pathLenConstraint0CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "pathLenConstraint0CACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.6.9 */ |
| public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest9() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidpathLenConstraintTest9EE.crt", |
| "pathLenConstraint6subsubCA00Cert.crt", |
| "pathLenConstraint6subCA0Cert.crt", |
| "pathLenConstraint6CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "pathLenConstraint6CACRL.crl", |
| "pathLenConstraint6subCA0CRL.crl", |
| "pathLenConstraint6subsubCA00CRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.6.10 */ |
| public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest10() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidpathLenConstraintTest10EE.crt", |
| "pathLenConstraint6subsubCA00Cert.crt", |
| "pathLenConstraint6subCA0Cert.crt", |
| "pathLenConstraint6CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "pathLenConstraint6CACRL.crl", |
| "pathLenConstraint6subCA0CRL.crl", |
| "pathLenConstraint6subsubCA00CRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.6.11 */ |
| public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest11() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidpathLenConstraintTest11EE.crt", |
| "pathLenConstraint6subsubsubCA11XCert.crt", |
| "pathLenConstraint6subsubCA11Cert.crt", |
| "pathLenConstraint6subCA1Cert.crt", |
| "pathLenConstraint6CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "pathLenConstraint6CACRL.crl", |
| "pathLenConstraint6subCA1CRL.crl", |
| "pathLenConstraint6subsubCA11CRL.crl", |
| "pathLenConstraint6subsubsubCA11XCRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.6.12 */ |
| public void testVerifyingBasicConstraints_InvalidpathLenConstraintTest12() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidpathLenConstraintTest12EE.crt", |
| "pathLenConstraint6subsubsubCA11XCert.crt", |
| "pathLenConstraint6subsubCA11Cert.crt", |
| "pathLenConstraint6subCA1Cert.crt", |
| "pathLenConstraint6CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "pathLenConstraint6CACRL.crl", |
| "pathLenConstraint6subCA1CRL.crl", |
| "pathLenConstraint6subsubCA11CRL.crl", |
| "pathLenConstraint6subsubsubCA11XCRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.6.13 */ |
| public void testVerifyingBasicConstraints_ValidpathLenConstraintTest13() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidpathLenConstraintTest13EE.crt", |
| "pathLenConstraint6subsubsubCA41XCert.crt", |
| "pathLenConstraint6subsubCA41Cert.crt", |
| "pathLenConstraint6subCA4Cert.crt", |
| "pathLenConstraint6CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "pathLenConstraint6CACRL.crl", |
| "pathLenConstraint6subCA4CRL.crl", |
| "pathLenConstraint6subsubCA41CRL.crl", |
| "pathLenConstraint6subsubsubCA41XCRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.6.14 */ |
| public void testVerifyingBasicConstraints_ValidpathLenConstraintTest14() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidpathLenConstraintTest14EE.crt", |
| "pathLenConstraint6subsubsubCA41XCert.crt", |
| "pathLenConstraint6subsubCA41Cert.crt", |
| "pathLenConstraint6subCA4Cert.crt", |
| "pathLenConstraint6CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "pathLenConstraint6CACRL.crl", |
| "pathLenConstraint6subCA4CRL.crl", |
| "pathLenConstraint6subsubCA41CRL.crl", |
| "pathLenConstraint6subsubsubCA41XCRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.6.15 */ |
| public void testVerifyingBasicConstraints_ValidSelfIssuedpathLenConstraintTest15() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidSelfIssuedpathLenConstraintTest15EE.crt", |
| "pathLenConstraint0SelfIssuedCACert.crt", |
| "pathLenConstraint0CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "pathLenConstraint0CACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.6.16 */ |
| public void testVerifyingBasicConstraints_InvalidSelfIssuedpathLenConstraintTest16() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidSelfIssuedpathLenConstraintTest16EE.crt", |
| "pathLenConstraint0subCA2Cert.crt", |
| "pathLenConstraint0SelfIssuedCACert.crt", |
| "pathLenConstraint0CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "pathLenConstraint0CACRL.crl", |
| "pathLenConstraint0subCA2CRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.6.17 */ |
| public void testVerifyingBasicConstraints_ValidSelfIssuedpathLenConstraintTest17() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidSelfIssuedpathLenConstraintTest17EE.crt", |
| "pathLenConstraint1SelfIssuedsubCACert.crt", |
| "pathLenConstraint1subCACert.crt", |
| "pathLenConstraint1SelfIssuedCACert.crt", |
| "pathLenConstraint1CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "pathLenConstraint1CACRL.crl", |
| "pathLenConstraint1subCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.7.1 */ |
| public void testKeyUsage_InvalidkeyUsageCriticalkeyCertSignFalseTest1() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt", |
| "keyUsageCriticalkeyCertSignFalseCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "keyUsageCriticalkeyCertSignFalseCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.7.2 */ |
| public void testKeyUsage_InvalidkeyUsageNotCriticalkeyCertSignFalseTest2() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt", |
| "keyUsageNotCriticalkeyCertSignFalseCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "keyUsageNotCriticalkeyCertSignFalseCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.7.3 */ |
| public void testKeyUsage_ValidkeyUsageNotCriticalTest3() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidkeyUsageNotCriticalTest3EE.crt", |
| "keyUsageNotCriticalCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "keyUsageNotCriticalCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.7.4 */ |
| public void testKeyUsage_InvalidkeyUsageCriticalcRLSignFalseTest4() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt", |
| "keyUsageCriticalcRLSignFalseCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "keyUsageCriticalcRLSignFalseCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.7.5 */ |
| public void testKeyUsage_InvalidkeyUsageNotCriticalcRLSignFalseTest5() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt", |
| "keyUsageNotCriticalcRLSignFalseCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "keyUsageNotCriticalcRLSignFalseCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| // skipping sections 4.8 to 4.12 |
| |
| /** NIST PKITS test 4.13.1 */ |
| public void testKeyUsage_ValidDNnameConstraintsTest1() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidDNnameConstraintsTest1EE.crt", |
| "nameConstraintsDN1CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDN1CACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.2 */ |
| public void testKeyUsage_InvalidDNnameConstraintsTest2() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidDNnameConstraintsTest2EE.crt", |
| "nameConstraintsDN1CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDN1CACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.3 */ |
| public void testKeyUsage_InvalidDNnameConstraintsTest3() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidDNnameConstraintsTest3EE.crt", |
| "nameConstraintsDN1CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDN1CACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.4 */ |
| public void testKeyUsage_ValidDNnameConstraintsTest4() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidDNnameConstraintsTest4EE.crt", |
| "nameConstraintsDN1CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDN1CACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.5 */ |
| public void testKeyUsage_ValidDNnameConstraintsTest5() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidDNnameConstraintsTest5EE.crt", |
| "nameConstraintsDN2CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDN2CACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.6 */ |
| public void testKeyUsage_ValidDNnameConstraintsTest6() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidDNnameConstraintsTest6EE.crt", |
| "nameConstraintsDN3CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDN3CACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.7 */ |
| public void testKeyUsage_InvalidDNnameConstraintsTest7() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidDNnameConstraintsTest7EE.crt", |
| "nameConstraintsDN3CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDN3CACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.8 */ |
| public void testKeyUsage_InvalidDNnameConstraintsTest8() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidDNnameConstraintsTest8EE.crt", |
| "nameConstraintsDN4CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDN4CACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.9 */ |
| public void testKeyUsage_InvalidDNnameConstraintsTest9() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidDNnameConstraintsTest9EE.crt", |
| "nameConstraintsDN4CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDN4CACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.10 */ |
| public void testKeyUsage_InvalidDNnameConstraintsTest10() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidDNnameConstraintsTest10EE.crt", |
| "nameConstraintsDN5CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDN5CACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.11 */ |
| public void testKeyUsage_ValidDNnameConstraintsTest11() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidDNnameConstraintsTest11EE.crt", |
| "nameConstraintsDN5CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDN5CACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.12 */ |
| public void testKeyUsage_InvalidDNnameConstraintsTest12() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidDNnameConstraintsTest12EE.crt", |
| "nameConstraintsDN1subCA1Cert.crt", |
| "nameConstraintsDN1CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDN1CACRL.crl", |
| "nameConstraintsDN1subCA1CRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.13 */ |
| public void testKeyUsage_InvalidDNnameConstraintsTest13() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidDNnameConstraintsTest13EE.crt", |
| "nameConstraintsDN1subCA2Cert.crt", |
| "nameConstraintsDN1CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDN1CACRL.crl", |
| "nameConstraintsDN1subCA2CRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.14 */ |
| public void testKeyUsage_ValidDNnameConstraintsTest14() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidDNnameConstraintsTest14EE.crt", |
| "nameConstraintsDN1subCA2Cert.crt", |
| "nameConstraintsDN1CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDN1CACRL.crl", |
| "nameConstraintsDN1subCA2CRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.15 */ |
| public void testKeyUsage_InvalidDNnameConstraintsTest15() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidDNnameConstraintsTest15EE.crt", |
| "nameConstraintsDN3subCA1Cert.crt", |
| "nameConstraintsDN3CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDN3CACRL.crl", |
| "nameConstraintsDN3subCA1CRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.16 */ |
| public void testKeyUsage_InvalidDNnameConstraintsTest16() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidDNnameConstraintsTest16EE.crt", |
| "nameConstraintsDN3subCA1Cert.crt", |
| "nameConstraintsDN3CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDN3CACRL.crl", |
| "nameConstraintsDN3subCA1CRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.17 */ |
| public void testKeyUsage_InvalidDNnameConstraintsTest17() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidDNnameConstraintsTest17EE.crt", |
| "nameConstraintsDN3subCA2Cert.crt", |
| "nameConstraintsDN3CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDN3CACRL.crl", |
| "nameConstraintsDN3subCA2CRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.18 */ |
| public void testKeyUsage_ValidDNnameConstraintsTest18() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidDNnameConstraintsTest18EE.crt", |
| "nameConstraintsDN3subCA2Cert.crt", |
| "nameConstraintsDN3CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDN3CACRL.crl", |
| "nameConstraintsDN3subCA2CRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.19 */ |
| public void testKeyUsage_ValidSelfIssuedDNnameConstraintsTest19() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidDNnameConstraintsTest19EE.crt", |
| "nameConstraintsDN1SelfIssuedCACert.crt", |
| "nameConstraintsDN1CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDN1CACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.20 */ |
| public void testKeyUsage_InvalidSelfIssuedDNnameConstraintsTest20() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidDNnameConstraintsTest20EE.crt", |
| "nameConstraintsDN1CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDN1CACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.21 */ |
| public void testKeyUsage_ValidRFC822nameConstraintsTest21() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidRFC822nameConstraintsTest21EE.crt", |
| "nameConstraintsRFC822CA1Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsRFC822CA1CRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.22 */ |
| public void testKeyUsage_InvalidRFC822nameConstraintsTest22() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidRFC822nameConstraintsTest22EE.crt", |
| "nameConstraintsRFC822CA1Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsRFC822CA1CRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.23 */ |
| public void testKeyUsage_ValidRFC822nameConstraintsTest23() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidRFC822nameConstraintsTest23EE.crt", |
| "nameConstraintsRFC822CA2Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsRFC822CA2CRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.24 */ |
| public void testKeyUsage_InvalidRFC822nameConstraintsTest24() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidRFC822nameConstraintsTest24EE.crt", |
| "nameConstraintsRFC822CA2Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsRFC822CA2CRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.25 */ |
| public void testKeyUsage_ValidRFC822nameConstraintsTest25() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidRFC822nameConstraintsTest25EE.crt", |
| "nameConstraintsRFC822CA3Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsRFC822CA3CRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.26 */ |
| public void testKeyUsage_InvalidRFC822nameConstraintsTest26() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidRFC822nameConstraintsTest26EE.crt", |
| "nameConstraintsRFC822CA3Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsRFC822CA3CRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.27 */ |
| public void testKeyUsage_ValidDNandRFC822nameConstraintsTest27() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidDNandRFC822nameConstraintsTest27EE.crt", |
| "nameConstraintsDN1subCA3Cert.crt", |
| "nameConstraintsDN1CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDN1CACRL.crl", |
| "nameConstraintsDN1subCA3CRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.28 */ |
| public void testKeyUsage_InvalidDNandRFC822nameConstraintsTest28() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidDNandRFC822nameConstraintsTest28EE.crt", |
| "nameConstraintsDN1subCA3Cert.crt", |
| "nameConstraintsDN1CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDN1CACRL.crl", |
| "nameConstraintsDN1subCA3CRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.29 */ |
| public void testKeyUsage_InvalidDNandRFC822nameConstraintsTest29() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidDNandRFC822nameConstraintsTest29EE.crt", |
| "nameConstraintsDN1subCA3Cert.crt", |
| "nameConstraintsDN1CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDN1CACRL.crl", |
| "nameConstraintsDN1subCA3CRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.30 */ |
| public void testKeyUsage_ValidDNSnameConstraintsTest30() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidDNSnameConstraintsTest30EE.crt", |
| "nameConstraintsDNS1CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDNS1CACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.31 */ |
| public void testKeyUsage_InvalidDNSnameConstraintsTest31() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidDNSnameConstraintsTest31EE.crt", |
| "nameConstraintsDNS1CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDNS1CACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.32 */ |
| public void testKeyUsage_ValidDNSnameConstraintsTest32() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidDNSnameConstraintsTest32EE.crt", |
| "nameConstraintsDNS2CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDNS2CACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.33 */ |
| public void testKeyUsage_InvalidDNSnameConstraintsTest33() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidDNSnameConstraintsTest33EE.crt", |
| "nameConstraintsDNS2CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDNS2CACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.34 */ |
| public void testKeyUsage_ValidURInameConstraintsTest34() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidURInameConstraintsTest34EE.crt", |
| "nameConstraintsURI1CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsURI1CACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.35 */ |
| public void testKeyUsage_InvalidURInameConstraintsTest35() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidURInameConstraintsTest35EE.crt", |
| "nameConstraintsURI1CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsURI1CACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.36 */ |
| public void testKeyUsage_ValidURInameConstraintsTest36() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidURInameConstraintsTest36EE.crt", |
| "nameConstraintsURI2CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsURI2CACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.37 */ |
| public void testKeyUsage_InvalidURInameConstraintsTest37() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidURInameConstraintsTest37EE.crt", |
| "nameConstraintsURI2CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsURI2CACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.13.38 */ |
| public void testKeyUsage_InvalidDNSnameConstraintsTest38() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidDNSnameConstraintsTest38EE.crt", |
| "nameConstraintsDNS1CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "nameConstraintsDNS1CACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.1 */ |
| public void testDistributionPoints_ValiddistributionPointTest1() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValiddistributionPointTest1EE.crt", |
| "distributionPoint1CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "distributionPoint1CACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.2 */ |
| public void testDistributionPoints_InvaliddistributionPointTest2() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvaliddistributionPointTest2EE.crt", |
| "distributionPoint1CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "distributionPoint1CACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.3 */ |
| public void testDistributionPoints_InvaliddistributionPointTest3() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvaliddistributionPointTest3EE.crt", |
| "distributionPoint1CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "distributionPoint1CACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.4 */ |
| public void testDistributionPoints_ValiddistributionPointTest4() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValiddistributionPointTest4EE.crt", |
| "distributionPoint1CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "distributionPoint1CACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.5 */ |
| public void testDistributionPoints_ValiddistributionPointTest5() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValiddistributionPointTest5EE.crt", |
| "distributionPoint2CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "distributionPoint2CACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.6 */ |
| public void testDistributionPoints_InvaliddistributionPointTest6() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvaliddistributionPointTest6EE.crt", |
| "distributionPoint2CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "distributionPoint2CACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.7 */ |
| public void testDistributionPoints_ValiddistributionPointTest7() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValiddistributionPointTest7EE.crt", |
| "distributionPoint2CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "distributionPoint2CACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.8 */ |
| public void testDistributionPoints_InvaliddistributionPointTest8() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvaliddistributionPointTest8EE.crt", |
| "distributionPoint2CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "distributionPoint2CACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.9 */ |
| public void testDistributionPoints_InvaliddistributionPointTest9() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvaliddistributionPointTest9EE.crt", |
| "distributionPoint2CACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "distributionPoint2CACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.10 */ |
| public void testDistributionPoints_ValidNoissuingDistributionPointTest10() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidNoissuingDistributionPointTest10EE.crt", |
| "NoissuingDistributionPointCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "NoissuingDistributionPointCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.11 */ |
| public void testDistributionPoints_InvalidonlyContainsUserCertsCRLTest11() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidonlyContainsUserCertsTest11EE.crt", |
| "onlyContainsUserCertsCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "onlyContainsUserCertsCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.12 */ |
| public void testDistributionPoints_InvalidonlyContainsCACertsCRLTest12() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidonlyContainsCACertsTest12EE.crt", |
| "onlyContainsCACertsCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "onlyContainsCACertsCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.13 */ |
| public void testDistributionPoints_ValidonlyContainsCACertsCRLTest13() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidonlyContainsCACertsTest13EE.crt", |
| "onlyContainsCACertsCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "onlyContainsCACertsCACRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.14 */ |
| public void testDistributionPoints_InvalidonlyContainsAttributeCertsTest14() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidonlyContainsAttributeCertsTest14EE.crt", |
| "onlyContainsAttributeCertsCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "onlyContainsAttributeCertsCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.15 */ |
| public void testDistributionPoints_InvalidonlySomeReasonsTest15() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidonlySomeReasonsTest15EE.crt", |
| "onlySomeReasonsCA1Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "onlySomeReasonsCA1compromiseCRL.crl", |
| "onlySomeReasonsCA1otherreasonsCRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.16 */ |
| public void testDistributionPoints_InvalidonlySomeReasonsTest16() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidonlySomeReasonsTest16EE.crt", |
| "onlySomeReasonsCA1Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "onlySomeReasonsCA1compromiseCRL.crl", |
| "onlySomeReasonsCA1otherreasonsCRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.17 */ |
| public void testDistributionPoints_InvalidonlySomeReasonsTest17() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidonlySomeReasonsTest17EE.crt", |
| "onlySomeReasonsCA2Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "onlySomeReasonsCA2CRL1.crl", |
| "onlySomeReasonsCA2CRL2.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.18 */ |
| public void testDistributionPoints_ValidonlySomeReasonsTest18() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidonlySomeReasonsTest18EE.crt", |
| "onlySomeReasonsCA3Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "onlySomeReasonsCA3compromiseCRL.crl", |
| "onlySomeReasonsCA3otherreasonsCRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.19 */ |
| public void testDistributionPoints_ValidonlySomeReasonsTest19() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidonlySomeReasonsTest19EE.crt", |
| "onlySomeReasonsCA4Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "onlySomeReasonsCA4compromiseCRL.crl", |
| "onlySomeReasonsCA4otherreasonsCRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.20 */ |
| public void testDistributionPoints_InvalidonlySomeReasonsTest20() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidonlySomeReasonsTest20EE.crt", |
| "onlySomeReasonsCA4Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "onlySomeReasonsCA4compromiseCRL.crl", |
| "onlySomeReasonsCA4otherreasonsCRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.21 */ |
| public void testDistributionPoints_InvalidonlySomeReasonsTest21() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidonlySomeReasonsTest21EE.crt", |
| "onlySomeReasonsCA4Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "onlySomeReasonsCA4compromiseCRL.crl", |
| "onlySomeReasonsCA4otherreasonsCRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.22 */ |
| public void testDistributionPoints_ValidIDPwithindirectCRLTest22() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidIDPwithindirectCRLTest22EE.crt", |
| "indirectCRLCA1Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "indirectCRLCA1CRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.23 */ |
| public void testDistributionPoints_InvalidIDPwithindirectCRLTest23() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidIDPwithindirectCRLTest23EE.crt", |
| "indirectCRLCA1Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "indirectCRLCA1CRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.24 */ |
| public void testDistributionPoints_ValidIDPwithindirectCRLTest24() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] path = { |
| "ValidIDPwithindirectCRLTest24EE.crt", |
| "indirectCRLCA2Cert.crt", |
| }; |
| |
| String[] certs = { |
| "ValidIDPwithindirectCRLTest24EE.crt", |
| "indirectCRLCA1Cert.crt", |
| "indirectCRLCA2Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "indirectCRLCA1CRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, path, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.25 */ |
| public void testDistributionPoints_ValidIDPwithindirectCRLTest25() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] path = { |
| "ValidIDPwithindirectCRLTest25EE.crt", |
| "indirectCRLCA2Cert.crt", |
| }; |
| |
| String[] certs = { |
| "ValidIDPwithindirectCRLTest25EE.crt", |
| "indirectCRLCA1Cert.crt", |
| "indirectCRLCA2Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "indirectCRLCA1CRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, path, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.26 */ |
| public void testDistributionPoints_InvalidIDPwithindirectCRLTest26() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidIDPwithindirectCRLTest26EE.crt", |
| "indirectCRLCA1Cert.crt", |
| "indirectCRLCA2Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "indirectCRLCA1CRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.27 */ |
| public void testDistributionPoints_InvalidcRLIssuerTest27() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidcRLIssuerTest27EE.crt", |
| "GoodCACert.crt", |
| "indirectCRLCA2Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "GoodCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.28 */ |
| public void testDistributionPoints_ValidcRLIssuerTest28() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] path = { |
| "ValidcRLIssuerTest28EE.crt", |
| "indirectCRLCA3Cert.crt", |
| }; |
| |
| String[] certs = { |
| "ValidcRLIssuerTest28EE.crt", |
| "indirectCRLCA3cRLIssuerCert.crt", |
| "indirectCRLCA3Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "indirectCRLCA3CRL.crl", |
| "indirectCRLCA3cRLIssuerCRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, path, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.29 */ |
| public void testDistributionPoints_ValidcRLIssuerTest29() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] path = { |
| "ValidcRLIssuerTest29EE.crt", |
| "indirectCRLCA3Cert.crt", |
| }; |
| |
| String[] certs = { |
| "ValidcRLIssuerTest29EE.crt", |
| "indirectCRLCA3cRLIssuerCert.crt", |
| "indirectCRLCA3Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "indirectCRLCA3CRL.crl", |
| "indirectCRLCA3cRLIssuerCRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, path, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.30 */ |
| public void testDistributionPoints_ValidcRLIssuerTest30() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] path = { |
| "ValidcRLIssuerTest30EE.crt", |
| "indirectCRLCA4Cert.crt", |
| }; |
| |
| String[] certs = { |
| "ValidcRLIssuerTest30EE.crt", |
| "indirectCRLCA4cRLIssuerCert.crt", |
| "indirectCRLCA4Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "indirectCRLCA4cRLIssuerCRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, path, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.31 */ |
| public void testDistributionPoints_InvalidcRLIssuerTest31() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidcRLIssuerTest31EE.crt", |
| "indirectCRLCA6Cert.crt", |
| "indirectCRLCA5Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "indirectCRLCA5CRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.32 */ |
| public void testDistributionPoints_InvalidcRLIssuerTest32() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidcRLIssuerTest32EE.crt", |
| "indirectCRLCA6Cert.crt", |
| "indirectCRLCA5Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "indirectCRLCA5CRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.33 */ |
| public void testDistributionPoints_ValidcRLIssuerTest33() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] path = { |
| "ValidcRLIssuerTest33EE.crt", |
| "indirectCRLCA6Cert.crt", |
| }; |
| |
| String[] certs = { |
| "ValidcRLIssuerTest33EE.crt", |
| "indirectCRLCA6Cert.crt", |
| "indirectCRLCA5Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "indirectCRLCA5CRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, path, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.34 */ |
| public void testDistributionPoints_InvalidcRLIssuerTest34() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidcRLIssuerTest34EE.crt", |
| "indirectCRLCA5Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "indirectCRLCA5CRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.14.35 */ |
| public void testDistributionPoints_InvalidcRLIssuerTest35() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvalidcRLIssuerTest35EE.crt", |
| "indirectCRLCA5Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "indirectCRLCA5CRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.15.1 */ |
| public void testDeltaCRLs_InvaliddeltaCRLIndicatorNoBaseTest1() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvaliddeltaCRLIndicatorNoBaseTest1EE.crt", |
| "deltaCRLIndicatorNoBaseCACert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "deltaCRLIndicatorNoBaseCACRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.15.2 */ |
| public void testDeltaCRLs_ValiddeltaCRLTest2() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValiddeltaCRLTest2EE.crt", |
| "deltaCRLCA1Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "deltaCRLCA1CRL.crl", |
| "deltaCRLCA1deltaCRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.15.3 */ |
| public void testDeltaCRLs_InvaliddeltaCRLTest3() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvaliddeltaCRLTest3EE.crt", |
| "deltaCRLCA1Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "deltaCRLCA1CRL.crl", |
| "deltaCRLCA1deltaCRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.15.4 */ |
| public void testDeltaCRLs_InvaliddeltaCRLTest4() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvaliddeltaCRLTest4EE.crt", |
| "deltaCRLCA1Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "deltaCRLCA1CRL.crl", |
| "deltaCRLCA1deltaCRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.15.5 */ |
| public void testDeltaCRLs_ValiddeltaCRLTest5() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValiddeltaCRLTest5EE.crt", |
| "deltaCRLCA1Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "deltaCRLCA1CRL.crl", |
| "deltaCRLCA1deltaCRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.15.6 */ |
| public void testDeltaCRLs_InvaliddeltaCRLTest6() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvaliddeltaCRLTest6EE.crt", |
| "deltaCRLCA1Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "deltaCRLCA1CRL.crl", |
| "deltaCRLCA1deltaCRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.15.7 */ |
| public void testDeltaCRLs_ValiddeltaCRLTest7() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValiddeltaCRLTest7EE.crt", |
| "deltaCRLCA1Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "deltaCRLCA1CRL.crl", |
| "deltaCRLCA1deltaCRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.15.8 */ |
| public void testDeltaCRLs_ValiddeltaCRLTest8() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValiddeltaCRLTest8EE.crt", |
| "deltaCRLCA2Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "deltaCRLCA2CRL.crl", |
| "deltaCRLCA2deltaCRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.15.9 */ |
| public void testDeltaCRLs_InvaliddeltaCRLTest9() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvaliddeltaCRLTest9EE.crt", |
| "deltaCRLCA2Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "deltaCRLCA2CRL.crl", |
| "deltaCRLCA2deltaCRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.15.10 */ |
| public void testDeltaCRLs_InvaliddeltaCRLTest10() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "InvaliddeltaCRLTest10EE.crt", |
| "deltaCRLCA3Cert.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| "deltaCRLCA3CRL.crl", |
| "deltaCRLCA3deltaCRL.crl", |
| }; |
| |
| assertInvalidPath(trustAnchor, certs, crls); |
| } |
| |
| /** NIST PKITS test 4.16.1 */ |
| public void testPrivateCertificateExtensions_ValidUnknownNotCriticalCertificateExtensionTest1() throws Exception { |
| String trustAnchor = "TrustAnchorRootCertificate.crt"; |
| |
| String[] certs = { |
| "ValidUnknownNotCriticalCertificateExtensionTest1EE.crt", |
| }; |
| |
| String[] crls = { |
| "TrustAnchorRootCRL.crl", |
| }; |
| |
| assertValidPath(trustAnchor, certs, crls); |
| } |
| |
| /* DO NOT MANUALLY EDIT -- END AUTOMATICALLY GENERATED TESTS */ |
| } |