Package org.apache.harmony.security.tests.java.security.cert

Source Code of org.apache.harmony.security.tests.java.security.cert.CertificateFactory_ImplTest

/*
*  Licensed to the Apache Software Foundation (ASF) under one or more
*  contributor license agreements.  See the NOTICE file distributed with
*  this work for additional information regarding copyright ownership.
*  The ASF licenses this file to You under the Apache License, Version 2.0
*  (the "License"); you may not use this file except in compliance with
*  the License.  You may obtain a copy of the License at
*
*     http://www.apache.org/licenses/LICENSE-2.0
*
*  Unless required by applicable law or agreed to in writing, software
*  distributed under the License is distributed on an "AS IS" BASIS,
*  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
*  See the License for the specific language governing permissions and
*  limitations under the License.
*/

/**
* @author Alexander Y. Kleymenov
* @version $Revision$
*/

package org.apache.harmony.security.tests.java.security.cert;

import java.io.ByteArrayInputStream;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.apache.harmony.luni.util.Base64;

import junit.framework.TestCase;

/**
* X.509 CertificateFactory provider implementation test.<br>
* See RFC 3280 (http://www.ietf.org/rfc/rfc3280.txt) for
* more information on X.509, and
* http://www.ietf.org/rfc/rfc2315.txt
* for more information on PKCS #7.
* The testing data was generated by use of classes from
* org.apache.harmony.security.x509 package.
*/
public class CertificateFactory_ImplTest extends TestCase {

    /**
     * Base64 encoded PKCS7 SignedObject containing two X.509
     * Certificates and CRLs.
     */
    private static String pkcs7so =
          "MIIHDwYJKoZIhvcNAQcCoIIHADCCBvwCAQExADALBgkqhkiG9w0BBwGg"
        + "ggUuMIICkzCCAlOgAwIBAgICAiswCQYHKoZIzjgEAzAdMRswGQYDVQQK"
        + "ExJDZXJ0aWZpY2F0ZSBJc3N1ZXIwIxcNMDYwOTA1MDk1MzA2WhgSMjMz"
        + "NjEwMTMwMjUxMjcuODFaMB0xGzAZBgNVBAoTEkNlcnRpZmljYXRlIElz"
        + "c3VlcjCCAbgwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu"
        + "7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeB"
        + "O4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD"
        + "9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvM"
        + "spK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlX"
        + "TAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqL"
        + "VHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4Vrl"
        + "nwaSi2ZegHtVJWQBTDv+z0kqA4GFAAKBgQDyCA7AK6Kep2soxt8tIsWW"
        + "kafbYdueAkeBNnm46H0OteFa80HMuJjKJ0LjlPrdjFMARKyW/GATtQhg"
        + "hY/MrINAHmKcX5QjL1DkuJKDNggLHqj5D6efsWmLKwLvmviWLzWtjh7Y"
        + "GBZeLt0ezu2q49aKcOzkkDsCSsMz09u9284L6qMeMBwwGgYDVR0RAQH/"
        + "BBAwDoEMcmZjQDgyMi5OYW1lMAkGByqGSM44BAMDLwAwLAIUWo0C+R8P"
        + "J8LGSLsCRqJ8SOOO0SoCFGvO6mpNdzOKiwlYwfpF/Xyi7s3vMIICkzCC"
        + "AlOgAwIBAgICAiswCQYHKoZIzjgEAzAdMRswGQYDVQQKExJDZXJ0aWZp"
        + "Y2F0ZSBJc3N1ZXIwIxcNMDYwOTA1MDk1MzA2WhgSMjMzNjEwMTMwMjUx"
        + "MjcuODFaMB0xGzAZBgNVBAoTEkNlcnRpZmljYXRlIElzc3VlcjCCAbgw"
        + "ggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3Ujzv"
        + "RADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3"
        + "a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQT"
        + "WhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvw"
        + "WBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlX"
        + "jrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4r"
        + "s6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtV"
        + "JWQBTDv+z0kqA4GFAAKBgQDyCA7AK6Kep2soxt8tIsWWkafbYdueAkeB"
        + "Nnm46H0OteFa80HMuJjKJ0LjlPrdjFMARKyW/GATtQhghY/MrINAHmKc"
        + "X5QjL1DkuJKDNggLHqj5D6efsWmLKwLvmviWLzWtjh7YGBZeLt0ezu2q"
        + "49aKcOzkkDsCSsMz09u9284L6qMeMBwwGgYDVR0RAQH/BBAwDoEMcmZj"
        + "QDgyMi5OYW1lMAkGByqGSM44BAMDLwAwLAIUWo0C+R8PJ8LGSLsCRqJ8"
        + "SOOO0SoCFGvO6mpNdzOKiwlYwfpF/Xyi7s3voYIBsjCB1jCBlwIBATAJ"
        + "BgcqhkjOOAQDMBUxEzARBgNVBAoTCkNSTCBJc3N1ZXIXDTA2MDkwNTA5"
        + "NTMwN1oXDTA2MDkwNTA5NTQ0N1owQTA/AgICKxcNMDYwOTA1MDk1MzA4"
        + "WjAqMAoGA1UdFQQDCgEBMBwGA1UdGAQVGBMyMDA2MDkwNTA5NTMwNy43"
        + "MThaoA8wDTALBgNVHRQEBAICEVwwCQYHKoZIzjgEAwMvADAsAhR/l5kI"
        + "bTkuJe9HjcpZ4Ff4Ifv9xwIUIXBlDKsNFlgYdWWTxzrrJOHyMuUwgdYw"
        + "gZcCAQEwCQYHKoZIzjgEAzAVMRMwEQYDVQQKEwpDUkwgSXNzdWVyFw0w"
        + "NjA5MDUwOTUzMDdaFw0wNjA5MDUwOTU0NDdaMEEwPwICAisXDTA2MDkw"
        + "NTA5NTMwOFowKjAKBgNVHRUEAwoBATAcBgNVHRgEFRgTMjAwNjA5MDUw"
        + "OTUzMDcuNzE4WqAPMA0wCwYDVR0UBAQCAhFcMAkGByqGSM44BAMDLwAw"
        + "LAIUf5eZCG05LiXvR43KWeBX+CH7/ccCFCFwZQyrDRZYGHVlk8c66yTh"
        + "8jLlMQA=";

    /**
     * Base64 encoded PkiPath object containing 2 X.509 certificates.
     */
    private static String pkiPath =
          "MIIFMDCCApQwggJToAMCAQICAgIrMAkGByqGSM44BAMwHTEbMBkGA1UE"
        + "ChMSQ2VydGlmaWNhdGUgSXNzdWVyMCMXDTA2MDkwNTExMDAyM1oYEjIz"
        + "MzYxMDEzMTQwNDE4LjEyWjAdMRswGQYDVQQKExJDZXJ0aWZpY2F0ZSBJ"
        + "c3N1ZXIwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qc"
        + "Luzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzX"
        + "gTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7"
        + "g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSML"
        + "zLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5"
        + "V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6"
        + "i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa"
        + "5Z8GkotmXoB7VSVkAUw7/s9JKgOBhQACgYEA8ggOwCuinqdrKMbfLSLF"
        + "lpGn22HbngJHgTZ5uOh9DrXhWvNBzLiYyidC45T63YxTAESslvxgE7UI"
        + "YIWPzKyDQB5inF+UIy9Q5LiSgzYICx6o+Q+nn7FpiysC75r4li81rY4e"
        + "2BgWXi7dHs7tquPWinDs5JA7AkrDM9PbvdvOC+qjHjAcMBoGA1UdEQEB"
        + "/wQQMA6BDHJmY0A4MjIuTmFtZTAJBgcqhkjOOAQDAzAAMC0CFQCAUA72"
        + "3BIXNluugYcScXeb9vx5vAIUYreCA5ljANvzSsD0ofI+xph4//IwggKU"
        + "MIICU6ADAgECAgICKzAJBgcqhkjOOAQDMB0xGzAZBgNVBAoTEkNlcnRp"
        + "ZmljYXRlIElzc3VlcjAjFw0wNjA5MDUxMTAwMjNaGBIyMzM2MTAxMzE0"
        + "MDQxOC4xMlowHTEbMBkGA1UEChMSQ2VydGlmaWNhdGUgSXNzdWVyMIIB"
        + "uDCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdS"
        + "PO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/Jm"
        + "YLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1"
        + "VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuE"
        + "C/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdR"
        + "WVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOu"
        + "HiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6A"
        + "e1UlZAFMO/7PSSoDgYUAAoGBAPIIDsArop6nayjG3y0ixZaRp9th254C"
        + "R4E2ebjofQ614VrzQcy4mMonQuOU+t2MUwBErJb8YBO1CGCFj8ysg0Ae"
        + "YpxflCMvUOS4koM2CAseqPkPp5+xaYsrAu+a+JYvNa2OHtgYFl4u3R7O"
        + "7arj1opw7OSQOwJKwzPT273bzgvqox4wHDAaBgNVHREBAf8EEDAOgQxy"
        + "ZmNAODIyLk5hbWUwCQYHKoZIzjgEAwMwADAtAhUAgFAO9twSFzZbroGH"
        + "EnF3m/b8ebwCFGK3ggOZYwDb80rA9KHyPsaYeP/y";

    /**
     * Base64 encoded X.509 CRL.
     */
    private static String x509crl =
          "MIHWMIGWAgEBMAkGByqGSM44BAMwFTETMBEGA1UEChMKQ1JMIElzc3Vl"
        + "chcNMDYwOTA1MDk1MzA4WhcNMDYwOTA1MDk1NDQ4WjBAMD4CAgIrFw0w"
        + "NjA5MDUwOTUzMDhaMCkwCgYDVR0VBAMKAQEwGwYDVR0YBBQYEjIwMDYw"
        + "OTA1MDk1MzA4Ljg5WqAPMA0wCwYDVR0UBAQCAhFcMAkGByqGSM44BAMD"
        + "MAAwLQIUJ1KAJumw8mOpGXT/FS5K9WwOBRICFQCR+ez59x9GH3sKoByC"
        + "IooeR20Q3Q==";

    /**
     * Base64 encoded X.509 Certificate.
     */
    private static String x509cert =
          "MIICkzCCAlOgAwIBAgICAiswCQYHKoZIzjgEAzAdMRswGQYDVQQKExJD"
        + "ZXJ0aWZpY2F0ZSBJc3N1ZXIwIxcNMDYwOTA4MDU1NzUxWhgSMjMzNjEx"
        + "MTAxMTM4NTUuNjJaMB0xGzAZBgNVBAoTEkNlcnRpZmljYXRlIElzc3Vl"
        + "cjCCAbgwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn"
        + "9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeBO4Ad"
        + "NG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPF"
        + "HsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5"
        + "gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9"
        + "B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyN"
        + "KOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaS"
        + "i2ZegHtVJWQBTDv+z0kqA4GFAAKBgQDyCA7AK6Kep2soxt8tIsWWkafb"
        + "YdueAkeBNnm46H0OteFa80HMuJjKJ0LjlPrdjFMARKyW/GATtQhghY/M"
        + "rINAHmKcX5QjL1DkuJKDNggLHqj5D6efsWmLKwLvmviWLzWtjh7YGBZe"
        + "Lt0ezu2q49aKcOzkkDsCSsMz09u9284L6qMeMBwwGgYDVR0RAQH/BBAw"
        + "DoEMcmZjQDgyMi5OYW1lMAkGByqGSM44BAMDLwAwLAIUO+JWKWai/8Si"
        + "2oEfhKSobLttYeYCFFO5YVDvtnmVVnvQTtUvrPpsaxJR";

    /**
     * Base64 encoded Private Key used for data signing.
     * This data is not directly used in the test, but it could be
     * useful in future in case of implementation of additional
     * testing data structures.
     */
    private static String b64PrivateKeySpec =
          "MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s"
        + "5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7"
        + "gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P2"
        + "08UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yy"
        + "krmCouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdM"
        + "Cz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotU"
        + "fI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWf"
        + "BpKLZl6Ae1UlZAFMO/7PSSoEFgIUS24w346zv1ic3wsLOHzxQnf9aX0=";

    /**
     * Base64 encoded Public Key for signature verification.
     */
    private static String b64PublicKeySpec =
          "MIIBuDCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2"
        + "EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00"
        + "b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208Ue"
        + "wwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmC"
        + "ouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0H"
        + "gmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o"
        + "4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKL"
        + "Zl6Ae1UlZAFMO/7PSSoDgYUAAoGBAPIIDsArop6nayjG3y0ixZaRp9th"
        + "254CR4E2ebjofQ614VrzQcy4mMonQuOU+t2MUwBErJb8YBO1CGCFj8ys"
        + "g0AeYpxflCMvUOS4koM2CAseqPkPp5+xaYsrAu+a+JYvNa2OHtgYFl4u"
        + "3R7O7arj1opw7OSQOwJKwzPT273bzgvq";

    /**
     * The name of the algorithm used for Certificate/CRL signing.
     */
    private static String publicKeyAlgorithm = "DSA";

    /**
     * The public key to verify generated Certificates and CRLs.
     */
    private static PublicKey publicKey;

    static {
        try {
            X509EncodedKeySpec publicKeySpec =
                new X509EncodedKeySpec(
                        Base64.decode(b64PublicKeySpec.getBytes("UTF-8")));
            KeyFactory keyFactory =
                KeyFactory.getInstance(publicKeyAlgorithm);
            publicKey = keyFactory.generatePublic(publicKeySpec);
        } catch (NoSuchAlgorithmException e) {
            // provider is not installed, will not verify the generated data
            publicKey = null;
        } catch (Exception e) {
            // problems with a representation of the key
            e.printStackTrace();
            publicKey = null;
        }
    }

    // array contains allowed PEM delimiters
    private static String[][] good = {
        {"-----BEGIN\n", "\n-----END"},
        {"-----BEGIN-----\n", "\n-----END-----"},
        {"-----BEGIN PEM ENCODED DATA STRUCTURE-----\n", "\n-----END-----"},
        {"-----BEGIN MEANINGLESS SEPARATOR\n", "\n-----END PEM"},
    };

    // array contains not allowed PEM delimiters
    private static String[][] bad = {
        {"----BEGI\n", "\n-----END"},
        {"-----BEGI\n", "\n----END"},
        {"-----BEGI\n", "\n-----END"},
        {"-----BEGIN\n", "\n-----EN"},
        {"-----BEGIN", "\n-----END"},
        {"-----BEGIN\n", "-----END"},
    };

    // array contains bad PEM encoded content.
    private static String[] bad_content = {
        "MIIHDwYJ", "ABCD", "\r\n\r\n", "\n\r", ""
    };

    /**
     * generateCRLs method testing.
     * Generates CRLs on the base of PKCS7 SignedData Object
     */
    public void testGenerateCRLs() throws Exception {
        CertificateFactory factory = CertificateFactory.getInstance("X.509");

        // Testing the CRLs generation on the base of PKCS7 SignedData object
        ByteArrayInputStream bais = new ByteArrayInputStream(
                Base64.decode(pkcs7so.getBytes("UTF-8")));

        Collection crls = factory.generateCRLs(bais);
        assertNotNull("Factory returned null on correct PKCS7 data", crls);
        assertEquals("The size of collection differs from expected",
                2, crls.size());

        if (publicKey != null) {
            // verify the signatures
            for (Iterator i = crls.iterator(); i.hasNext();) {
                ((X509CRL) i.next()).verify(publicKey);
            }
        }
    }

    /**
     * generateCRL/generateCertificate method testing.
     * Tries to generates single CRL/Certificate
     * on the base of PKCS7 SignedData Object.
     */
    public void testGenerateCRL() throws Exception {
        CertificateFactory factory = CertificateFactory.getInstance("X.509");

        ByteArrayInputStream bais = new ByteArrayInputStream(
                Base64.decode(pkcs7so.getBytes("UTF-8")));
        try {
            factory.generateCRL(bais);
            fail("Expected exception was not thrown");
        } catch (Exception e) { }
        bais = new ByteArrayInputStream(Base64.decode(pkcs7so.getBytes("UTF-8")));
        try {
            factory.generateCertificate(bais);
            fail("Expected exception was not thrown");
        } catch (Exception e) { }
    }

    /**
     * Generates CRLs on the base of PEM encoding.
     */
    public void testGenerateBase64CRL() throws Exception {
        CertificateFactory factory = CertificateFactory.getInstance("X.509");
        ByteArrayInputStream bais;
       
        for (int i=0; i<good.length; i++) {
            bais = new ByteArrayInputStream(
                    (good[i][0] + x509crl + good[i][1]).getBytes("UTF-8"));

            X509CRL crl = (X509CRL) factory.generateCRL(bais);
            assertNotNull("Factory returned null on correct data", crl);

            if (publicKey != null) {
                // verify the signatures
                crl.verify(publicKey);
            }
        }

        for (int i=0; i<bad_content.length; i++) {
            bais = new ByteArrayInputStream(
                    (good[0][0] + bad_content[i] + good[0][1]).getBytes("UTF-8"));
            try {
                factory.generateCRL(bais);
                fail("Expected exception was not thrown");
            } catch (Exception e) {
                // e.printStackTrace();
            }
        }

        for (int i=0; i<bad.length; i++) {
            bais = new ByteArrayInputStream(
                    (bad[i][0] + x509crl + bad[i][1]).getBytes("UTF-8"));
            try {
                factory.generateCRL(bais);
                fail("Expected exception was not thrown");
            } catch (Exception e) { }
        }
    }

    private void verifyCRLs(Collection crls) throws Exception {
        if (publicKey != null) {
            // verify the signatures
            for (Iterator it = crls.iterator(); it.hasNext();) {
                ((X509CRL) it.next()).verify(publicKey);
            }
        }
    };

    private void verifyCertificates(Collection certs) throws Exception {
        if (publicKey != null) {
            // verify the signatures
            for (Iterator it = certs.iterator(); it.hasNext();) {
                ((X509Certificate) it.next()).verify(publicKey);
            }
        }
    };

    /**
     * generateCRLs method testing.
     * Generates CRLs on the base of consequent
     * PEM X.509(ASN.1)/X.509(ASN.1)/PKCS7 forms.
     */
    public void testGenerateBase64CRLs() throws Exception {
        CertificateFactory factory = CertificateFactory.getInstance("X.509");
           
        // ------------------------ Test Data -----------------------------
        // encoding describing codes
        int pem_x509 = 0, asn_x509 = 1, pem_pkcs = 2, asn_pkcs = 3,
            bad = 4, npe_bad = 5, npe_bad2 = 6, num_of_variants = 7;
        // error code, marks sequences as throwing exceptions
        int error = 999;
        // test sequences
        int[][] sequences = {
            {pem_x509, pem_x509},
            {pem_x509, asn_x509},
            {pem_x509, asn_x509, pem_x509},
            {asn_x509, asn_x509},
            {asn_x509, pem_x509},
            {asn_x509, pem_x509, asn_x509},
            // -1 means that only 1 (-(-1)) CRL will be generated
            // on the base of this encodings sequence
            {-1, pem_x509, pem_pkcs},
            {-1, pem_x509, bad},
            // {-1/*-error*/, pem_x509, npe_bad2},
            // {-1/*-error*/, pem_x509, npe_bad},
            {-2, pem_pkcs, pem_x509}, // 2 CRLs are expected
            {-2, pem_pkcs, bad},
            {-2, pem_pkcs, npe_bad},
            {-2, pem_pkcs, npe_bad2},
            {-1, asn_x509, pem_pkcs},
            {-1, asn_x509, bad},
            // {-1/*-error*/, asn_x509, npe_bad},
            // {-1/*-error*/, asn_x509, npe_bad2},
            // exception is expected
            {-error, bad},
            {-error, bad, asn_x509},
            {-error, npe_bad},
            {-error, npe_bad2},
        };
        // actual encodings
        byte[][] data = new byte[num_of_variants][];
        data[pem_x509] = (good[0][0] + x509crl + good[0][1] + "\n").getBytes("UTF-8");
        data[asn_x509] = Base64.decode(x509crl.getBytes("UTF-8"));
        data[pem_pkcs] = (good[0][0] + pkcs7so + good[0][1] + "\n").getBytes("UTF-8");
        data[asn_pkcs] = Base64.decode(pkcs7so.getBytes("UTF-8"));
        data[bad] = new byte[] {0, 1, 1, 1, 1, 1, 0, 1};
        data[npe_bad] = new byte[] {0, 1, 1, 1, 1, 1, 1, 0};
        data[npe_bad2] = new byte[] {48, 0, 3, 4, 5, 6, 7};

        // -------------------------- Test --------------------------------
        // Tests CRL generation on the base of sequences of heterogeneous
        // data format
        for (int i=0; i<sequences.length; i++) { // for each of the sequences..
            // expected size og generated CRL collection
            int expected_size = (sequences[i][0] < 0)
                ? -sequences[i][0]
                : sequences[i].length;
            // compute the size of the encoding described by sequence
            int encoding_size = 0;
            //System.out.print("Sequence:");
            for (int j=0; j<sequences[i].length; j++) {
                //System.out.print(" "+sequences[i][j]);
                if (sequences[i][j] >= 0) {
                    encoding_size += data[sequences[i][j]].length;
                }
            }
            //System.out.println("");
            // create the encoding of described sequence
            byte[] encoding = new byte[encoding_size];
            int position = 0;
            for (int j=0; j<sequences[i].length; j++) {
                if (sequences[i][j] >= 0) {
                    System.arraycopy(
                            data[sequences[i][j]], 0, // from
                            encoding, position, // to
                            data[sequences[i][j]].length); // length
                    position += data[sequences[i][j]].length;
                }
            }

            if (expected_size == error) { // exception throwing test
                try {
                    factory.generateCRLs(new ByteArrayInputStream(encoding));
                    fail("Expected exception was not thrown");
                } catch (Exception e) { }
            } else {
                Collection crls =
                    factory.generateCRLs(new ByteArrayInputStream(encoding));
                assertNotNull("Factory returned null on correct data", crls);
                assertEquals("The size of collection differs from expected",
                        expected_size, crls.size());
                verifyCRLs(crls);
            }
        }
    }

    /**
     * generateCertificates method testing.
     * Generates Certificates on the base of consequent
     * PEM X.509(ASN.1)/X.509(ASN.1)/PKCS7 forms.
     */
    public void testGenerateBase64Certificates() throws Exception {
        CertificateFactory factory = CertificateFactory.getInstance("X.509");
           
        // ------------------------ Test Data -----------------------------
        // encoding describing codes
        int pem_x509 = 0, asn_x509 = 1, pem_pkcs = 2, asn_pkcs = 3,
            bad = 4, bad1 = 5, bad2 = 6, num_of_variants = 7;
        // error code, marks sequences as throwing exceptions
        int error = 999;
        // test sequences
        int[][] sequences = {
            {pem_x509, pem_x509},
            {pem_x509, asn_x509},
            {pem_x509, asn_x509, pem_x509},
            {asn_x509, asn_x509},
            {asn_x509, pem_x509},
            {asn_x509, pem_x509, asn_x509},
            // -1 means that only 1 (-(-1)) Certificate will be generated
            // on the base of this encodings sequence
            // {-1/*-error*/, pem_x509, pem_pkcs},
            // {-1/*-error*/, pem_x509, bad},
            {-2, pem_pkcs, pem_x509}, // 2 Certificates are expected
            {-2, pem_pkcs, bad},
            {-2, pem_pkcs, bad1},
            {-2, pem_pkcs, bad2},
            // {-1/*-error*/, asn_x509, pem_pkcs},
            // {-1/*-error*/, asn_x509, bad},
            // {-1/*-error*/, asn_x509, bad1},
            // {-1/*-error*/, pem_x509, bad1},
            // {-1/*-error*/, asn_x509, bad2},
            // {-1/*-error*/, pem_x509, bad2},
            // exception is expected
            {-error, bad},
            {-error, bad, asn_x509},
            {-error, bad1},
            {-error, bad2},
        };
        // actual encodings
        byte[][] data = new byte[num_of_variants][];
        data[pem_x509] = (good[0][0] + x509cert + good[0][1] + "\n").getBytes("UTF-8");
        data[asn_x509] = Base64.decode(x509cert.getBytes("UTF-8"));
        data[pem_pkcs] = (good[0][0] + pkcs7so + good[0][1] + "\n").getBytes("UTF-8");
        data[asn_pkcs] = Base64.decode(pkcs7so.getBytes("UTF-8"));
        data[bad] = new byte[] {0, 1, 1, 1, 1, 1, 0, 1};
        data[bad1] = new byte[] {0, 1, 1, 1, 1, 1, 1, 0};
        data[bad2] = new byte[] {48, 0, 3, 4, 5, 6, 7};

        // -------------------------- Test --------------------------------
        // Tests Certificate generation on the base of sequences of heterogeneous
        // data format
        for (int i=0; i<sequences.length; i++) { // for each of the sequences..
            // expected size og generated Certificate collection
            int expected_size = (sequences[i][0] < 0)
                ? -sequences[i][0]
                : sequences[i].length;
            // compute the size of the encoding described by sequence
            int encoding_size = 0;
            //System.out.print("Sequence:");
            for (int j=0; j<sequences[i].length; j++) {
                //System.out.print(" "+sequences[i][j]);
                if (sequences[i][j] >= 0) {
                    encoding_size += data[sequences[i][j]].length;
                }
            }
            //System.out.println("");
            // create the encoding of described sequence
            byte[] encoding = new byte[encoding_size];
            int position = 0;
            for (int j=0; j<sequences[i].length; j++) {
                if (sequences[i][j] >= 0) {
                    System.arraycopy(
                            data[sequences[i][j]], 0, // from
                            encoding, position, // to
                            data[sequences[i][j]].length); // length
                    position += data[sequences[i][j]].length;
                }
            }

            if (expected_size == error) { // exception throwing test
                try {
                    factory.generateCertificates(new ByteArrayInputStream(encoding));
                    fail("Expected exception was not thrown");
                } catch (Exception e) { }
            } else {
                Collection certs =
                    factory.generateCertificates(new ByteArrayInputStream(encoding));
                assertNotNull("Factory returned null on correct data", certs);
                assertEquals("The size of collection differs from expected",
                        expected_size, certs.size());
                verifyCertificates(certs);
            }
        }
    }

    /**
     * Generates CRLs/Certificates on the base of PEM PKCS7 encoding.
     */
    public void testGenerateBase64PKCS7() throws Exception {
        CertificateFactory factory = CertificateFactory.getInstance("X.509");
       
        ByteArrayInputStream bais;
        for (int i=0; i<good.length; i++) {
            bais = new ByteArrayInputStream(
                    (good[i][0] + pkcs7so + good[i][1]).getBytes("UTF-8"));
            Collection crls = factory.generateCRLs(bais);
            assertNotNull("Factory returned null on correct PKCS7 data", crls);
            assertEquals("The size of collection differs from expected",
                    2, crls.size());
            if (publicKey != null) {
                // verify the signatures
                for (Iterator it = crls.iterator(); it.hasNext();) {
                    ((X509CRL) it.next()).verify(publicKey);
                }
            }
            bais = new ByteArrayInputStream(
                    (good[i][0] + pkcs7so + good[i][1]).getBytes("UTF-8"));
            Collection certs = factory.generateCertificates(bais);
            assertNotNull("Factory returned null on correct PKCS7 data", certs);
            assertEquals("The size of collection differs from expected",
                    2, certs.size());
            if (publicKey != null) {
                // verify the signatures
                for (Iterator it = certs.iterator(); it.hasNext();) {
                    ((X509Certificate) it.next()).verify(publicKey);
                }
            }
        }

        for (int i=0; i<bad_content.length; i++) {
            bais = new ByteArrayInputStream(
                    (good[0][0] + bad_content[i] + good[0][1]).getBytes("UTF-8"));
            try {
                factory.generateCertificates(bais);
                fail("Expected exception was not thrown");
            } catch (Exception e) { }
            bais = new ByteArrayInputStream(
                    (good[0][0] + bad_content[i] + good[0][1]).getBytes("UTF-8"));
            try {
                factory.generateCRLs(bais);
                fail("Expected exception was not thrown");
            } catch (Exception e) { }
        }

        for (int i=0; i<bad.length; i++) {
            bais = new ByteArrayInputStream(
                    (bad[i][0] + pkcs7so + bad[i][1]).getBytes("UTF-8"));
            try {
                factory.generateCRLs(bais);
                fail("Expected exception was not thrown");
            } catch (Exception e) { }
            bais = new ByteArrayInputStream(
                    (bad[i][0] + pkcs7so + bad[i][1]).getBytes("UTF-8"));
            try {
                factory.generateCertificates(bais);
                fail("Expected exception was not thrown");
            } catch (Exception e) { }
        }
    }

    /**
     * Generates CertPaths on the base of PEM PkiPath/PKCS7 encoding.
     */
    public void testGenerateBase64CertPath() throws Exception {
        CertificateFactory factory = CertificateFactory.getInstance("X.509");
       
        ByteArrayInputStream bais;
        List certificates;
        for (int i=0; i<good.length; i++) {
            bais = new ByteArrayInputStream(
                    (good[i][0] + pkiPath + good[i][1]).getBytes("UTF-8"));

            certificates = factory.generateCertPath(bais).getCertificates();
            assertEquals("The size of the list differs from expected",
                    2, certificates.size());

            if (publicKey != null) {
                // verify the signatures
                for (Iterator it = certificates.iterator(); it.hasNext();) {
                    ((X509Certificate) it.next()).verify(publicKey);
                }
            }

            bais = new ByteArrayInputStream(
                    (good[i][0] + pkiPath + good[i][1]).getBytes("UTF-8"));

            certificates =
                factory.generateCertPath(bais, "PkiPath").getCertificates();
            assertEquals("The size of the list differs from expected",
                    2, certificates.size());

            if (publicKey != null) {
                // verify the signatures
                for (Iterator it = certificates.iterator(); it.hasNext();) {
                    ((X509Certificate) it.next()).verify(publicKey);
                }
            }

            bais = new ByteArrayInputStream(
                    (good[i][0] + pkcs7so + good[i][1]).getBytes("UTF-8"));

            certificates =
                factory.generateCertPath(bais, "PKCS7").getCertificates();
            assertEquals("The size of the list differs from expected",
                    2, certificates.size());

            if (publicKey != null) {
                // verify the signatures
                for (Iterator it = certificates.iterator(); it.hasNext();) {
                    ((X509Certificate) it.next()).verify(publicKey);
                }
            }
        }

        // testing empty PkiPath structure (ASN.1 such as 0x30, 0x00)
        bais = new ByteArrayInputStream(
                (good[0][0] + "MAB=" + good[0][1]).getBytes("UTF-8")); // "MABCDEFG"
        assertEquals("The size of the list differs from expected",
                0, factory.generateCertPath(bais, "PkiPath")
                                .getCertificates().size());

        // testing with bad PEM content
        for (int i=0; i<bad_content.length; i++) {
            bais = new ByteArrayInputStream(
                    (good[0][0] + bad_content[i] + good[0][1]).getBytes("UTF-8"));
            try {
                factory.generateCertPath(bais);
                fail("Expected exception was not thrown");
            } catch (Exception e) { }
            bais = new ByteArrayInputStream(
                    (good[0][0] + bad_content[i] + good[0][1]).getBytes("UTF-8"));
            try {
                factory.generateCertPath(bais, "PkiPath");
                fail("Expected exception was not thrown");
            } catch (Exception e) { }
            bais = new ByteArrayInputStream(
                    (good[0][0] + bad_content[i] + good[0][1]).getBytes("UTF-8"));
            try {
                factory.generateCertPath(bais, "PKCS7");
                fail("Expected exception was not thrown");
            } catch (Exception e) { }
        }

        for (int i=0; i<bad.length; i++) {
            bais = new ByteArrayInputStream(
                    (bad[i][0] + pkiPath + bad[i][1]).getBytes("UTF-8"));
            try {
                factory.generateCertPath(bais);
                fail("Expected exception was not thrown");
            } catch (Exception e) { }
            bais = new ByteArrayInputStream(
                    (bad[i][0] + pkiPath + bad[i][1]).getBytes("UTF-8"));
            try {
                factory.generateCertPath(bais, "PkiPath");
                fail("Expected exception was not thrown");
            } catch (Exception e) { }
            bais = new ByteArrayInputStream(
                    (bad[i][0] + pkcs7so + bad[i][1]).getBytes("UTF-8"));
            try {
                factory.generateCertPath(bais, "PKCS7");
                fail("Expected exception was not thrown");
            } catch (Exception e) { }
        }
    }

    /**
     * generateCertificates method testing.
     */
    public void testGenerateCertificates() throws Exception {
        CertificateFactory factory = CertificateFactory.getInstance("X.509");

        // Testing the Certificates generation
        // on the base of PKCS7 SignedData object
        ByteArrayInputStream bais = new ByteArrayInputStream(
                Base64.decode(pkcs7so.getBytes("UTF-8")));

        Collection certs = factory.generateCertificates(bais);
        assertNotNull("Factory returned null on correct PKCS7 data", certs);
        assertEquals("The size of collection differs from expected",
                2, certs.size());

        if (publicKey != null) {
            // verify the signatures
            for (Iterator i = certs.iterator(); i.hasNext();) {
                ((X509Certificate) i.next()).verify(publicKey);
            }
        }
    }

    /**
     * generateCertificates method testing.
     */
    public void testGenerateCertPath() throws Exception {
        CertificateFactory factory = CertificateFactory.getInstance("X.509");

        // Testing the CertPath generation
        // on the base of PKCS7 SignedData object
        ByteArrayInputStream bais = new ByteArrayInputStream(
                Base64.decode(pkcs7so.getBytes("UTF-8")));

        Collection certPath =
            factory.generateCertPath(bais, "PKCS7").getCertificates();
        assertEquals("The size of collection differs from expected",
                2, certPath.size());

        if (publicKey != null) {
            // verify the signatures
            for (Iterator i = certPath.iterator(); i.hasNext();) {
                ((X509Certificate) i.next()).verify(publicKey);
            }
        }

        // testing empty PkiPath structure (ASN.1 such as 0x30, 0x00)
        bais = new ByteArrayInputStream(new byte[] {(byte) 0x30, 0x00});
        assertEquals("The size of the list differs from expected",
                0, factory.generateCertPath(bais, "PkiPath")
                                .getCertificates().size());
    }

}
TOP

Related Classes of org.apache.harmony.security.tests.java.security.cert.CertificateFactory_ImplTest

TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.