test/jdk/java/security/cert/X509CertSelectorTest.java
author prr
Fri, 25 May 2018 12:12:24 -0700
changeset 50347 b2f046ae8eb6
parent 47216 71c04702a3d5
permissions -rw-r--r--
Merge
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
32636
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
     1
/*
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
     2
 * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
     3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
     4
 *
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
     5
 * This code is free software; you can redistribute it and/or modify it
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
     6
 * under the terms of the GNU General Public License version 2 only, as
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
     7
 * published by the Free Software Foundation.
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
     8
 *
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
     9
 * This code is distributed in the hope that it will be useful, but WITHOUT
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    12
 * version 2 for more details (a copy is included in the LICENSE file that
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    13
 * accompanied this code).
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    14
 *
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    15
 * You should have received a copy of the GNU General Public License version
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    16
 * 2 along with this work; if not, write to the Free Software Foundation,
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    18
 *
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    20
 * or visit www.oracle.com if you need additional information or have any
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    21
 * questions.
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    22
 */
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    23
import static sun.security.x509.GeneralNameInterface.NAME_DIRECTORY;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    24
import static sun.security.x509.NameConstraintsExtension.EXCLUDED_SUBTREES;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    25
import static sun.security.x509.NameConstraintsExtension.PERMITTED_SUBTREES;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    26
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    27
import java.io.ByteArrayInputStream;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    28
import java.io.ByteArrayOutputStream;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    29
import java.io.IOException;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    30
import java.io.InputStream;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    31
import java.math.BigInteger;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    32
import java.security.GeneralSecurityException;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    33
import java.security.KeyFactory;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    34
import java.security.PublicKey;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    35
import java.security.cert.CertificateException;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    36
import java.security.cert.CertificateFactory;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    37
import java.security.cert.X509CertSelector;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    38
import java.security.cert.X509Certificate;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    39
import java.security.spec.X509EncodedKeySpec;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    40
import java.util.Base64;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    41
import java.util.Calendar;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    42
import java.util.Date;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    43
import java.util.HashSet;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    44
import java.util.Iterator;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    45
import java.util.List;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    46
import java.util.Set;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    47
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    48
import sun.security.util.DerInputStream;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    49
import sun.security.util.DerOutputStream;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    50
import sun.security.util.DerValue;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    51
import sun.security.util.ObjectIdentifier;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    52
import sun.security.x509.AlgorithmId;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    53
import sun.security.x509.AuthorityKeyIdentifierExtension;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    54
import sun.security.x509.CertificatePoliciesExtension;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    55
import sun.security.x509.DNSName;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    56
import sun.security.x509.GeneralName;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    57
import sun.security.x509.GeneralNameInterface;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    58
import sun.security.x509.GeneralNames;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    59
import sun.security.x509.GeneralSubtree;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    60
import sun.security.x509.GeneralSubtrees;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    61
import sun.security.x509.KeyIdentifier;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    62
import sun.security.x509.NameConstraintsExtension;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    63
import sun.security.x509.PolicyInformation;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    64
import sun.security.x509.PrivateKeyUsageExtension;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    65
import sun.security.x509.SubjectAlternativeNameExtension;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    66
import sun.security.x509.X500Name;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    67
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    68
/*
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    69
 * @test
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    70
 * @bug 8074931
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    71
 * @summary This class tests the X509CertSelector. The tests check particular criteria
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    72
 *          by setting them to a value that should match our test certificate and
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    73
 *          ensuring that they do match, then setting them to a value that should not
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    74
 *          match our test certificate and ensuring that they do not match.
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    75
 * @modules java.base/sun.security.x509
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    76
 *          java.base/sun.security.util
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    77
 */
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    78
public class X509CertSelectorTest {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    79
    /*
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    80
            Certificate:
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    81
                Data:
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    82
                    Version: 3 (0x2)
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    83
                    Serial Number: 954172088 (0x38df82b8)
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    84
                Signature Algorithm: dsaWithSHA1
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    85
                    Issuer: C=us, O=sun, OU=testing
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    86
                    Validity
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    87
                        Not Before: Mar 27 15:48:08 2000 GMT
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    88
                        Not After : Jun 25 14:48:08 2000 GMT
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    89
                    Subject: C=us, O=sun, OU=testing, CN=mullan
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    90
                    Subject Public Key Info:
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    91
                        Public Key Algorithm: dsaEncryption
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    92
                            pub:  0
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    93
                            P:    0
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    94
                            Q:    0
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    95
                            G:    0
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    96
                    X509v3 extensions:
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    97
                        X509v3 Name Constraints: critical
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    98
                            0D.B0@.>1.0...U....us1.0
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
    99
            ..U.
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   100
            ..sun1.0...U....testing1.0
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   101
            ..U....mullan
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   102
                        X509v3 Subject Key Identifier:
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   103
                            56:E8:88:AE:9D:B5:3F:2B:CB:A0:4C:4B:E2:87:53:07:33:77:1B:DF
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   104
                        X509v3 Authority Key Identifier:
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   105
                            keyid:8E:DD:AF:6F:EE:02:12:F4:61:E9:2F:E3:64:1A:6F:71:32:25:20:C0
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   106
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   107
                        X509v3 Subject Alternative Name:
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   108
                            email:mullan@east.sun.com
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   109
                        X509v3 Private Key Usage Period:
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   110
                            Not Before: Jan  1 05:00:00 2000 GMT, Not After: Jan  1 05:00:00 2001 GMT
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   111
                        X509v3 Key Usage: critical
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   112
                            Digital Signature
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   113
                        X509v3 Certificate Policies:
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   114
                            0$0\..*...0.0...+.......0..
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   115
            Testing...
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   116
                Signature Algorithm: dsaWithSHA1
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   117
                     r:
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   118
                         44:c7:35:40:5d:6c:28:75:7f:73:b2:f8:0d:72:6c:
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   119
                         09:65:b8:81:14
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   120
                     s:
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   121
                         76:79:f5:c7:37:3b:0d:9b:db:70:2f:20:80:36:e3:
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   122
                         80:e8:a6:c6:71
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   123
    */
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   124
    private static final String testCert =
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   125
            "-----BEGIN CERTIFICATE-----\n" +
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   126
            "MIICLjCCAeygAwIBAgIEON+CuDALBgcqhkjOOAQDBQAwLTELMAkGA1UEBhMCdXMx\n" +
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   127
            "DDAKBgNVBAoTA3N1bjEQMA4GA1UECxMHdGVzdGluZzAeFw0wMDAzMjcxNTQ4MDha\n" +
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   128
            "Fw0wMDA2MjUxNDQ4MDhaMD4xCzAJBgNVBAYTAnVzMQwwCgYDVQQKEwNzdW4xEDAO\n" +
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   129
            "BgNVBAsTB3Rlc3RpbmcxDzANBgNVBAMTBm11bGxhbjAcMBQGByqGSM44BAEwCQIB\n" +
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   130
            "AAIBAAIBAAMEAAIBAKOCASMwggEfMFAGA1UdHgEB/wRGMESgQjBApD4xCzAJBgNV\n" +
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   131
            "BAYTAnVzMQwwCgYDVQQKEwNzdW4xEDAOBgNVBAsTB3Rlc3RpbmcxDzANBgNVBAMT\n" +
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   132
            "Bm11bGxhbjAdBgNVHQ4EFgQUVuiIrp21PyvLoExL4odTBzN3G98wHwYDVR0jBBgw\n" +
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   133
            "FoAUjt2vb+4CEvRh6S/jZBpvcTIlIMAwHgYDVR0RBBcwFYETbXVsbGFuQGVhc3Qu\n" +
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   134
            "c3VuLmNvbTArBgNVHRAEJDAigA8yMDAwMDEwMTA1MDAwMFqBDzIwMDEwMTAxMDUw\n" +
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   135
            "MDAwWjAPBgNVHQ8BAf8EBQMDB4AAMC0GA1UdIAQmMCQwIgYEKoSAADAaMBgGCCsG\n" +
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   136
            "AQUFBwICMAwSClRlc3RpbmcuLi4wCwYHKoZIzjgEAwUAAy8AMCwCFETHNUBdbCh1\n" +
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   137
            "f3Oy+A1ybAlluIEUAhR2efXHNzsNm9twLyCANuOA6KbGcQ==\n" +
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   138
            "-----END CERTIFICATE-----\n" +
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   139
            "";
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   140
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   141
    private static final String testKey =
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   142
            "MIIBtjCCASsGByqGSM44BAEwggEeAoGBAIVWPEkcxbxhQRCqVzg55tNqbP5j0K4kdu4bkmXvfqC5\n" +
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   143
            "+qA75DvnfzsOJseb+9AuKXWk/DvCzFDmrY1YaU3scZC3OQEO9lEO3F4VDKOaudY6OT1SI22pAIwz\n" +
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   144
            "j5pvq+i7zOp4xUqkQUeh/4iQSfxOT5UrFGjkcbnbpVkCXD/GxAz7AhUAjtnm3dVIddUUHl6wxpZ7\n" +
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   145
            "GcA6gSsCgYAf/PXzQtemgIDjpFrNNSgTEKkLposBXKatAM+gUKlMUjf8SQvquqPxDtRrscGjXkoL\n" +
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   146
            "oTkaR7/akULYFpBvUcFkeIFiCnJg8M9XhCWdLvn9MPt+jR2oxookvCb9xLtD6WvIM/wd/nZ1iK4u\n" +
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   147
            "iY1+q85xvns/Awbtwl7oZDAwE2TUKAOBhAACgYBDc9UZ+3xsZubUZvRG5cpyJceYpJp2exOPVJXn\n" +
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   148
            "jR4CcR+cT9bAJpFSxqE/8KtNHXxHdu4f3DU67IMOVDpugzihyzXJvNm3w2H9x+6xczHG2wjvAJeh\n" +
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   149
            "X62EWbUatxPXFAoVKZWuUbaYaZzdWBDtNRrCuKKsLo0GFy8g2BZISuD3jw==\n" +
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   150
            "";
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   151
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   152
    // Certificate to run tests on
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   153
    private final X509Certificate cert;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   154
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   155
    public static void main(String[] args) throws Exception {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   156
        X509CertSelectorTest test = new X509CertSelectorTest();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   157
        test.doTest();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   158
    }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   159
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   160
    public X509CertSelectorTest() throws CertificateException, IOException {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   161
        cert = (X509Certificate) CertificateFactory.getInstance("X.509")
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   162
                .generateCertificate(new ByteArrayInputStream(testCert.getBytes()));
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   163
    }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   164
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   165
    // Runs the test.
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   166
    private void doTest() throws Exception {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   167
        System.out.println("START OF TESTS FOR " + "X509CertSelector");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   168
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   169
        testSerialNumber();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   170
        testIssuer();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   171
        testSubjectKeyIdentifier();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   172
        testAuthorityKeyIdentifier();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   173
        testCertificateValid();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   174
        testPrivateKeyValid();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   175
        testSubjectPublicKeyAlgID();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   176
        testKeyUsage();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   177
        testSubjectAltName();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   178
        testPolicy();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   179
        testPathToName();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   180
        testSubject();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   181
        testSubjectPublicKey();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   182
        testNameConstraints();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   183
        testBasicConstraints();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   184
        testCertificate();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   185
    }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   186
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   187
    // Tests matching on the serial number contained in the certificate.
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   188
    private void testSerialNumber() {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   189
        System.out.println("X.509 Certificate Match on serialNumber");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   190
        // bad match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   191
        X509CertSelector selector = new X509CertSelector();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   192
        selector.setSerialNumber(new BigInteger("999999999"));
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   193
        checkMatch(selector, cert, false);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   194
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   195
        // good match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   196
        selector.setSerialNumber(cert.getSerialNumber());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   197
        checkMatch(selector, cert, true);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   198
    }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   199
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   200
    // Tests matching on the issuer name contained in the certificate.
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   201
    private void testIssuer() throws IOException {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   202
        System.out.println("X.509 Certificate Match on issuer");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   203
        // bad match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   204
        X509CertSelector selector = new X509CertSelector();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   205
        selector.setIssuer("ou=bogus,ou=east,o=sun,c=us");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   206
        checkMatch(selector, cert, false);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   207
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   208
        // good match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   209
        selector.setIssuer((cert.getIssuerX500Principal()).getName("RFC2253"));
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   210
        checkMatch(selector, cert, true);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   211
    }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   212
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   213
    /*
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   214
     * Tests matching on the subject key identifier contained in the
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   215
     * certificate.
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   216
     */
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   217
    private void testSubjectKeyIdentifier() throws IOException {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   218
        System.out.println("X.509 Certificate Match on subjectKeyIdentifier");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   219
        // bad match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   220
        X509CertSelector selector = new X509CertSelector();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   221
        byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   222
        selector.setSubjectKeyIdentifier(b);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   223
        checkMatch(selector, cert, false);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   224
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   225
        // good match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   226
        DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.14"));
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   227
        byte[] encoded = in.getOctetString();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   228
        selector.setSubjectKeyIdentifier(encoded);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   229
        checkMatch(selector, cert, true);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   230
    }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   231
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   232
    /*
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   233
     * Tests matching on the authority key identifier contained in the
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   234
     * certificate.
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   235
     */
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   236
    private void testAuthorityKeyIdentifier() throws IOException {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   237
        System.out.println("X.509 Certificate Match on authorityKeyIdentifier");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   238
        // bad match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   239
        X509CertSelector selector = new X509CertSelector();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   240
        byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   241
        AuthorityKeyIdentifierExtension a = new AuthorityKeyIdentifierExtension(new KeyIdentifier(b), null, null);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   242
        selector.setAuthorityKeyIdentifier(a.getExtensionValue());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   243
        checkMatch(selector, cert, false);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   244
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   245
        // good match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   246
        DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.35"));
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   247
        byte[] encoded = in.getOctetString();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   248
        selector.setAuthorityKeyIdentifier(encoded);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   249
        checkMatch(selector, cert, true);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   250
    }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   251
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   252
    /*
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   253
     * Tests matching on the certificate validity component contained in the
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   254
     * certificate.
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   255
     */
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   256
    private void testCertificateValid() {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   257
        System.out.println("X.509 Certificate Match on certificateValid");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   258
        // bad match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   259
        X509CertSelector selector = new X509CertSelector();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   260
        Calendar cal = Calendar.getInstance();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   261
        cal.set(1968, 12, 31);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   262
        selector.setCertificateValid(cal.getTime());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   263
        checkMatch(selector, cert, false);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   264
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   265
        // good match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   266
        selector.setCertificateValid(cert.getNotBefore());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   267
        checkMatch(selector, cert, true);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   268
    }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   269
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   270
    /*
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   271
     * Tests matching on the private key validity component contained in the
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   272
     * certificate.
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   273
     */
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   274
    private void testPrivateKeyValid() throws IOException, CertificateException {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   275
        System.out.println("X.509 Certificate Match on privateKeyValid");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   276
        // bad match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   277
        X509CertSelector selector = new X509CertSelector();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   278
        Calendar cal = Calendar.getInstance();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   279
        cal.set(1968, 12, 31);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   280
        selector.setPrivateKeyValid(cal.getTime());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   281
        checkMatch(selector, cert, false);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   282
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   283
        // good match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   284
        DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.16"));
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   285
        byte[] encoded = in.getOctetString();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   286
        PrivateKeyUsageExtension ext = new PrivateKeyUsageExtension(false, encoded);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   287
        Date validDate = (Date) ext.get(PrivateKeyUsageExtension.NOT_BEFORE);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   288
        selector.setPrivateKeyValid(validDate);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   289
        checkMatch(selector, cert, true);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   290
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   291
    }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   292
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   293
    private ObjectIdentifier getCertPubKeyAlgOID(X509Certificate xcert) throws IOException {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   294
        byte[] encodedKey = xcert.getPublicKey().getEncoded();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   295
        DerValue val = new DerValue(encodedKey);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   296
        if (val.tag != DerValue.tag_Sequence) {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   297
            throw new RuntimeException("invalid key format");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   298
        }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   299
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   300
        return AlgorithmId.parse(val.data.getDerValue()).getOID();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   301
    }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   302
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   303
    /*
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   304
     * Tests matching on the subject public key algorithm ID component contained
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   305
     * in the certificate.
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   306
     */
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   307
    private void testSubjectPublicKeyAlgID() throws IOException {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   308
        System.out.println("X.509 Certificate Match on subjectPublicKeyAlgID");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   309
        // bad match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   310
        X509CertSelector selector = new X509CertSelector();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   311
        selector.setSubjectPublicKeyAlgID("2.5.29.14");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   312
        checkMatch(selector, cert, false);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   313
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   314
        // good match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   315
        selector.setSubjectPublicKeyAlgID(getCertPubKeyAlgOID(cert).toString());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   316
        checkMatch(selector, cert, true);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   317
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   318
    }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   319
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   320
    // Tests matching on the key usage extension contained in the certificate.
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   321
    private void testKeyUsage() {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   322
        System.out.println("X.509 Certificate Match on keyUsage");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   323
        // bad match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   324
        X509CertSelector selector = new X509CertSelector();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   325
        boolean[] keyUsage = { true, false, true, false, true, false, true, false };
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   326
        selector.setKeyUsage(keyUsage);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   327
        System.out.println("Selector = " + selector.toString());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   328
        checkMatch(selector, cert, false);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   329
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   330
        // good match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   331
        selector.setKeyUsage(cert.getKeyUsage());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   332
        System.out.println("Selector = " + selector.toString());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   333
        checkMatch(selector, cert, true);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   334
    }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   335
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   336
    /*
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   337
     * Tests matching on the subject alternative name extension contained in the
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   338
     * certificate.
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   339
     */
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   340
    private void testSubjectAltName() throws IOException {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   341
        System.out.println("X.509 Certificate Match on subjectAltName");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   342
        // bad match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   343
        X509CertSelector selector = new X509CertSelector();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   344
        GeneralNameInterface dnsName = new DNSName("foo.com");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   345
        DerOutputStream tmp = new DerOutputStream();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   346
        dnsName.encode(tmp);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   347
        selector.addSubjectAlternativeName(2, tmp.toByteArray());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   348
        checkMatch(selector, cert, false);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   349
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   350
        // good match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   351
        DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.17"));
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   352
        byte[] encoded = in.getOctetString();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   353
        SubjectAlternativeNameExtension ext = new SubjectAlternativeNameExtension(false, encoded);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   354
        GeneralNames names = (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   355
        GeneralName name = (GeneralName) names.get(0);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   356
        selector.setSubjectAlternativeNames(null);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   357
        DerOutputStream tmp2 = new DerOutputStream();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   358
        name.getName().encode(tmp2);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   359
        selector.addSubjectAlternativeName(name.getType(), tmp2.toByteArray());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   360
        checkMatch(selector, cert, true);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   361
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   362
        // good match 2 (matches at least one)
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   363
        selector.setMatchAllSubjectAltNames(false);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   364
        selector.addSubjectAlternativeName(2, "foo.com");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   365
        checkMatch(selector, cert, true);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   366
    }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   367
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   368
    /*
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   369
     * Tests matching on the policy constraints extension contained in the
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   370
     * certificate.
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   371
     */
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   372
    private void testPolicy() throws IOException {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   373
        System.out.println("X.509 Certificate Match on certificatePolicies");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   374
        // test encoding of CertificatePoliciesExtension because we wrote the
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   375
        // code
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   376
        // bad match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   377
        X509CertSelector selector = new X509CertSelector();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   378
        Set<String> s = new HashSet<>();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   379
        s.add(new String("1.2.5.7.68"));
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   380
        selector.setPolicy(s);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   381
        checkMatch(selector, cert, false);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   382
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   383
        // good match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   384
        DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.32"));
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   385
        CertificatePoliciesExtension ext = new CertificatePoliciesExtension(false, in.getOctetString());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   386
        List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   387
        // match on the first policy id
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   388
        PolicyInformation policyInfo = (PolicyInformation) policies.get(0);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   389
        s.clear();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   390
        s.add(policyInfo.getPolicyIdentifier().getIdentifier().toString());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   391
        selector.setPolicy(s);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   392
        checkMatch(selector, cert, true);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   393
    }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   394
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   395
    /*
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   396
     * Tests matching on the name constraints extension contained in the
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   397
     * certificate.
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   398
     */
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   399
    private void testPathToName() throws IOException {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   400
        System.out.println("X.509 Certificate Match on pathToName");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   401
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   402
        X509CertSelector selector = null;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   403
        DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.30"));
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   404
        byte[] encoded = in.getOctetString();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   405
        NameConstraintsExtension ext = new NameConstraintsExtension(false, encoded);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   406
        GeneralSubtrees permitted = (GeneralSubtrees) ext.get(PERMITTED_SUBTREES);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   407
        GeneralSubtrees excluded = (GeneralSubtrees) ext.get(EXCLUDED_SUBTREES);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   408
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   409
        // bad matches on pathToName within excluded subtrees
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   410
        if (excluded != null) {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   411
            Iterator<GeneralSubtree> e = excluded.iterator();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   412
            while (e.hasNext()) {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   413
                GeneralSubtree tree = e.next();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   414
                if (tree.getName().getType() == NAME_DIRECTORY) {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   415
                    X500Name excludedDN1 = new X500Name(tree.getName().toString());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   416
                    X500Name excludedDN2 = new X500Name("CN=Bogus, " + tree.getName().toString());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   417
                    DerOutputStream derDN1 = new DerOutputStream();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   418
                    DerOutputStream derDN2 = new DerOutputStream();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   419
                    excludedDN1.encode(derDN1);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   420
                    excludedDN2.encode(derDN2);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   421
                    selector = new X509CertSelector();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   422
                    selector.addPathToName(NAME_DIRECTORY, derDN1.toByteArray());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   423
                    checkMatch(selector, cert, false);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   424
                    selector.setPathToNames(null);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   425
                    selector.addPathToName(NAME_DIRECTORY, derDN2.toByteArray());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   426
                    checkMatch(selector, cert, false);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   427
                }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   428
            }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   429
        }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   430
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   431
        // good matches on pathToName within permitted subtrees
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   432
        if (permitted != null) {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   433
            Iterator<GeneralSubtree> e = permitted.iterator();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   434
            while (e.hasNext()) {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   435
                GeneralSubtree tree = e.next();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   436
                if (tree.getName().getType() == NAME_DIRECTORY) {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   437
                    X500Name permittedDN1 = new X500Name(tree.getName().toString());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   438
                    X500Name permittedDN2 = new X500Name("CN=good, " + tree.getName().toString());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   439
                    DerOutputStream derDN1 = new DerOutputStream();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   440
                    DerOutputStream derDN2 = new DerOutputStream();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   441
                    permittedDN1.encode(derDN1);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   442
                    permittedDN2.encode(derDN2);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   443
                    selector = new X509CertSelector();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   444
                    selector.addPathToName(NAME_DIRECTORY, derDN1.toByteArray());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   445
                    checkMatch(selector, cert, true);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   446
                    selector.setPathToNames(null);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   447
                    selector.addPathToName(NAME_DIRECTORY, derDN2.toByteArray());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   448
                    checkMatch(selector, cert, true);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   449
                }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   450
            }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   451
        }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   452
    }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   453
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   454
    // Tests matching on the subject name contained in the certificate.
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   455
    private void testSubject() throws IOException {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   456
        System.out.println("X.509 Certificate Match on subject");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   457
        // bad match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   458
        X509CertSelector selector = new X509CertSelector();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   459
        selector.setSubject("ou=bogus,ou=east,o=sun,c=us");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   460
        checkMatch(selector, cert, false);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   461
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   462
        // good match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   463
        selector.setSubject(cert.getSubjectX500Principal().getName("RFC2253"));
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   464
        checkMatch(selector, cert, true);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   465
    }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   466
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   467
    // Tests matching on the subject public key contained in the certificate.
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   468
    private void testSubjectPublicKey() throws IOException, GeneralSecurityException {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   469
        System.out.println("X.509 Certificate Match on subject public key");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   470
        // bad match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   471
        X509CertSelector selector = new X509CertSelector();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   472
        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   473
                Base64.getMimeDecoder().decode(testKey.getBytes()));
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   474
        KeyFactory keyFactory = KeyFactory.getInstance("DSA");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   475
        PublicKey pubKey = keyFactory.generatePublic(keySpec);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   476
        selector.setSubjectPublicKey(pubKey);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   477
        checkMatch(selector, cert, false);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   478
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   479
        // good match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   480
        selector.setSubjectPublicKey(cert.getPublicKey());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   481
        checkMatch(selector, cert, true);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   482
    }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   483
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   484
    // Tests matching on the name constraints contained in the certificate.
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   485
    private void testNameConstraints() throws IOException {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   486
        System.out.println("X.509 Certificate Match on name constraints");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   487
        // bad match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   488
        GeneralSubtrees subjectTree = new GeneralSubtrees();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   489
        subjectTree.add(getGeneralSubtree((X500Name) cert.getSubjectDN()));
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   490
        NameConstraintsExtension ext = new NameConstraintsExtension((GeneralSubtrees) null, subjectTree);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   491
        X509CertSelector selector = new X509CertSelector();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   492
        selector.setNameConstraints(ext.getExtensionValue());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   493
        checkMatch(selector, cert, false);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   494
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   495
        // good match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   496
        ext = new NameConstraintsExtension(subjectTree, null);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   497
        selector.setNameConstraints(ext.getExtensionValue());
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   498
        checkMatch(selector, cert, true);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   499
    }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   500
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   501
    // Tests matching on basic constraints.
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   502
    private void testBasicConstraints() {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   503
        System.out.println("X.509 Certificate Match on basic constraints");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   504
        // bad match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   505
        X509CertSelector selector = new X509CertSelector();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   506
        int mpl = cert.getBasicConstraints();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   507
        selector.setBasicConstraints(0);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   508
        checkMatch(selector, cert, false);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   509
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   510
        // good match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   511
        selector.setBasicConstraints(mpl);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   512
        checkMatch(selector, cert, true);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   513
    }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   514
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   515
    // Tests certificateEquals criterion
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   516
    private void testCertificate() {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   517
        System.out.println("X.509 Certificate Match on certificateEquals criterion");
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   518
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   519
        X509CertSelector selector = new X509CertSelector();
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   520
        // good match
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   521
        selector.setCertificate(cert);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   522
        checkMatch(selector, cert, true);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   523
    }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   524
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   525
    private void checkMatch(X509CertSelector selector, X509Certificate cert, boolean match) {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   526
        boolean result = selector.match(cert);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   527
        if (match != result)
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   528
            throw new RuntimeException(selector + " match " + cert + " is " + result + ", but expect " + match);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   529
    }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   530
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   531
    private static GeneralSubtree getGeneralSubtree(GeneralNameInterface gni) {
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   532
        // Create a new GeneralSubtree with the specified name, 0 base, and
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   533
        // unlimited length
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   534
        GeneralName gn = new GeneralName(gni);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   535
        GeneralSubtree subTree = new GeneralSubtree(gn, 0, -1);
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   536
        return subTree;
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   537
    }
54b7d7690122 8074931: Additional tests for CertPath API
fyuan
parents:
diff changeset
   538
}