1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 package tests.security.cert; 19 20 import org.apache.harmony.security.tests.support.cert.TestUtils; 21 22 import java.io.ByteArrayInputStream; 23 import java.math.BigInteger; 24 import java.security.Principal; 25 import java.security.PublicKey; 26 import java.security.cert.CertificateException; 27 import java.security.cert.CertificateFactory; 28 import java.security.cert.CertificateParsingException; 29 import java.security.cert.X509Certificate; 30 import java.security.cert.X509Extension; 31 import java.util.Arrays; 32 import java.util.Collection; 33 import java.util.Date; 34 import java.util.List; 35 import java.util.Set; 36 37 import javax.security.auth.x500.X500Principal; 38 39 public class X509Certificate2Test extends junit.framework.TestCase { 40 41 /** 42 * Test for X.509 Certificate provider 43 */ test_toString()44 public void test_toString() throws Exception { 45 46 // Regression for HARMONY-3384 47 CertificateFactory certFact = CertificateFactory.getInstance("X509"); 48 X509Certificate pemCert = (X509Certificate) certFact 49 .generateCertificate(new ByteArrayInputStream(TestUtils 50 .getX509Certificate_v3())); 51 52 // extension value is empty sequence 53 byte[] extnValue = pemCert.getExtensionValue("2.5.29.35"); 54 assertEquals( 55 Arrays.toString(new byte[] { 0x04, 0x02, 0x30, 0x00 }), 56 Arrays.toString(extnValue)); 57 assertNotNull(pemCert.toString()); 58 // End regression for HARMONY-3384 59 } 60 test_X509Certificate()61 public void test_X509Certificate() { 62 MyX509Certificate s = null; 63 try { 64 s = new MyX509Certificate(); 65 } catch (Exception e) { 66 fail("Unexpected exception " + e.getMessage()); 67 } 68 assertEquals("X.509", s.getType()); 69 } 70 testAbstractMethods()71 public void testAbstractMethods() { 72 MyX509Certificate s = new MyX509Certificate(); 73 try { 74 s.checkValidity(); 75 s.checkValidity(new Date()); 76 s.getBasicConstraints(); 77 s.getIssuerDN(); 78 s.getIssuerUniqueID(); 79 s.getKeyUsage(); 80 s.getNotAfter(); 81 s.getNotBefore(); 82 s.getSerialNumber(); 83 s.getSigAlgName(); 84 s.getSigAlgOID(); 85 s.getSigAlgParams(); 86 s.getSignature(); 87 s.getSubjectDN(); 88 s.getSubjectUniqueID(); 89 s.getTBSCertificate(); 90 s.getVersion(); 91 } catch (Exception e) { 92 fail("Unexpected exception " + e.getMessage()); 93 } 94 } 95 96 // Base64 encoded form of ASN.1 DER encoded X.509 Certificate 97 // (see RFC 3280 at http://www.ietf.org/rfc/rfc3280.txt) 98 // (generated by using of classes from 99 // org.apache.harmony.security.x509 package) 100 private static String CERT = 101 "MIIByzCCATagAwIBAgICAiswCwYJKoZIhvcNAQEFMB0xGzAZBgNVBAoT" 102 + "EkNlcnRpZmljYXRlIElzc3VlcjAeFw0wNjA0MjYwNjI4MjJaFw0zMzAz" 103 + "MDExNjQ0MDlaMB0xGzAZBgNVBAoTEkNlcnRpZmljYXRlIElzc3VlcjCB" 104 + "nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAkLGLsPdSPDMyP1OUOKu" 105 + "U3cvbNK5RGaQ3bXc5aDjvApx43BcaoXgt6YD/5yXz0OsIooj5yA37bY" 106 + "JGcVrvFD5FMPdDd3vjNPQOep0MzG4CdbkaZde5SigPabOMQYS4oUyLBx" 107 + "W3LGG0mUODe5AGGqtqXU0GlKg4K2je6cCtookCUCAwEAAaMeMBwwGgYD" 108 + "VR0RAQH/BBAwDoEMcmZjQDgyMi5OYW1lMAsGCSqGSIb3DQEBBQOBgQBZ" 109 + "pVXj01dOpqnZErUQb50j8lJD1dIaz1eJTvJCSadj7ziV1VtnnapI07c" 110 + "XEa7ONzcHQTYTG10poHfOK/a0BaULF3GlctDESilwQYbW5BdfpAlZpbH" 111 + "AFLcUDh6Eq50kc0A/anh/j3mgBNuvbIMo7hHNnZB6k/prswm2BszyLD" 112 + "yw=="; 113 private static String CERT_CORRECT = "-----BEGIN CERTIFICATE-----\n" 114 + "MIIDWzCCAxmgAwIBAgICAiswCgYIKoZIzj0EAwIwHTEbMBkGA1UEChMSQ2VydGlm\n" 115 + "aWNhdGUgSXNzdWVyMCIYDzE5NzAwMTEyMTM0NjQwWhgPMTk3MDAxMjQwMzMzMjBa\n" 116 + "MB8xHTAbBgNVBAoTFFN1YmplY3QgT3JnYW5pemF0aW9uMFkwEwYHKoZIzj0CAQYI\n" 117 + "KoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aX\n" 118 + "qAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwYECAKqCAgBVo4ICOTCCAjUwDwYD\n" 119 + "VR0PAQH/BAUDAwGqgDASBgNVHRMBAf8ECDAGAQH/AgEFMBQGA1UdIAEB/wQKMAgw\n" 120 + "BgYEVR0gADBpBgNVHREBAf8EXzBdgQxyZmNAODIyLk5hbWWCB2ROU05hbWWkGTAX\n" 121 + "MRUwEwYDVQQKEwxPcmdhbml6YXRpb26GGmh0dHA6Ly91bmlmb3JtLlJlc291cmNl\n" 122 + "LklkhwT///8AiAcqA6Jcg7IDMAwGA1UdHgEB/wQCMAAwDAYDVR0kAQH/BAIwADCB\n" 123 + "mQYDVR0lAQH/BIGOMIGLBgRVHSUABggrBgEFBQcDAQYIKwYBBQUHAwEGCCsGAQUF\n" 124 + "BwMCBggrBgEFBQcDAwYIKwYBBQUHAwQGCCsGAQUFBwMFBggrBgEFBQcDBgYIKwYB\n" 125 + "BQUHAwcGCCsGAQUFBwMIBggrBgEFBQcDCQYIKwYBBQUIAgIGCisGAQQBgjcKAwMG\n" 126 + "CWCGSAGG+EIEATANBgNVHTYBAf8EAwIBATAOBgQqTYYJAQH/BAMBAQEwZgYDVR0S\n" 127 + "BF8wXYEMcmZjQDgyMi5OYW1lggdkTlNOYW1lpBkwFzEVMBMGA1UEChMMT3JnYW5p\n" 128 + "emF0aW9uhhpodHRwOi8vdW5pZm9ybS5SZXNvdXJjZS5JZIcE////AIgHKgOiXIOy\n" 129 + "AzAJBgNVHR8EAjAAMAwGA1UdIwQFMAOAAQEwCgYDVR0OBAMEAQEwKQYDVR0hBCIw\n" 130 + "IDAeBg0qhkiG9xIEAYS3CQIBBg0qhkiG9xIEAYS3CQICMAoGCCqGSM49BAMCAzAA\n" 131 + "MC0CFAC+EL6GszVj+464/OPxmZYZtPQ7AhUAgShighm6z+uFbVLeCT5i41tVcUA=\n" 132 + "-----END CERTIFICATE-----\n"; 133 134 private static String CERT_TAMPERED = "-----BEGIN CERTIFICATE-----\n" 135 + "MIIDWjCCAxmgAwIBAgICAiswCgYIKoZIzj0EAwIwHTEbMBkGA1UEChMSQ2VydGlm\n" 136 + "aWNhdGUgSXNzdWVyMCIYDzE5NzAwMTEyMTM0NjQwWhgPMTk3MDAxMjQwMzMzMjBa\n" 137 + "MB8xHTAbBgNVBAoTFFN1YmplY3QgT3JnYW5pemF0aW9uMFkwEwYHKoZIzj0CAQYI\n" 138 + "KoZIzj0DAQcDQgAE5itp4r9ln5e+Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aX\n" 139 + "qAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwYECAKqCAgBVo4ICOTCCAjUwDwYD\n" 140 + "VR0PAQH/BAUDAwGqgDASBgNVHRMBAf8ECDAGAQH/AgEFMBQGA1UdIAEB/wQKMAgw\n" 141 + "DIYEVR0gADBpBgNVHREBAf8EXzBdgQxyZmNAODIyLk5hbWWCB2ROU05hbWWkGTAX\n" 142 + "MRUwEwYDVQQKEwxPcmdhbml6YXRpb26GGmh0dHA6Ly91bmlmb3JtLlJlc291cmNl\n" 143 + "LklkhwT///8AiAcqA6Jcg7IDMAwGA1UdHgEB/wQCMAAwDAYDVR0kAQH/BAIwADCB\n" 144 + "mQYDVR0lAQH/BIGOMIGLBgRVHSUABggrBgEFBQcDAQYIKwYBBQUHAwEGCCsWAQUF\n" 145 + "BwMCBggrBgEFBQcDAwYIKwYBBQUHAwQGCCsGAQUFBwMFBggrBgEFBQcDBgYIKwYB\n" 146 + "BQUHAwcGCCsGAQUFBwMIBggrBgEFBQcDCQYIKwYBBQUIAgIGCisGAQQBgjcKAwMG\n" 147 + "CWCGSAGG+EIEATANBgNVHTYBAf8EAwIBATAOBgQqTYYJAQH/BAMBAQEwZgYDVR0S\n" 148 + "BF8wXYEMcmZjQDgyMi5OYW1lggdkTlNOYW1lpBkwFzEVMBMGA1UEChMMT3JnYW5p\n" 149 + "emF0aW9uhhpodHRwOi8vdW5pZm9ybS5SZXNvdXJjZS5JZIcE////AIgHKgOiXIOy\n" 150 + "AzAJBgNVHR8EAjAAMAwGA1UdIwQFMAOAAQEwCgYDVR0OBAMEAQEwKQYDVR0hBCIw\n" 151 + "IDAeBg0qhkiG9xIEAYS3CQIBBg0qhkiG9xIEAYS3CQICMAkHByqGSM44BAMDMAAw\n" 152 + "LQIUAL4QvoazNWP7jrj84/GZlhm09DsCFQCBKGKCGbrP64VtUt4JPmLjW1VxQA==\n" 153 + "-----END CERTIFICATE-----\n"; 154 155 // Base64 encoded form of ASN.1 DER encoded X.509 CRL 156 // (see RFC 3280 at http://www.ietf.org/rfc/rfc3280.txt) 157 // (generated by using of classes from 158 // org.apache.harmony.security.x509 package) 159 private static String CRL = 160 "MIHXMIGXAgEBMAkGByqGSM44BAMwFTETMBEGA1UEChMKQ1JMIElzc3Vl" 161 + "chcNMDYwNDI3MDYxMzQ1WhcNMDYwNDI3MDYxNTI1WjBBMD8CAgIrFw0w" 162 + "NjA0MjcwNjEzNDZaMCowCgYDVR0VBAMKAQEwHAYDVR0YBBUYEzIwMDYw" 163 + "NDI3MDYxMzQ1LjQ2OFqgDzANMAsGA1UdFAQEBAQEBDAJBgcqhkjOOAQD" 164 + "AzAAMC0CFQCk0t0DTyu82QpajbBlxX9uXvUDSgIUSBN4g+xTEeexs/0k" 165 + "9AkjBhjF0Es="; 166 167 // has stub implementation for abstract methods 168 private static class MyX509Certificate extends X509Certificate implements 169 X509Extension { 170 171 private static final long serialVersionUID = -7196694072296607007L; 172 checkValidity()173 public void checkValidity() { 174 } 175 checkValidity(Date date)176 public void checkValidity(Date date) { 177 } 178 getVersion()179 public int getVersion() { 180 return 3; 181 } 182 getSerialNumber()183 public BigInteger getSerialNumber() { 184 return null; 185 } 186 getIssuerDN()187 public Principal getIssuerDN() { 188 return null; 189 } 190 getSubjectDN()191 public Principal getSubjectDN() { 192 return null; 193 } 194 getNotBefore()195 public Date getNotBefore() { 196 return null; 197 } 198 getNotAfter()199 public Date getNotAfter() { 200 return null; 201 } 202 getTBSCertificate()203 public byte[] getTBSCertificate() { 204 return null; 205 } 206 getSignature()207 public byte[] getSignature() { 208 return null; 209 } 210 getSigAlgName()211 public String getSigAlgName() { 212 return null; 213 } 214 getSigAlgOID()215 public String getSigAlgOID() { 216 return null; 217 } 218 getSigAlgParams()219 public byte[] getSigAlgParams() { 220 return null; 221 } 222 getIssuerUniqueID()223 public boolean[] getIssuerUniqueID() { 224 return null; 225 } 226 getSubjectUniqueID()227 public boolean[] getSubjectUniqueID() { 228 return null; 229 } 230 getKeyUsage()231 public boolean[] getKeyUsage() { 232 return null; 233 } 234 getBasicConstraints()235 public int getBasicConstraints() { 236 return 0; 237 } 238 verify(PublicKey key)239 public void verify(PublicKey key) { 240 } 241 verify(PublicKey key, String sigProvider)242 public void verify(PublicKey key, String sigProvider) { 243 } 244 toString()245 public String toString() { 246 return ""; 247 } 248 getPublicKey()249 public PublicKey getPublicKey() { 250 return null; 251 } 252 getEncoded()253 public byte[] getEncoded() { 254 return null; 255 } 256 getNonCriticalExtensionOIDs()257 public Set<String> getNonCriticalExtensionOIDs() { 258 return null; 259 } 260 getCriticalExtensionOIDs()261 public Set<String> getCriticalExtensionOIDs() { 262 return null; 263 } 264 getExtensionValue(String oid)265 public byte[] getExtensionValue(String oid) { 266 return null; 267 } 268 hasUnsupportedCriticalExtension()269 public boolean hasUnsupportedCriticalExtension() { 270 return false; 271 } 272 } 273 testGetType()274 public void testGetType() { 275 assertEquals("X.509", new MyX509Certificate().getType()); 276 } 277 testGetIssuerX500Principal()278 public void testGetIssuerX500Principal() { 279 // return valid encoding 280 MyX509Certificate cert = new MyX509Certificate() { 281 private static final long serialVersionUID = 638659908323741165L; 282 283 public byte[] getEncoded() { 284 return TestUtils.getX509Certificate_v1(); 285 } 286 }; 287 288 assertEquals(new X500Principal("CN=Z"), cert.getIssuerX500Principal()); 289 } 290 testGetSubjectX500Principal()291 public void testGetSubjectX500Principal() { 292 // return valid encoding 293 MyX509Certificate cert = new MyX509Certificate() { 294 private static final long serialVersionUID = -3625913637413840694L; 295 296 public byte[] getEncoded() { 297 return TestUtils.getX509Certificate_v1(); 298 } 299 }; 300 301 assertEquals(new X500Principal("CN=Y"), cert.getSubjectX500Principal()); 302 } 303 testGetExtendedKeyUsage()304 public void testGetExtendedKeyUsage() throws Exception { 305 assertNull(new MyX509Certificate().getExtendedKeyUsage()); 306 X509Certificate cert = generateCert(CERT_CORRECT); 307 List<String> l = cert.getExtendedKeyUsage(); 308 assertNotNull(l); 309 310 try { 311 l.clear(); 312 fail(); 313 } catch (UnsupportedOperationException expected) { 314 } 315 316 try { 317 l.add("Test"); 318 fail(); 319 } catch (UnsupportedOperationException expected) { 320 } 321 322 try { 323 l.remove(0); 324 fail(); 325 } catch (UnsupportedOperationException expected) { 326 } 327 } 328 329 private static final String CERT_WITHOUT_BASIC 330 = ("-----BEGIN CERTIFICATE-----\n" 331 + "MIIG9TCCBd2gAwIBAgIPLXR4AWpp9+O6Jn4rZpkgMA0GCSqGSIb3DQEBBQUAME0x\n" 332 + "CzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxJzAlBgNVBAMTHlN3\n" 333 + "aXNzU2lnbiBFViBHb2xkIENBIDIwMDkgLSBHMjAeFw0xMjA3MjYwODU4MTNaFw0x\n" 334 + "NDA3MjYwODU4MTNaMIIBITELMAkGA1UEBhMCQ0gxEDAOBgNVBAgMB1rDvHJpY2gx\n" 335 + "EzARBgNVBAcTCkdsYXR0YnJ1Z2cxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEWMBQG\n" 336 + "A1UEAxMNc3dpc3NzaWduLmNvbTEnMCUGCSqGSIb3DQEJARYYb3BlcmF0aW9uc0Bz\n" 337 + "d2lzc3NpZ24uY29tMRswGQYDVQQJDBJTw6RnZXJlaXN0cmFzc2UgMjUxDTALBgNV\n" 338 + "BBETBDgxNTIxEzARBgsrBgEEAYI3PAIBAxMCQ0gxGDAWBgsrBgEEAYI3PAIBAgwH\n" 339 + "WsO8cmljaDEbMBkGA1UEBRMSQ0gtMDIwLjMuMDI1LjExMC03MRswGQYDVQQPExJW\n" 340 + "MS4wLCBDbGF1c2UgNS4oYikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\n" 341 + "AQDLjzHfEcDeIwdEatC73JRs/xRaDLDmzwwHSZCjCvIKe8/yXxLR3cUIBG8mKrql\n" 342 + "1yICAMEpNM7J/fwN248OV6X/UosJpC4vmbpzgAN8y2q1DGnOyX7Eyi3UDXLTXtfA\n" 343 + "4294BMqCym5zzdS932aQPYBayFkzcsQSp6DHRAuj2Xxd9bly/urNKTumO8ZE0RFR\n" 344 + "wVgNU7o3OQepsH3bhe060Jlr6EBLFas0scH6ll8fREI8g+xhs8yHBOL/meE3zVQC\n" 345 + "/3KTyhY82R4xJy38YHCFPrwrtz5ZHpJqQ1LjiG+cX+FReoHp5VoV7LBNj+eL8oZb\n" 346 + "G6Zn5xlsBQgTlOxEIbXLVV13AgMBAAGjggL6MIIC9jBLBgNVHREERDBCgg1zd2lz\n" 347 + "c3NpZ24uY29tghF3d3cuc3dpc3NzaWduLmNvbYIMc3dpc3NzaWduLmNoghB3d3cu\n" 348 + "c3dpc3NzaWduLmNoMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD\n" 349 + "AQYIKwYBBQUHAwIwHQYDVR0OBBYEFPDLqEiSWR5JiwPlqngv2n2WJwVRMB8GA1Ud\n" 350 + "IwQYMBaAFIh0Rm3HfLX6cnEZ3r8nXg1o4PcnMIH/BgNVHR8EgfcwgfQwR6BFoEOG\n" 351 + "QWh0dHA6Ly9jcmwuc3dpc3NzaWduLm5ldC84ODc0NDY2REM3N0NCNUZBNzI3MTE5\n" 352 + "REVCRjI3NUUwRDY4RTBGNzI3MIGooIGloIGihoGfbGRhcDovL2RpcmVjdG9yeS5z\n" 353 + "d2lzc3NpZ24ubmV0L0NOPTg4NzQ0NjZEQzc3Q0I1RkE3MjcxMTlERUJGMjc1RTBE\n" 354 + "NjhFMEY3MjclMkNPPVN3aXNzU2lnbiUyQ0M9Q0g/Y2VydGlmaWNhdGVSZXZvY2F0\n" 355 + "aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MGIG\n" 356 + "A1UdIARbMFkwVwYJYIV0AVkBAgEBMEowSAYIKwYBBQUHAgEWPGh0dHA6Ly9yZXBv\n" 357 + "c2l0b3J5LnN3aXNzc2lnbi5jb20vU3dpc3NTaWduLUdvbGQtQ1AtQ1BTLVI1LnBk\n" 358 + "ZjCB0QYIKwYBBQUHAQEEgcQwgcEwZAYIKwYBBQUHMAKGWGh0dHA6Ly9zd2lzc3Np\n" 359 + "Z24ubmV0L2NnaS1iaW4vYXV0aG9yaXR5L2Rvd25sb2FkLzg4NzQ0NjZEQzc3Q0I1\n" 360 + "RkE3MjcxMTlERUJGMjc1RTBENjhFMEY3MjcwWQYIKwYBBQUHMAGGTWh0dHA6Ly9n\n" 361 + "b2xkLWV2LWcyLm9jc3Auc3dpc3NzaWduLm5ldC84ODc0NDY2REM3N0NCNUZBNzI3\n" 362 + "MTE5REVCRjI3NUUwRDY4RTBGNzI3MA0GCSqGSIb3DQEBBQUAA4IBAQA8kdxUZdXa\n" 363 + "qu1EATZM77OhA4jw4rmrVNA+iQDb1NdlPldbc5PyQoIWdn7dJgzZrmupgOurRsol\n" 364 + "kUoXb2GrZDaiSK+2sW7VQAcS3p4yK1MawGpcekVcOiFkCjFvuqkwdgnOeZpFIJzP\n" 365 + "Nh6W0wkAxbAVwP/cAOFSoCKTdTfxLMU2g8g+7J49BagYm/b3h1UmvL+B4s7XzL+D\n" 366 + "QDiKzIUvb4xwmbDYksgflkOBwliG3sC8H6LDD+2n3ukFOOKyiXQnoz2QJ57R/Jhj\n" 367 + "kgKyXcr7+6RxatGM7K1u7RlfhuxQxvvrb0NTS8ojLwx6fZL1qYqRGjDWhTv36aRu\n" 368 + "nbZMIuE5QJQs\n" 369 + "-----END CERTIFICATE-----\n"); 370 371 private static final String CERT_WITH_BASIC_NON_CA 372 = ("-----BEGIN CERTIFICATE-----\n" 373 + "MIIGwDCCBaigAwIBAgIQBXBpbXU7lyKUBaP2n+mqwjANBgkqhkiG9w0BAQUFADCB\n" 374 + "vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" 375 + "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n" 376 + "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv\n" 377 + "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew\n" 378 + "HhcNMTIxMDEwMDAwMDAwWhcNMTQxMDEwMjM1OTU5WjCCASUxEzARBgsrBgEEAYI3\n" 379 + "PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVsYXdhcmUxHTAbBgNVBA8TFFBy\n" 380 + "aXZhdGUgT3JnYW5pemF0aW9uMRAwDgYDVQQFEwcyMTU4MTEzMQswCQYDVQQGEwJV\n" 381 + "UzEOMAwGA1UEERQFOTQwNDMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcU\n" 382 + "DU1vdW50YWluIFZpZXcxGTAXBgNVBAkUEDM1MCBFbGxpcyBTdHJlZXQxHTAbBgNV\n" 383 + "BAoUFFN5bWFudGVjIENvcnBvcmF0aW9uMSMwIQYDVQQLFBpJbmZyYXN0cnVjdHVy\n" 384 + "ZSAgT3BlcmF0aW9uczEZMBcGA1UEAxQQd3d3LnZlcmlzaWduLmNvbTCCASIwDQYJ\n" 385 + "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAM0oFzrY8FaYnXJSzme9WCwB3wPB+HS8\n" 386 + "blBuW6DbI11w7In0P6BCVwt/WqI1a+VwSfliKv7pD2P6eHvu6eb8ipPGF3xBRmtr\n" 387 + "Ttg9am77taHkB+w1trx9xXio0viFOPYf9mt2yNhCatjKeXnPRH8IoLoI5bqBhv8V\n" 388 + "u/Mg9s1Wwe8mW1zxztD3D0fVkWqMpQRLFLrs3Us58SbnaxbFLEmAQHPgrDwi+IC4\n" 389 + "aQWcf4UbCkA5P0at+svsu/G+KwYBrsVFL6NaoATcyqimckyCVxeKK6QEPRPM34ae\n" 390 + "7HpT9OWmCu+r4GhM7AQS2mY3wF1EhtigXyUUteU/H06kWyVybpy2VwcCAwEAAaOC\n" 391 + "Ak4wggJKMIHEBgNVHREEgbwwgbmCEHd3dy52ZXJpc2lnbi5jb22CDHZlcmlzaWdu\n" 392 + "LmNvbYIQd3d3LnZlcmlzaWduLm5ldIIMdmVyaXNpZ24ubmV0ghF3d3cudmVyaXNp\n" 393 + "Z24ubW9iaYINdmVyaXNpZ24ubW9iaYIPd3d3LnZlcmlzaWduLmV1ggt2ZXJpc2ln\n" 394 + "bi5ldYIVZm9ybXMud3Muc3ltYW50ZWMuY29tgg1zc2xyZXZpZXcuY29tghF3d3cu\n" 395 + "c3NscmV2aWV3LmNvbTAJBgNVHRMEAjAAMB0GA1UdDgQWBBSFo5HyhWbCi1NFKniM\n" 396 + "6xYHuroUUDAOBgNVHQ8BAf8EBAMCBaAwPgYDVR0fBDcwNTAzoDGgL4YtaHR0cDov\n" 397 + "L0VWSW50bC1jcmwudmVyaXNpZ24uY29tL0VWSW50bDIwMDYuY3JsMEQGA1UdIAQ9\n" 398 + "MDswOQYLYIZIAYb4RQEHFwYwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVy\n" 399 + "aXNpZ24uY29tL2NwczAoBgNVHSUEITAfBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCG\n" 400 + "SAGG+EIEATAfBgNVHSMEGDAWgBROQ8gddu83U3pP8lhvlPM44tW93zB2BggrBgEF\n" 401 + "BQcBAQRqMGgwKwYIKwYBBQUHMAGGH2h0dHA6Ly9FVkludGwtb2NzcC52ZXJpc2ln\n" 402 + "bi5jb20wOQYIKwYBBQUHMAKGLWh0dHA6Ly9FVkludGwtYWlhLnZlcmlzaWduLmNv\n" 403 + "bS9FVkludGwyMDA2LmNlcjANBgkqhkiG9w0BAQUFAAOCAQEAUh48IWs1csaAU3kK\n" 404 + "hOZV4vde2ECxgVc0gRNz4V5fVdLsFv04S0V4pSZX77rQn56CFNkj6eImdAaTJVbd\n" 405 + "Wk8bB2FIwhjNnWScPXuNxzigVOpfRGuNRJymvkqG1+wq4BlG6aXa8aGu7aiuBCqN\n" 406 + "rmRSCj5WZQ94K3NCBUIiQQ9Ll1OGOYO3EM/rylGqUcnPf5aSET2kCIBfN3sG6veH\n" 407 + "wex+op4GuETJ48+PCoP0d1WrGGGs++nAgBYjjGCZciYfIxoqyrVaC5Yt5iYpXZA0\n" 408 + "ZzqJNbzmUD/l2rJeakdAHK0XYPwbQqvNvI1+dUNR9jlRxSKR8XX6mPe5ZgzMqYu+\n" 409 + "CQTDhg==\n" 410 + "-----END CERTIFICATE-----\n"); 411 412 private static final String CERT_WITH_BASIC_CA_ZERO_PATH_LENGTH 413 = ("-----BEGIN CERTIFICATE-----\n" 414 + "MIIGqTCCBJGgAwIBAgIJAPeSt8SBjARYMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n" 415 + "BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln\n" 416 + "biBHb2xkIENBIC0gRzIwHhcNMDkwNjEwMDkyOTM5WhcNMjQwNjA2MDkyOTM5WjBN\n" 417 + "MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMScwJQYDVQQDEx5T\n" 418 + "d2lzc1NpZ24gRVYgR29sZCBDQSAyMDA5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUA\n" 419 + "A4IBDwAwggEKAoIBAQDQnYs8uZZJHHloM5ucf7q7XcRN1Bl8QMoZiruC8oPmghom\n" 420 + "gZyb1qF0nAU/qx13UhcGWrV0goF/2Z8nMUGHjSeHuU65AS6rxm83XvnyI7rLKEcg\n" 421 + "4XXgibW3+bKldwjYfgPujGrZXC8gwx3jA+uF35VMIYpkWayAbl6kmoIsN7s7ZOVw\n" 422 + "T9gRIyZ+GVhFGgmeYGlUYEY1dQ66nMhwQQtTfVcMIiJPbBnppxU+5D0LM7vOwRX8\n" 423 + "tsEOVZyojP3bDqtHo/iWkeMPYSazOEdq4BB0QSc1mXVnu9Vh/NjBm00d0Agd/KsQ\n" 424 + "Nn/pR+tbgUYkiBhnu3oJ+XFNBsyFrOxGLJkg9P6fAgMBAAGjggKSMIICjjAOBgNV\n" 425 + "HQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUiHRGbcd8\n" 426 + "tfpycRnevydeDWjg9ycwHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn8O4w\n" 427 + "gf8GA1UdHwSB9zCB9DBHoEWgQ4ZBaHR0cDovL2NybC5zd2lzc3NpZ24ubmV0LzVC\n" 428 + "MjU3Qjk2QTQ2NTUxN0VCODM5RjNDMDc4NjY1RUU4M0FFN0YwRUUwgaiggaWggaKG\n" 429 + "gZ9sZGFwOi8vZGlyZWN0b3J5LnN3aXNzc2lnbi5uZXQvQ049NUIyNTdCOTZBNDY1\n" 430 + "NTE3RUI4MzlGM0MwNzg2NjVFRTgzQUU3RjBFRSUyQ089U3dpc3NTaWduJTJDQz1D\n" 431 + "SD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JM\n" 432 + "RGlzdHJpYnV0aW9uUG9pbnQwXQYDVR0gBFYwVDBSBgRVHSAAMEowSAYIKwYBBQUH\n" 433 + "AgEWPGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vU3dpc3NTaWduLUdv\n" 434 + "bGQtQ1AtQ1BTLVI0LnBkZjCBxgYIKwYBBQUHAQEEgbkwgbYwZAYIKwYBBQUHMAKG\n" 435 + "WGh0dHA6Ly9zd2lzc3NpZ24ubmV0L2NnaS1iaW4vYXV0aG9yaXR5L2Rvd25sb2Fk\n" 436 + "LzVCMjU3Qjk2QTQ2NTUxN0VCODM5RjNDMDc4NjY1RUU4M0FFN0YwRUUwTgYIKwYB\n" 437 + "BQUHMAGGQmh0dHA6Ly9vY3NwLnN3aXNzc2lnbi5uZXQvNUIyNTdCOTZBNDY1NTE3\n" 438 + "RUI4MzlGM0MwNzg2NjVFRTgzQUU3RjBFRTANBgkqhkiG9w0BAQUFAAOCAgEARJJo\n" 439 + "SpTCFSg5U+D4W8Cdc7vxEr83McOZY+D1fX490SAv3sDJ7XcbdXODL5m4UeK4s4bg\n" 440 + "UR1ZgCFiK8A4GRFpIvD4qse8E+Z20PGbQmtlSUIJztL3y3y4hLcM2Vt+mZz7M+aN\n" 441 + "xVlFbIrje+3PwgnvDTrIOLNt+LtV/uonA4A9SpAxlUCroFfSpfA71a3SJll/C4OG\n" 442 + "uvPZjHuX1ResF91+JJoyCiHcdi9h6w0yEf29zXdzKkUsaOZ0CikPTKdCZQ4MbIGX\n" 443 + "D5qMY65PK0mpT7uAt93ZIITXfQs93RWJWZtF7HrHGjIeloeKkXofsylmqP3JfgeV\n" 444 + "/mjuYz/9HS5MAxVE5+Wcb08tMGaoqSRxYhnv2Tmx2s8mPHyCXocgxMhXJtCN++Ba\n" 445 + "oO7JQRXeoiUZzIMac67dWb3rScOtEdF4lkIWB0yyts6LUPJtXXbRog3EI3i65ofc\n" 446 + "nW3ZdQijbE5t3F03yY/qRoHO8I/Be3qe1zk+7FCpjx7B8VLB1+lajfvLml0sgvCY\n" 447 + "O/O9/RRmqFhdhfDnsPj/pWkM6nKu8KjXX6WZmW6FTuC57yG81dI2AYqoO3qlzDdt\n" 448 + "IgVXouBar3TAgWRIka5FsxudaWOUK+Mj9TiKSQBYglHWhkdlEUpjOZfZhHKkMht4\n" 449 + "Y5mbkvu5+9xcWGhKNBLBq/isdBPkyfLVeVWxxkQ=\n" 450 + "-----END CERTIFICATE-----\n"); 451 452 private static final String CERT_WITH_BASIC_CA_NO_PATH_LENGTH 453 = ("-----BEGIN CERTIFICATE-----\n" 454 + "MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\n" 455 + "BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln\n" 456 + "biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF\n" 457 + "MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT\n" 458 + "d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC\n" 459 + "CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8\n" 460 + "76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+\n" 461 + "bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c\n" 462 + "6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE\n" 463 + "emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd\n" 464 + "MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt\n" 465 + "MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y\n" 466 + "MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y\n" 467 + "FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi\n" 468 + "aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM\n" 469 + "gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB\n" 470 + "qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7\n" 471 + "lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn\n" 472 + "8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov\n" 473 + "L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6\n" 474 + "45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO\n" 475 + "UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5\n" 476 + "O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC\n" 477 + "bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv\n" 478 + "GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a\n" 479 + "77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC\n" 480 + "hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3\n" 481 + "92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp\n" 482 + "Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w\n" 483 + "ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt\n" 484 + "Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ\n" 485 + "-----END CERTIFICATE-----\n"); 486 testGetBasicConstraints()487 public void testGetBasicConstraints() throws Exception { 488 assertEquals(5, generateCert(CERT_CORRECT).getBasicConstraints()); 489 assertEquals(-1, generateCert(CERT_WITHOUT_BASIC).getBasicConstraints()); 490 assertEquals(-1, generateCert(CERT_WITH_BASIC_NON_CA).getBasicConstraints()); 491 assertEquals(0, generateCert(CERT_WITH_BASIC_CA_ZERO_PATH_LENGTH).getBasicConstraints()); 492 assertEquals(Integer.MAX_VALUE, generateCert(CERT_WITH_BASIC_CA_NO_PATH_LENGTH).getBasicConstraints()); 493 } 494 testCertificateException()495 public void testCertificateException() throws Exception { 496 try { 497 generateCert(CERT_TAMPERED); 498 fail(); 499 } catch (CertificateException expected) { 500 } 501 502 try { 503 generateCert(CERT); 504 fail(); 505 } catch (CertificateException expected) { 506 } 507 } 508 generateCert(String string)509 public X509Certificate generateCert(String string) throws Exception { 510 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 511 ByteArrayInputStream bais = new ByteArrayInputStream(string.getBytes()); 512 X509Certificate cert = (X509Certificate) cf.generateCertificate(bais); 513 assertNotNull(cert); 514 return cert; 515 } 516 } 517