File Doc Category Size Date Package
TestUtils.java API Doc Android 1.5 API 32773 Wed May 06 22:41:06 BST 2009 org.apache.harmony.security.tests.support.cert

TestUtils

java.lang.Object

public class TestUtils extends Object

java.security.cert test utilities

Fields Summary
private static final String
certType
private static final String
keyStoreType
private static final String
keyStoreFileName
public static final int
UNTRUSTED
public static final int
TRUSTED
public static final int
TRUSTED_AND_UNTRUSTED
private static final char[]
storepass
private static final String
ENCODED_X509_CERTIFICATE
public static final String
rootCert
Certificate:
Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AN, ST=Android, O=Android, OU=Android, CN=Android/emailAddress=android Validity Not Before: Dec 9 16:35:30 2008 GMT Not After : Dec 9 16:35:30 2011 GMT Subject: C=AN, ST=Android, O=Android, OU=Android, CN=Android/emailAddress=android Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:c5:fb:5e:68:37:82:1d:58:ed:cb:31:8c:08:7f: 51:31:4c:68:40:8c:4d:07:a1:0e:18:36:02:6b:89: 92:c1:cf:88:1e:cf:00:22:00:8c:37:e8:6a:76:94: 71:53:81:78:e1:48:94:fa:16:61:93:eb:a0:ee:62: 9d:6a:d2:2c:b8:77:9d:c9:36:d5:d9:1c:eb:26:3c: 43:66:4d:7b:1c:1d:c7:a1:37:66:e2:84:54:d3:ed: 21:dd:01:1c:ec:9b:0c:1e:35:e9:37:15:9d:2b:78: a8:3b:11:3a:ee:c2:de:55:44:4c:bd:40:8d:e5:52: b0:fc:53:33:73:4a:e5:d0:df Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 4B:E3:22:14:AD:0A:14:46:B7:52:31:8B:AB:9E:5A:62:F3:98:37:80 X509v3 Authority Key Identifier: keyid:4B:E3:22:14:AD:0A:14:46:B7:52:31:8B:AB:9E:5A:62:F3:98:37:80 DirName:/C=AN/ST=Android/O=Android/OU=Android/CN=Android/emailAddress=android serial:00 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption 72:4f:12:8a:4e:61:b2:9a:ba:58:17:0b:55:96:f5:66:1c:a8: ba:d1:0f:8b:9b:2d:ab:a8:00:ac:7f:99:7d:f6:0f:d7:85:eb: 75:4b:e5:42:37:71:46:b1:4a:b0:1b:17:e4:f9:7c:9f:bd:20: 75:35:9f:27:8e:07:95:e8:34:bd:ab:e4:10:5f:a3:7b:4c:56: 69:d4:d0:f1:e9:74:15:2d:7f:77:f0:38:77:eb:8a:99:f3:a9: 88:f0:63:58:07:b9:5a:61:f8:ff:11:e7:06:a1:d1:f8:85:fb: 99:1c:f5:cb:77:86:36:cd:43:37:99:09:c2:9a:d8:f2:28:05: 06:0c
public static final String
rootPrivateKey
public static final String
endCert
Certificate:
Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AN, ST=Android, O=Android, OU=Android, CN=Android/emailAddress=android Validity Not Before: Dec 9 16:40:35 2008 GMT Not After : Dec 9 16:40:35 2009 GMT Subject: C=AN, ST=Android, L=Android, O=Android, OU=Android, CN=Android Certificate/emailAddress=android Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:b8:e3:de:c7:a9:40:47:2c:2a:6f:f5:2a:f4:cd: f2:2d:40:fa:15:3f:1c:37:66:73:a5:67:4d:5b:a0: b6:b1:dd:dc:bf:01:c7:e2:c1:48:1a:8f:1c:ce:ec: b0:a2:55:29:9a:1b:3a:6e:cc:7b:d7:65:ae:0b:05: 34:03:8a:af:db:f0:dc:01:80:92:03:b4:13:e5:d6: fd:79:66:7f:c3:1a:62:d5:5e:3d:c0:19:a4:42:15: 47:19:e6:f0:c8:b7:e2:7b:82:a2:c7:3d:df:ac:8c: d5:bc:39:b8:e5:93:ac:3f:af:30:b7:cc:00:a8:00: f3:38:23:b0:97:0e:92:b1:1b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 88:4D:EC:16:26:A7:76:F5:26:43:BC:34:99:DF:D5:EA:7B:F8:5F:DE X509v3 Authority Key Identifier: keyid:4B:E3:22:14:AD:0A:14:46:B7:52:31:8B:AB:9E:5A:62:F3:98:37:80 Signature Algorithm: sha1WithRSAEncryption 55:73:95:e6:4c:40:fc:fd:52:8a:5f:83:15:49:73:ca:f3:d8: 5f:bb:d6:f5:2e:90:e6:7f:c3:7d:4d:27:d3:45:c6:53:9b:aa: e3:32:99:40:b3:a9:d3:14:7d:d5:e6:a7:70:95:30:6e:dc:8c: 7b:48:e1:98:d1:65:7a:eb:bf:b0:5c:cd:c2:eb:31:5e:b6:e9: df:56:95:bc:eb:79:74:27:5b:6d:c8:55:63:09:d3:f9:e2:40: ba:b4:a2:c7:2c:cb:b1:3a:c2:d8:0c:21:31:ee:68:7e:97:ce: 98:22:2e:c6:cf:f0:1a:11:04:ca:9a:06:de:98:48:85:ac:6c: 6f:98
public static final String
endPrivateKey
public static X509Certificate
rootCertificateSS
a self signed certificate
public static X509Certificate
endCertificate
public static MyCRL
crl
public static X509CertSelector
theCertSelector
public static CertPathBuilder
builder
private static CertStore
store
Constructors Summary
Methods Summary
public static java.security.cert.CertPath buildCertPathSSCertChain()
CertPathBuilderResult result; CertPathParameters buildParams = getCertPathParameters(); try { result = builder.build(buildParams); } catch (CertPathBuilderException e) { return null; } return result.getCertPath();
public static java.security.cert.CertPathBuilder getCertPathBuilder()
if (builder == null) { throw new RuntimeException( "Call initCertPathSSCertChain prior to buildCertPath"); } return builder;
public static java.security.cert.CertPathParameters getCertPathParameters()
if ((rootCertificateSS == null) || (theCertSelector == null) || (builder == null)) { throw new RuntimeException( "Call initCertPathSSCertChain prior to buildCertPath"); } PKIXCertPathBuilderResult result = null; PKIXBuilderParameters buildParams = new PKIXBuilderParameters( Collections.singleton(new TrustAnchor(rootCertificateSS, null)), theCertSelector); buildParams.addCertStore(store); buildParams.setRevocationEnabled(false); return buildParams;
public static java.util.List getCollectionCertStoresList()
Creates List of CollectionCertStores
return
The list created
throws
InvalidAlgorithmParameterException
throws
NoSuchAlgorithmException
CertStore cs = CertStore.getInstance("Collection", new CollectionCertStoreParameters()); ArrayList<CertStore> l = new ArrayList<CertStore>(); if (!l.add(cs)) { throw new RuntimeException("Could not create cert stores list"); } return l;
public static byte[] getEncodedX509Certificate()
return ENCODED_X509_CERTIFICATE.getBytes();
public static java.security.KeyStore getKeyStore(boolean initialize, int testKeyStoreType)
Creates test KeyStore instance
param
initialize Do not initialize returned KeyStore if false
param
testKeyStoreType this parameter ignored if initialize is false; The following types supported:
1 - KeyStore with untrusted certificates only
2 - KeyStore with trusted certificates only
3 - KeyStore with both trusted and untrusted certificates
return
Returns test KeyStore instance
BufferedInputStream bis = null; try { KeyStore ks = KeyStore.getInstance(keyStoreType); if (initialize) { String fileName = keyStoreFileName + testKeyStoreType; ks.load(Support_Resources.getResourceStream(fileName), storepass); } return ks; } catch (Exception e) { throw new RuntimeException(e); } finally { if (initialize && bis != null) { try { bis.close(); } catch (IOException ign) {} } }
public static java.security.cert.PolicyNode getPolicyTree()
Creates policy tree stub containing two PolicyNodes for testing purposes
return
root PolicyNode of the policy tree
return new PolicyNode() { final PolicyNode parent = this; public int getDepth() { // parent return 0; } public boolean isCritical() { return false; } public String getValidPolicy() { return null; } public PolicyNode getParent() { return null; } public Iterator<PolicyNode> getChildren() { PolicyNode child = new PolicyNode() { public int getDepth() { // child return 1; } public boolean isCritical() { return false; } public String getValidPolicy() { return null; } public PolicyNode getParent() { return parent; } public Iterator<PolicyNode> getChildren() { return null; } public Set<String> getExpectedPolicies() { return null; } public Set<? extends PolicyQualifierInfo> getPolicyQualifiers() { return null; } }; HashSet<PolicyNode> s = new HashSet<PolicyNode>(); s.add(child); return s.iterator(); } public Set<String> getExpectedPolicies() { return null; } public Set<? extends PolicyQualifierInfo> getPolicyQualifiers() { return null; } };
public static java.security.cert.PKIXCertPathChecker getTestCertPathChecker()
Creates stub implementation of the PKIXCertPathChecker
return
Stub implementation of the PKIXCertPathChecker
// stub implementation for testing purposes only return new PKIXCertPathChecker() { private boolean forward = false; @SuppressWarnings({"unused", "unchecked"}) public void check(Certificate arg0, Collection arg1) throws CertPathValidatorException { } public Set<String> getSupportedExtensions() { return null; } @SuppressWarnings("unused") public void init(boolean arg0) throws CertPathValidatorException { forward = arg0; } public boolean isForwardCheckingSupported() { // just to check this checker state return forward; } };
public static java.security.cert.TrustAnchor getTrustAnchor()
Creates TrustAnchor instance constructed using self signed test certificate
return
TrustAnchor instance
CertificateFactory cf = null; try { cf = CertificateFactory.getInstance(certType); } catch (CertificateException e) { // requested cert type is not available in the // default provider package or any of the other provider packages // that were searched throw new RuntimeException(e); } BufferedInputStream bis = null; try { bis = new BufferedInputStream(new ByteArrayInputStream( getEncodedX509Certificate())); X509Certificate c1 = (X509Certificate)cf.generateCertificate(bis); return new TrustAnchor(c1, null); } catch (Exception e) { // all failures are fatal throw new RuntimeException(e); } finally { if (bis != null) { try { bis.close() ; } catch (IOException ign) {} } }
public static java.util.Set getTrustAnchorSet()
Creates Set of TrustAnchors containing single element (self signed test certificate).
return
Returns Set of TrustAnchors
TrustAnchor ta = getTrustAnchor(); if (ta == null) { return null; } HashSet<TrustAnchor> set = new HashSet<TrustAnchor>(); if (!set.add(ta)) { throw new RuntimeException("Could not create trust anchor set"); } return set;
public static byte[] getX509CRL_v1()
Returns X.509 CRL encoding corresponding to version v1. CRL encoding was created by hands according to X.509 CRL ASN.1 notation. The CRL encoding has the following encoded field values:
- version: 1
- issuer: CN=Z
- thisUpdate: 01 Jan 2001 01:02:03
return
X.509 CRL encoding corresponding to version v1.
return new byte[] { //CertificateList: SEQUENCE 0x30, 0x35, // TBSCertList: SEQUENCE 0x30, 0x27, // Version: INTEGER OPTIONAL // 0x02, 0x01, 0x01, - missed here cause it is v1 // signature: AlgorithmIdentifier 0x30, 0x06, // SEQUENCE 0x06, 0x01, 0x01, // OID 0x01, 0x01, 0x11, // ANY // issuer: Name 0x30, 0x0C, 0x31, 0x0A, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x01, 0x5A, // CN=Z // thisUpdate: ChoiceOfTime // GeneralizedTime: 01 Jan 2001 01:02:03 0x18, 0x0F, 0x32, 0x30, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x32, 0x30, 0x33, 0x5A, // nextUpdate - missed // revokedCertificates - missed // crlExtensions - missed // signatureAlgorithm: AlgorithmIdentifier 0x30, 0x06, // SEQUENCE 0x06, 0x01, 0x01, //OID 0x01, 0x01, 0x11, //ANY // signature: BIT STRING 0x03, 0x02, 0x00, 0x01 };
public static byte[] getX509Certificate_v1()
Returns X.509 certificate encoding corresponding to version v1. Certificate encoding was created by hands according to X.509 Certificate ASN.1 notation. The certificate encoding has the following encoded field values:
- version: 1
- serialNumber: 5
- issuer: CN=Z
- notBefore: 13 Dec 1999 14:15:16
- notAfter: 01 Jan 2000 00:00:00
- subject: CN=Y
return
X.509 certificate encoding corresponding to version v1.
return new byte[] { // Certificate: SEQUENCE 0x30, 0x6B, // // TBSCertificate: SEQUENCE { // 0x30, 0x5C, // version: [0] EXPLICIT Version DEFAULT v1 (byte) 0xA0, 0x03, 0x02, 0x01, 0x00, // serialNumber: CertificateSerialNumber 0x02, 0x01, 0x05, // signature: AlgorithmIdentifier 0x30, 0x07, // SEQUENCE 0x06, 0x02, 0x03, 0x05,//OID 0x01, 0x01, 0x07, //ANY //issuer: Name 0x30, 0x0C, 0x31, 0x0A, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x01, 0x5A, // CN=Z //validity: Validity 0x30, 0x1E, // SEQUENCE // notBefore: UTCTime 0x17, 0x0D, 0x39, 0x39, 0x31, 0x32, 0x31, 0x33, 0x31, 0x34, 0x31, 0x35, 0x31, 0x36, 0x5A, // 13 Dec 1999 14:15:16 // notAfter: UTCTime 0x17, 0x0D, 0x30, 0x30, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5A, // 01 Jan 2000 00:00:00 //subject: Name 0x30, 0x0C, 0x31, 0x0A, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x01, 0x59, // CN=Y //SubjectPublicKeyInfo ::= SEQUENCE { // algorithm AlgorithmIdentifier, // subjectPublicKey BIT STRING } 0x30, 0x0D, // SEQUENCE 0x30, 0x07, // SEQUENCE 0x06, 0x02, 0x03, 0x05,//OID 0x01, 0x01, 0x07, //ANY 0x03, 0x02, 0x00, 0x01, // subjectPublicKey // issuerUniqueID - missed // subjectUniqueID - missed // extensions - missed // } end TBSCertificate // // signatureAlgorithm: AlgorithmIdentifier // 0x30, 0x07, // SEQUENCE 0x06, 0x02, 0x03, 0x05,//OID 0x01, 0x01, 0x07, //ANY // // signature: BIT STRING // 0x03, 0x02, 0x00, 0x01 };
public static byte[] getX509Certificate_v3()
Returns X.509 certificate encoding corresponding to version v3. Certificate encoding was created by hands according to X.509 Certificate ASN.1 notation. The certificate encoding has the following encoded field values:
- version: 3
- serialNumber: 5
- issuer: CN=Z
- notBefore: 13 Dec 1999 14:15:16
- notAfter: 01 Jan 2000 00:00:00
- subject: CN=Y
- extensions: 1) AuthorityKeyIdentifier(OID=2.5.29.35): no values in it(empty sequence)
return
X.509 certificate encoding corresponding to version v3.
return new byte[] { // Certificate: SEQUENCE 0x30, 0x7D, // // TBSCertificate: SEQUENCE { // 0x30, 0x6E, // version: [0] EXPLICIT Version DEFAULT v1 (byte) 0xA0, 0x03, 0x02, 0x01, 0x02, // serialNumber: CertificateSerialNumber 0x02, 0x01, 0x05, // signature: AlgorithmIdentifier 0x30, 0x07, // SEQUENCE 0x06, 0x02, 0x03, 0x05,//OID 0x01, 0x01, 0x07, //ANY //issuer: Name 0x30, 0x0C, 0x31, 0x0A, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x01, 0x5A, // CN=Z //validity: Validity 0x30, 0x1E, // SEQUENCE // notBefore: UTCTime 0x17, 0x0D, 0x39, 0x39, 0x31, 0x32, 0x31, 0x33, 0x31, 0x34, 0x31, 0x35, 0x31, 0x36, 0x5A, // 13 Dec 1999 14:15:16 // notAfter: UTCTime 0x17, 0x0D, 0x30, 0x30, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5A, // 01 Jan 2000 00:00:00 //subject: Name 0x30, 0x0C, 0x31, 0x0A, 0x30, 0x08, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x01, 0x59, // CN=Y //SubjectPublicKeyInfo ::= SEQUENCE { // algorithm AlgorithmIdentifier, // subjectPublicKey BIT STRING } 0x30, 0x0D, // SEQUENCE 0x30, 0x07, // SEQUENCE 0x06, 0x02, 0x03, 0x05,//OID 0x01, 0x01, 0x07, //ANY 0x03, 0x02, 0x00, 0x01, // subjectPublicKey // issuerUniqueID - missed // subjectUniqueID - missed // extensions : [3] EXPLICIT Extensions OPTIONAL (byte) 0xA3, 0x10, // Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 0x30, 0x0E, // Extension ::= SEQUENCE { // extnID OBJECT IDENTIFIER, // critical BOOLEAN DEFAULT FALSE, // extnValue OCTET STRING } // 1) AuthorityKeyIdentifier extension (see HARMONY-3384) 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x23, // OID = 2.5.29.35 0x01, 0x01, 0x00, // critical = FALSE 0x04, 0x02, 0x30, 0x00, // extnValue: MUST be empty sequence // missed: keyIdentifier // missed: authorityCertIssuer // missed" authorityCertSerialNumber // } end TBSCertificate // // signatureAlgorithm: AlgorithmIdentifier // 0x30, 0x07, // SEQUENCE 0x06, 0x02, 0x03, 0x05,//OID 0x01, 0x01, 0x07, //ANY // // signature: BIT STRING // 0x03, 0x02, 0x00, 0x01 };
public static void initCertPathSSCertChain()
// create certificates and CRLs CertificateFactory cf = CertificateFactory.getInstance("X.509"); ByteArrayInputStream bi = new ByteArrayInputStream(rootCert.getBytes()); rootCertificateSS = (X509Certificate) cf.generateCertificate(bi); bi = new ByteArrayInputStream(endCert.getBytes()); endCertificate = (X509Certificate) cf.generateCertificate(bi); BigInteger revokedSerialNumber = BigInteger.valueOf(1); crl = new MyCRL("X.509"); // X509CRL rootCRL = X509CRL; // X509CRL interCRL = X509CRLExample.createCRL(interCert, interPair // .getPrivate(), revokedSerialNumber); // create CertStore to support path building List<Object> list = new ArrayList<Object>(); list.add(rootCertificateSS); list.add(endCertificate); CollectionCertStoreParameters params = new CollectionCertStoreParameters( list); store = CertStore.getInstance("Collection", params); theCertSelector = new X509CertSelector(); theCertSelector.setCertificate(endCertificate); theCertSelector.setIssuer(endCertificate.getIssuerX500Principal() .getEncoded()); // build the path builder = CertPathBuilder.getInstance("PKIX");