nistcertpathtest.java

kmlnjlkj nlkjlkjkljl okopokipoipo oipipipo i

        test("61", TEST_61_DATA, false, false);
        test("62", TEST_62_DATA, true , false);
        test("63", TEST_63_DATA, true , false);
        test("64", TEST_64_DATA, false, false);
        test("65", TEST_65_DATA, false, false);
        test("66", TEST_66_DATA, false, false);
        test("67", TEST_67_DATA, true , false);
        test("68", TEST_68_DATA, false, false);
        test("69", TEST_69_DATA, false, false);
        
        test("70", TEST_70_DATA, false, false);
        test("71", TEST_71_DATA, false, false);
        test("72", TEST_72_DATA, false, false);
        test("73", TEST_73_DATA, false, false);
        test("74", TEST_74_DATA, true , false);
        test("75", TEST_75_DATA, false, false);
        test("76", TEST_76_DATA, false, false);
        
        resultBuf.append("NISTCertPathTest -- Failed: ").append(testFail.size()).append('/').append(testCount).append('\n');
        if (!testFail.isEmpty())
        {
            fail(resultBuf.toString());
        }
    }
    
    private final void init()
    {
        try
        {
            fact = CertificateFactory.getInstance("X.509", "BC");
            trustedCert = (X509Certificate)fact
                    .generateCertificate(new ByteArrayInputStream(Base64
                            .decode(Trust_Anchor_CP_01_01_crt)));
            trustedCRL = (X509CRL)fact.generateCRL(new ByteArrayInputStream(
                    Base64.decode(Trust_Anchor_CRL_CP_01_01_crl)));
            trustedSet = new HashSet();

            byte[] _ncBytes = null;
            byte[] _octBytes = trustedCert.getExtensionValue("2.5.29.30");
            if (_octBytes != null)
            {
                ASN1InputStream _ais = new ASN1InputStream(
                        new ByteArrayInputStream(_octBytes));
                ASN1OctetString _oct = ASN1OctetString.getInstance(_ais
                        .readObject());
                _ais.close();
                _ncBytes = _oct.getOctets();
            }

            trustedSet.add(new TrustAnchor(trustedCert, _ncBytes));
            testCount = 0;
            testFail = new Vector();
            resultBuf = new StringBuffer();
        }
        catch (Exception ex)
        {
            throw new RuntimeException(ex.getMessage());
        }
    }

    private final X509Certificate decodeCertificate(String _str)
            throws GeneralSecurityException
    {

        return (X509Certificate)fact
                .generateCertificate(new ByteArrayInputStream(Base64
                        .decode(_str)));
    }

    private final X509CRL decodeCRL(String _str)
            throws GeneralSecurityException
    {

        return (X509CRL)fact.generateCRL(new ByteArrayInputStream(Base64
                .decode(_str)));
    }

    private final CertStore makeCertStore(String[] _strs)
            throws GeneralSecurityException
    {

        Vector _vec = new Vector();
        _vec.addElement(trustedCRL);

        for (int i = 0; i < _strs.length; i++)
        {
            if (_strs[i].startsWith("MIIC"))
            {
                _vec.addElement(fact
                        .generateCertificate(new ByteArrayInputStream(Base64
                                .decode(_strs[i]))));
            }
            else if (_strs[i].startsWith("MIIB"))
            {
                _vec.addElement(fact.generateCRL(new ByteArrayInputStream(
                        Base64.decode(_strs[i]))));
            }
            else
            {
                throw new IllegalArgumentException("Invalid certificate or crl");
            }
        }

        // Insert elements backwards to muck up forward ordering dependency
        Vector _vec2 = new Vector();
        for (int i = _vec.size() - 1; i >= 0; i--)
        {
            _vec2.add(_vec.elementAt(i));
        }

        return CertStore.getInstance("Collection",
                new CollectionCertStoreParameters(_vec2), "BC");
    }

    private void test(String _name, String[] _data, boolean _accept,
            boolean _debug)
    {

        test(_name, _data, null, false, _accept, _debug);
    }

    private void test(String _name, String[] _data, boolean _explicit,
            boolean _accept, boolean _debug)
    {

        test(_name, _data, null, _explicit, _accept, _debug);
    }

    private void test(String _name, String[] _data, Set _ipolset,
            boolean _explicit, boolean _accept, boolean _debug)
    {

        testCount++;
        boolean _pass = true;

        try
        {
            CertPathBuilder _cpb = CertPathBuilder.getInstance("PKIX", "BC");
            X509Certificate _ee = decodeCertificate(_data[_data.length - 1]);
            X509CertSelector _select = new X509CertSelector();
            _select.setSubject(_ee.getSubjectX500Principal().getEncoded());

            PKIXBuilderParameters _param = new PKIXBuilderParameters(
                    trustedSet, _select);
            _param.setExplicitPolicyRequired(_explicit);
            _param.addCertStore(makeCertStore(_data));
            _param.setRevocationEnabled(true);
            if (_ipolset != null)
            {
                _param.setInitialPolicies(_ipolset);
            }

            CertPathBuilderResult _result = _cpb.build(_param);

            if (!_accept)
            {
                System.out.println("Accept when it should reject");
                _pass = false;
                testFail.addElement(_name);
            }
        }
        catch (Exception ex)
        {
            if (_accept)
            {
                System.out.println("Reject when it should accept");
                _pass = false;
                testFail.addElement(_name);
            }
        }

        resultBuf.append("NISTCertPathTest -- ").append(_name).append(": ")
                .append(_pass ? "\n" : "Failed.\n");
    }
    

    public static void main(
        String[]    args)
    {
        Security.addProvider(new BouncyCastleProvider());

        runTest(new NISTCertPathTest());
    }
    
    /*  
     *  Trust Anchor
     *  
     */ 
    public static final String Trust_Anchor_CP_01_01_crt = 
        "MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVTMRgwFg" +
        "YDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UECxMHVGVzdGlu" +
        "ZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEwMFoXDTQ4MDEwMTEyMD" +
        "EwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UE" +
        "CxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYDVQQDEwxUcnVzdCBBbmNob3IwgZ8wDQ" +
        "YJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPzucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+" +
        "TotWvz6qIS1QE/7zGS56yxHP89O4X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko" +
        "03z8U8yfn68DlIBHi9sN31JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGj" +
        "ODA2MBEGA1UdDgQKBAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/" +
        "nC51SPMA0GCSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T" +
        "/2Nt7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27Yl" +
        "/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF";
    public static final String Trust_Anchor_CRL_CP_01_01_crl = 
        "MIIBbzCB2QIBATANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS" +
        "5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsTB1Rlc3RpbmcxFTATBgNV" +
        "BAMTDFRydXN0IEFuY2hvchcNOTkwMTAxMTIwMTAwWhcNNDgwMTAxMTIwMTAwWjAiMCACAS" +
        "cXDTk5MDEwMTEyMDAwMFowDDAKBgNVHRUEAwoBAaAjMCEwCgYDVR0UBAMCAQEwEwYDVR0j" +
        "BAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcNAQEFBQADgYEAC7lqZwejJRW7QvzH11/7cYcL3r" +
        "acgMxH3PSU/ufvyLk7ahR++RtHary/WeCvRdyznLiIOA8ZBiguWtVPqsNysNn7WLofQIVa" +
        "+/TD3T+lece4e1NwGQvj5Q+e2wRtGXg+gCuTjTKUFfKRnWz7O7RyiJKKim0jtAF4RkCpLe" +
        "bNChY=";


    /*  
     *  test1
     *  
     */ 

    public static final String End_Certificate_CP_01_01_crt = 
        "MIIChjCCAe+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJVUzEYMBYGA1" +
        "UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxEDAOBgNVBAsTB1Rlc3Rpbmcx" +
        "FTATBgNVBAMTDFRydXN0IEFuY2hvcjAeFw05ODAxMDExMjAxMDBaFw00ODAxMDExMjAxMD" +
        "BaMGAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsT" +
        "A0RvRDEQMA4GA1UECxMHVGVzdGluZzEXMBUGA1UEAxMOVXNlcjEtQ1AuMDEuMDEwgZ8wDQ" +
        "YJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMY07G8M4FkOvF+6LpO7BKcDuXCKudfl1+bKSowj" +
        "2GCza8uIiMfYSH5k+fYb43lGQeRh9yVHcfNQlE7yfGo3tgxGv5yWpeKvDMqL8Iy6Q0oIjm" +
        "qH80ZOz21dUkermcckzTEOfe/R2fNpJPv8M24pq29SdYAqu+CpLDHFtws9O+q1AgMBAAGj" +
        "UjBQMA4GA1UdDwEB/wQEAwIF4DAWBgNVHSAEDzANMAsGCWCGSAFlAwEwATARBgNVHQ4ECg" +
        "QIrNv88bwFLtIwEwYDVR0jBAwwCoAIq5rr+cLnVI8wDQYJKoZIhvcNAQEFBQADgYEAK4hP" +
        "goWtZbHf6qWfRfmrPrz9hDH1644NrJop2Y7MXzuTtpo1zp4NCG4+ii0CSOfvhugc8yOmq3" +
        "I6olgE0V16VtC5br2892UHYZ55Q4oQ9BWouVVlOyY9rogOB160BnsqBELFhT0Wf6mnbsdD" +
        "G+BB5fFyeK61aYDWV84kS7cSX5w=";
    public static final String[] TEST_1_DATA = new String[] {
        End_Certificate_CP_01_01_crt,
    };

    /*  
     *  test2
     *