📄 nistcertpathtest.java
字号:
doExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, certList, crlList, null, 0, "Certificate status could not be determined."); } // section 4.14: tests 17, 24, 25, 30, 31, 32, 33, 35 // section 4.15: tests 5, 7 private void doExceptionTest( String trustAnchor, String[] certs, String[] crls, int index, String message) throws Exception { try { doTest(trustAnchor, certs, crls); fail("path accepted when should be rejected"); } catch (CertPathValidatorException e) { assertEquals(index, e.getIndex()); assertEquals(message, e.getMessage()); } } private void doExceptionTest( String trustAnchor, String[] certs, String[] crls, Set policies, int index, String message) throws Exception { try { doTest(trustAnchor, certs, crls, policies); fail("path accepted when should be rejected"); } catch (CertPathValidatorException e) { assertEquals(index, e.getIndex()); assertEquals(message, e.getMessage()); } } private void doExceptionTest( String trustAnchor, String[] certs, String[] crls, int index, String mesStart, String mesEnd) throws Exception { try { doTest(trustAnchor, certs, crls); fail("path accepted when should be rejected"); } catch (CertPathValidatorException e) { assertEquals(index, e.getIndex()); assertTrue(e.getMessage().startsWith(mesStart)); assertTrue(e.getMessage().endsWith(mesEnd)); } } private PKIXCertPathValidatorResult doTest( String trustAnchor, String[] certs, String[] crls) throws Exception { return doTest(trustAnchor, certs, crls, null); } private PKIXCertPathValidatorResult doTest( String trustAnchor, String[] certs, String[] crls, Set policies) throws Exception { Set trustedSet = Collections.singleton(getTrustAnchor(trustAnchor)); List certsAndCrls = new ArrayList(); X509Certificate endCert = loadCert(certs[certs.length - 1]); for (int i = 0; i != certs.length - 1; i++) { certsAndCrls.add(loadCert(certs[i])); } certsAndCrls.add(endCert); CertPath certPath = CertificateFactory.getInstance("X.509","BC").generateCertPath(certsAndCrls); for (int i = 0; i != crls.length; i++) { certsAndCrls.add(loadCrl(crls[i])); } CertStore store = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certsAndCrls), "BC"); CertPathValidator validator = CertPathValidator.getInstance("PKIX","BC"); PKIXParameters params = new PKIXParameters(trustedSet); params.addCertStore(store); params.setRevocationEnabled(true); if (policies != null) { params.setExplicitPolicyRequired(true); params.setInitialPolicies(policies); } return (PKIXCertPathValidatorResult)validator.validate(certPath, params); } private PKIXCertPathBuilderResult doBuilderTest( String trustAnchor, String[] certs, String[] crls, Set initialPolicies, boolean policyMappingInhibited, boolean anyPolicyInhibited) throws Exception { Set trustedSet = Collections.singleton(getTrustAnchor(trustAnchor)); List certsAndCrls = new ArrayList(); X509Certificate endCert = loadCert(certs[certs.length - 1]); for (int i = 0; i != certs.length - 1; i++) { certsAndCrls.add(loadCert(certs[i])); } certsAndCrls.add(endCert); for (int i = 0; i != crls.length; i++) { certsAndCrls.add(loadCrl(crls[i])); } CertStore store = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certsAndCrls), "BC"); CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC"); X509CertSelector endSelector = new X509CertSelector(); endSelector.setCertificate(endCert); PKIXBuilderParameters builderParams = new PKIXBuilderParameters(trustedSet, endSelector); if (initialPolicies != null) { builderParams.setInitialPolicies(initialPolicies); builderParams.setExplicitPolicyRequired(true); } if (policyMappingInhibited) { builderParams.setPolicyMappingInhibited(policyMappingInhibited); } if (anyPolicyInhibited) { builderParams.setAnyPolicyInhibited(anyPolicyInhibited); } builderParams.addCertStore(store); try { return (PKIXCertPathBuilderResult)builder.build(builderParams); } catch (CertPathBuilderException e) { throw (Exception)e.getCause(); } } private X509Certificate loadCert( String certName) { X509Certificate cert = (X509Certificate)certs.get(certName); if (cert != null) { return cert; } try { InputStream in = new FileInputStream(getPkitsHome() + "/certs/" + certName + ".crt"); CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC"); cert = (X509Certificate)fact.generateCertificate(in); certs.put(certName, cert); return cert; } catch (Exception e) { throw new IllegalStateException("exception loading certificate " + certName + ": " + e); } } private X509CRL loadCrl( String crlName) throws Exception { X509CRL crl = (X509CRL)certs.get(crlName); if (crl != null) { return crl; } try { InputStream in = new FileInputStream(getPkitsHome() + "/crls/" + crlName + ".crl"); CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC"); crl = (X509CRL)fact.generateCRL(in); crls.put(crlName, crl); return crl; } catch (Exception e) { throw new IllegalStateException("exception loading CRL: " + crlName); } } private TrustAnchor getTrustAnchor(String trustAnchorName) throws Exception { X509Certificate cert = loadCert(trustAnchorName); byte[] extBytes = cert.getExtensionValue(X509Extensions.NameConstraints.getId()); if (extBytes != null) { ASN1Encodable extValue = X509ExtensionUtil.fromExtensionValue(extBytes); return new TrustAnchor(cert, extValue.getDEREncoded()); } return new TrustAnchor(cert, null); } private String getPkitsHome() { String dataHome = System.getProperty(TEST_DATA_HOME); if (dataHome == null) { throw new IllegalStateException(TEST_DATA_HOME + " property not set"); } return dataHome + "/PKITS"; } public static void main (String[] args) throws Exception { junit.textui.TestRunner.run(suite()); } public static Test suite() throws Exception { TestSuite suite = new TestSuite("NIST CertPath Tests"); suite.addTestSuite(NistCertPathTest.class); return suite; }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -