1 /* BaseValidTest.java -- superclass of "valid" tests. |
|
2 Copyright (C) 2003 Free Software Foundation, Inc. |
|
3 |
|
4 Distributed under the GPL; see the file `COPYING' */ |
|
5 |
|
6 // Tags: not-a-test |
|
7 // Uses: PKITS |
|
8 // Files: data/certs/TrustAnchorRootCertificate.crt data/crls/TrustAnchorRootCRL.crl |
|
9 |
|
10 package gnu.testlet.java.security.cert.pkix.pkits; |
|
11 |
|
12 import java.security.cert.*; |
|
13 import java.util.*; |
|
14 |
|
15 import gnu.testlet.TestHarness; |
|
16 import gnu.testlet.Testlet; |
|
17 |
|
18 public abstract class BaseValidTest extends PKITS implements Testlet |
|
19 { |
|
20 |
|
21 // Fields. |
|
22 // ------------------------------------------------------------------------- |
|
23 |
|
24 public static final String PROVIDER = System.getProperty("pkits.provider", "GNU"); |
|
25 public static final String TRUST_ANCHOR_CERT = "data/certs/TrustAnchorRootCertificate.crt"; |
|
26 public static final String TRUST_ANCHOR_CRL = "data/crls/TrustAnchorRootCRL.crl"; |
|
27 |
|
28 protected String[] certPath; |
|
29 protected String[] crls; |
|
30 protected String[] certs; |
|
31 |
|
32 // Constructors. |
|
33 // ------------------------------------------------------------------------- |
|
34 |
|
35 protected BaseValidTest(String[] certPath, String[] crls, String[] certs) |
|
36 { |
|
37 if (certPath == null || crls == null || certs == null) |
|
38 throw new NullPointerException(); |
|
39 this.certPath = certPath; |
|
40 this.crls = crls; |
|
41 this.certs = certs; |
|
42 } |
|
43 |
|
44 protected BaseValidTest(String[] certPath, String[] crls) |
|
45 { |
|
46 this(certPath, crls, new String[0]); |
|
47 } |
|
48 |
|
49 // Instance method. |
|
50 // ------------------------------------------------------------------------- |
|
51 |
|
52 public void test(TestHarness harness) |
|
53 { |
|
54 String testName = getClass().getName(); |
|
55 if (testName.lastIndexOf ('.') > 0) |
|
56 testName = testName.substring (testName.lastIndexOf ('.') + 1); |
|
57 harness.checkPoint(testName); |
|
58 try |
|
59 { |
|
60 CertificateFactory factory = CertificateFactory.getInstance("X.509", PROVIDER); |
|
61 TrustAnchor anchor = new TrustAnchor((X509Certificate) factory.generateCertificate(getClass().getResourceAsStream(TRUST_ANCHOR_CERT)), null); |
|
62 List pathList = new ArrayList(certPath.length); |
|
63 for (int i = 0; i < certPath.length; i++) |
|
64 { |
|
65 pathList.add(factory.generateCertificate(getClass().getResourceAsStream(certPath[i]))); |
|
66 } |
|
67 List crlsAndCerts = new ArrayList(crls.length + certs.length + 1); |
|
68 crlsAndCerts.add(factory.generateCRL(getClass().getResourceAsStream(TRUST_ANCHOR_CRL))); |
|
69 for (int i = 0; i < crls.length; i++) |
|
70 { |
|
71 crlsAndCerts.add(factory.generateCRL(getClass().getResourceAsStream(crls[i]))); |
|
72 } |
|
73 for (int i = 0; i < certs.length; i++) |
|
74 { |
|
75 crlsAndCerts.add(factory.generateCertificate(getClass().getResourceAsStream(certs[i]))); |
|
76 } |
|
77 CertPath path = factory.generateCertPath(pathList); |
|
78 CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(crlsAndCerts), PROVIDER); |
|
79 PKIXParameters params = new PKIXParameters(Collections.singleton(anchor)); |
|
80 params.addCertStore(certStore); |
|
81 params.setExplicitPolicyRequired(false); |
|
82 params.setInitialPolicies(Collections.singleton(PKITS.ANY_POLICY)); |
|
83 params.setPolicyMappingInhibited(false); |
|
84 params.setAnyPolicyInhibited(false); |
|
85 setupAdditionalParams(params); |
|
86 CertPathValidator validator = CertPathValidator.getInstance("PKIX", PROVIDER); |
|
87 CertPathValidatorResult result = validator.validate(path, params); |
|
88 verify (harness, result); |
|
89 } |
|
90 catch (Exception x) |
|
91 { |
|
92 harness.debug(x); |
|
93 harness.fail(x.toString()); |
|
94 } |
|
95 } |
|
96 |
|
97 /** |
|
98 * Subclasses should override this method to add any additional parameters |
|
99 * before the path verification is run. |
|
100 * |
|
101 * @param params The parameters. |
|
102 */ |
|
103 protected void setupAdditionalParams (PKIXParameters params) |
|
104 { |
|
105 } |
|
106 |
|
107 /** |
|
108 * Subclasses should override this method to perform any final verification |
|
109 * on the certification path validation result. The default implementation |
|
110 * simply prints the policy tree (if we are configured to be verbose) and |
|
111 * passes the test. |
|
112 * |
|
113 * @param harness The test harness. |
|
114 * @param result The validation result. This will almost always be an |
|
115 * instance of {@link PKIXCertPathValidatorResult}. |
|
116 * @throws Exception If verification fails unexpectedly. |
|
117 */ |
|
118 protected void verify (TestHarness harness, |
|
119 CertPathValidatorResult result) |
|
120 throws Exception |
|
121 { |
|
122 harness.verbose(((PKIXCertPathValidatorResult) result).getPolicyTree().toString()); |
|
123 harness.check(true); |
|
124 } |
|
125 } |
|