diff options
author | Geremy Condra <gcondra@google.com> | 2012-07-27 12:30:47 -0700 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2012-07-27 12:30:47 -0700 |
commit | c0255fe07346cf12e28c962e8c8ff1f7d3546561 (patch) | |
tree | 354e482f85ebfd73322e3f345018a8f475730d41 | |
parent | c4bfd09c1477dd1a8adbb4ad15d668c324a3e303 (diff) | |
parent | 0dc81a43663d3e66da8750b69ff2aa78eec461f9 (diff) | |
download | libcore-c0255fe07346cf12e28c962e8c8ff1f7d3546561.zip libcore-c0255fe07346cf12e28c962e8c8ff1f7d3546561.tar.gz libcore-c0255fe07346cf12e28c962e8c8ff1f7d3546561.tar.bz2 |
Merge "Add test for isPubkeyBlacklisted"
-rw-r--r-- | luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java | 72 |
1 files changed, 71 insertions, 1 deletions
diff --git a/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java b/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java index bd12aea..b374f56 100644 --- a/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java +++ b/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java @@ -16,15 +16,24 @@ package com.android.org.bouncycastle.jce.provider; +import java.io.ByteArrayInputStream; import java.io.File; import java.io.FileOutputStream; import java.io.FileNotFoundException; +import java.io.InputStream; import java.io.IOException; import java.math.BigInteger; +import java.security.cert.CertificateFactory; +import java.security.cert.Certificate; +import java.security.MessageDigest; +import java.security.PrivateKey; +import java.security.PublicKey; import java.util.HashSet; import java.util.Set; import junit.framework.TestCase; import com.android.org.bouncycastle.jce.provider.CertBlacklist; +import com.android.org.bouncycastle.crypto.Digest; +import com.android.org.bouncycastle.util.encoders.Base64; import com.android.org.bouncycastle.util.encoders.Hex; public class CertBlacklistTest extends TestCase { @@ -34,6 +43,25 @@ public class CertBlacklistTest extends TestCase { private Set<String> DEFAULT_PUBKEYS; private Set<String> DEFAULT_SERIALS; + public static final String TEST_CERT = "" + + "MIIDsjCCAxugAwIBAgIJAPLf2gS0zYGUMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYDVQQGEwJVUzET" + + "MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEPMA0GA1UEChMGR29v" + + "Z2xlMRAwDgYDVQQLEwd0ZXN0aW5nMRYwFAYDVQQDEw1HZXJlbXkgQ29uZHJhMSEwHwYJKoZIhvcN" + + "AQkBFhJnY29uZHJhQGdvb2dsZS5jb20wHhcNMTIwNzE0MTc1MjIxWhcNMTIwODEzMTc1MjIxWjCB" + + "mDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZp" + + "ZXcxDzANBgNVBAoTBkdvb2dsZTEQMA4GA1UECxMHdGVzdGluZzEWMBQGA1UEAxMNR2VyZW15IENv" + + "bmRyYTEhMB8GCSqGSIb3DQEJARYSZ2NvbmRyYUBnb29nbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUA" + + "A4GNADCBiQKBgQCjGGHATBYlmas+0sEECkno8LZ1KPglb/mfe6VpCT3GhSr+7br7NG/ZwGZnEhLq" + + "E7YIH4fxltHmQC3Tz+jM1YN+kMaQgRRjo/LBCJdOKaMwUbkVynAH6OYsKevjrOPk8lfM5SFQzJMG" + + "sA9+Tfopr5xg0BwZ1vA/+E3mE7Tr3M2UvwIDAQABo4IBADCB/TAdBgNVHQ4EFgQUhzkS9E6G+x8W" + + "L4EsmRjDxu28tHUwgc0GA1UdIwSBxTCBwoAUhzkS9E6G+x8WL4EsmRjDxu28tHWhgZ6kgZswgZgx" + + "CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3" + + "MQ8wDQYDVQQKEwZHb29nbGUxEDAOBgNVBAsTB3Rlc3RpbmcxFjAUBgNVBAMTDUdlcmVteSBDb25k" + + "cmExITAfBgkqhkiG9w0BCQEWEmdjb25kcmFAZ29vZ2xlLmNvbYIJAPLf2gS0zYGUMAwGA1UdEwQF" + + "MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAYiugFDmbDOQ2U/+mqNt7o8ftlEo9SJrns6O8uTtK6AvR" + + "orDrR1AXTXkuxwLSbmVfedMGOZy7Awh7iZa8hw5x9XmUudfNxvmrKVEwGQY2DZ9PXbrnta/dwbhK" + + "mWfoepESVbo7CKIhJp8gRW0h1Z55ETXD57aGJRvQS4pxkP8ANhM="; + public CertBlacklistTest() throws IOException { tmpFile = File.createTempFile("test", ""); DEFAULT_PUBKEYS = getDefaultPubkeys(); @@ -82,6 +110,13 @@ public class CertBlacklistTest extends TestCase { return results; } + private String getHash(PublicKey publicKey) throws Exception { + byte[] encoded = publicKey.getEncoded(); + MessageDigest digest = MessageDigest.getInstance("SHA1"); + byte[] hexlifiedHash = Hex.encode(digest.digest(encoded)); + return new String(hexlifiedHash); + } + private Set<String> getDefaultPubkeys() throws IOException { return getPubkeyBlacklist(""); } @@ -116,7 +151,14 @@ public class CertBlacklistTest extends TestCase { blacklistToFile(result.toString()); } - public void testPubkeyBlacklistLegit() throws IOException { + private PublicKey createPublicKey(String cert) throws Exception { + byte[] derCert = Base64.decode(cert.getBytes()); + InputStream istream = new ByteArrayInputStream(derCert); + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + return cf.generateCertificate(istream).getPublicKey(); + } + + public void testPubkeyBlacklistLegit() throws Exception { // build the blacklist HashSet<String> bl = new HashSet<String>(); bl.add("6ccabd7db47e94a5759901b6a7dfd45d1c091ccc"); @@ -128,6 +170,34 @@ public class CertBlacklistTest extends TestCase { assertEquals(bl, getCurrentPubkeyBlacklist()); } + public void testLegitPubkeyIsntBlacklisted() throws Exception { + // build the public key + PublicKey pk = createPublicKey(TEST_CERT); + // write that to the test blacklist + writeBlacklist(new HashSet<String>()); + // set our blacklist path + CertBlacklist bl = new CertBlacklist(tmpFile.getCanonicalPath(), + CertBlacklist.DEFAULT_SERIAL_BLACKLIST_PATH); + // check to make sure it isn't blacklisted + assertEquals(bl.isPublicKeyBlackListed(pk), false); + } + + public void testPubkeyIsBlacklisted() throws Exception { + // build the public key + PublicKey pk = createPublicKey(TEST_CERT); + // get its hash + String hash = getHash(pk); + // write that to the test blacklist + HashSet<String> testBlackList = new HashSet<String>(); + testBlackList.add(hash); + writeBlacklist(testBlackList); + // set our blacklist path + CertBlacklist bl = new CertBlacklist(tmpFile.getCanonicalPath(), + CertBlacklist.DEFAULT_SERIAL_BLACKLIST_PATH); + // check to make sure it isn't blacklited + assertTrue(bl.isPublicKeyBlackListed(pk)); + } + public void testSerialBlacklistLegit() throws IOException { // build the blacklist HashSet<String> bl = new HashSet<String>(); |