Add X509CRLTest in libcore tests

Change-Id: I551d6ea887e06481a3eaefec980a728a8c4191f7

30 files changed, 43 insertions, 7 deletions

diff --git a/support/src/test/java/tests/resources/x509/cert-alt-dirname.der b/support/src/test/java/tests/resources/x509/cert-alt-dirname.der
index ae2d2a8..69e4033 100644
--- a/support/src/test/java/tests/resources/x509/cert-alt-dirname.der
+++ b/support/src/test/java/tests/resources/x509/cert-alt-dirname.der
diff --git a/support/src/test/java/tests/resources/x509/cert-alt-dns.der b/support/src/test/java/tests/resources/x509/cert-alt-dns.der
index 008ef31..d9b1e87 100644
--- a/support/src/test/java/tests/resources/x509/cert-alt-dns.der
+++ b/support/src/test/java/tests/resources/x509/cert-alt-dns.der
diff --git a/support/src/test/java/tests/resources/x509/cert-alt-email.der b/support/src/test/java/tests/resources/x509/cert-alt-email.der
index 4b0189b..f10bc43 100644
--- a/support/src/test/java/tests/resources/x509/cert-alt-email.der
+++ b/support/src/test/java/tests/resources/x509/cert-alt-email.der
diff --git a/support/src/test/java/tests/resources/x509/cert-alt-other.der b/support/src/test/java/tests/resources/x509/cert-alt-other.der
index 772d9e9..7a06ff7 100644
--- a/support/src/test/java/tests/resources/x509/cert-alt-other.der
+++ b/support/src/test/java/tests/resources/x509/cert-alt-other.der
diff --git a/support/src/test/java/tests/resources/x509/cert-alt-rid.der b/support/src/test/java/tests/resources/x509/cert-alt-rid.der
index 8a1bf42..242a49d 100644
--- a/support/src/test/java/tests/resources/x509/cert-alt-rid.der
+++ b/support/src/test/java/tests/resources/x509/cert-alt-rid.der
diff --git a/support/src/test/java/tests/resources/x509/cert-alt-uri.der b/support/src/test/java/tests/resources/x509/cert-alt-uri.der
index 262ffa8..5a9b882 100644
--- a/support/src/test/java/tests/resources/x509/cert-alt-uri.der
+++ b/support/src/test/java/tests/resources/x509/cert-alt-uri.der
diff --git a/support/src/test/java/tests/resources/x509/cert-ca.der b/support/src/test/java/tests/resources/x509/cert-ca.der
index 8699071..7c787ea 100644
--- a/support/src/test/java/tests/resources/x509/cert-ca.der
+++ b/support/src/test/java/tests/resources/x509/cert-ca.der
diff --git a/support/src/test/java/tests/resources/x509/cert-caWithPathLen.der b/support/src/test/java/tests/resources/x509/cert-caWithPathLen.der
index ac56314..2886091 100644
--- a/support/src/test/java/tests/resources/x509/cert-caWithPathLen.der
+++ b/support/src/test/java/tests/resources/x509/cert-caWithPathLen.der
diff --git a/support/src/test/java/tests/resources/x509/cert-dsa.der b/support/src/test/java/tests/resources/x509/cert-dsa.der
index 9b5e62a..d17c4ce 100644
--- a/support/src/test/java/tests/resources/x509/cert-dsa.der
+++ b/support/src/test/java/tests/resources/x509/cert-dsa.der
diff --git a/support/src/test/java/tests/resources/x509/cert-ec.der b/support/src/test/java/tests/resources/x509/cert-ec.der
index a683a5e..07bdf7a 100644
--- a/support/src/test/java/tests/resources/x509/cert-ec.der
+++ b/support/src/test/java/tests/resources/x509/cert-ec.der
diff --git a/support/src/test/java/tests/resources/x509/cert-extendedKeyUsage.der b/support/src/test/java/tests/resources/x509/cert-extendedKeyUsage.der
index be2d20c..ac36013 100644
--- a/support/src/test/java/tests/resources/x509/cert-extendedKeyUsage.der
+++ b/support/src/test/java/tests/resources/x509/cert-extendedKeyUsage.der
diff --git a/support/src/test/java/tests/resources/x509/cert-ipv6.der b/support/src/test/java/tests/resources/x509/cert-ipv6.der
index 4ee144a..11b440e 100644
--- a/support/src/test/java/tests/resources/x509/cert-ipv6.der
+++ b/support/src/test/java/tests/resources/x509/cert-ipv6.der
diff --git a/support/src/test/java/tests/resources/x509/cert-keyUsage-extraLong.der b/support/src/test/java/tests/resources/x509/cert-keyUsage-extraLong.der
index 464799d..cf5e0f1 100644
--- a/support/src/test/java/tests/resources/x509/cert-keyUsage-extraLong.der
+++ b/support/src/test/java/tests/resources/x509/cert-keyUsage-extraLong.der
diff --git a/support/src/test/java/tests/resources/x509/cert-rsa-dates.txt b/support/src/test/java/tests/resources/x509/cert-rsa-dates.txt
index 2bb7733..d661409 100644
--- a/support/src/test/java/tests/resources/x509/cert-rsa-dates.txt
+++ b/support/src/test/java/tests/resources/x509/cert-rsa-dates.txt
@@ -1,2 +1,2 @@
-notBefore=Dec 31 01:16:36 2012 GMT
-notAfter=Dec 29 01:16:36 2022 GMT
+notBefore=Jan  2 00:03:12 2013 GMT
+notAfter=Dec 31 00:03:12 2022 GMT
diff --git a/support/src/test/java/tests/resources/x509/cert-rsa-pubkey.der b/support/src/test/java/tests/resources/x509/cert-rsa-pubkey.der
index dec442f..ab9f3db 100644
--- a/support/src/test/java/tests/resources/x509/cert-rsa-pubkey.der
+++ b/support/src/test/java/tests/resources/x509/cert-rsa-pubkey.der
diff --git a/support/src/test/java/tests/resources/x509/cert-rsa-serial.txt b/support/src/test/java/tests/resources/x509/cert-rsa-serial.txt
index c6f9585..ec3cebd 100644
--- a/support/src/test/java/tests/resources/x509/cert-rsa-serial.txt
+++ b/support/src/test/java/tests/resources/x509/cert-rsa-serial.txt
@@ -1 +1 @@
-serial=925D02E030B81D33
+serial=B96143E1D6F31E6F
diff --git a/support/src/test/java/tests/resources/x509/cert-rsa-sig.der b/support/src/test/java/tests/resources/x509/cert-rsa-sig.der
index 2b80ab0..62979ee 100644
--- a/support/src/test/java/tests/resources/x509/cert-rsa-sig.der
+++ b/support/src/test/java/tests/resources/x509/cert-rsa-sig.der
@@ -1,2 +1 @@
-f�D�\/�o�����'r9�#�m������
�[0n�2���'9�� �=^k����S5K���	V�IL�e6�$�:k�O�����H�yd:�S=���tMTl�ZK�̉�F�(��
Q����<����`
-f�)
\ No newline at end of file
+�ѴůK��ȁ��Ϗ����(����"��,/��I�L.�1��	����,�xһT�K$}��x�y����i��i��.O�O���M.m>�˻VbJQ�?ԥ��@���(>��_x�GM�����z%
\ No newline at end of file
diff --git a/support/src/test/java/tests/resources/x509/cert-rsa-tbs.der b/support/src/test/java/tests/resources/x509/cert-rsa-tbs.der
index 6982699..5ec2858 100644
--- a/support/src/test/java/tests/resources/x509/cert-rsa-tbs.der
+++ b/support/src/test/java/tests/resources/x509/cert-rsa-tbs.der
diff --git a/support/src/test/java/tests/resources/x509/cert-rsa.der b/support/src/test/java/tests/resources/x509/cert-rsa.der
index 5816ec3..23d7cc8 100644
--- a/support/src/test/java/tests/resources/x509/cert-rsa.der
+++ b/support/src/test/java/tests/resources/x509/cert-rsa.der
diff --git a/support/src/test/java/tests/resources/x509/cert-unsupported.der b/support/src/test/java/tests/resources/x509/cert-unsupported.der
index 525d782..0239b68 100644
--- a/support/src/test/java/tests/resources/x509/cert-unsupported.der
+++ b/support/src/test/java/tests/resources/x509/cert-unsupported.der
diff --git a/support/src/test/java/tests/resources/x509/cert-userWithPathLen.der b/support/src/test/java/tests/resources/x509/cert-userWithPathLen.der
index da64c51..c29c933 100644
--- a/support/src/test/java/tests/resources/x509/cert-userWithPathLen.der
+++ b/support/src/test/java/tests/resources/x509/cert-userWithPathLen.der
diff --git a/support/src/test/java/tests/resources/x509/create.sh b/support/src/test/java/tests/resources/x509/create.sh
index 5e78620..d73fcf6 100755
--- a/support/src/test/java/tests/resources/x509/create.sh
+++ b/support/src/test/java/tests/resources/x509/create.sh
@@ -67,6 +67,38 @@ openssl ecparam -name sect283k1 -out ecparam.pem
 openssl req -config ${DIR}/default.cnf -newkey ec:ecparam.pem -keyout ecpriv.pem -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions keyUsage_critical_cert -req -signkey ecpriv.pem -outform d > cert-ec.der
 rm -f ecparam.pem
 
+# Create temporary CA for CRL generation
+rm -rf /tmp/ca
+mkdir -p /tmp/ca
+touch /tmp/ca/index.txt
+touch /tmp/ca/index.txt.attr
+echo "01" > /tmp/ca/serial
+openssl req -new -nodes -batch -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 -config default.cnf
+
+openssl x509 -inform d -in cert-rsa.der -out cert-rsa.pem
+openssl ca -revoke cert-rsa.pem -keyfile cakey.pem -cert cacert.pem -config default.cnf
+openssl ca -gencrl -crlhours 70 -keyfile cakey.pem -cert cacert.pem -out crl-rsa.pem -config default.cnf
+openssl crl -in crl-rsa.pem -outform d -out crl-rsa.der
+
+openssl asn1parse -in crl-rsa.der -inform d -out crl-rsa-tbs.der -noout -strparse 4
+SIG_OFFSET=$(openssl asn1parse -in crl-rsa.der -inform d | tail -1 | cut -f1 -d:)
+openssl asn1parse -in crl-rsa.der -inform d -strparse ${SIG_OFFSET} -noout -out crl-rsa-sig.der
+
+openssl x509 -inform d -in cert-dsa.der -out cert-dsa.pem
+openssl ca -revoke cert-dsa.pem -keyfile cakey.pem -cert cacert.pem -crl_reason cessationOfOperation -extensions unsupported_cert -config default.cnf
+openssl ca -gencrl -crldays 30 -keyfile cakey.pem -cert cacert.pem -out crl-rsa-dsa.pem -config default.cnf
+openssl crl -in crl-rsa-dsa.pem -outform d -out crl-rsa-dsa.der
+
+# Unsupported extensions
+openssl ca -gencrl -crlexts unsupported_cert -keyfile cakey.pem -cert cacert.pem -out crl-unsupported.pem -config default.cnf
+openssl crl -in crl-unsupported.pem -outform d -out crl-unsupported.der
+
+openssl crl -inform d -in crl-rsa.der -noout -lastupdate -nextupdate > crl-rsa-dates.txt
+openssl crl -inform d -in crl-rsa-dsa.der -noout -lastupdate -nextupdate > crl-rsa-dsa-dates.txt
+
+rm -f cert-rsa.pem cert-dsa.pem cacert.pem cakey.pem crl-rsa.pem crl-rsa-dsa.pem crl-unsupported.pem
+rm -rf /tmp/ca
+
 rm -f privkey.pem
 rm -f dsapriv.pem
 rm -f ecpriv.pem
diff --git a/support/src/test/java/tests/resources/x509/crl-rsa-dates.txt b/support/src/test/java/tests/resources/x509/crl-rsa-dates.txt
new file mode 100644
index 0000000..50e48f2
--- /dev/null
+++ b/support/src/test/java/tests/resources/x509/crl-rsa-dates.txt
@@ -0,0 +1,2 @@
+lastUpdate=Jan  2 00:03:13 2013 GMT
+nextUpdate=Jan  4 22:03:13 2013 GMT
diff --git a/support/src/test/java/tests/resources/x509/crl-rsa-dsa-dates.txt b/support/src/test/java/tests/resources/x509/crl-rsa-dsa-dates.txt
new file mode 100644
index 0000000..9976096
--- /dev/null
+++ b/support/src/test/java/tests/resources/x509/crl-rsa-dsa-dates.txt
@@ -0,0 +1,2 @@
+lastUpdate=Jan  2 00:03:13 2013 GMT
+nextUpdate=Feb  1 00:03:13 2013 GMT
diff --git a/support/src/test/java/tests/resources/x509/crl-rsa-dsa.der b/support/src/test/java/tests/resources/x509/crl-rsa-dsa.der
new file mode 100644
index 0000000..9282b30
--- /dev/null
+++ b/support/src/test/java/tests/resources/x509/crl-rsa-dsa.der
diff --git a/support/src/test/java/tests/resources/x509/crl-rsa-sig.der b/support/src/test/java/tests/resources/x509/crl-rsa-sig.der
new file mode 100644
index 0000000..f6ebf4f
--- /dev/null
+++ b/support/src/test/java/tests/resources/x509/crl-rsa-sig.der
@@ -0,0 +1 @@
+:₀�f֢:�F���Gd��f!���591�|�q������rIY�1�h-��$<���!�a,�˫�y=��q�M�)�%:8��-����Y���v�w�ڊ�K�{c��p�_"*��6�u"`
\ No newline at end of file
diff --git a/support/src/test/java/tests/resources/x509/crl-rsa-tbs.der b/support/src/test/java/tests/resources/x509/crl-rsa-tbs.der
new file mode 100644
index 0000000..679427d
--- /dev/null
+++ b/support/src/test/java/tests/resources/x509/crl-rsa-tbs.der
diff --git a/support/src/test/java/tests/resources/x509/crl-rsa.der b/support/src/test/java/tests/resources/x509/crl-rsa.der
new file mode 100644
index 0000000..994f1a8
--- /dev/null
+++ b/support/src/test/java/tests/resources/x509/crl-rsa.der
diff --git a/support/src/test/java/tests/resources/x509/crl-unsupported.der b/support/src/test/java/tests/resources/x509/crl-unsupported.der
new file mode 100644
index 0000000..15eef95
--- /dev/null
+++ b/support/src/test/java/tests/resources/x509/crl-unsupported.der
diff --git a/support/src/test/java/tests/resources/x509/default.cnf b/support/src/test/java/tests/resources/x509/default.cnf
index d4b4c80..d7c53c5 100644
--- a/support/src/test/java/tests/resources/x509/default.cnf
+++ b/support/src/test/java/tests/resources/x509/default.cnf
@@ -82,7 +82,7 @@ default_ca    = CA_default        # The default ca section
 ####################################################################
 [ CA_default ]
 
-dir        = /root/certificates        # Where everything is kept
+dir        = /tmp/ca        # Where everything is kept
 certs        = $dir/certs        # Where the issued certs are kept
 crl_dir        = $dir/crl        # Where the issued crl are kept
 database    = $dir/index.txt    # database index file.
@@ -110,7 +110,7 @@ cert_opt     = ca_default        # Certificate field options
 
 default_days    = 365            # how long to certify for
 default_crl_days= 30            # how long before next CRL
-default_md    = md5            # which md to use.
+default_md    = sha1            # which md to use.
 preserve    = no            # keep passed DN ordering
 
 policy        = policy_anything