From d1725822187cb9bbe4d93fe39135b17ecb3130ee Mon Sep 17 00:00:00 2001
From: Geremy Condra <gcondra@google.com>
Date: Thu, 26 Jul 2012 16:35:12 -0700
Subject: Tests for the CertBlacklist.

Change-Id: Id453884228d10374b03f06c5fc795b68811ecc56
---
 .../com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java b/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java
index 85e360e..bd12aea 100644
--- a/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java
+++ b/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java
@@ -64,7 +64,7 @@ public class CertBlacklistTest extends TestCase {
         // convert the results to a hashset of strings
         Set<String> results = new HashSet<String>();
         for (byte[] value: arr) {
-            results.add(new String(Hex.encode(value)));
+            results.add(new String(value));
         }
         return results;
     }
-- 
cgit v1.1


From 0dc81a43663d3e66da8750b69ff2aa78eec461f9 Mon Sep 17 00:00:00 2001
From: Geremy Condra <gcondra@google.com>
Date: Thu, 26 Jul 2012 19:32:21 -0700
Subject: Add test for isPubkeyBlacklisted

This adds a negative and positive test for pubkey blacklisting.

Change-Id: I20b23e041db624354f4b4eeab83c6fc51e3222b6
---
 .../jce/provider/CertBlacklistTest.java            | 72 +++++++++++++++++++++-
 1 file changed, 71 insertions(+), 1 deletion(-)

diff --git a/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java b/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java
index bd12aea..b374f56 100644
--- a/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java
+++ b/luni/src/test/java/com/android/org/bouncycastle/jce/provider/CertBlacklistTest.java
@@ -16,15 +16,24 @@
 
 package com.android.org.bouncycastle.jce.provider;
 
+import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.FileNotFoundException;
+import java.io.InputStream;
 import java.io.IOException;
 import java.math.BigInteger;
+import java.security.cert.CertificateFactory;
+import java.security.cert.Certificate;
+import java.security.MessageDigest;
+import java.security.PrivateKey;
+import java.security.PublicKey;
 import java.util.HashSet;
 import java.util.Set;
 import junit.framework.TestCase;
 import com.android.org.bouncycastle.jce.provider.CertBlacklist;
+import com.android.org.bouncycastle.crypto.Digest;
+import com.android.org.bouncycastle.util.encoders.Base64;
 import com.android.org.bouncycastle.util.encoders.Hex;
 
 public class CertBlacklistTest extends TestCase {
@@ -34,6 +43,25 @@ public class CertBlacklistTest extends TestCase {
     private Set<String> DEFAULT_PUBKEYS;
     private Set<String> DEFAULT_SERIALS;
 
+    public static final String TEST_CERT = "" +
+                    "MIIDsjCCAxugAwIBAgIJAPLf2gS0zYGUMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYDVQQGEwJVUzET" +
+                    "MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEPMA0GA1UEChMGR29v" +
+                    "Z2xlMRAwDgYDVQQLEwd0ZXN0aW5nMRYwFAYDVQQDEw1HZXJlbXkgQ29uZHJhMSEwHwYJKoZIhvcN" +
+                    "AQkBFhJnY29uZHJhQGdvb2dsZS5jb20wHhcNMTIwNzE0MTc1MjIxWhcNMTIwODEzMTc1MjIxWjCB" +
+                    "mDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZp" +
+                    "ZXcxDzANBgNVBAoTBkdvb2dsZTEQMA4GA1UECxMHdGVzdGluZzEWMBQGA1UEAxMNR2VyZW15IENv" +
+                    "bmRyYTEhMB8GCSqGSIb3DQEJARYSZ2NvbmRyYUBnb29nbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUA" +
+                    "A4GNADCBiQKBgQCjGGHATBYlmas+0sEECkno8LZ1KPglb/mfe6VpCT3GhSr+7br7NG/ZwGZnEhLq" +
+                    "E7YIH4fxltHmQC3Tz+jM1YN+kMaQgRRjo/LBCJdOKaMwUbkVynAH6OYsKevjrOPk8lfM5SFQzJMG" +
+                    "sA9+Tfopr5xg0BwZ1vA/+E3mE7Tr3M2UvwIDAQABo4IBADCB/TAdBgNVHQ4EFgQUhzkS9E6G+x8W" +
+                    "L4EsmRjDxu28tHUwgc0GA1UdIwSBxTCBwoAUhzkS9E6G+x8WL4EsmRjDxu28tHWhgZ6kgZswgZgx" +
+                    "CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3" +
+                    "MQ8wDQYDVQQKEwZHb29nbGUxEDAOBgNVBAsTB3Rlc3RpbmcxFjAUBgNVBAMTDUdlcmVteSBDb25k" +
+                    "cmExITAfBgkqhkiG9w0BCQEWEmdjb25kcmFAZ29vZ2xlLmNvbYIJAPLf2gS0zYGUMAwGA1UdEwQF" +
+                    "MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAYiugFDmbDOQ2U/+mqNt7o8ftlEo9SJrns6O8uTtK6AvR" +
+                    "orDrR1AXTXkuxwLSbmVfedMGOZy7Awh7iZa8hw5x9XmUudfNxvmrKVEwGQY2DZ9PXbrnta/dwbhK" +
+                    "mWfoepESVbo7CKIhJp8gRW0h1Z55ETXD57aGJRvQS4pxkP8ANhM=";
+
     public CertBlacklistTest() throws IOException {
         tmpFile = File.createTempFile("test", "");
         DEFAULT_PUBKEYS = getDefaultPubkeys();
@@ -82,6 +110,13 @@ public class CertBlacklistTest extends TestCase {
         return results;
     }
 
+    private String getHash(PublicKey publicKey) throws Exception {
+        byte[] encoded = publicKey.getEncoded();
+        MessageDigest digest = MessageDigest.getInstance("SHA1");
+        byte[] hexlifiedHash = Hex.encode(digest.digest(encoded));
+        return new String(hexlifiedHash);
+    }
+
     private Set<String> getDefaultPubkeys() throws IOException {
         return getPubkeyBlacklist("");
     }
@@ -116,7 +151,14 @@ public class CertBlacklistTest extends TestCase {
         blacklistToFile(result.toString());
     }
 
-    public void testPubkeyBlacklistLegit() throws IOException {
+    private PublicKey createPublicKey(String cert) throws Exception {
+        byte[] derCert = Base64.decode(cert.getBytes());
+        InputStream istream = new ByteArrayInputStream(derCert);
+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+        return cf.generateCertificate(istream).getPublicKey();
+    }
+
+    public void testPubkeyBlacklistLegit() throws Exception {
         // build the blacklist
         HashSet<String> bl = new HashSet<String>();
         bl.add("6ccabd7db47e94a5759901b6a7dfd45d1c091ccc");
@@ -128,6 +170,34 @@ public class CertBlacklistTest extends TestCase {
         assertEquals(bl, getCurrentPubkeyBlacklist());
     }
 
+    public void testLegitPubkeyIsntBlacklisted() throws Exception {
+        // build the public key
+        PublicKey pk = createPublicKey(TEST_CERT);
+        // write that to the test blacklist
+        writeBlacklist(new HashSet<String>());
+        // set our blacklist path
+        CertBlacklist bl = new CertBlacklist(tmpFile.getCanonicalPath(),
+                                             CertBlacklist.DEFAULT_SERIAL_BLACKLIST_PATH);
+        // check to make sure it isn't blacklisted
+        assertEquals(bl.isPublicKeyBlackListed(pk), false);
+    }
+
+    public void testPubkeyIsBlacklisted() throws Exception {
+        // build the public key
+        PublicKey pk = createPublicKey(TEST_CERT);
+        // get its hash
+        String hash = getHash(pk);
+        // write that to the test blacklist
+        HashSet<String> testBlackList = new HashSet<String>();
+        testBlackList.add(hash);
+        writeBlacklist(testBlackList);
+        // set our blacklist path
+        CertBlacklist bl = new CertBlacklist(tmpFile.getCanonicalPath(),
+                                             CertBlacklist.DEFAULT_SERIAL_BLACKLIST_PATH);
+        // check to make sure it isn't blacklited
+        assertTrue(bl.isPublicKeyBlackListed(pk));
+    }
+
     public void testSerialBlacklistLegit() throws IOException {
         // build the blacklist
         HashSet<String> bl = new HashSet<String>();
-- 
cgit v1.1