1
2 package jsdsi;
3
4 import java.io.File;
5 import java.io.FilenameFilter;
6 import java.io.IOException;
7 import java.security.cert.CertPathBuilderException;
8 import java.security.cert.CertPathValidatorException;
9 import java.util.Iterator;
10 import java.util.Set;
11
12 import jsdsi.AuthCert;
13 import jsdsi.Cert;
14 import jsdsi.IssuerCertPathParameters;
15 import jsdsi.Name;
16 import jsdsi.NameCert;
17 import jsdsi.PublicKey;
18 import jsdsi.SubjectCertPathParameters;
19 import jsdsi.Tag;
20 import jsdsi.certstore.InMemoryCertificateDAO;
21 import jsdsi.util.Loader;
22 import junit.framework.Test;
23 import junit.framework.TestCase;
24 import junit.framework.TestSuite;
25
26 /***
27 Tests the cert path builder and validator. For each pair of files
28 called "certs.inX" and "certs.outX" (for any string X, including the
29 empty string) in the local directory, this test runs the following
30 suite:
31
32 <p>First, this test loads the certificates in certs.inX into a
33 CertStore using a Loader. Then, for each local name N and each key K
34 defined in certs.inX, this test attempts to build a cert path that
35 proves (N -> K) using FProver (i.e. IssuerCertPathParameters). If
36 such a path exists, it must appear in certs.outX; if a path does not
37 exist, it must not appear in certs.outX.
38
39 <p>Then, for each pair of keys K and K' and each tag T in certs.inX,
40 this test attempts to build a cert path using FProver that proves (K
41 !T -> K') and (K +T -> K') (i.e., K grants the authorization T to K',
42 with and without permission to propagate it). As above, certs.outX
43 must contain (or not contain) the resulting path.
44
45 <p>Then, the above two suites are repeated using RProver
46 (SubjectCertPathParameters).
47
48 @see jsdsi.util.Loader
49
50 @author Sameer Ajmani
51 **/
52 public class CertPathTest extends TestCase
53 {
54 java.security.cert.CertPathBuilder builder;
55 java.security.cert.CertPathValidator validator;
56 jsdsi.CertPathParameters params;
57
58 public CertPathTest(String name,
59 java.security.cert.CertPathBuilder b,
60 java.security.cert.CertPathValidator v,
61 jsdsi.CertPathParameters p)
62 {
63 super(name);
64 assert (b!=null) ;
65 assert (p!=null) ;
66 builder = b;
67 params = p;
68 validator = v; // null => expect builder to fail
69 }
70
71 public void testCycle()
72 throws java.security.InvalidAlgorithmParameterException
73 {
74 jsdsi.CertPathBuilderResult bres = null;
75 try {
76 bres = (jsdsi.CertPathBuilderResult)builder.build(params);
77 // Report how many certs were fetched to make this proof:
78 // System.out.print
79 // (((params instanceof IssuerCertPathParameters)
80 // ? "fw" : "rv") + bres.getStats().getNumFetched());
81 if (validator == null) {
82 // we expected to fail
83 fail("Unexpected cert path found for : "
84 +params.getCert()+"\nPath:\n"+bres.getCertPath());
85 }
86 jsdsi.CertPathValidatorResult vres =
87 (jsdsi.CertPathValidatorResult)
88 validator.validate(bres.getCertPath(), params);
89 // because of the duff/dummy certificate, vres.isOk() is false but ignore that in this test
90 } catch (CertPathBuilderException e) {
91 if (validator != null) {
92 // we expected to succeed
93 fail("No cert path found for :"+params.getCert());
94 }
95 } catch (CertPathValidatorException e) {
96 fail("Cert path validation failed: "+bres.getCertPath());
97 }
98 }
99
100 public static void main(String[] args)
101 {
102 Test t = suite();
103 assert (t != null);
104 }
105
106 public static Test suite()
107 {
108 try {
109 jsdsi.Provider.install();
110 TestSuite s = new NamedTestSuite("CertPathTest");
111 java.security.cert.CertPathBuilder builder =
112 java.security.cert.CertPathBuilder.getInstance("SPKI");
113 java.security.cert.CertPathValidator validator =
114 java.security.cert.CertPathValidator.getInstance("SPKI");
115 File cwd = new File("src/test/jsdsi");
116 System.out.println(cwd.getAbsolutePath());
117 String[] in = cwd.list(new FilenameFilter() {
118 public boolean accept(File dir, String name) {
119 return name.startsWith("certs.in")
120 && !name.endsWith("~");
121 }
122 });
123 for (int i = 0; i < in.length; i++) {
124 String out = "certs.out"
125 + in[i].substring("certs.in".length());
126 Loader inLoad = new Loader(cwd+File.separator+in[i],
127 new InMemoryCertificateDAO());
128 Loader outLoad = new Loader(cwd+File.separator+out,
129 new InMemoryCertificateDAO());
130 s.addTest(suite(builder, validator, inLoad, outLoad, true));
131 s.addTest(suite(builder, validator, inLoad, outLoad, false));
132 }
133 return s;
134 } catch (java.security.NoSuchAlgorithmException e) {
135 throw new Error(e);
136 } catch (IOException e) {
137 throw new Error(e);
138 }
139 }
140
141 private static Test suite(java.security.cert.CertPathBuilder builder,
142 java.security.cert.CertPathValidator validator,
143 Loader in, Loader out, boolean forward)
144 {
145 TestSuite s = new TestSuite();
146 // try to find proofs from name to each key
147 Iterator ni = in.getNames().iterator();
148 while (ni.hasNext()) {
149 Name n = (Name)ni.next();
150 Iterator ki = in.getKeys().iterator();
151 while (ki.hasNext()) {
152 PublicKey k = (PublicKey)ki.next();
153 NameCert c = new NameCert
154 (n.getIssuer(), k, null, null, null, n.getNames()[0]);
155 addCertPathTest(builder, validator, in, out, forward, c, s);
156 }
157 }
158
159 // try to find proofs with each tag, with and without propagate
160 Iterator ii = in.getKeys().iterator();
161 while (ii.hasNext()) {
162 PublicKey issuer = (PublicKey)ii.next();
163 Iterator ki = in.getKeys().iterator();
164 while (ki.hasNext()) {
165 PublicKey k = (PublicKey)ki.next();
166 Iterator ti = in.getTags().iterator();
167 while (ti.hasNext()) {
168 Tag t = (Tag)ti.next();
169 AuthCert c1 = new AuthCert // w/ propagate
170 (issuer, k, null, null, null, t, true);
171 AuthCert c2 = new AuthCert // w/o propagate
172 (issuer, k, null, null, null, t, false);
173 addCertPathTest(builder, validator,
174 in, out, forward, c1, s);
175 addCertPathTest(builder, validator,
176 in, out, forward, c2, s);
177 }
178 }
179 }
180 return s;
181 }
182
183 private static boolean containsStrongerCert(Set certs, Cert c)
184 {
185 Iterator i = certs.iterator();
186 while (i.hasNext()) {
187 Cert cert = (Cert) i.next();
188 if (cert.implies(c)) {
189 return true;
190 }
191 }
192 return false;
193 }
194
195 private static void addCertPathTest
196 (java.security.cert.CertPathBuilder builder,
197 java.security.cert.CertPathValidator validator,
198 Loader in, Loader out, boolean forward, Cert c, TestSuite s)
199 {
200 java.security.cert.CertPathValidator val =
201 containsStrongerCert(out.getCerts(), c) ? validator : null;
202 jsdsi.CertPathParameters params;
203 try {
204 if (forward) {
205 params = new IssuerCertPathParameters(c, in.getCertStore());
206 } else {
207 params = new SubjectCertPathParameters(c, in.getCertStore());
208 }
209 } catch (java.security.InvalidAlgorithmParameterException e) {
210 throw new Error(e);
211 }
212 s.addTest(new CertPathTest("testCycle", builder, val, params));
213 }
214 }
This page was automatically generated by Maven