1 2 package jsdsi; 3 4 import java.io.File; 5 import java.io.FilenameFilter; 6 import java.io.IOException; 7 import java.security.cert.CertPathBuilderException; 8 import java.security.cert.CertPathValidatorException; 9 import java.util.Iterator; 10 import java.util.Set; 11 12 import jsdsi.AuthCert; 13 import jsdsi.Cert; 14 import jsdsi.IssuerCertPathParameters; 15 import jsdsi.Name; 16 import jsdsi.NameCert; 17 import jsdsi.PublicKey; 18 import jsdsi.SubjectCertPathParameters; 19 import jsdsi.Tag; 20 import jsdsi.certstore.InMemoryCertificateDAO; 21 import jsdsi.util.Loader; 22 import junit.framework.Test; 23 import junit.framework.TestCase; 24 import junit.framework.TestSuite; 25 26 /*** 27 Tests the cert path builder and validator. For each pair of files 28 called "certs.inX" and "certs.outX" (for any string X, including the 29 empty string) in the local directory, this test runs the following 30 suite: 31 32 <p>First, this test loads the certificates in certs.inX into a 33 CertStore using a Loader. Then, for each local name N and each key K 34 defined in certs.inX, this test attempts to build a cert path that 35 proves (N -> K) using FProver (i.e. IssuerCertPathParameters). If 36 such a path exists, it must appear in certs.outX; if a path does not 37 exist, it must not appear in certs.outX. 38 39 <p>Then, for each pair of keys K and K' and each tag T in certs.inX, 40 this test attempts to build a cert path using FProver that proves (K 41 !T -> K') and (K +T -> K') (i.e., K grants the authorization T to K', 42 with and without permission to propagate it). As above, certs.outX 43 must contain (or not contain) the resulting path. 44 45 <p>Then, the above two suites are repeated using RProver 46 (SubjectCertPathParameters). 47 48 @see jsdsi.util.Loader 49 50 @author Sameer Ajmani 51 **/ 52 public class CertPathTest extends TestCase 53 { 54 java.security.cert.CertPathBuilder builder; 55 java.security.cert.CertPathValidator validator; 56 jsdsi.CertPathParameters params; 57 58 public CertPathTest(String name, 59 java.security.cert.CertPathBuilder b, 60 java.security.cert.CertPathValidator v, 61 jsdsi.CertPathParameters p) 62 { 63 super(name); 64 assert (b!=null) ; 65 assert (p!=null) ; 66 builder = b; 67 params = p; 68 validator = v; // null => expect builder to fail 69 } 70 71 public void testCycle() 72 throws java.security.InvalidAlgorithmParameterException 73 { 74 jsdsi.CertPathBuilderResult bres = null; 75 try { 76 bres = (jsdsi.CertPathBuilderResult)builder.build(params); 77 // Report how many certs were fetched to make this proof: 78 // System.out.print 79 // (((params instanceof IssuerCertPathParameters) 80 // ? "fw" : "rv") + bres.getStats().getNumFetched()); 81 if (validator == null) { 82 // we expected to fail 83 fail("Unexpected cert path found for : " 84 +params.getCert()+"\nPath:\n"+bres.getCertPath()); 85 } 86 jsdsi.CertPathValidatorResult vres = 87 (jsdsi.CertPathValidatorResult) 88 validator.validate(bres.getCertPath(), params); 89 // because of the duff/dummy certificate, vres.isOk() is false but ignore that in this test 90 } catch (CertPathBuilderException e) { 91 if (validator != null) { 92 // we expected to succeed 93 fail("No cert path found for :"+params.getCert()); 94 } 95 } catch (CertPathValidatorException e) { 96 fail("Cert path validation failed: "+bres.getCertPath()); 97 } 98 } 99 100 public static void main(String[] args) 101 { 102 Test t = suite(); 103 assert (t != null); 104 } 105 106 public static Test suite() 107 { 108 try { 109 jsdsi.Provider.install(); 110 TestSuite s = new NamedTestSuite("CertPathTest"); 111 java.security.cert.CertPathBuilder builder = 112 java.security.cert.CertPathBuilder.getInstance("SPKI"); 113 java.security.cert.CertPathValidator validator = 114 java.security.cert.CertPathValidator.getInstance("SPKI"); 115 File cwd = new File("src/test/jsdsi"); 116 System.out.println(cwd.getAbsolutePath()); 117 String[] in = cwd.list(new FilenameFilter() { 118 public boolean accept(File dir, String name) { 119 return name.startsWith("certs.in") 120 && !name.endsWith("~"); 121 } 122 }); 123 for (int i = 0; i < in.length; i++) { 124 String out = "certs.out" 125 + in[i].substring("certs.in".length()); 126 Loader inLoad = new Loader(cwd+File.separator+in[i], 127 new InMemoryCertificateDAO()); 128 Loader outLoad = new Loader(cwd+File.separator+out, 129 new InMemoryCertificateDAO()); 130 s.addTest(suite(builder, validator, inLoad, outLoad, true)); 131 s.addTest(suite(builder, validator, inLoad, outLoad, false)); 132 } 133 return s; 134 } catch (java.security.NoSuchAlgorithmException e) { 135 throw new Error(e); 136 } catch (IOException e) { 137 throw new Error(e); 138 } 139 } 140 141 private static Test suite(java.security.cert.CertPathBuilder builder, 142 java.security.cert.CertPathValidator validator, 143 Loader in, Loader out, boolean forward) 144 { 145 TestSuite s = new TestSuite(); 146 // try to find proofs from name to each key 147 Iterator ni = in.getNames().iterator(); 148 while (ni.hasNext()) { 149 Name n = (Name)ni.next(); 150 Iterator ki = in.getKeys().iterator(); 151 while (ki.hasNext()) { 152 PublicKey k = (PublicKey)ki.next(); 153 NameCert c = new NameCert 154 (n.getIssuer(), k, null, null, null, n.getNames()[0]); 155 addCertPathTest(builder, validator, in, out, forward, c, s); 156 } 157 } 158 159 // try to find proofs with each tag, with and without propagate 160 Iterator ii = in.getKeys().iterator(); 161 while (ii.hasNext()) { 162 PublicKey issuer = (PublicKey)ii.next(); 163 Iterator ki = in.getKeys().iterator(); 164 while (ki.hasNext()) { 165 PublicKey k = (PublicKey)ki.next(); 166 Iterator ti = in.getTags().iterator(); 167 while (ti.hasNext()) { 168 Tag t = (Tag)ti.next(); 169 AuthCert c1 = new AuthCert // w/ propagate 170 (issuer, k, null, null, null, t, true); 171 AuthCert c2 = new AuthCert // w/o propagate 172 (issuer, k, null, null, null, t, false); 173 addCertPathTest(builder, validator, 174 in, out, forward, c1, s); 175 addCertPathTest(builder, validator, 176 in, out, forward, c2, s); 177 } 178 } 179 } 180 return s; 181 } 182 183 private static boolean containsStrongerCert(Set certs, Cert c) 184 { 185 Iterator i = certs.iterator(); 186 while (i.hasNext()) { 187 Cert cert = (Cert) i.next(); 188 if (cert.implies(c)) { 189 return true; 190 } 191 } 192 return false; 193 } 194 195 private static void addCertPathTest 196 (java.security.cert.CertPathBuilder builder, 197 java.security.cert.CertPathValidator validator, 198 Loader in, Loader out, boolean forward, Cert c, TestSuite s) 199 { 200 java.security.cert.CertPathValidator val = 201 containsStrongerCert(out.getCerts(), c) ? validator : null; 202 jsdsi.CertPathParameters params; 203 try { 204 if (forward) { 205 params = new IssuerCertPathParameters(c, in.getCertStore()); 206 } else { 207 params = new SubjectCertPathParameters(c, in.getCertStore()); 208 } 209 } catch (java.security.InvalidAlgorithmParameterException e) { 210 throw new Error(e); 211 } 212 s.addTest(new CertPathTest("testCycle", builder, val, params)); 213 } 214 }

This page was automatically generated by Maven