Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/sun/security/provider/certpath/Extensions/OCSPNonceExtensionTests.java
38861 views
/*1* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/*24* @test25* @bug 804632126* @summary Unit tests for OCSPNonceExtension objects27*/2829import java.security.cert.Extension;30import java.io.ByteArrayOutputStream;31import java.io.IOException;32import java.util.*;3334import sun.security.util.DerValue;35import sun.security.util.DerInputStream;36import sun.security.util.ObjectIdentifier;37import sun.security.provider.certpath.OCSPNonceExtension;38import sun.security.x509.PKIXExtensions;3940public class OCSPNonceExtensionTests {41public static final boolean DEBUG = true;42public static final String OCSP_NONCE_OID = "1.3.6.1.5.5.7.48.1.2";43public static final String ELEMENT_NONCE = "nonce";44public static final String EXT_NAME = "OCSPNonce";4546// DER encoding for OCSP nonce extension:47// OID = 1.3.6.1.5.5.7.48.1.248// Critical = true49// 48 bytes of 0xDEADBEEF50public static final byte[] OCSP_NONCE_DER = {5148, 66, 6, 9, 43, 6, 1, 5,525, 7, 48, 1, 2, 1, 1, -1,534, 50, 4, 48, -34, -83, -66, -17,54-34, -83, -66, -17, -34, -83, -66, -17,55-34, -83, -66, -17, -34, -83, -66, -17,56-34, -83, -66, -17, -34, -83, -66, -17,57-34, -83, -66, -17, -34, -83, -66, -17,58-34, -83, -66, -17, -34, -83, -66, -17,59-34, -83, -66, -17,60};6162// 16 bytes of 0xDEADBEEF63public static final byte[] DEADBEEF_16 = {64-34, -83, -66, -17, -34, -83, -66, -17,65-34, -83, -66, -17, -34, -83, -66, -17,66};6768// DER encoded extension using 16 bytes of DEADBEEF69public static final byte[] OCSP_NONCE_DB16 = {7048, 31, 6, 9, 43, 6, 1, 5,715, 7, 48, 1, 2, 4, 18, 4,7216, -34, -83, -66, -17, -34, -83, -66,73-17, -34, -83, -66, -17, -34, -83, -66,74-1775};7677public static void main(String [] args) throws Exception {78Map<String, TestCase> testList =79new LinkedHashMap<String, TestCase>() {{80put("CTOR Test (provide length)", testCtorByLength);81put("CTOR Test (provide nonce bytes)", testCtorByValue);82put("CTOR Test (set criticality forms)", testCtorCritForms);83put("CTOR Test (provide extension DER encoding)",84testCtorSuperByDerValue);85put("Test getName() method", testGetName);86}};8788System.out.println("============ Tests ============");89int testNo = 0;90int numberFailed = 0;91Map.Entry<Boolean, String> result;92for (String testName : testList.keySet()) {93System.out.println("Test " + ++testNo + ": " + testName);94result = testList.get(testName).runTest();95System.out.print("Result: " + (result.getKey() ? "PASS" : "FAIL"));96System.out.println(" " +97(result.getValue() != null ? result.getValue() : ""));98System.out.println("-------------------------------------------");99if (!result.getKey()) {100numberFailed++;101}102}103System.out.println("End Results: " + (testList.size() - numberFailed) +104" Passed" + ", " + numberFailed + " Failed.");105if (numberFailed > 0) {106throw new RuntimeException(107"One or more tests failed, see test output for details");108}109}110111private static void dumpHexBytes(byte[] data) {112if (data != null) {113for (int i = 0; i < data.length; i++) {114if (i % 16 == 0 && i != 0) {115System.out.print("\n");116}117System.out.print(String.format("%02X ", data[i]));118}119System.out.print("\n");120}121}122123private static void debuglog(String message) {124if (DEBUG) {125System.out.println(message);126}127}128129public static void verifyExtStructure(byte[] derData) throws IOException {130debuglog("verifyASN1Extension() received " + derData.length + " bytes");131DerInputStream dis = new DerInputStream(derData);132133// The sequenceItems array should be either two or three elements134// long. If three, then the criticality bit setting has been asserted.135DerValue[] sequenceItems = dis.getSequence(3);136debuglog("Found sequence containing " + sequenceItems.length +137" elements");138if (sequenceItems.length != 2 && sequenceItems.length != 3) {139throw new RuntimeException("Incorrect number of items found in " +140"the SEQUENCE (Got " + sequenceItems.length +141", expected 2 or 3 items)");142}143144int seqIndex = 0;145ObjectIdentifier extOid = sequenceItems[seqIndex++].getOID();146debuglog("Found OID: " + extOid.toString());147if (!extOid.equals((Object)PKIXExtensions.OCSPNonce_Id)) {148throw new RuntimeException("Incorrect OID (Got " +149extOid.toString() + ", expected " +150PKIXExtensions.OCSPNonce_Id.toString() + ")");151}152153if (sequenceItems.length == 3) {154// Non-default criticality bit setting should be at index 1155boolean isCrit = sequenceItems[seqIndex++].getBoolean();156debuglog("Found BOOLEAN (critical): " + isCrit);157}158159// The extnValue is an encapsulating OCTET STRING that contains the160// extension's value. For the OCSP Nonce, that value itself is also161// an OCTET STRING consisting of the random bytes.162DerValue extnValue =163new DerValue(sequenceItems[seqIndex++].getOctetString());164byte[] nonceData = extnValue.getOctetString();165debuglog("Found " + nonceData.length + " bytes of nonce data");166}167168public interface TestCase {169Map.Entry<Boolean, String> runTest();170}171172public static final TestCase testCtorByLength = new TestCase() {173@Override174public Map.Entry<Boolean, String> runTest() {175Boolean pass = Boolean.FALSE;176String message = null;177try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {178// Try sending in a negative length179try {180Extension negLenNonce = new OCSPNonceExtension(-8);181throw new RuntimeException(182"Accepted a negative length nonce");183} catch (IllegalArgumentException iae) { }184185// How about a zero length?186try {187Extension zeroLenNonce = new OCSPNonceExtension(0);188throw new RuntimeException("Accepted a zero length nonce");189} catch (IllegalArgumentException iae) { }190191// Valid input to constructor192Extension nonceByLen = new OCSPNonceExtension(32);193194// Verify overall encoded extension structure195nonceByLen.encode(baos);196verifyExtStructure(baos.toByteArray());197198// Verify the name, elements, and data conform to199// expected values for this specific object.200boolean crit = nonceByLen.isCritical();201String oid = nonceByLen.getId();202DerValue nonceData = new DerValue(nonceByLen.getValue());203204if (crit) {205message = "Extension incorrectly marked critical";206} else if (!oid.equals(OCSP_NONCE_OID)) {207message = "Incorrect OID (Got " + oid + ", Expected " +208OCSP_NONCE_OID + ")";209} else if (nonceData.getTag() != DerValue.tag_OctetString) {210message = "Incorrect nonce data tag type (Got " +211String.format("0x%02X", nonceData.getTag()) +212", Expected 0x04)";213} else if (nonceData.getOctetString().length != 32) {214message = "Incorrect nonce byte length (Got " +215nonceData.getOctetString().length +216", Expected 32)";217} else {218pass = Boolean.TRUE;219}220} catch (Exception e) {221e.printStackTrace(System.out);222message = e.getClass().getName();223}224225return new AbstractMap.SimpleEntry<>(pass, message);226}227};228229public static final TestCase testCtorByValue = new TestCase() {230@Override231public Map.Entry<Boolean, String> runTest() {232Boolean pass = Boolean.FALSE;233String message = null;234try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {235236// Try giving a null value for the nonce237try {238Extension nullNonce = new OCSPNonceExtension(null);239throw new RuntimeException("Accepted a null nonce");240} catch (NullPointerException npe) { }241242// How about a zero-length byte array?243try {244Extension zeroLenNonce =245new OCSPNonceExtension(new byte[0]);246throw new RuntimeException("Accepted a zero length nonce");247} catch (IllegalArgumentException iae) { }248249OCSPNonceExtension nonceByValue =250new OCSPNonceExtension(DEADBEEF_16);251252// Verify overall encoded extension structure253nonceByValue.encode(baos);254verifyExtStructure(baos.toByteArray());255256// Verify the name, elements, and data conform to257// expected values for this specific object.258boolean crit = nonceByValue.isCritical();259String oid = nonceByValue.getId();260byte[] nonceData = nonceByValue.getNonceValue();261262if (crit) {263message = "Extension incorrectly marked critical";264} else if (!oid.equals(OCSP_NONCE_OID)) {265message = "Incorrect OID (Got " + oid + ", Expected " +266OCSP_NONCE_OID + ")";267} else if (!Arrays.equals(nonceData, DEADBEEF_16)) {268message = "Returned nonce value did not match input";269} else {270pass = Boolean.TRUE;271}272} catch (Exception e) {273e.printStackTrace(System.out);274message = e.getClass().getName();275}276277return new AbstractMap.SimpleEntry<>(pass, message);278}279};280281public static final TestCase testCtorCritForms = new TestCase() {282@Override283public Map.Entry<Boolean, String> runTest() {284Boolean pass = Boolean.FALSE;285String message = null;286try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {287Extension nonceByLength = new OCSPNonceExtension(true, 32);288Extension nonceByValue =289new OCSPNonceExtension(true, DEADBEEF_16);290pass = nonceByLength.isCritical() && nonceByValue.isCritical();291if (!pass) {292message = "nonceByLength or nonceByValue was not marked " +293"critical as expected";294}295} catch (Exception e) {296e.printStackTrace(System.out);297message = e.getClass().getName();298}299300return new AbstractMap.SimpleEntry<>(pass, message);301}302};303304305public static final TestCase testCtorSuperByDerValue = new TestCase() {306@Override307public Map.Entry<Boolean, String> runTest() {308Boolean pass = Boolean.FALSE;309String message = null;310try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {311Extension nonceByDer = new sun.security.x509.Extension(312new DerValue(OCSP_NONCE_DER));313314// Verify overall encoded extension structure315nonceByDer.encode(baos);316verifyExtStructure(baos.toByteArray());317318// Verify the name, elements, and data conform to319// expected values for this specific object.320boolean crit = nonceByDer.isCritical();321String oid = nonceByDer.getId();322DerValue nonceData = new DerValue(nonceByDer.getValue());323324if (!crit) {325message = "Extension lacks expected criticality setting";326} else if (!oid.equals(OCSP_NONCE_OID)) {327message = "Incorrect OID (Got " + oid + ", Expected " +328OCSP_NONCE_OID + ")";329} else if (nonceData.getTag() != DerValue.tag_OctetString) {330message = "Incorrect nonce data tag type (Got " +331String.format("0x%02X", nonceData.getTag()) +332", Expected 0x04)";333} else if (nonceData.getOctetString().length != 48) {334message = "Incorrect nonce byte length (Got " +335nonceData.getOctetString().length +336", Expected 48)";337} else {338pass = Boolean.TRUE;339}340} catch (Exception e) {341e.printStackTrace(System.out);342message = e.getClass().getName();343}344345return new AbstractMap.SimpleEntry<>(pass, message);346}347};348349public static final TestCase testGetName = new TestCase() {350@Override351public Map.Entry<Boolean, String> runTest() {352Boolean pass = Boolean.FALSE;353String message = null;354try {355OCSPNonceExtension nonceByLen = new OCSPNonceExtension(32);356pass = new Boolean(nonceByLen.getName().equals(EXT_NAME));357} catch (Exception e) {358e.printStackTrace(System.out);359message = e.getClass().getName();360}361362return new AbstractMap.SimpleEntry<>(pass, message);363}364};365}366367368