public void performTest() throws Exception { CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC"); // initialise CertStore X509Certificate rootCert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(CertPathTest.rootCertBin)); X509Certificate interCert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(CertPathTest.interCertBin)); X509Certificate finalCert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(CertPathTest.finalCertBin)); X509CRL rootCrl = (X509CRL) cf.generateCRL(new ByteArrayInputStream(CertPathTest.rootCrlBin)); X509CRL interCrl = (X509CRL) cf.generateCRL(new ByteArrayInputStream(CertPathTest.interCrlBin)); List list = new ArrayList(); list.add(rootCert); list.add(interCert); list.add(finalCert); list.add(rootCrl); list.add(interCrl); CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list); CertStore store = CertStore.getInstance("Collection", ccsp, "BC"); Date validDate = new Date(rootCrl.getThisUpdate().getTime() + 60 * 60 * 1000); // validating path List certchain = new ArrayList(); certchain.add(finalCert); certchain.add(interCert); CertPath cp = CertificateFactory.getInstance("X.509", "BC").generateCertPath(certchain); Set trust = new HashSet(); trust.add(new TrustAnchor(rootCert, null)); CertPathValidator cpv = CertPathValidator.getInstance("PKIX", "BC"); PKIXParameters param = new PKIXParameters(trust); param.addCertStore(store); param.setDate(validDate); MyChecker checker = new MyChecker(); param.addCertPathChecker(checker); PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) cpv.validate(cp, param); PolicyNode policyTree = result.getPolicyTree(); PublicKey subjectPublicKey = result.getPublicKey(); if (checker.getCount() != 2) { fail("checker not evaluated for each certificate"); } if (!subjectPublicKey.equals(finalCert.getPublicKey())) { fail("wrong public key returned"); } // // invalid path containing a valid one test // try { // initialise CertStore rootCert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(AC_RAIZ_ICPBRASIL)); interCert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(AC_PR)); finalCert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(schefer)); list = new ArrayList(); list.add(rootCert); list.add(interCert); list.add(finalCert); ccsp = new CollectionCertStoreParameters(list); store = CertStore.getInstance("Collection", ccsp); validDate = new Date(finalCert.getNotBefore().getTime() + 60 * 60 * 1000); // validating path certchain = new ArrayList(); certchain.add(finalCert); certchain.add(interCert); cp = CertificateFactory.getInstance("X.509", "BC").generateCertPath(certchain); trust = new HashSet(); trust.add(new TrustAnchor(rootCert, null)); cpv = CertPathValidator.getInstance("PKIX", "BC"); param = new PKIXParameters(trust); param.addCertStore(store); param.setRevocationEnabled(false); param.setDate(validDate); result = (PKIXCertPathValidatorResult) cpv.validate(cp, param); policyTree = result.getPolicyTree(); subjectPublicKey = result.getPublicKey(); fail("Invalid path validated"); } catch (Exception e) { if (!(e instanceof CertPathValidatorException && e.getMessage().startsWith("Could not validate certificate signature."))) { fail("unexpected exception", e); } } checkCircProcessing(); checkPolicyProcessingAtDomainMatch(); validateWithExtendedKeyUsage(); testEmptyPath(); }