diff options
author | evitayan <evitayan@google.com> | 2019-09-24 12:56:31 -0700 |
---|---|---|
committer | evitayan <evitayan@google.com> | 2019-10-07 11:57:22 -0700 |
commit | f955dbc56431a4c985c1d3341c665ade1c6ea8f1 (patch) | |
tree | e71e523e71fd1504c8efd652d3128035c81c1a0a /tests/iketests | |
parent | 8da4b86e0310297f05776b8423e0dc1779f85889 (diff) | |
download | ike-f955dbc56431a4c985c1d3341c665ade1c6ea8f1.tar.gz |
Validate received certificates
Bug: 122685769
Test: atest FrameworksIkeTests(new tests passed)
Change-Id: I7574fdfe6b8581702632bf2df094794f9d51a526
Diffstat (limited to 'tests/iketests')
-rw-r--r-- | tests/iketests/assets/pem/end-cert-a.pem | 20 | ||||
-rw-r--r-- | tests/iketests/assets/pem/end-cert-b.pem | 20 | ||||
-rw-r--r-- | tests/iketests/assets/pem/end-cert-small.pem | 12 | ||||
-rw-r--r-- | tests/iketests/assets/pem/intermediate-ca-b-one.pem | 21 | ||||
-rw-r--r-- | tests/iketests/assets/pem/intermediate-ca-b-two.pem | 21 | ||||
-rw-r--r-- | tests/iketests/assets/pem/self-signed-ca-a.pem | 20 | ||||
-rw-r--r-- | tests/iketests/assets/pem/self-signed-ca-b.pem | 20 | ||||
-rw-r--r-- | tests/iketests/assets/pem/self-signed-ca-small.pem | 12 | ||||
-rw-r--r-- | tests/iketests/src/java/com/android/ike/ikev2/message/IkeCertPayloadTest.java | 154 | ||||
-rw-r--r-- | tests/iketests/src/java/com/android/ike/ikev2/testutils/CertUtils.java | 43 |
10 files changed, 343 insertions, 0 deletions
diff --git a/tests/iketests/assets/pem/end-cert-a.pem b/tests/iketests/assets/pem/end-cert-a.pem new file mode 100644 index 00000000..2e872952 --- /dev/null +++ b/tests/iketests/assets/pem/end-cert-a.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDRzCCAi+gAwIBAgIIZSciRUaEUakwDQYJKoZIhvcNAQELBQAwPTELMAkGA1UE +BhMCVVMxEDAOBgNVBAoTB0FuZHJvaWQxHDAaBgNVBAMTE2NhLnRlc3QuYW5kcm9p +ZC5uZXQwHhcNMTkwNzE2MTcxODMxWhcNMjQwNzE0MTcxODMxWjBBMQswCQYDVQQG +EwJVUzEQMA4GA1UEChMHQW5kcm9pZDEgMB4GA1UEAxMXc2VydmVyLnRlc3QuYW5k +cm9pZC5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpU5M+c3Qg +Sej5NeCboB5T6R0XaODqo/hpZFkjTXt5ku2lvsioLU0xC38K9Cym7kPU0kGMAl1p +tatMZ2Uxde/sDiLyFwYgx//TniDNnxdDXYYxcZNbfV4ERcuPmTexq9t86MneVkxn +hJ9dEBJcr2goFaFIebCUlj3DF827/JQhWgV54M9trPOGOyoRy5HvH+IxOOt8PXaL +vySQZxo4bC6m+qeQQZCgZAwvGagFF9KjVFyKt9ZAVp97wQi7yo+Bzm5I54C4EUbT +XnTRITQXqFKOUXVGYPChwgZTEz/2s6Wh1CR0LjNFTaDMlsUJkUbGn27iZc90nd5w +6WAXYQgsmXnTAgMBAAGjRzBFMB8GA1UdIwQYMBaAFGYUzuvZUaVJl8mcxejuFiUN +GcTfMCIGA1UdEQQbMBmCF3NlcnZlci50ZXN0LmFuZHJvaWQubmV0MA0GCSqGSIb3 +DQEBCwUAA4IBAQByajAzcLrMc2gjDSzTd+5/VTgLhoJfJul3FgsUzZHa9EiRUChV +O94ZCLWWoZxeB0iejaUqrLz/xCJqeC3wbNP7LejiW2qgUAoJdOvNtDGiVx2P7wid +iXS4y49+IYP+T1BVWNNrI+zcAycN2uiQlEKR5KQ3cNXVHZoiVOroheHzi8ezSeYM +j5bhJ2GbpOw9/4PkaBonnQNs9sljkyZ2keYrir1xzf4PI9gieXniJcNuAjYNaAAA +oaHKXah9NggbAVEXEZjLoKtQQqWFz9wNE8AXsIdoD4gOeBuwNQSyn+FmDJdI/mpA +enbz3qbTVurltTHySye0+nhlP7XTifyEanXM +-----END CERTIFICATE-----
\ No newline at end of file diff --git a/tests/iketests/assets/pem/end-cert-b.pem b/tests/iketests/assets/pem/end-cert-b.pem new file mode 100644 index 00000000..f25d3524 --- /dev/null +++ b/tests/iketests/assets/pem/end-cert-b.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWDCCAkCgAwIBAgIIRs9N2RKvOUYwDQYJKoZIhvcNAQELBQAwQTELMAkGA1UE +BhMCVVMxEDAOBgNVBAoTB0FuZHJvaWQxIDAeBgNVBAMTF3R3by5jYS50ZXN0LmFu +ZHJvaWQubmV0MB4XDTE5MDkzMDE4NDg1MVoXDTI0MDkyODE4NDg1MVowQTELMAkG +A1UEBhMCVVMxEDAOBgNVBAoTB0FuZHJvaWQxIDAeBgNVBAMTF3NlcnZlci50ZXN0 +LmFuZHJvaWQubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmhy +posM/dhFPvmHpiqk+bJR2yfw5AeWhspnjuIJB1X3/TFCRTmLLsQ8VGRQnSKYlAYJ +2r5XpgYQ09r4DYAbHwL2oSYtktMzqax22JlR73czZH4D3UTtKk7CdLtc1NPFXYFm +lJ9uE/TD1pXvXwj9vdYp8tVuls2Rv+hBNtgM4nT1FqyMpp1sr5t2LIdx+WpDR4PC +8C7HExeuw4wOBY6mWp4uErWqDFBfQNI3dzwpySRtnuMVKSX5Qcj6Z+bqKmtAgAnZ +qdoLegn4sBbELDFW1QYNqp9QgdJO9P9R2lI8LZvKcd2yB8zJ2+JK1Efh9ErzhqFn +Rc1BzbsBxKJBbppZXQIDAQABo1QwUjAfBgNVHSMEGDAWgBRypK7W5FhP8MtsugM1 +TPfyca8IpDAaBgNVHREEEzARgg9pa2UuYW5kcm9pZC5uZXQwEwYDVR0lBAwwCgYI +KwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBADJu4bfbDO/PUSjTMuH1u6x9iTdx +PKVkzFHqeiAsEKccyenuFKrwkkoIF+gieJeKKDj6lKFDP4uPOYIuNxs9td8G52+1 +5XKX2v9heaw6uFU3AlMmoAHKwIiM+U6eweuG+rVG2doTbMW2OOrEfJ5mgQtky7tx +EIPUL9gUpAKqvsC7pJ7nrakm6TBkhYaTtDYOvdD97LyH9/5h32WKn9zU2H4dog+4 +87K6icdjBpd4ViPXbOBuOLvEsnMDmbSC3/12hv59swAf865SZN10B7ScYbg/yS9V +x2YtMxPMNOOqC71Z/JE5mc80Un0nd9eJFxPueWqeH/4cGA6gL7ZtAeor0BE= +-----END CERTIFICATE-----
\ No newline at end of file diff --git a/tests/iketests/assets/pem/end-cert-small.pem b/tests/iketests/assets/pem/end-cert-small.pem new file mode 100644 index 00000000..b21aa0df --- /dev/null +++ b/tests/iketests/assets/pem/end-cert-small.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBtjCCAWCgAwIBAgIIC0mN0a99ZR0wDQYJKoZIhvcNAQELBQAwQzELMAkGA1UE +BhMCVVMxEDAOBgNVBAoTB0FuZHJvaWQxIjAgBgNVBAMTGXNtYWxsLmNhLnRlc3Qu +YW5kcm9pZC5uZXQwHhcNMTkwNzE2MjIyMzM0WhcNMjQwNzE0MjIyMzM0WjBHMQsw +CQYDVQQGEwJVUzEQMA4GA1UEChMHQW5kcm9pZDEmMCQGA1UEAxMdc21hbGwuc2Vy +dmVyLnRlc3QuYW5kcm9pZC5uZXQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAphl0 +fstit/XcelkX2iKoosGsZ2U5rU+mYWR/9RJIY+qR3OYrBeqqtdvjPOu2fNjHEtsO +//dCRvdxVWdx20ADPQIDAQABozQwMjAfBgNVHSMEGDAWgBRuPvsaYu/KSLILNs2l +qzN0Q3bo8jAPBgNVHREECDAGhwTAqCuKMA0GCSqGSIb3DQEBCwUAA0EA1HWQseq+ +kfL5YaYN7Klb3WiPPg8Vxj4dMNYiQTSH7AG7Gt1Yc6NqBLhmMpa+1T+gwlDdvkD4 +RPIxjfK12sbbog== +-----END CERTIFICATE-----
\ No newline at end of file diff --git a/tests/iketests/assets/pem/intermediate-ca-b-one.pem b/tests/iketests/assets/pem/intermediate-ca-b-one.pem new file mode 100644 index 00000000..707e575b --- /dev/null +++ b/tests/iketests/assets/pem/intermediate-ca-b-one.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDaDCCAlCgAwIBAgIIIbjMyRn2770wDQYJKoZIhvcNAQELBQAwQjELMAkGA1UE +BhMCVVMxEDAOBgNVBAoTB0FuZHJvaWQxITAfBgNVBAMTGHJvb3QuY2EudGVzdC5h +bmRyb2lkLm5ldDAeFw0xOTA5MzAxODQzMThaFw0yNDA5MjgxODQzMThaMEExCzAJ +BgNVBAYTAlVTMRAwDgYDVQQKEwdBbmRyb2lkMSAwHgYDVQQDExdvbmUuY2EudGVz +dC5hbmRyb2lkLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKNN +sRr5Z30rAEw2jrAh/BIekbEy/MvOucAr1w0lxH71p+ybRBx5Bj7G07UGXbL659gm +meMV6nabY4HjQXNMq22POiJBZj+U+rw34br6waljBttxCmmJac1VvgqNsSspXjRy +NbiVQdFjyKSX0NOPcEkwANk15mZbOgJBaYYc8jQCY2G/p8eARVBTLJCy8LEwEU6j +XRv/4eYST79qpBFc7gQQj2FLmh9oppDIvcIVBHwtd1tBoVuehRSud1o8vQRkl/HJ +Mrwp24nO5YYhmVNSFRtBpmWMSu1KknFUwkOebINUNsKXXHebVa7cP4XIQUL8mRT3 +5X9rFJFSQJE01S3NjNMCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B +Af8EBAMCAQYwHQYDVR0OBBYEFHK3FIm7g8dxEIwK9zMAO8EWhRYxMB8GA1UdIwQY +MBaAFEmfqEeF14Nj91ekIpR+sVhCEoAaMA0GCSqGSIb3DQEBCwUAA4IBAQAeMlXT +TnxZo8oz0204gKZ63RzlgDpJ7SqA3qFG+pV+TiqGfSuVkXuIdOskjxJnA9VxUzrr +LdMTCn5e0FK6wCYjZ2GT/CD7oD3vSMkzGbLGNcNJhhDHUq8BOLPkPzz/rwQFPBSb +zr6hsiVXphEt/psGoN7Eu9blPeQaIwMfWnaufAwF664S/3dmCRbNMWSam1qzzz8q +jr0cDOIMa//ZIAcM16cvoBK6pFGnUmuoJYYRtfpY5MmfCWz0sCJxENIX/lxyhd7N +FdRALA1ZP3E//Tn2vQoeFjbKaAba527RE26HgHJ9zZDo1nn8J8J/YwYRJdBWM/3S +LYebNiMtcyB5nIkj +-----END CERTIFICATE-----
\ No newline at end of file diff --git a/tests/iketests/assets/pem/intermediate-ca-b-two.pem b/tests/iketests/assets/pem/intermediate-ca-b-two.pem new file mode 100644 index 00000000..39808f88 --- /dev/null +++ b/tests/iketests/assets/pem/intermediate-ca-b-two.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDZzCCAk+gAwIBAgIIKWCREnNCs+wwDQYJKoZIhvcNAQELBQAwQTELMAkGA1UE +BhMCVVMxEDAOBgNVBAoTB0FuZHJvaWQxIDAeBgNVBAMTF29uZS5jYS50ZXN0LmFu +ZHJvaWQubmV0MB4XDTE5MDkzMDE4NDQwMloXDTI0MDkyODE4NDQwMlowQTELMAkG +A1UEBhMCVVMxEDAOBgNVBAoTB0FuZHJvaWQxIDAeBgNVBAMTF3R3by5jYS50ZXN0 +LmFuZHJvaWQubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLUa +RqkYl2m7lUmMnkooqO0DNNY1aN9r7mJc3ndYn5gjkpb3yLgOYPDNLcQerV6uWk/u +qKudNHed2dInGonl3oxwwv7++6oUvvtrSWLDZlRg16GsdIE1Y98DSMQWkSxevYy9 +Nh6FGTdlBFQVMpiMa8qHEkrOyKsy85yCW1sgzlpGTIBwbDAqYtwe3rgbwyHwUtfy +0EU++DBcR4ll/pDqB0OQtW5E3AOq2GH1iaGeFLKSUQ5KAbdI8y4/b8IkSDffvxcc +kXig7S54aLrNlL/ZjQ+H4Chgjj2A5wMucd81+Fb60Udej73ICL9PpMPnXQ1+BVYd +MJ/txjLNmrOJG9yEHQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB +/wQEAwIBBjAdBgNVHQ4EFgQUcqSu1uRYT/DLbLoDNUz38nGvCKQwHwYDVR0jBBgw +FoAUcrcUibuDx3EQjAr3MwA7wRaFFjEwDQYJKoZIhvcNAQELBQADggEBADY461GT +Rw0dGnD07xaGJcI0i0pV+WnGSrl1s1PAIdMYihJAqYnh10fXbFXLm2WMWVmv/pxs +FI/xDJno+pd4mCa/sIhm63ar/Nv+lFQmcpIlvSlKnhhV4SLNBeqbVhPBGTCHfrG4 +aIyCwm1KJsnkWbf03crhSskR/2CXIjX6lcAy7K3fE2u1ELpAdH0kMJR7VXkLFLUm +gqe9YCluR0weMpe2sCaOGzdVzQSmMMCzGP5cxeFR5U6K40kMOpiW11JNmQ06xI/m +YVkMNwoiV/ITT0/C/g9FxJmkO0mVSLEqxaLS/hNiQNDlroVM0rbxhzviXLI3R3AO +50VvlOQYGxWed/I= +-----END CERTIFICATE-----
\ No newline at end of file diff --git a/tests/iketests/assets/pem/self-signed-ca-a.pem b/tests/iketests/assets/pem/self-signed-ca-a.pem new file mode 100644 index 00000000..5135ea70 --- /dev/null +++ b/tests/iketests/assets/pem/self-signed-ca-a.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPjCCAiagAwIBAgIICrKLpR7LxlowDQYJKoZIhvcNAQELBQAwPTELMAkGA1UE +BhMCVVMxEDAOBgNVBAoTB0FuZHJvaWQxHDAaBgNVBAMTE2NhLnRlc3QuYW5kcm9p +ZC5uZXQwHhcNMTkwNzE2MTcxNTUyWhcNMjkwNzEzMTcxNTUyWjA9MQswCQYDVQQG +EwJVUzEQMA4GA1UEChMHQW5kcm9pZDEcMBoGA1UEAxMTY2EudGVzdC5hbmRyb2lk +Lm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANsvTwad2Nie0VOy +Xb1VtHL0R760Jm4vr14JWMcX4oiE6jUdTNdXQ0CGb65wvulP2aEeukFH0D/cvBMR +Bv9+haEwo9/grIXg9ALNKp+GfuZYw/dfnUMHFn3g2+SUgP6BoMZc4lkHktjkDKxp +99Q6h4NP/ip1labkhBeB9+Z6l78LTixKRKspNITWASJed9bjzshYxKHi6dJy3maQ +1LwYKmK7PEGRpoDoT8yZhFbxsVDUojGnJKH1RLXVOn/psG6dI/+IsbTipAttj5zc +g2VAD56PZG2Jd+vsup+g4Dy72hyy242x5c/H2LKZn4X0B0B+IXyii/ZVc+DJldQ5 +JqplOL8CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +HQYDVR0OBBYEFGYUzuvZUaVJl8mcxejuFiUNGcTfMA0GCSqGSIb3DQEBCwUAA4IB +AQDQYeqjvHsK2ZqSqxakDp0nu36Plbj48Wvx1ru7GW2faz7i0w/Zkxh06zniILCb +QJRjDebSTHc5SSbCFrRTvqagaLDhbH42/hQncWqIoJqW+pmznJET4JiBO0sqzm05 +yQWsLI/h9Ir28Y2g5N+XPBU0VVVejQqH4iI0iwQx7y7ABssQ0Xa/K73VPbeGaKd6 +Prt4wjJvTlIL2yE2+0MggJ3F2rNptL5SDpg3g+4/YQ6wVRBFil95kUqplEsCtU4P +t+8RghiEmsRx/8CywKfZ5Hex87ODhsSDmDApcefbd5gxoWVkqxZUkPcKwYv1ucm8 +u4r44fj4/9W0Zeooav5Yoh1q +-----END CERTIFICATE-----
\ No newline at end of file diff --git a/tests/iketests/assets/pem/self-signed-ca-b.pem b/tests/iketests/assets/pem/self-signed-ca-b.pem new file mode 100644 index 00000000..972fd553 --- /dev/null +++ b/tests/iketests/assets/pem/self-signed-ca-b.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSDCCAjCgAwIBAgIITJQJ6HC1rjwwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UE +BhMCVVMxEDAOBgNVBAoTB0FuZHJvaWQxITAfBgNVBAMTGHJvb3QuY2EudGVzdC5h +bmRyb2lkLm5ldDAeFw0xOTA5MzAxNzU1NTJaFw0yOTA5MjcxNzU1NTJaMEIxCzAJ +BgNVBAYTAlVTMRAwDgYDVQQKEwdBbmRyb2lkMSEwHwYDVQQDExhyb290LmNhLnRl +c3QuYW5kcm9pZC5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCT +q3hGF+JvLaB1xW7KGKmaxiQ7BxX2Sn7cbp7ggoVYXsFlBUuPPv3+Vg5PfPCPhsJ8 +/7w4HyKo3uc/vHs5HpQ7rSd9blhAkfmJci2ULLq73FB8Mix4CzPwMx29RrN1X9bU +z4G0vJMczIBGxbZ0uw7n8bKcXBV7AIeax+J8lseEZ3k8iSuBkUJqGIpPFKTqByFZ +A1Lvt47xkON5SZh6c/Oe+o6291wXaCOJUSAKv6PAWZkq9HeD2fqKA/ck9dBaz1M3 +YvzQ9V/7so3/dECjAfKia388h1I6XSGNUM+d5hpxMXpAFgG42eUXHpJ10OjDvSwd +7ZSC91/kRQewUomEKBK1AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P +AQH/BAQDAgEGMB0GA1UdDgQWBBRJn6hHhdeDY/dXpCKUfrFYQhKAGjANBgkqhkiG +9w0BAQsFAAOCAQEAig/94aGfHBhZuvbbhwAK4rUNpizmR567u0ZJ+QUEKyAlo9lT +ZWYHSm7qTAZYvPEjzTQIptnAlxCHePXh3Cfwgo+r82lhG2rcdI03iRyvHWjM8gyk +BXCJTi0Q08JHHpTP6GnAqpz58qEIFkk8P766zNXdhYrGPOydF+p7MFcb1Zv1gum3 +zmRLt0XUAMfjPUv1Bl8kTKFxH5lkMBLR1E0jnoJoTTfgRPrf9CuFSoh48n7YhoBT +KV75xZY8b8+SuB0v6BvQmkpKZGoxBjuVsShyG7q1+4JTAtwhiP7BlkDvVkaBEi7t +WIMFp2r2ZDisHgastNaeYFyzHYz9g1FCCrHQ4w== +-----END CERTIFICATE-----
\ No newline at end of file diff --git a/tests/iketests/assets/pem/self-signed-ca-small.pem b/tests/iketests/assets/pem/self-signed-ca-small.pem new file mode 100644 index 00000000..bb587bcc --- /dev/null +++ b/tests/iketests/assets/pem/self-signed-ca-small.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBwDCCAWqgAwIBAgIIWKLr7BJ1wyEwDQYJKoZIhvcNAQELBQAwQzELMAkGA1UE +BhMCVVMxEDAOBgNVBAoTB0FuZHJvaWQxIjAgBgNVBAMTGXNtYWxsLmNhLnRlc3Qu +YW5kcm9pZC5uZXQwHhcNMTkwNzE2MjIwNjAzWhcNMjkwNzEzMjIwNjAzWjBDMQsw +CQYDVQQGEwJVUzEQMA4GA1UEChMHQW5kcm9pZDEiMCAGA1UEAxMZc21hbGwuY2Eu +dGVzdC5hbmRyb2lkLm5ldDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDY/gUvbZjF +YuslvcYduKyWeUr30dgOcC6UmAy0toNjnowtsjwp1Zqkp6+SB/vkmRatrMIDgyu9 +KXKRfy9TFUY9AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMB0GA1UdDgQWBBRuPvsaYu/KSLILNs2lqzN0Q3bo8jANBgkqhkiG9w0BAQsF +AANBAMRtcdhE8Ebew9PGNwZtfsp1KiI0ZGLE6zP9YKZYk5VZxqpr914LzEMKZpXA +BqlgNWIcp4nRbuIhLNLyvWRdW0A= +-----END CERTIFICATE-----
\ No newline at end of file diff --git a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeCertPayloadTest.java b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeCertPayloadTest.java new file mode 100644 index 00000000..1b641fcf --- /dev/null +++ b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeCertPayloadTest.java @@ -0,0 +1,154 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.ike.ikev2.message; + +import static org.junit.Assert.fail; + +import com.android.ike.ikev2.exceptions.AuthenticationFailedException; +import com.android.ike.ikev2.testutils.CertUtils; + +import org.junit.Before; +import org.junit.Test; + +import java.security.cert.TrustAnchor; +import java.security.cert.X509Certificate; +import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; +import java.util.Set; + +public final class IkeCertPayloadTest { + private X509Certificate mEndCertA; + private X509Certificate mEndCertB; + private X509Certificate mEndCertSmall; + + private X509Certificate mIntermediateCertBOne; + private X509Certificate mIntermediateCertBTwo; + + private TrustAnchor mTrustAnchorA; + private TrustAnchor mTrustAnchorB; + private TrustAnchor mTrustAnchorSmall; + + @Before + public void setUp() throws Exception { + mEndCertA = CertUtils.createCertFromPemFile("end-cert-a.pem"); + mTrustAnchorA = + new TrustAnchor( + CertUtils.createCertFromPemFile("self-signed-ca-a.pem"), + null /*nameConstraints*/); + + mEndCertB = CertUtils.createCertFromPemFile("end-cert-b.pem"); + mIntermediateCertBOne = CertUtils.createCertFromPemFile("intermediate-ca-b-one.pem"); + mIntermediateCertBTwo = CertUtils.createCertFromPemFile("intermediate-ca-b-two.pem"); + mTrustAnchorB = + new TrustAnchor( + CertUtils.createCertFromPemFile("self-signed-ca-b.pem"), + null /*nameConstraints*/); + + mEndCertSmall = CertUtils.createCertFromPemFile("end-cert-small.pem"); + mTrustAnchorSmall = + new TrustAnchor( + CertUtils.createCertFromPemFile("self-signed-ca-small.pem"), + null /*nameConstraints*/); + } + + @Test + public void testValidateCertsNoIntermediateCerts() throws Exception { + List<X509Certificate> certList = new LinkedList<>(); + certList.add(mEndCertA); + + Set<TrustAnchor> trustAnchors = new HashSet<>(); + trustAnchors.add(mTrustAnchorA); + + IkeCertPayload.validateCertificates(mEndCertA, certList, null /*crlList*/, trustAnchors); + } + + @Test + public void testValidateCertsWithIntermediateCerts() throws Exception { + List<X509Certificate> certList = new LinkedList<>(); + + certList.add(mEndCertB); + certList.add(mIntermediateCertBTwo); + certList.add(mIntermediateCertBOne); + + Set<TrustAnchor> trustAnchors = new HashSet<>(); + trustAnchors.add(mTrustAnchorB); + + IkeCertPayload.validateCertificates(mEndCertB, certList, null /*crlList*/, trustAnchors); + } + + @Test + public void testValidateCertsWithMultiTrustAnchors() throws Exception { + List<X509Certificate> certList = new LinkedList<>(); + certList.add(mEndCertA); + + Set<TrustAnchor> trustAnchors = new HashSet<>(); + trustAnchors.add(mTrustAnchorA); + trustAnchors.add(mTrustAnchorB); + + IkeCertPayload.validateCertificates(mEndCertA, certList, null /*crlList*/, trustAnchors); + } + + @Test + public void testValidateCertsWithWrongTrustAnchor() throws Exception { + List<X509Certificate> certList = new LinkedList<>(); + certList.add(mEndCertA); + + Set<TrustAnchor> trustAnchors = new HashSet<>(); + trustAnchors.add(mTrustAnchorB); + + try { + IkeCertPayload.validateCertificates( + mEndCertA, certList, null /*crlList*/, trustAnchors); + fail("Expected to fail due to absence of valid trust anchor."); + } catch (AuthenticationFailedException expected) { + } + } + + @Test + public void testValidateCertsWithMissingIntermediateCerts() throws Exception { + List<X509Certificate> certList = new LinkedList<>(); + certList.add(mEndCertB); + certList.add(mIntermediateCertBOne); + + Set<TrustAnchor> trustAnchors = new HashSet<>(); + trustAnchors.add(mTrustAnchorB); + + try { + IkeCertPayload.validateCertificates( + mEndCertA, certList, null /*crlList*/, trustAnchors); + fail("Expected to fail due to absence of intermediate certificate."); + } catch (AuthenticationFailedException expected) { + } + } + + @Test + public void testValidateCertsWithSmallSizeKey() throws Exception { + List<X509Certificate> certList = new LinkedList<>(); + certList.add(mEndCertSmall); + + Set<TrustAnchor> trustAnchors = new HashSet<>(); + trustAnchors.add(mTrustAnchorSmall); + + try { + IkeCertPayload.validateCertificates( + mEndCertSmall, certList, null /*crlList*/, trustAnchors); + fail("Expected to fail because certificates use small size key"); + } catch (AuthenticationFailedException expected) { + } + } +} diff --git a/tests/iketests/src/java/com/android/ike/ikev2/testutils/CertUtils.java b/tests/iketests/src/java/com/android/ike/ikev2/testutils/CertUtils.java new file mode 100644 index 00000000..e44551a0 --- /dev/null +++ b/tests/iketests/src/java/com/android/ike/ikev2/testutils/CertUtils.java @@ -0,0 +1,43 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.ike.ikev2.testutils; + +import android.content.Context; + +import androidx.test.InstrumentationRegistry; + +import com.android.ike.ikev2.message.IkeMessage; + +import java.io.InputStream; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; + +/** CertUtils provides utility methods for creating X509 certificate. */ +public final class CertUtils { + private static final String PEM_FOLDER_NAME = "pem"; + + /** Creates an X509Certificate with a pem file */ + public static X509Certificate createCertFromPemFile(String fileName) throws Exception { + Context context = InstrumentationRegistry.getContext(); + InputStream inputStream = + context.getResources().getAssets().open(PEM_FOLDER_NAME + "/" + fileName); + + CertificateFactory factory = + CertificateFactory.getInstance("X.509", IkeMessage.getSecurityProvider()); + return (X509Certificate) factory.generateCertificate(inputStream); + } +} |