mirror of
https://github.com/moparisthebest/k-9
synced 2024-11-27 11:42:16 -05:00
Merge branch 'cert_validation' of git://github.com/k9mail/k-9.git into cert_validation
Conflicts: tests/src/com/fsck/k9/mail/store/TrustManagerFactoryTest.java
This commit is contained in:
Joe Steele
commit
9e6abf5fa7
@ -51,19 +51,159 @@ public class TrustManagerFactoryTest extends AndroidTestCase {
|
||||
+ "G6A2hvA1lpvP97qQ/NFaGQ38XqSykZamZwSx3PlZUM/i9S9n/3MfuuXWqtLC\n"
|
||||
+ "-----END CERTIFICATE-----\n";
|
||||
|
||||
private static final String CA_CERT =
|
||||
"-----BEGIN CERTIFICATE-----\n"
|
||||
+ "MIIDbTCCAlWgAwIBAgIJANCdQ+Cwnyg+MA0GCSqGSIb3DQEBBQUAME0xCzAJBgNV\n"
|
||||
+ "BAYTAkNIMRMwEQYDVQQIDApTb21lLVN0YXRlMQwwCgYDVQQKDANLLTkxGzAZBgNV\n"
|
||||
+ "BAMMEnRlc3QtY2EuazltYWlsLm9yZzAeFw0xMzEyMDIxMjUwNThaFw0yMzExMzAx\n"
|
||||
+ "MjUwNThaME0xCzAJBgNVBAYTAkNIMRMwEQYDVQQIDApTb21lLVN0YXRlMQwwCgYD\n"
|
||||
+ "VQQKDANLLTkxGzAZBgNVBAMMEnRlc3QtY2EuazltYWlsLm9yZzCCASIwDQYJKoZI\n"
|
||||
+ "hvcNAQEBBQADggEPADCCAQoCggEBAJ+YLg9enfFk5eba6B3LtQzUE7GiR2tIpQSi\n"
|
||||
+ "zHMtHzn8KUnRDiGwC8VnSuWCOX7hXyQ0P6i2+DVRVBYOAeDCNMZHOq1hRqI66B33\n"
|
||||
+ "QqLfkBnJAIDeLqfqlgigHs1+//7eagVA6Z38ZFre3PFuKnK9NCwS+gz7PKw/poIG\n"
|
||||
+ "/FZP+ltMlkwvPww4S8SMlY6RXXH09+S/uM8aG6DUBT298eoAXTbSEIeaNhwBHZPe\n"
|
||||
+ "rXqqzd8QDAIE9BFXSkh/BQiVEFDPSBMSdmUzUAsT2aM8osntnKWY5/G7B60wutvA\n"
|
||||
+ "jYCULgtR6lR6jIDbG3ECHVDsTWR+Pgl+h1zeyERhN5iG1ffOtLUCAwEAAaNQME4w\n"
|
||||
+ "HQYDVR0OBBYEFBlUYiTGlOu9zIPx8Q13xcnDL5QpMB8GA1UdIwQYMBaAFBlUYiTG\n"
|
||||
+ "lOu9zIPx8Q13xcnDL5QpMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB\n"
|
||||
+ "AJ6oC6O6I6p0vgA4+7dfyxKX745zl/fK6IVHV/GO75mLjVdyw00USbHGHAmZM5C6\n"
|
||||
+ "eCKVV83m/Re5lHf8ZBjc+3rWdGCEjwyUwvDeUvzpcKF3wPxYDUOOqSI+np1cxj6q\n"
|
||||
+ "6+XI5QXwyUObWtWyw1GOpLuFPbxny/TlRWvk8AfOaLANg3UhvITNZMdMHoQ2sJ3u\n"
|
||||
+ "MrQ+CHe/Tal2MkwiCrYT91f3YWVaswiEAxpqxnwuSXnYyaJpqMCcA1txBDgX84FP\n"
|
||||
+ "dSIM4ut+QltV2Tlx0lpH43dvttAwkPB+iL7ZF6zUki/Nq5aKyNoHOL88TACe18Lq\n"
|
||||
+ "zOztD2HZfxhIz3uH2gXmqUo=\n"
|
||||
+ "-----END CERTIFICATE-----\n";
|
||||
|
||||
private static final String CERT3 =
|
||||
"-----BEGIN CERTIFICATE-----\n"
|
||||
+ "MIIDjDCCAnSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJDSDET\n"
|
||||
+ "MBEGA1UECAwKU29tZS1TdGF0ZTEMMAoGA1UECgwDSy05MRswGQYDVQQDDBJ0ZXN0\n"
|
||||
+ "LWNhLms5bWFpbC5vcmcwHhcNMTMxMjAyMTMxNzEyWhcNMjMxMTMwMTMxNzEyWjBJ\n"
|
||||
+ "MQswCQYDVQQGEwJDSDETMBEGA1UECAwKU29tZS1TdGF0ZTEMMAoGA1UECgwDSy05\n"
|
||||
+ "MRcwFQYDVQQDDA5rOS5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP\n"
|
||||
+ "ADCCAQoCggEBAL9OvWtLcp6bd40Hai6A6cCmJRwn3mwcTB8E41iEQgQexqx/f9RR\n"
|
||||
+ "BuQi2s80k/vXq8QU2GbwGiPkBBXMUHuiT27Lsoj8kMOnH5BXeKLaWDiMpvNqfent\n"
|
||||
+ "UzBXSIOK6Yu9UtlU0MzAuYxXaunrXoS5Dejrbz743P9yW8hx7pANNU0Qfck+ekR7\n"
|
||||
+ "Q4PWNgfbFHrnvcobzuFzJeWg8x9iTTsVGIaX9AVMjMUlIKvhhOWTlcTJHKzU67sp\n"
|
||||
+ "OLzwH9IJ3hqwdmsgZu5D/2AZlYlpFk6AlnoxNhfy9m+T41P8+iWDYCJoxvf3d6gl\n"
|
||||
+ "TlZ1FL0PzPReXeAgugyJ1qx5gJ9Vhf/rBaUCAwEAAaN7MHkwCQYDVR0TBAIwADAs\n"
|
||||
+ "BglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYD\n"
|
||||
+ "VR0OBBYEFPm9hbTbfmcnjjfOzrec/TrvsS5ZMB8GA1UdIwQYMBaAFBlUYiTGlOu9\n"
|
||||
+ "zIPx8Q13xcnDL5QpMA0GCSqGSIb3DQEBBQUAA4IBAQAgvYQoCEklJNXBwLuWpSMx\n"
|
||||
+ "CQrVxLI1XsYRzqMs0kUgM59OhwAPwdSR+UEuyXQ8QGKwSt1d//DkdhzQDATXSBYc\n"
|
||||
+ "VHr16ocYPGNd/VNo7BoUCvykp3cCH3WxYYpAugXbLU8RBJzQwCM75SLQtFe20qfI\n"
|
||||
+ "LErbrmKONtMk3Rfg6XtLLcaOVh1A3q13CKqDvwtZT4oo56EJOvkBkzlCvTuxJb6s\n"
|
||||
+ "FD9pwROFpIN8O54C333tZzj4TDP4g9zb3sofAJ4U0osfQAXekZJdZETFGJsU6TIM\n"
|
||||
+ "Dcf5/G8bZe2DnavBQfML1wI5d7NUWE8CWb95SsIvFXI0qZE0oIR+axBVl9u97uaO\n"
|
||||
+ "-----END CERTIFICATE-----\n";
|
||||
|
||||
private static final String DIGI_CERT =
|
||||
"-----BEGIN CERTIFICATE-----\n"
|
||||
+ "MIIG5jCCBc6gAwIBAgIQAze5KDR8YKauxa2xIX84YDANBgkqhkiG9w0BAQUFADBs\n"
|
||||
+ "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
|
||||
+ "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n"
|
||||
+ "ZSBFViBSb290IENBMB4XDTA3MTEwOTEyMDAwMFoXDTIxMTExMDAwMDAwMFowaTEL\n"
|
||||
+ "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n"
|
||||
+ "LmRpZ2ljZXJ0LmNvbTEoMCYGA1UEAxMfRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug\n"
|
||||
+ "RVYgQ0EtMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPOWYth1bhn/\n"
|
||||
+ "PzR8SU8xfg0ETpmB4rOFVZEwscCvcLssqOcYqj9495BoUoYBiJfiOwZlkKq9ZXbC\n"
|
||||
+ "7L4QWzd4g2B1Rca9dKq2n6Q6AVAXxDlpufFP74LByvNK28yeUE9NQKM6kOeGZrzw\n"
|
||||
+ "PnYoTNF1gJ5qNRQ1A57bDIzCKK1Qss72kaPDpQpYSfZ1RGy6+c7pqzoC4E3zrOJ6\n"
|
||||
+ "4GAiBTyC01Li85xH+DvYskuTVkq/cKs+6WjIHY9YHSpNXic9rQpZL1oRIEDZaARo\n"
|
||||
+ "LfTAhAsKG3jf7RpY3PtBWm1r8u0c7lwytlzs16YDMqbo3rcoJ1mIgP97rYlY1R4U\n"
|
||||
+ "pPKwcNSgPqcCAwEAAaOCA4UwggOBMA4GA1UdDwEB/wQEAwIBhjA7BgNVHSUENDAy\n"
|
||||
+ "BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUH\n"
|
||||
+ "AwgwggHEBgNVHSAEggG7MIIBtzCCAbMGCWCGSAGG/WwCATCCAaQwOgYIKwYBBQUH\n"
|
||||
+ "AgEWLmh0dHA6Ly93d3cuZGlnaWNlcnQuY29tL3NzbC1jcHMtcmVwb3NpdG9yeS5o\n"
|
||||
+ "dG0wggFkBggrBgEFBQcCAjCCAVYeggFSAEEAbgB5ACAAdQBzAGUAIABvAGYAIAB0\n"
|
||||
+ "AGgAaQBzACAAQwBlAHIAdABpAGYAaQBjAGEAdABlACAAYwBvAG4AcwB0AGkAdAB1\n"
|
||||
+ "AHQAZQBzACAAYQBjAGMAZQBwAHQAYQBuAGMAZQAgAG8AZgAgAHQAaABlACAARABp\n"
|
||||
+ "AGcAaQBDAGUAcgB0ACAARQBWACAAQwBQAFMAIABhAG4AZAAgAHQAaABlACAAUgBl\n"
|
||||
+ "AGwAeQBpAG4AZwAgAFAAYQByAHQAeQAgAEEAZwByAGUAZQBtAGUAbgB0ACAAdwBo\n"
|
||||
+ "AGkAYwBoACAAbABpAG0AaQB0ACAAbABpAGEAYgBpAGwAaQB0AHkAIABhAG4AZAAg\n"
|
||||
+ "AGEAcgBlACAAaQBuAGMAbwByAHAAbwByAGEAdABlAGQAIABoAGUAcgBlAGkAbgAg\n"
|
||||
+ "AGIAeQAgAHIAZQBmAGUAcgBlAG4AYwBlAC4wEgYDVR0TAQH/BAgwBgEB/wIBADCB\n"
|
||||
+ "gwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n"
|
||||
+ "dC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NBQ2Vy\n"
|
||||
+ "dHMvRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3J0MIGPBgNVHR8EgYcw\n"
|
||||
+ "gYQwQKA+oDyGOmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hB\n"
|
||||
+ "c3N1cmFuY2VFVlJvb3RDQS5jcmwwQKA+oDyGOmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0\n"
|
||||
+ "LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VFVlJvb3RDQS5jcmwwHQYDVR0OBBYE\n"
|
||||
+ "FExYyyXwQU9S9CjIgUObpqig5pLlMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSYJhoI\n"
|
||||
+ "Au9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQBMeheHKF0XvLIyc7/NLvVYMR3wsXFU\n"
|
||||
+ "nNabZ5PbLwM+Fm8eA8lThKNWYB54lBuiqG+jpItSkdfdXJW777UWSemlQk808kf/\n"
|
||||
+ "roF/E1S3IMRwFcuBCoHLdFfcnN8kpCkMGPAc5K4HM+zxST5Vz25PDVR708noFUjU\n"
|
||||
+ "xbvcNRx3RQdIRYW9135TuMAW2ZXNi419yWBP0aKb49Aw1rRzNubS+QOy46T15bg+\n"
|
||||
+ "BEkAui6mSnKDcp33C4ypieez12Qf1uNgywPE3IjpnSUBAHHLA7QpYCWP+UbRe3Gu\n"
|
||||
+ "zVMSW4SOwg/H7ZMZ2cn6j1g0djIvruFQFGHUqFijyDATI+/GJYw2jxyA\n"
|
||||
+ "-----END CERTIFICATE-----\n";
|
||||
|
||||
private static final String GITHUB_CERT =
|
||||
"-----BEGIN CERTIFICATE-----\n"
|
||||
+ "MIIHOjCCBiKgAwIBAgIQBH++LkveAITSyvjj7P5wWDANBgkqhkiG9w0BAQUFADBp\n"
|
||||
+ "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
|
||||
+ "d3cuZGlnaWNlcnQuY29tMSgwJgYDVQQDEx9EaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n"
|
||||
+ "ZSBFViBDQS0xMB4XDTEzMDYxMDAwMDAwMFoXDTE1MDkwMjEyMDAwMFowgfAxHTAb\n"
|
||||
+ "BgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYBBAGCNzwCAQMTAlVT\n"
|
||||
+ "MRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQFEwc1MTU3NTUwMRcw\n"
|
||||
+ "FQYDVQQJEw41NDggNHRoIFN0cmVldDEOMAwGA1UEERMFOTQxMDcxCzAJBgNVBAYT\n"
|
||||
+ "AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\n"
|
||||
+ "MRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdpdGh1Yi5jb20wggEi\n"
|
||||
+ "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDt04nDXXByCfMzTxpydNm2WpVQ\n"
|
||||
+ "u2hhn/f7Hxnh2gQxrxV8Gn/5c68d5UMrVgkARWlK6MRb38J3UlEZW9Er2TllNqAy\n"
|
||||
+ "GRxBc/sysj2fmOyCWws3ZDkstxCDcs3w6iRL+tmULsOFFTmpOvaI2vQniaaVT4Si\n"
|
||||
+ "N058JXg6yYNtAheVeH1HqFWD7hPIGRqzPPFf/jsC4YX7EWarCV2fTEPwxyReKXIo\n"
|
||||
+ "ztR1aE8kcimuOSj8341PTYNzdAxvEZun3WLe/+LrF+b/DL/ALTE71lmi8t2HSkh7\n"
|
||||
+ "bTMRFE00nzI49sgZnfG2PcVG71ELisYz7UhhxB0XG718tmfpOc+lUoAK9OrNAgMB\n"
|
||||
+ "AAGjggNUMIIDUDAfBgNVHSMEGDAWgBRMWMsl8EFPUvQoyIFDm6aooOaS5TAdBgNV\n"
|
||||
+ "HQ4EFgQUh9GPGW7kh29TjHeRB1Dfo79VRyAwJQYDVR0RBB4wHIIKZ2l0aHViLmNv\n"
|
||||
+ "bYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG\n"
|
||||
+ "AQUFBwMBBggrBgEFBQcDAjBjBgNVHR8EXDBaMCugKaAnhiVodHRwOi8vY3JsMy5k\n"
|
||||
+ "aWdpY2VydC5jb20vZXZjYTEtZzIuY3JsMCugKaAnhiVodHRwOi8vY3JsNC5kaWdp\n"
|
||||
+ "Y2VydC5jb20vZXZjYTEtZzIuY3JsMIIBxAYDVR0gBIIBuzCCAbcwggGzBglghkgB\n"
|
||||
+ "hv1sAgEwggGkMDoGCCsGAQUFBwIBFi5odHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9z\n"
|
||||
+ "c2wtY3BzLXJlcG9zaXRvcnkuaHRtMIIBZAYIKwYBBQUHAgIwggFWHoIBUgBBAG4A\n"
|
||||
+ "eQAgAHUAcwBlACAAbwBmACAAdABoAGkAcwAgAEMAZQByAHQAaQBmAGkAYwBhAHQA\n"
|
||||
+ "ZQAgAGMAbwBuAHMAdABpAHQAdQB0AGUAcwAgAGEAYwBjAGUAcAB0AGEAbgBjAGUA\n"
|
||||
+ "IABvAGYAIAB0AGgAZQAgAEQAaQBnAGkAQwBlAHIAdAAgAEMAUAAvAEMAUABTACAA\n"
|
||||
+ "YQBuAGQAIAB0AGgAZQAgAFIAZQBsAHkAaQBuAGcAIABQAGEAcgB0AHkAIABBAGcA\n"
|
||||
+ "cgBlAGUAbQBlAG4AdAAgAHcAaABpAGMAaAAgAGwAaQBtAGkAdAAgAGwAaQBhAGIA\n"
|
||||
+ "aQBsAGkAdAB5ACAAYQBuAGQAIABhAHIAZQAgAGkAbgBjAG8AcgBwAG8AcgBhAHQA\n"
|
||||
+ "ZQBkACAAaABlAHIAZQBpAG4AIABiAHkAIAByAGUAZgBlAHIAZQBuAGMAZQAuMH0G\n"
|
||||
+ "CCsGAQUFBwEBBHEwbzAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu\n"
|
||||
+ "Y29tMEcGCCsGAQUFBzAChjtodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGln\n"
|
||||
+ "aUNlcnRIaWdoQXNzdXJhbmNlRVZDQS0xLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqG\n"
|
||||
+ "SIb3DQEBBQUAA4IBAQBfFW1nwzrVo94WnEUzJtU9yRZ0NMqHSBsUkG31q0eGufW4\n"
|
||||
+ "4wFFZWjuqRJ1n3Ym7xF8fTjP3fdKGQnxIHKSsE0nuuh/XbQX5DpBJknHdGFoLwY8\n"
|
||||
+ "xZ9JPI57vgvzLo8+fwHyZp3Vm/o5IYLEQViSo+nlOSUQ8YAVqu6KcsP/e612UiqS\n"
|
||||
+ "+UMBmgdx9KPDDzZy4MJZC2hbfUoXj9A54mJN8cuEOPyw3c3yKOcq/h48KzVguQXi\n"
|
||||
+ "SdJbwfqNIbQ9oJM+YzDjzS62+TCtNSNWzWbwABZCmuQxK0oEOSbTmbhxUF7rND3/\n"
|
||||
+ "+mx9u8cY//7uAxLWYS5gIZlCbxcf0lkiKSHJB319\n"
|
||||
+ "-----END CERTIFICATE-----\n";
|
||||
|
||||
private X509Certificate mCert1;
|
||||
private X509Certificate mCert2;
|
||||
private File mKeyStoreFile;
|
||||
private LocalKeyStore mKeyStore;
|
||||
private X509Certificate mCert1;
|
||||
private X509Certificate mCert2;
|
||||
private X509Certificate mCaCert;
|
||||
private X509Certificate mCert3;
|
||||
private X509Certificate mDigiCert;
|
||||
private X509Certificate mGithubCert;
|
||||
|
||||
|
||||
public TrustManagerFactoryTest() throws CertificateException {
|
||||
mCert1 = loadCert(K9_EXAMPLE_COM_CERT1);
|
||||
mCert2 = loadCert(K9_EXAMPLE_COM_CERT2);
|
||||
mCaCert = loadCert(CA_CERT);
|
||||
mCert3 = loadCert(CERT3);
|
||||
mDigiCert = loadCert(DIGI_CERT);
|
||||
mGithubCert = loadCert(GITHUB_CERT);
|
||||
}
|
||||
|
||||
private X509Certificate loadCert(String encodedCert) throws CertificateException {
|
||||
CertificateFactory certFactory = CertificateFactory.getInstance("X509");
|
||||
mCert1 = (X509Certificate) certFactory.generateCertificate(
|
||||
new ByteArrayInputStream(K9_EXAMPLE_COM_CERT1.getBytes()));
|
||||
mCert2 = (X509Certificate) certFactory.generateCertificate(
|
||||
new ByteArrayInputStream(K9_EXAMPLE_COM_CERT2.getBytes()));
|
||||
return (X509Certificate) certFactory.generateCertificate(
|
||||
new ByteArrayInputStream(encodedCert.getBytes()));
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -116,14 +256,7 @@ public class TrustManagerFactoryTest extends AndroidTestCase {
|
||||
public void testWrongCertificate() throws Exception {
|
||||
mKeyStore.addCertificate(MATCHING_HOST, PORT1, mCert1);
|
||||
X509TrustManager trustManager = TrustManagerFactory.get(MATCHING_HOST, PORT1, true);
|
||||
boolean certificateValid;
|
||||
try {
|
||||
trustManager.checkServerTrusted(new X509Certificate[] { mCert2 }, "authType");
|
||||
certificateValid = true;
|
||||
} catch (CertificateException e) {
|
||||
certificateValid = false;
|
||||
}
|
||||
assertFalse("The certificate should have been rejected but wasn't", certificateValid);
|
||||
assertCertificateRejection(trustManager, new X509Certificate[] { mCert2 });
|
||||
}
|
||||
|
||||
public void testCertificateOfOtherHost() throws Exception {
|
||||
@ -131,9 +264,52 @@ public class TrustManagerFactoryTest extends AndroidTestCase {
|
||||
mKeyStore.addCertificate(MATCHING_HOST, PORT2, mCert2);
|
||||
|
||||
X509TrustManager trustManager = TrustManagerFactory.get(MATCHING_HOST, PORT1, true);
|
||||
assertCertificateRejection(trustManager, new X509Certificate[] { mCert2 });
|
||||
}
|
||||
|
||||
public void testUntrustedCertificateChain() throws Exception {
|
||||
X509TrustManager trustManager = TrustManagerFactory.get(MATCHING_HOST, PORT1, true);
|
||||
assertCertificateRejection(trustManager, new X509Certificate[] { mCert3, mCaCert });
|
||||
}
|
||||
|
||||
public void testLocallyTrustedCertificateChain() throws Exception {
|
||||
mKeyStore.addCertificate(MATCHING_HOST, PORT1, mCert3);
|
||||
|
||||
X509TrustManager trustManager = TrustManagerFactory.get(MATCHING_HOST, PORT1, true);
|
||||
trustManager.checkServerTrusted(new X509Certificate[] { mCert3, mCaCert }, "authType");
|
||||
}
|
||||
|
||||
public void testLocallyTrustedCertificateChainNotMatchingHost() throws Exception {
|
||||
mKeyStore.addCertificate(NOT_MATCHING_HOST, PORT1, mCert3);
|
||||
|
||||
X509TrustManager trustManager = TrustManagerFactory.get(NOT_MATCHING_HOST, PORT1, true);
|
||||
trustManager.checkServerTrusted(new X509Certificate[] { mCert3, mCaCert }, "authType");
|
||||
}
|
||||
|
||||
public void testGloballyTrustedCertificateChain() throws Exception {
|
||||
X509TrustManager trustManager = TrustManagerFactory.get("github.com", PORT1, true);
|
||||
X509Certificate[] certificates = new X509Certificate[] { mGithubCert, mDigiCert };
|
||||
trustManager.checkServerTrusted(certificates, "authType");
|
||||
}
|
||||
|
||||
public void testGloballyTrustedCertificateNotMatchingHost() throws Exception {
|
||||
X509TrustManager trustManager = TrustManagerFactory.get(NOT_MATCHING_HOST, PORT1, true);
|
||||
assertCertificateRejection(trustManager, new X509Certificate[] { mGithubCert, mDigiCert});
|
||||
}
|
||||
|
||||
public void testGloballyTrustedCertificateNotMatchingHostOverride() throws Exception {
|
||||
mKeyStore.addCertificate(MATCHING_HOST, PORT1, mGithubCert);
|
||||
|
||||
X509TrustManager trustManager = TrustManagerFactory.get(MATCHING_HOST, PORT1, true);
|
||||
X509Certificate[] certificates = new X509Certificate[] { mGithubCert, mDigiCert };
|
||||
trustManager.checkServerTrusted(certificates, "authType");
|
||||
}
|
||||
|
||||
private void assertCertificateRejection(X509TrustManager trustManager,
|
||||
X509Certificate[] certificates) {
|
||||
boolean certificateValid;
|
||||
try {
|
||||
trustManager.checkServerTrusted(new X509Certificate[] { mCert2 }, "authType");
|
||||
trustManager.checkServerTrusted(certificates, "authType");
|
||||
certificateValid = true;
|
||||
} catch (CertificateException e) {
|
||||
certificateValid = false;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user