-
Enhancement
-
Resolution: Not an Issue
-
P2
-
9
Need to add the following test scenarios using certificates generated using openssl.
1. Test for java.security.cert.Certficate.verify(PublicKey, Provider) method. According to docs (JDK 8 b59, http://download.java.net/jdk8/docs/api/index.html), it throws an UnsupportedOperationException
2. Test for X509CRL class
Test scenario1
- get X500 issuer principal of the CRL
- get X500 principal of the certificate that is used to issue CRL
- compare the principals
- expected result: the principals are equal
Test scenario2
- Try to get a record for the revoked certificate from CRL. Expected result: success.
Test secnario3
- Try to get issuer X500 principal of the rovoked certificate from CRL. According to docs, null is expected.
Test secnario4
- Try to verify CRL.
Test secnario5
Test case for default implementation of java.security.cert.PKIXCertPathChecker.check(Certificate) method. It should just call java.security.cert.PKIXCertPathChecker.check(Certificate, Collection).
3. Test for java.security.cert.X509Certificate class.
Scenario 1
- Get Extended Key Usage extension of the cetrificate, and compare it with expected value.
Scenario 2
- get X500 issuer principal of the EE certificate
- get X500 principal of the certificate that is used to issue EE certificate
- compare the principals
- expected result: the principals are equal
Scenario 3
- get Issuer Alternative Names of a certificate
- parse Issuer Alternative Names, and compare with expected ones
Scenario 4
- verify the certificate
4. Test for X509CRLSelector class.
Scenario 1
- Try to select CRL by real issuer. Expected result: success
Scenario 2
- Try to select CRL by fake issuer. Expected result: no selected CRL.
5. Test extracts revocation reason of the revoked certificate, and then compares it with expected.
1. Test for java.security.cert.Certficate.verify(PublicKey, Provider) method. According to docs (JDK 8 b59, http://download.java.net/jdk8/docs/api/index.html), it throws an UnsupportedOperationException
2. Test for X509CRL class
Test scenario1
- get X500 issuer principal of the CRL
- get X500 principal of the certificate that is used to issue CRL
- compare the principals
- expected result: the principals are equal
Test scenario2
- Try to get a record for the revoked certificate from CRL. Expected result: success.
Test secnario3
- Try to get issuer X500 principal of the rovoked certificate from CRL. According to docs, null is expected.
Test secnario4
- Try to verify CRL.
Test secnario5
Test case for default implementation of java.security.cert.PKIXCertPathChecker.check(Certificate) method. It should just call java.security.cert.PKIXCertPathChecker.check(Certificate, Collection).
3. Test for java.security.cert.X509Certificate class.
Scenario 1
- Get Extended Key Usage extension of the cetrificate, and compare it with expected value.
Scenario 2
- get X500 issuer principal of the EE certificate
- get X500 principal of the certificate that is used to issue EE certificate
- compare the principals
- expected result: the principals are equal
Scenario 3
- get Issuer Alternative Names of a certificate
- parse Issuer Alternative Names, and compare with expected ones
Scenario 4
- verify the certificate
4. Test for X509CRLSelector class.
Scenario 1
- Try to select CRL by real issuer. Expected result: success
Scenario 2
- Try to select CRL by fake issuer. Expected result: no selected CRL.
5. Test extracts revocation reason of the revoked certificate, and then compares it with expected.