Merge "SigAlgParams and other tests"
diff --git a/luni/src/test/java/libcore/java/security/cert/X509CRLTest.java b/luni/src/test/java/libcore/java/security/cert/X509CRLTest.java
index ee7c15b..b829d2d 100644
--- a/luni/src/test/java/libcore/java/security/cert/X509CRLTest.java
+++ b/luni/src/test/java/libcore/java/security/cert/X509CRLTest.java
@@ -25,8 +25,10 @@
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintStream;
+import java.security.InvalidKeyException;
import java.security.Provider;
import java.security.Security;
+import java.security.SignatureException;
import java.security.cert.CRL;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
@@ -41,6 +43,7 @@
import java.util.Set;
import junit.framework.TestCase;
+import libcore.java.security.StandardNames;
public class X509CRLTest extends TestCase {
private Provider[] mX509Providers;
@@ -49,10 +52,14 @@
private static final String CERT_DSA = "x509/cert-dsa.der";
+ private static final String CERT_CRL_CA = "x509/cert-crl-ca.der";
+
private static final String CRL_RSA = "x509/crl-rsa.der";
private static final String CRL_RSA_DSA = "x509/crl-rsa-dsa.der";
+ private static final String CRL_RSA_DSA_SIGOPT = "x509/crl-rsa-dsa-sigopt.der";
+
private static final String CRL_UNSUPPORTED = "x509/crl-unsupported.der";
private static final String CRL_RSA_DATES = "x509/crl-rsa-dates.txt";
@@ -153,6 +160,8 @@
getThisUpdateNextUpdate(f);
getSigAlgName(f);
getSigAlgOID(f);
+ getSigAlgParams(f);
+ verify(f);
test_toString(f);
test_equals(f);
} catch (Throwable e) {
@@ -167,6 +176,20 @@
}
}
+ private void verify(CertificateFactory f) throws Exception {
+ X509CRL crlRsa = getCRL(f, CRL_RSA);
+
+ X509Certificate caCert = getCertificate(f, CERT_CRL_CA);
+ crlRsa.verify(caCert.getPublicKey());
+
+ X509Certificate dsaCert = getCertificate(f, CERT_DSA);
+ try {
+ crlRsa.verify(dsaCert.getPublicKey());
+ fail("should not verify using incorrect key type");
+ } catch (InvalidKeyException expected) {
+ }
+ }
+
private void getType(CertificateFactory f) throws Exception {
CRL crlRsa = getCRL(f, CRL_RSA);
@@ -291,7 +314,7 @@
assertEquals(result1, result2);
}
- private void assertRsaCrl(CertificateFactory f, X509CRLEntry rsaEntry) throws Exception {
+ private void assertRsaCrlEntry(CertificateFactory f, X509CRLEntry rsaEntry) throws Exception {
assertNotNull(rsaEntry);
X509Certificate rsaCert = getCertificate(f, CERT_RSA);
@@ -304,9 +327,11 @@
assertFalse(rsaEntry.hasExtensions());
assertNull(rsaEntry.getCriticalExtensionOIDs());
assertNull(rsaEntry.getNonCriticalExtensionOIDs());
+
+ assertNotNull(rsaEntry.toString());
}
- private void assertDsaCrl(CertificateFactory f, X509CRLEntry dsaEntry) throws Exception {
+ private void assertDsaCrlEntry(CertificateFactory f, X509CRLEntry dsaEntry) throws Exception {
X509Certificate dsaCert = getCertificate(f, CERT_DSA);
Map<String, Date> dates = getCrlDates(CRL_RSA_DSA_DATES);
Date expectedDate = dates.get("lastUpdate");
@@ -319,6 +344,8 @@
assertNotNull(dsaEntry.getCriticalExtensionOIDs());
/* TODO: get the OID */
assertNotNull(dsaEntry.getNonCriticalExtensionOIDs());
+
+ assertNotNull(dsaEntry.toString());
}
private void getRevokedCertificates(CertificateFactory f) throws Exception {
@@ -329,14 +356,48 @@
Set<? extends X509CRLEntry> entries = crlRsa.getRevokedCertificates();
assertEquals(1, entries.size());
for (X509CRLEntry e : entries) {
- assertRsaCrl(f, e);
+ assertRsaCrlEntry(f, e);
}
X509CRL crlRsaDsa = getCRL(f, CRL_RSA_DSA);
Set<? extends X509CRLEntry> entries2 = crlRsaDsa.getRevokedCertificates();
assertEquals(2, entries2.size());
- assertRsaCrl(f, crlRsaDsa.getRevokedCertificate(rsaCert));
- assertDsaCrl(f, crlRsaDsa.getRevokedCertificate(dsaCert));
+ assertRsaCrlEntry(f, crlRsaDsa.getRevokedCertificate(rsaCert));
+ assertDsaCrlEntry(f, crlRsaDsa.getRevokedCertificate(dsaCert));
+ }
+
+ private void getSigAlgParams(CertificateFactory f) throws Exception {
+ X509CRL crl1 = getCRL(f, CRL_RSA);
+ final byte[] sigAlgParams = crl1.getSigAlgParams();
+ if (StandardNames.IS_RI) {
+ assertNull(f.getProvider().getName(), sigAlgParams);
+ } else {
+ assertNotNull(f.getProvider().getName(), sigAlgParams);
+ /* ASN.1 NULL */
+ final byte[] expected = new byte[] {
+ 0x05, 0x00,
+ };
+ assertEquals(f.getProvider().getName(), Arrays.toString(expected),
+ Arrays.toString(sigAlgParams));
+ }
+
+ {
+ X509CRL crlSigOpt = getCRL(f, CRL_RSA_DSA_SIGOPT);
+
+ /* SEQUENCE, INTEGER 1 */
+ final byte[] expected = new byte[] {
+ /* SEQUENCE, constructed, len=5 */
+ (byte) 0x30, (byte) 0x05,
+ /* Type=2, constructed, context-specific, len=3 */
+ (byte) 0xA2, (byte) 0x03,
+ /* INTEGER, len=1, value=1 */
+ (byte) 0x02, (byte) 0x01, (byte) 0x01,
+ };
+
+ final byte[] params = crlSigOpt.getSigAlgParams();
+ assertNotNull(f.getProvider().getName(), params);
+ assertEquals(Arrays.toString(expected), Arrays.toString(params));
+ }
}
private void test_toString(CertificateFactory f) throws Exception {
diff --git a/luni/src/test/java/libcore/java/security/cert/X509CertificateTest.java b/luni/src/test/java/libcore/java/security/cert/X509CertificateTest.java
index 9e0e2f8..8dd1452 100644
--- a/luni/src/test/java/libcore/java/security/cert/X509CertificateTest.java
+++ b/luni/src/test/java/libcore/java/security/cert/X509CertificateTest.java
@@ -105,6 +105,8 @@
private static final String CERT_UNSUPPORTED = "x509/cert-unsupported.der";
+ private static final String CERT_SIGOPT = "x509/cert-sigopt.der";
+
private static final String CERTS_X509_PEM = "x509/certs.pem";
private static final String CERTS_X509_DER = "x509/certs.der";
@@ -639,12 +641,11 @@
private void getSigAlgParams(CertificateFactory f) throws Exception {
{
X509Certificate c = getCertificate(f, CERT_RSA);
- // Harmony and BC are broken?
- String provider = f.getProvider().getName();
- if ("DRLCertFactory".equals(provider) || "BC".equals(provider)) {
- assertNotNull(c.getSigAlgParams());
- } else {
+ // RI appears to disagree
+ if (StandardNames.IS_RI) {
assertNull(f.getProvider().getName(), c.getSigAlgParams());
+ } else {
+ assertNotNull(f.getProvider().getName(), c.getSigAlgParams());
}
}
@@ -657,6 +658,24 @@
X509Certificate c = getCertificate(f, CERT_EC);
assertNull(f.getProvider().getName(), c.getSigAlgParams());
}
+
+ {
+ X509Certificate c = getCertificate(f, CERT_SIGOPT);
+
+ /* SEQUENCE, INTEGER 1 */
+ final byte[] expected = new byte[] {
+ /* SEQUENCE, constructed, len=5 */
+ (byte) 0x30, (byte) 0x05,
+ /* Type=2, constructed, context-specific, len=3 */
+ (byte) 0xA2, (byte) 0x03,
+ /* INTEGER, len=1, value=1 */
+ (byte) 0x02, (byte) 0x01, (byte) 0x01,
+ };
+
+ final byte[] params = c.getSigAlgParams();
+ assertNotNull(f.getProvider().getName(), params);
+ assertEquals(Arrays.toString(expected), Arrays.toString(params));
+ }
}
private void getKeyUsage(CertificateFactory f) throws Exception {
diff --git a/luni/src/test/java/tests/api/javax/security/cert/X509CertificateTest.java b/luni/src/test/java/tests/api/javax/security/cert/X509CertificateTest.java
index 996c94d..e937db9 100644
--- a/luni/src/test/java/tests/api/javax/security/cert/X509CertificateTest.java
+++ b/luni/src/test/java/tests/api/javax/security/cert/X509CertificateTest.java
@@ -310,10 +310,10 @@
// Test can not be applied.
return;
}
- Date[] date = new Date[4];
+ Date[] date = new Date[8];
Calendar calendar = Calendar.getInstance();
for (int i = 0; i < date.length; i++) {
- calendar.set(i * 50, Calendar.JANUARY, 1);
+ calendar.set(i * 500, Calendar.JANUARY, 1);
date[i] = calendar.getTime();
}
Date nb_date = tbt_cert.getNotBefore();
diff --git a/support/src/test/java/tests/resources/x509/cert-alt-dirname.der b/support/src/test/java/tests/resources/x509/cert-alt-dirname.der
index 69e4033..e96fc33 100644
--- a/support/src/test/java/tests/resources/x509/cert-alt-dirname.der
+++ b/support/src/test/java/tests/resources/x509/cert-alt-dirname.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/cert-alt-dns.der b/support/src/test/java/tests/resources/x509/cert-alt-dns.der
index d9b1e87..7f245f1 100644
--- a/support/src/test/java/tests/resources/x509/cert-alt-dns.der
+++ b/support/src/test/java/tests/resources/x509/cert-alt-dns.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/cert-alt-email.der b/support/src/test/java/tests/resources/x509/cert-alt-email.der
index f10bc43..94db3e9 100644
--- a/support/src/test/java/tests/resources/x509/cert-alt-email.der
+++ b/support/src/test/java/tests/resources/x509/cert-alt-email.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/cert-alt-none.der b/support/src/test/java/tests/resources/x509/cert-alt-none.der
index fbf543a..6b7ab1d 100644
--- a/support/src/test/java/tests/resources/x509/cert-alt-none.der
+++ b/support/src/test/java/tests/resources/x509/cert-alt-none.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/cert-alt-other.der b/support/src/test/java/tests/resources/x509/cert-alt-other.der
index 7a06ff7..fb66368 100644
--- a/support/src/test/java/tests/resources/x509/cert-alt-other.der
+++ b/support/src/test/java/tests/resources/x509/cert-alt-other.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/cert-alt-rid.der b/support/src/test/java/tests/resources/x509/cert-alt-rid.der
index 242a49d..6773b4f 100644
--- a/support/src/test/java/tests/resources/x509/cert-alt-rid.der
+++ b/support/src/test/java/tests/resources/x509/cert-alt-rid.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/cert-alt-uri.der b/support/src/test/java/tests/resources/x509/cert-alt-uri.der
index 5a9b882..c21ae4c 100644
--- a/support/src/test/java/tests/resources/x509/cert-alt-uri.der
+++ b/support/src/test/java/tests/resources/x509/cert-alt-uri.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/cert-ca.der b/support/src/test/java/tests/resources/x509/cert-ca.der
index 7c787ea..0570113 100644
--- a/support/src/test/java/tests/resources/x509/cert-ca.der
+++ b/support/src/test/java/tests/resources/x509/cert-ca.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/cert-caWithPathLen.der b/support/src/test/java/tests/resources/x509/cert-caWithPathLen.der
index 2886091..c964a0b 100644
--- a/support/src/test/java/tests/resources/x509/cert-caWithPathLen.der
+++ b/support/src/test/java/tests/resources/x509/cert-caWithPathLen.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/cert-crl-ca.der b/support/src/test/java/tests/resources/x509/cert-crl-ca.der
new file mode 100644
index 0000000..d58022c
--- /dev/null
+++ b/support/src/test/java/tests/resources/x509/cert-crl-ca.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/cert-dsa.der b/support/src/test/java/tests/resources/x509/cert-dsa.der
index d17c4ce..09f83eb 100644
--- a/support/src/test/java/tests/resources/x509/cert-dsa.der
+++ b/support/src/test/java/tests/resources/x509/cert-dsa.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/cert-ec.der b/support/src/test/java/tests/resources/x509/cert-ec.der
index 07bdf7a..ca746cc 100644
--- a/support/src/test/java/tests/resources/x509/cert-ec.der
+++ b/support/src/test/java/tests/resources/x509/cert-ec.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/cert-extendedKeyUsage.der b/support/src/test/java/tests/resources/x509/cert-extendedKeyUsage.der
index ac36013..33673aa 100644
--- a/support/src/test/java/tests/resources/x509/cert-extendedKeyUsage.der
+++ b/support/src/test/java/tests/resources/x509/cert-extendedKeyUsage.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/cert-ipv6.der b/support/src/test/java/tests/resources/x509/cert-ipv6.der
index 11b440e..0e6c5ed 100644
--- a/support/src/test/java/tests/resources/x509/cert-ipv6.der
+++ b/support/src/test/java/tests/resources/x509/cert-ipv6.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/cert-keyUsage-extraLong.der b/support/src/test/java/tests/resources/x509/cert-keyUsage-extraLong.der
index cf5e0f1..1d5fdea 100644
--- a/support/src/test/java/tests/resources/x509/cert-keyUsage-extraLong.der
+++ b/support/src/test/java/tests/resources/x509/cert-keyUsage-extraLong.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/cert-rsa-dates.txt b/support/src/test/java/tests/resources/x509/cert-rsa-dates.txt
index d661409..cbd8632 100644
--- a/support/src/test/java/tests/resources/x509/cert-rsa-dates.txt
+++ b/support/src/test/java/tests/resources/x509/cert-rsa-dates.txt
@@ -1,2 +1,2 @@
-notBefore=Jan 2 00:03:12 2013 GMT
-notAfter=Dec 31 00:03:12 2022 GMT
+notBefore=Mar 6 00:42:06 2013 GMT
+notAfter=Mar 4 00:42:06 2023 GMT
diff --git a/support/src/test/java/tests/resources/x509/cert-rsa-pubkey.der b/support/src/test/java/tests/resources/x509/cert-rsa-pubkey.der
index ab9f3db..4fb898b 100644
--- a/support/src/test/java/tests/resources/x509/cert-rsa-pubkey.der
+++ b/support/src/test/java/tests/resources/x509/cert-rsa-pubkey.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/cert-rsa-serial.txt b/support/src/test/java/tests/resources/x509/cert-rsa-serial.txt
index ec3cebd..07ed8ec 100644
--- a/support/src/test/java/tests/resources/x509/cert-rsa-serial.txt
+++ b/support/src/test/java/tests/resources/x509/cert-rsa-serial.txt
@@ -1 +1 @@
-serial=B96143E1D6F31E6F
+serial=BFC278DBB294AC42
diff --git a/support/src/test/java/tests/resources/x509/cert-rsa-sig.der b/support/src/test/java/tests/resources/x509/cert-rsa-sig.der
index 62979ee..54361b5 100644
--- a/support/src/test/java/tests/resources/x509/cert-rsa-sig.der
+++ b/support/src/test/java/tests/resources/x509/cert-rsa-sig.der
@@ -1 +1 @@
-¨Ñ´Å¯KÜ�¤È¿¤Ï�±�ØÍ(��¥¨ö",/Iö�L.1éå �âãø,¿xÒ»�TK$}x�öy�ÄÞËi©èi.OOð�ÂÄM.�m>×Ë»VbJQö?Ô¥¿�@·ò×(>ë_�xÑGMÅö
£z�%
\ No newline at end of file
+�7Úáiøop¡_%�5óÐý:�%تþ"�©ãRë�Ä�ÇoÇÞ´ò�ª@àç�HÄòjÚñQÌO§ÑÜA3e��ÏC£ëB �¿±`H¿p�÷��Ë�>�é.�5²ßïÄ'ÉqÖk{ã�äCÕ¾æºqP�l�-�
\ No newline at end of file
diff --git a/support/src/test/java/tests/resources/x509/cert-rsa-tbs.der b/support/src/test/java/tests/resources/x509/cert-rsa-tbs.der
index 5ec2858..cbe67b7 100644
--- a/support/src/test/java/tests/resources/x509/cert-rsa-tbs.der
+++ b/support/src/test/java/tests/resources/x509/cert-rsa-tbs.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/cert-rsa.der b/support/src/test/java/tests/resources/x509/cert-rsa.der
index 23d7cc8..e27787b 100644
--- a/support/src/test/java/tests/resources/x509/cert-rsa.der
+++ b/support/src/test/java/tests/resources/x509/cert-rsa.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/cert-sigopt.der b/support/src/test/java/tests/resources/x509/cert-sigopt.der
new file mode 100644
index 0000000..d808282
--- /dev/null
+++ b/support/src/test/java/tests/resources/x509/cert-sigopt.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/cert-unsupported.der b/support/src/test/java/tests/resources/x509/cert-unsupported.der
index 0239b68..c0db35a 100644
--- a/support/src/test/java/tests/resources/x509/cert-unsupported.der
+++ b/support/src/test/java/tests/resources/x509/cert-unsupported.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/cert-userWithPathLen.der b/support/src/test/java/tests/resources/x509/cert-userWithPathLen.der
index c29c933..e5ec37e 100644
--- a/support/src/test/java/tests/resources/x509/cert-userWithPathLen.der
+++ b/support/src/test/java/tests/resources/x509/cert-userWithPathLen.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/certs-pk7.der b/support/src/test/java/tests/resources/x509/certs-pk7.der
index 327d072..f7f8abc 100644
--- a/support/src/test/java/tests/resources/x509/certs-pk7.der
+++ b/support/src/test/java/tests/resources/x509/certs-pk7.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/certs-pk7.pem b/support/src/test/java/tests/resources/x509/certs-pk7.pem
index acdbefc..feef173 100644
--- a/support/src/test/java/tests/resources/x509/certs-pk7.pem
+++ b/support/src/test/java/tests/resources/x509/certs-pk7.pem
@@ -1,19 +1,19 @@
-----BEGIN PKCS7-----
-MIIIBgYJKoZIhvcNAQcCoIIH9zCCB/MCAQExADALBgkqhkiG9w0BBwGgggfZMIIE
-vDCCBCWgAwIBAgIJALlhQ+HW8x5vMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNVBAYT
+MIIICAYJKoZIhvcNAQcCoIIH+TCCB/UCAQExADALBgkqhkiG9w0BBwGgggfbMIIE
+vDCCBCWgAwIBAgIJAL/CeNuylKxCMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNVBAYT
AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTYW4gTWF0ZW8xFzAV
-BgNVBAoTDkdlbml1cy5jb20gSW5jMQ8wDQYDVQQLEwZOZXRPcHMwHhcNMTMwMTAy
-MDAwMzEyWhcNMjIxMjMxMDAwMzEyWjBgMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
+BgNVBAoTDkdlbml1cy5jb20gSW5jMQ8wDQYDVQQLEwZOZXRPcHMwHhcNMTMwMzA2
+MDA0MjA2WhcNMjMwMzA0MDA0MjA2WjBgMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
Q2FsaWZvcm5pYTESMBAGA1UEBxMJU2FuIE1hdGVvMRcwFQYDVQQKEw5HZW5pdXMu
Y29tIEluYzEPMA0GA1UECxMGTmV0T3BzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQC5z1kj/9icpVyMG9YYEk1iVeU6Ik4+xpQmZCiQaA20wiZBw3it85VdgvCq
-bB0CHZ5TKnfxpkAdfbXpGqwynwGKGnKGitH1ol9e+vP560Uwe1y1m+d1vG9S5oHg
-PITk7LOdZDPfzxRpdRbtG+AotiTjwXcIRilb41zAQdlL+V6XFQIDAQABo4ICfDCC
-AngwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFPZXOE58APjzbNY3
-hYjPdgUWlauhMIGSBgNVHSMEgYowgYeAFPZXOE58APjzbNY3hYjPdgUWlauhoWSk
+iQKBgQCxtuZhs1g1NvAYRkbdyDwNh+KLxc/GWDC+reFz9bO8NDmINjLVoe3Pu5S1
+ONXEgpkvSj6v8a9S7FgSShautZd6G1fm6XFB2Nn+eUjN56o86xNHMiEOG+QCTRRu
+pAkZaa3W1WEh+zqq2x0X9JlYY/xpDmP3voGC6rOcfnOoyl/fPQIDAQABo4ICfDCC
+AngwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFL8PXLxMk0+9Upkm
+yqlonexUHoq4MIGSBgNVHSMEgYowgYeAFL8PXLxMk0+9UpkmyqlonexUHoq4oWSk
YjBgMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJ
U2FuIE1hdGVvMRcwFQYDVQQKEw5HZW5pdXMuY29tIEluYzEPMA0GA1UECxMGTmV0
-T3BzggkAuWFD4dbzHm8wHgYJYIZIAYb4QgENBBEWD1guNTA5IFVuaXQgVGVzdDCB
+T3BzggkAv8J427KUrEIwHgYJYIZIAYb4QgENBBEWD1guNTA5IFVuaXQgVGVzdDCB
wwYDVR0RBIG7MIG4oA4GAyoDBKAHDAV0ZXN0MYEQeDUwOUBleGFtcGxlLmNvbYIQ
eDUwOS5leGFtcGxlLmNvbaRQME4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1Bd2Vz
b21lIER1ZGVzMRcwFQYDVQQLFA7DnGJlciBGcsOuZW5kczEOMAwGA1UEAxQF4oiG
@@ -22,24 +22,24 @@
LmNvbYIQeDUwOS5leGFtcGxlLmNvbaRQME4xCzAJBgNVBAYTAlVTMRYwFAYDVQQK
Ew1Bd2Vzb21lIER1ZGVzMRcwFQYDVQQLFA7DnGJlciBGcsOuZW5kczEOMAwGA1UE
AxQF4oiGxpKGJWh0dHA6Ly93d3cuZXhhbXBsZS5jb20vP3E9YXdlc29tZW5lc3OH
-BMCoAAGIAyoDBDANBgkqhkiG9w0BAQUFAAOBgQCo0bTFr0vcFaTIgb+kz48OsQSf
-2M0oBRulqPaYIoeaLC+Vikn2H0wukTHp5QkHleLj+Cy/eNK7BVSVSyR9h5h4B/Z5
-FovE3stpqehpgYwuT4pP8AvCxE0uF20+18u7VmJKUX/2P9Slh78bQLfy1yg+hOtf
-EXjRR03F9oWjmnoFJTCCAxUwggLVoAMCAQICCQCfC5LfnVl0OjAJBgcqhkjOOAQD
+BMCoAAGIAyoDBDANBgkqhkiG9w0BAQUFAAOBgQAaN9rhafhvcIyhXyUVNfPQ/Tod
+mSV/2Kr+IgfCjanjUusQxATHnJeMb5HHgd608hmqQODnHUjEk/KMatrxUcxPp9Hc
+QTNlBBWTz0Oj60KgAb+xYEi/cBn3Cxubyxo+hgjpLhc1st/vgMQnyXHWa3vjFuRD
+1b7munGaUBNsFi0BnzCCAxcwggLVoAMCAQICCQDoI9YBeCh6fzAJBgcqhkjOOAQD
MGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlT
YW4gTWF0ZW8xFzAVBgNVBAoTDkdlbml1cy5jb20gSW5jMQ8wDQYDVQQLEwZOZXRP
-cHMwHhcNMTMwMTAyMDAwMzEzWhcNMTMwMjAxMDAwMzEzWjBgMQswCQYDVQQGEwJV
+cHMwHhcNMTMwMzA2MDA0MjA4WhcNMTMwNDA1MDA0MjA4WjBgMQswCQYDVQQGEwJV
UzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU2FuIE1hdGVvMRcwFQYD
VQQKEw5HZW5pdXMuY29tIEluYzEPMA0GA1UECxMGTmV0T3BzMIIBtjCCASsGByqG
-SM44BAEwggEeAoGBAImYpx8uzo8B+Q3hxZN46+A80MRrbA18klMPdOVBoMInEe2w
-cxZatUOzqzxqb5V3Qd7lc9wYnTVy3BvDGbVxZ22J8GdtbJ046ZeoZkaIavohekr0
-87VGczxIjO5jxCcTRpFVjB5TPR8m6UlojxRo5y4K0yQ2ciV9lWxXpyBUAHyFAhUA
-7hFB9CwOX6cnV0Ehn6n9mZwsf4sCgYBcX2t572fhu3oWasXVbkA90GcN4RsNEHbL
-iFVk95r0LViFyrKvuYTCEt6J1SVBX+PZ+wU5h0SkI/Ya2RTo0KWkJBkFAcEy36e8
-lJCJMOlBQZwfWt2F1vTgnFPWpBLH2GuYwIB2qEBN9ehLvyPGIbozmSuQ5rE++jK1
-yUzcO9eg6AOBhAACgYAd7BJdvhiNsLKw8RcloBUYYB5jZeQYzOlR8xONopRWzcQX
-nmRug0Y/Zk6gCkGCnZoWYViB2x5TbkQY3l9zT6WT8sfRVoidUUUyNRpgXG4pydSj
-XOCEqD1WS/XMx9VsYsjrkq/6zBxDzcputrYdkS45Yiua+ruyyNwXaghPyKQssqMa
-MBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCADcwCQYHKoZIzjgEAwMvADAsAhRG6gnv
-MAvWYlUjXdBOXVIqUbIelQIUB7T9ah0mDUbOmjJvsDqX2ioJsqmhADEA
+SM44BAEwggEeAoGBAJSFHSZWbyn0lJm3v2VeFoVNPSCM4akS+YxZ8NyYjEwl58aC
+YW/StslxMQeQvow++1bzM2GMMq6i29fSy/y8w/kNgua6mC+H1rkoAPy1zr/qiYD5
+4LgVm53sjur9HZaSP5h5U1u0f7uYrnxd5r8ns/pNJ1HnVdPzbFEgBU0LRjUtAhUA
+vcuQ5p9rxRPOegf2e3DP8dgc+LcCgYAJ2OG3B4JdOOowJidNeIFL2E86nQ9YqY+y
+Qn760g3L23PX+tjJag1vJfvS2pwU1X0w3YwvdoPBFLwBfy0vEwEFqR70iJC/E2st
+3geZqbPjZWkoUS6Rq3++JsKoLxYMLns/2U9/vpl/KF2053Xa3QvTyd0Dxs1o3T0m
+g2rhP8FldAOBhAACgYAYB+w4767ypZaw1RYNLWWl+UFe4L2cfsZKGM5Z8flqcJke
+y5fhk2VPRFa/YXUEYuYkganGQFNqrv2tlLalpcqRX00BXLFGx2WFrhpY1u2YYnDV
+5xGFpLH4MV0Nvw0iDMD+q+Wo2sH5MgUbCmnlwtZ8xhQYF3M2Cyb4fnm+tQsNnKMa
+MBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCADcwCQYHKoZIzjgEAwMxADAuAhUAt3Mt
+TCmXGAdJ8gGtrg/BfAQ/lPoCFQCMlyzUwS31EtfnLSu/SGFR6xxTMqEAMQA=
-----END PKCS7-----
diff --git a/support/src/test/java/tests/resources/x509/certs.der b/support/src/test/java/tests/resources/x509/certs.der
index 89585a6..d454c5b 100644
--- a/support/src/test/java/tests/resources/x509/certs.der
+++ b/support/src/test/java/tests/resources/x509/certs.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/certs.pem b/support/src/test/java/tests/resources/x509/certs.pem
index 515fbb7..448227e 100644
--- a/support/src/test/java/tests/resources/x509/certs.pem
+++ b/support/src/test/java/tests/resources/x509/certs.pem
@@ -1,18 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIIEvDCCBCWgAwIBAgIJALlhQ+HW8x5vMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
+MIIEvDCCBCWgAwIBAgIJAL/CeNuylKxCMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTYW4gTWF0ZW8x
FzAVBgNVBAoTDkdlbml1cy5jb20gSW5jMQ8wDQYDVQQLEwZOZXRPcHMwHhcNMTMw
-MTAyMDAwMzEyWhcNMjIxMjMxMDAwMzEyWjBgMQswCQYDVQQGEwJVUzETMBEGA1UE
+MzA2MDA0MjA2WhcNMjMwMzA0MDA0MjA2WjBgMQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU2FuIE1hdGVvMRcwFQYDVQQKEw5HZW5p
dXMuY29tIEluYzEPMA0GA1UECxMGTmV0T3BzMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQC5z1kj/9icpVyMG9YYEk1iVeU6Ik4+xpQmZCiQaA20wiZBw3it85Vd
-gvCqbB0CHZ5TKnfxpkAdfbXpGqwynwGKGnKGitH1ol9e+vP560Uwe1y1m+d1vG9S
-5oHgPITk7LOdZDPfzxRpdRbtG+AotiTjwXcIRilb41zAQdlL+V6XFQIDAQABo4IC
-fDCCAngwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFPZXOE58APjz
-bNY3hYjPdgUWlauhMIGSBgNVHSMEgYowgYeAFPZXOE58APjzbNY3hYjPdgUWlauh
+ADCBiQKBgQCxtuZhs1g1NvAYRkbdyDwNh+KLxc/GWDC+reFz9bO8NDmINjLVoe3P
+u5S1ONXEgpkvSj6v8a9S7FgSShautZd6G1fm6XFB2Nn+eUjN56o86xNHMiEOG+QC
+TRRupAkZaa3W1WEh+zqq2x0X9JlYY/xpDmP3voGC6rOcfnOoyl/fPQIDAQABo4IC
+fDCCAngwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFL8PXLxMk0+9
+UpkmyqlonexUHoq4MIGSBgNVHSMEgYowgYeAFL8PXLxMk0+9UpkmyqlonexUHoq4
oWSkYjBgMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UE
BxMJU2FuIE1hdGVvMRcwFQYDVQQKEw5HZW5pdXMuY29tIEluYzEPMA0GA1UECxMG
-TmV0T3BzggkAuWFD4dbzHm8wHgYJYIZIAYb4QgENBBEWD1guNTA5IFVuaXQgVGVz
+TmV0T3BzggkAv8J427KUrEIwHgYJYIZIAYb4QgENBBEWD1guNTA5IFVuaXQgVGVz
dDCBwwYDVR0RBIG7MIG4oA4GAyoDBKAHDAV0ZXN0MYEQeDUwOUBleGFtcGxlLmNv
bYIQeDUwOS5leGFtcGxlLmNvbaRQME4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1B
d2Vzb21lIER1ZGVzMRcwFQYDVQQLFA7DnGJlciBGcsOuZW5kczEOMAwGA1UEAxQF
@@ -21,27 +21,27 @@
cGxlLmNvbYIQeDUwOS5leGFtcGxlLmNvbaRQME4xCzAJBgNVBAYTAlVTMRYwFAYD
VQQKEw1Bd2Vzb21lIER1ZGVzMRcwFQYDVQQLFA7DnGJlciBGcsOuZW5kczEOMAwG
A1UEAxQF4oiGxpKGJWh0dHA6Ly93d3cuZXhhbXBsZS5jb20vP3E9YXdlc29tZW5l
-c3OHBMCoAAGIAyoDBDANBgkqhkiG9w0BAQUFAAOBgQCo0bTFr0vcFaTIgb+kz48O
-sQSf2M0oBRulqPaYIoeaLC+Vikn2H0wukTHp5QkHleLj+Cy/eNK7BVSVSyR9h5h4
-B/Z5FovE3stpqehpgYwuT4pP8AvCxE0uF20+18u7VmJKUX/2P9Slh78bQLfy1yg+
-hOtfEXjRR03F9oWjmnoFJQ==
+c3OHBMCoAAGIAyoDBDANBgkqhkiG9w0BAQUFAAOBgQAaN9rhafhvcIyhXyUVNfPQ
+/TodmSV/2Kr+IgfCjanjUusQxATHnJeMb5HHgd608hmqQODnHUjEk/KMatrxUcxP
+p9HcQTNlBBWTz0Oj60KgAb+xYEi/cBn3Cxubyxo+hgjpLhc1st/vgMQnyXHWa3vj
+FuRD1b7munGaUBNsFi0Bnw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIDFTCCAtWgAwIBAgIJAJ8Lkt+dWXQ6MAkGByqGSM44BAMwYDELMAkGA1UEBhMC
+MIIDFzCCAtWgAwIBAgIJAOgj1gF4KHp/MAkGByqGSM44BAMwYDELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVNhbiBNYXRlbzEXMBUG
-A1UEChMOR2VuaXVzLmNvbSBJbmMxDzANBgNVBAsTBk5ldE9wczAeFw0xMzAxMDIw
-MDAzMTNaFw0xMzAyMDEwMDAzMTNaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
+A1UEChMOR2VuaXVzLmNvbSBJbmMxDzANBgNVBAsTBk5ldE9wczAeFw0xMzAzMDYw
+MDQyMDhaFw0xMzA0MDUwMDQyMDhaMGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
YWxpZm9ybmlhMRIwEAYDVQQHEwlTYW4gTWF0ZW8xFzAVBgNVBAoTDkdlbml1cy5j
b20gSW5jMQ8wDQYDVQQLEwZOZXRPcHMwggG2MIIBKwYHKoZIzjgEATCCAR4CgYEA
-iZinHy7OjwH5DeHFk3jr4DzQxGtsDXySUw905UGgwicR7bBzFlq1Q7OrPGpvlXdB
-3uVz3BidNXLcG8MZtXFnbYnwZ21snTjpl6hmRohq+iF6SvTztUZzPEiM7mPEJxNG
-kVWMHlM9HybpSWiPFGjnLgrTJDZyJX2VbFenIFQAfIUCFQDuEUH0LA5fpydXQSGf
-qf2ZnCx/iwKBgFxfa3nvZ+G7ehZqxdVuQD3QZw3hGw0QdsuIVWT3mvQtWIXKsq+5
-hMIS3onVJUFf49n7BTmHRKQj9hrZFOjQpaQkGQUBwTLfp7yUkIkw6UFBnB9a3YXW
-9OCcU9akEsfYa5jAgHaoQE316Eu/I8YhujOZK5DmsT76MrXJTNw716DoA4GEAAKB
-gB3sEl2+GI2wsrDxFyWgFRhgHmNl5BjM6VHzE42ilFbNxBeeZG6DRj9mTqAKQYKd
-mhZhWIHbHlNuRBjeX3NPpZPyx9FWiJ1RRTI1GmBcbinJ1KNc4ISoPVZL9czH1Wxi
-yOuSr/rMHEPNym62th2RLjliK5r6u7LI3BdqCE/IpCyyoxowGDAJBgNVHRMEAjAA
-MAsGA1UdDwQEAwIANzAJBgcqhkjOOAQDAy8AMCwCFEbqCe8wC9ZiVSNd0E5dUipR
-sh6VAhQHtP1qHSYNRs6aMm+wOpfaKgmyqQ==
+lIUdJlZvKfSUmbe/ZV4WhU09IIzhqRL5jFnw3JiMTCXnxoJhb9K2yXExB5C+jD77
+VvMzYYwyrqLb19LL/LzD+Q2C5rqYL4fWuSgA/LXOv+qJgPnguBWbneyO6v0dlpI/
+mHlTW7R/u5iufF3mvyez+k0nUedV0/NsUSAFTQtGNS0CFQC9y5Dmn2vFE856B/Z7
+cM/x2Bz4twKBgAnY4bcHgl046jAmJ014gUvYTzqdD1ipj7JCfvrSDcvbc9f62Mlq
+DW8l+9LanBTVfTDdjC92g8EUvAF/LS8TAQWpHvSIkL8Tay3eB5mps+NlaShRLpGr
+f74mwqgvFgwuez/ZT3++mX8oXbTnddrdC9PJ3QPGzWjdPSaDauE/wWV0A4GEAAKB
+gBgH7DjvrvKllrDVFg0tZaX5QV7gvZx+xkoYzlnx+WpwmR7Ll+GTZU9EVr9hdQRi
+5iSBqcZAU2qu/a2UtqWlypFfTQFcsUbHZYWuGljW7ZhicNXnEYWksfgxXQ2/DSIM
+wP6r5ajawfkyBRsKaeXC1nzGFBgXczYLJvh+eb61Cw2coxowGDAJBgNVHRMEAjAA
+MAsGA1UdDwQEAwIANzAJBgcqhkjOOAQDAzEAMC4CFQC3cy1MKZcYB0nyAa2uD8F8
+BD+U+gIVAIyXLNTBLfUS1+ctK79IYVHrHFMy
-----END CERTIFICATE-----
diff --git a/support/src/test/java/tests/resources/x509/create.sh b/support/src/test/java/tests/resources/x509/create.sh
index dfab42e..0f7cb81 100755
--- a/support/src/test/java/tests/resources/x509/create.sh
+++ b/support/src/test/java/tests/resources/x509/create.sh
@@ -61,6 +61,8 @@
openssl req -config ${DIR}/default.cnf -new -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions unsupported_cert -req -signkey privkey.pem -outform d > cert-unsupported.der
+openssl req -config ${DIR}/default.cnf -new -nodes -batch -config ${DIR}/default.cnf -extensions usr_cert -x509 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:1 -outform d > cert-sigopt.der
+
openssl dsaparam -out dsaparam.pem 1024
openssl req -config ${DIR}/default.cnf -newkey dsa:dsaparam.pem -keyout dsapriv.pem -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions keyUsage_cert -req -signkey dsapriv.pem -outform d > cert-dsa.der
rm -f dsaparam.pem
@@ -76,6 +78,7 @@
touch /tmp/ca/index.txt.attr
echo "01" > /tmp/ca/serial
openssl req -new -nodes -batch -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 -config default.cnf
+openssl x509 -in cacert.pem -outform d > cert-crl-ca.der
openssl x509 -inform d -in cert-rsa.der -out cert-rsa.pem
openssl ca -revoke cert-rsa.pem -keyfile cakey.pem -cert cacert.pem -config default.cnf
@@ -89,7 +92,9 @@
openssl x509 -inform d -in cert-dsa.der -out cert-dsa.pem
openssl ca -revoke cert-dsa.pem -keyfile cakey.pem -cert cacert.pem -crl_reason cessationOfOperation -extensions unsupported_cert -config default.cnf
openssl ca -gencrl -crldays 30 -keyfile cakey.pem -cert cacert.pem -out crl-rsa-dsa.pem -config default.cnf
+openssl ca -gencrl -crldays 30 -keyfile cakey.pem -cert cacert.pem -out crl-rsa-dsa-sigopt.pem -config default.cnf -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:1
openssl crl -in crl-rsa-dsa.pem -outform d -out crl-rsa-dsa.der
+openssl crl -in crl-rsa-dsa-sigopt.pem -outform d -out crl-rsa-dsa-sigopt.der
# Unsupported extensions
openssl ca -gencrl -crlexts unsupported_cert -keyfile cakey.pem -cert cacert.pem -out crl-unsupported.pem -config default.cnf
diff --git a/support/src/test/java/tests/resources/x509/crl-rsa-dates.txt b/support/src/test/java/tests/resources/x509/crl-rsa-dates.txt
index 50e48f2..4669357 100644
--- a/support/src/test/java/tests/resources/x509/crl-rsa-dates.txt
+++ b/support/src/test/java/tests/resources/x509/crl-rsa-dates.txt
@@ -1,2 +1,2 @@
-lastUpdate=Jan 2 00:03:13 2013 GMT
-nextUpdate=Jan 4 22:03:13 2013 GMT
+lastUpdate=Mar 6 00:42:08 2013 GMT
+nextUpdate=Mar 8 22:42:08 2013 GMT
diff --git a/support/src/test/java/tests/resources/x509/crl-rsa-dsa-dates.txt b/support/src/test/java/tests/resources/x509/crl-rsa-dsa-dates.txt
index 9976096..7700c7e 100644
--- a/support/src/test/java/tests/resources/x509/crl-rsa-dsa-dates.txt
+++ b/support/src/test/java/tests/resources/x509/crl-rsa-dsa-dates.txt
@@ -1,2 +1,2 @@
-lastUpdate=Jan 2 00:03:13 2013 GMT
-nextUpdate=Feb 1 00:03:13 2013 GMT
+lastUpdate=Mar 6 00:42:08 2013 GMT
+nextUpdate=Apr 5 00:42:08 2013 GMT
diff --git a/support/src/test/java/tests/resources/x509/crl-rsa-dsa-sigopt.der b/support/src/test/java/tests/resources/x509/crl-rsa-dsa-sigopt.der
new file mode 100644
index 0000000..ec83979
--- /dev/null
+++ b/support/src/test/java/tests/resources/x509/crl-rsa-dsa-sigopt.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/crl-rsa-dsa-sigopt.pem b/support/src/test/java/tests/resources/x509/crl-rsa-dsa-sigopt.pem
new file mode 100644
index 0000000..87531a2
--- /dev/null
+++ b/support/src/test/java/tests/resources/x509/crl-rsa-dsa-sigopt.pem
@@ -0,0 +1,10 @@
+-----BEGIN X509 CRL-----
+MIIBejCB3wIBATASBgkqhkiG9w0BAQowBaIDAgEBMGAxCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTYW4gTWF0ZW8xFzAVBgNVBAoT
+Dkdlbml1cy5jb20gSW5jMQ8wDQYDVQQLEwZOZXRPcHMXDTEzMDMwNjAwNDIwOFoX
+DTEzMDQwNTAwNDIwOFowRjAaAgkAv8J427KUrEIXDTEzMDMwNjAwNDIwOFowKAIJ
+AOgj1gF4KHp/Fw0xMzAzMDYwMDQyMDhaMAwwCgYDVR0VBAMKAQUwEgYJKoZIhvcN
+AQEKMAWiAwIBAQOBgQBDETj4knxhTVoHhpHOAwskEfJLk0i5jW6iSn7nJ62ASlwj
+lXjpgIbEkohn6AkzLMiHXTzZDWu0iEiPwNK17RKlxWAiqVoH0igL50Luc6rNcsit
++RNnINYIN67JSkLfCxW2iWSDSONRTnbwCo1/XdcpoUFcNkwy5qDWJvcHdjgtGg==
+-----END X509 CRL-----
diff --git a/support/src/test/java/tests/resources/x509/crl-rsa-dsa.der b/support/src/test/java/tests/resources/x509/crl-rsa-dsa.der
index 9282b30..32366fa 100644
--- a/support/src/test/java/tests/resources/x509/crl-rsa-dsa.der
+++ b/support/src/test/java/tests/resources/x509/crl-rsa-dsa.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/crl-rsa-sig.der b/support/src/test/java/tests/resources/x509/crl-rsa-sig.der
index f6ebf4f..80c915b 100644
--- a/support/src/test/java/tests/resources/x509/crl-rsa-sig.der
+++ b/support/src/test/java/tests/resources/x509/crl-rsa-sig.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/crl-rsa-tbs.der b/support/src/test/java/tests/resources/x509/crl-rsa-tbs.der
index 679427d..c444c3a 100644
--- a/support/src/test/java/tests/resources/x509/crl-rsa-tbs.der
+++ b/support/src/test/java/tests/resources/x509/crl-rsa-tbs.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/crl-rsa.der b/support/src/test/java/tests/resources/x509/crl-rsa.der
index 994f1a8..bde1720 100644
--- a/support/src/test/java/tests/resources/x509/crl-rsa.der
+++ b/support/src/test/java/tests/resources/x509/crl-rsa.der
Binary files differ
diff --git a/support/src/test/java/tests/resources/x509/crl-unsupported.der b/support/src/test/java/tests/resources/x509/crl-unsupported.der
index 15eef95..19ffc9c 100644
--- a/support/src/test/java/tests/resources/x509/crl-unsupported.der
+++ b/support/src/test/java/tests/resources/x509/crl-unsupported.der
Binary files differ
