diff --git a/examples/certs/aia/multi-aia-cert.pem b/examples/certs/aia/multi-aia-cert.pem new file mode 100644 index 00000000..d0722788 --- /dev/null +++ b/examples/certs/aia/multi-aia-cert.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwTCCAqmgAwIBAgIUEcNoHSMtIkVhW/MmkmUEsVoJVQEwDQYJKoZIhvcNAQEL +BQAwITEfMB0GA1UEAwwWd29sZnNzbC1haWEtbXVsdGktdGVzdDAeFw0yNjAxMjcw +MTUwNDRaFw0yNzAxMjcwMTUwNDRaMCExHzAdBgNVBAMMFndvbGZzc2wtYWlhLW11 +bHRpLXRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpVdogPQ2I +/nErbxSaNGoYhkwoj1qt+Be1/qWnvZzJ0EBOG4EdioMRIkJzP6W3HoAhkGBrueXf +riN07M3XLocRfE+9C1+jZQxBGRxysns9z7K+i0pBtPN/AXV2RCSz13FFyVyLhLks +2YAL9By36X9R0wsL+Nd4EAQ4ouf0GglmTmtb5rHf2GIno4xFg9tpWosiUTytwgDC +K9lQEQnTnPG6E43N2bszqBc4roOPrYDnd7raNTqcv9yTHM8zwffGJuCogE/Fbr2R +yVubLW28n5/O1Pb47hHuPJv6oHMZgct2SV5OB/mwVgI0eoFMSQZ35o6BpHD0C497 +L2IcoMi8A9rFAgMBAAGjgfAwge0wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAoQw +gbAGCCsGAQUFBwEBBIGjMIGgMCIGCCsGAQUFBzABhhZodHRwOi8vMTI3LjAuMC4x +OjIyMjIxMCIGCCsGAQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIyMCkGCCsG +AQUFBzAChh1odHRwOi8vd3d3LndvbGZzc2wuY29tL2NhLnBlbTArBggrBgEFBQcw +AoYfaHR0cHM6Ly93d3cud29sZnNzbC5jb20vY2EyLnBlbTAdBgNVHQ4EFgQU1GNm +eP/LXQk0tFaTeWoNHyLhLZkwDQYJKoZIhvcNAQELBQADggEBACwuXdKYI2Q/Vhd7 +TJFvKdp7BuUopQGEQ+4vR+FoesYXc9MHjZJfMqEffv1MArTeY46At/zvcTeszagi +io+jjGBLOutsAf9WK3PnKMIkGGfro6btZ8QFyKiZ6unMMlqe6cGqrCrNKp8jLP3k +CKZltR5c+MIPhpjoOhNDMOcPMwZBGQJWubwOb4uOu3wv7UWJk/ovKP9WJCUn6wLH +soDs+MHMICkxOvDfPf+F4URVqTbzE8IvSMv38z4cAqsyEfWxr32Dg34S/NmeePFV +7sSDpksvyITGsxjnQulSuUFSmldumQ6GnA4ZUXvCNdJ0zbD/Iib9ud6K05VdWYZP +uyCRkjY= +-----END CERTIFICATE----- diff --git a/examples/certs/aia/overflow-aia-cert.pem b/examples/certs/aia/overflow-aia-cert.pem new file mode 100644 index 00000000..1054df14 --- /dev/null +++ b/examples/certs/aia/overflow-aia-cert.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEcDCCA1igAwIBAgIUN5kIU1GLRP5bRKctP271p7IGFVowDQYJKoZIhvcNAQEL +BQAwJDEiMCAGA1UEAwwZd29sZnNzbC1haWEtb3ZlcmZsb3ctdGVzdDAeFw0yNjAx +MjcwMTU1NTBaFw0yNzAxMjcwMTU1NTBaMCQxIjAgBgNVBAMMGXdvbGZzc2wtYWlh +LW92ZXJmbG93LXRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS +eHeAzVuCe44SU8bcyIWLwkA2AABw/ctSBWKAFEd7DYHduRr3diblHERU1Fv5JzYx +JnZquj1IO/qsnSFJYDc9sQmYea89iW8KNPVXKDzdbzhpiQLZL7Yq71ICxxqVLfRr +91lyAj0+Syncrp96olSpMJochVnQ6PqLcc/Gq7CMtrKn5KAN7Mn3+LdAQYU8JjRa +zqEJ8fmkBKbS5watzgnkP2o5jWSpWzpDOxTdw85hju4H9m5Gmun3XVO9dEAN/dqK +vklkzgQGvAMMQMIcgOzw0HxAuvsSNtjgEpIlOir0M7YiC0pYqtMO+thSCmVCvsDR +/nG/iqe6YBSXh6oszGwTAgMBAAGjggGYMIIBlDAMBgNVHRMEBTADAQH/MAsGA1Ud +DwQEAwIChDCCAVYGCCsGAQUFBwEBBIIBSDCCAUQwIgYIKwYBBQUHMAGGFmh0dHA6 +Ly8xMjcuMC4wLjE6MjIyMjAwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6 +MjIyMjEwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjIwIgYIKwYB +BQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjMwIgYIKwYBBQUHMAGGFmh0dHA6 +Ly8xMjcuMC4wLjE6MjIyMjQwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6 +MjIyMjUwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjYwIgYIKwYB +BQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjcwIgYIKwYBBQUHMAGGFmh0dHA6 +Ly8xMjcuMC4wLjE6MjIyMjgwHQYDVR0OBBYEFJt6TNgqMFBebotXaauIYPpUJi1S +MA0GCSqGSIb3DQEBCwUAA4IBAQA5noHB343sKQqVmmLds0gC/k1UhVA5iftAGmes +uRdNOOCdo2i739DmRAXggetgtatcjDfjxkrvq0Qi+geozZra6uX9FT/hgfw6kDpU +HKzJFy4E0G0HTM8mtJi+aGDZL3Lts+h272eahkT1jVKGAPFugqfz7fKRsMce6eCE +UD5cvtQXX16fGhBxxmUCZPnxMKcj2oNl7RliHphK6ofXuNbKjqjVQfxsTUXSQDyS +ApH5w6iUnAvC5l19qYrBcCVOB6CNJ2CdmvFI//Ox8Jc56HRYYDIdVp2Q3FFA5Z4s +gTLvlumVgihAekD+0zVF9q+AJ4TSbE3cqsQgHF/+p84KxWid +-----END CERTIFICATE----- diff --git a/native/com_wolfssl_WolfSSLCertificate.c b/native/com_wolfssl_WolfSSLCertificate.c index 798249ca..ee71e57b 100644 --- a/native/com_wolfssl_WolfSSLCertificate.c +++ b/native/com_wolfssl_WolfSSLCertificate.c @@ -1736,6 +1736,75 @@ static int addEkuOid(JNIEnv* jenv, jobjectArray ret, int idx, return idx; } +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_CERTS) && \ + (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) && \ + ((LIBWOLFSSL_VERSION_HEX > 0x05008004) || \ + defined(WOLFSSL_PR9728_PATCH_APPLIED)) + +static jobjectArray stackStringToArray(JNIEnv* jenv, jclass jcl, + WOLF_STACK_OF(WOLFSSL_STRING)* sk) +{ + jobjectArray ret = NULL; + jclass stringClass = NULL; + int count; + int i; + + if (jenv == NULL || sk == NULL) { + return NULL; + } + + count = wolfSSL_sk_WOLFSSL_STRING_num(sk); + if (count <= 0) { + wolfSSL_X509_email_free(sk); + return NULL; + } + + stringClass = (*jenv)->FindClass(jenv, "java/lang/String"); + if (stringClass == NULL) { + wolfSSL_X509_email_free(sk); + return NULL; + } + + ret = (*jenv)->NewObjectArray(jenv, count, stringClass, NULL); + if (ret == NULL) { + (*jenv)->DeleteLocalRef(jenv, stringClass); + wolfSSL_X509_email_free(sk); + return NULL; + } + + for (i = 0; i < count; i++) { + const char* str = wolfSSL_sk_WOLFSSL_STRING_value(sk, i); + jstring jstr = (*jenv)->NewStringUTF(jenv, (str != NULL) ? str : ""); + if (jstr == NULL) { + (*jenv)->DeleteLocalRef(jenv, ret); + (*jenv)->DeleteLocalRef(jenv, stringClass); + wolfSSL_X509_email_free(sk); + (*jenv)->ThrowNew(jenv, jcl, + "Failed to create String in native AIA getter"); + return NULL; + } + + (*jenv)->SetObjectArrayElement(jenv, ret, i, jstr); + (*jenv)->DeleteLocalRef(jenv, jstr); + if ((*jenv)->ExceptionOccurred(jenv)) { + (*jenv)->ExceptionDescribe(jenv); + (*jenv)->ExceptionClear(jenv); + (*jenv)->DeleteLocalRef(jenv, ret); + (*jenv)->DeleteLocalRef(jenv, stringClass); + wolfSSL_X509_email_free(sk); + (*jenv)->ThrowNew(jenv, jcl, + "Failed to set String[] element in native AIA getter"); + return NULL; + } + } + + (*jenv)->DeleteLocalRef(jenv, stringClass); + wolfSSL_X509_email_free(sk); + return ret; +} +#endif + JNIEXPORT jobjectArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1extended_1key_1usage (JNIEnv* jenv, jclass jcl, jlong x509Ptr) { @@ -1800,6 +1869,87 @@ JNIEXPORT jobjectArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1ex return ret; } +JNIEXPORT jobjectArray JNICALL +Java_com_wolfssl_WolfSSLCertificate_X509_1get1_1ocsp + (JNIEnv* jenv, jclass jcl, jlong x509Ptr) +{ + /* AIA API extensions were added after wolfSSL 5.8.4 in PR 9728. Version + * check must be greater than 5.8.4 or patch from PR 9728 must be applied + * and WOLFSSL_PR9728_PATCH_APPLIED defined when compiling this wrapper. */ +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_CERTS) && \ + (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) && \ + ((LIBWOLFSSL_VERSION_HEX > 0x05008004) || \ + defined(WOLFSSL_PR9728_PATCH_APPLIED)) + WOLFSSL_X509* x509 = (WOLFSSL_X509*)(uintptr_t)x509Ptr; + WOLF_STACK_OF(WOLFSSL_STRING)* sk = NULL; + + if (jenv == NULL || x509 == NULL) { + return NULL; + } + + sk = wolfSSL_X509_get1_ocsp(x509); + return stackStringToArray(jenv, jcl, sk); +#else + (void)jenv; + (void)jcl; + (void)x509Ptr; + return NULL; +#endif +} + +JNIEXPORT jint JNICALL +Java_com_wolfssl_WolfSSLCertificate_X509_1get_1aia_1overflow + (JNIEnv* jenv, jclass jcl, jlong x509Ptr) +{ +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_CERTS) && \ + (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) && \ + ((LIBWOLFSSL_VERSION_HEX > 0x05008004) || \ + defined(WOLFSSL_PR9728_PATCH_APPLIED)) + WOLFSSL_X509* x509 = (WOLFSSL_X509*)(uintptr_t)x509Ptr; + (void)jcl; + + if (jenv == NULL || x509 == NULL) { + return 0; + } + + return (jint)wolfSSL_X509_get_aia_overflow(x509); +#else + (void)jenv; + (void)jcl; + (void)x509Ptr; + return (jint)NOT_COMPILED_IN; +#endif +} + +JNIEXPORT jobjectArray JNICALL +Java_com_wolfssl_WolfSSLCertificate_X509_1get1_1ca_1issuers + (JNIEnv* jenv, jclass jcl, jlong x509Ptr) +{ +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_CERTS) && \ + (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) && \ + defined(WOLFSSL_ASN_CA_ISSUER) && \ + ((LIBWOLFSSL_VERSION_HEX > 0x05008004) || \ + defined(WOLFSSL_PR9728_PATCH_APPLIED)) + WOLFSSL_X509* x509 = (WOLFSSL_X509*)(uintptr_t)x509Ptr; + WOLF_STACK_OF(WOLFSSL_STRING)* sk = NULL; + + if (jenv == NULL || x509 == NULL) { + return NULL; + } + + sk = wolfSSL_X509_get1_ca_issuers(x509); + return stackStringToArray(jenv, jcl, sk); +#else + (void)jenv; + (void)jcl; + (void)x509Ptr; + return NULL; +#endif +} + JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1extension (JNIEnv* jenv, jclass jcl, jlong x509Ptr, jstring oidIn) { @@ -2385,4 +2535,3 @@ JNIEXPORT jlong JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1ext_1d2i_ return 0; #endif } - diff --git a/native/com_wolfssl_WolfSSLCertificate.h b/native/com_wolfssl_WolfSSLCertificate.h index 611d6b30..64bbad36 100644 --- a/native/com_wolfssl_WolfSSLCertificate.h +++ b/native/com_wolfssl_WolfSSLCertificate.h @@ -205,6 +205,33 @@ JNIEXPORT jbooleanArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1k JNIEXPORT jobjectArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1extended_1key_1usage (JNIEnv *, jclass, jlong); +/* + * Class: com_wolfssl_WolfSSLCertificate + * Method: X509_get1_ocsp + * Signature: (J)[Ljava/lang/String; + */ +JNIEXPORT jobjectArray JNICALL +Java_com_wolfssl_WolfSSLCertificate_X509_1get1_1ocsp + (JNIEnv *, jclass, jlong); + +/* + * Class: com_wolfssl_WolfSSLCertificate + * Method: X509_get_aia_overflow + * Signature: (J)I + */ +JNIEXPORT jint JNICALL +Java_com_wolfssl_WolfSSLCertificate_X509_1get_1aia_1overflow + (JNIEnv *, jclass, jlong); + +/* + * Class: com_wolfssl_WolfSSLCertificate + * Method: X509_get1_ca_issuers + * Signature: (J)[Ljava/lang/String; + */ +JNIEXPORT jobjectArray JNICALL +Java_com_wolfssl_WolfSSLCertificate_X509_1get1_1ca_1issuers + (JNIEnv *, jclass, jlong); + /* * Class: com_wolfssl_WolfSSLCertificate * Method: X509_get_extension diff --git a/src/java/com/wolfssl/WolfSSLCertificate.java b/src/java/com/wolfssl/WolfSSLCertificate.java index 6f67e383..d5641c8b 100644 --- a/src/java/com/wolfssl/WolfSSLCertificate.java +++ b/src/java/com/wolfssl/WolfSSLCertificate.java @@ -103,6 +103,9 @@ public class WolfSSLCertificate implements Serializable { static native int X509_verify(long x509, byte[] pubKey, int pubKeySz); static native boolean[] X509_get_key_usage(long x509); static native String[] X509_get_extended_key_usage(long x509); + static native String[] X509_get1_ocsp(long x509); + static native int X509_get_aia_overflow(long x509); + static native String[] X509_get1_ca_issuers(long x509); static native byte[] X509_get_extension(long x509, String oid); static native int X509_is_extension_set(long x509, String oid); static native String X509_get_next_altname(long x509); @@ -1631,6 +1634,69 @@ public String[] getExtendedKeyUsage() throws IllegalStateException { } } + /** + * Get OCSP responder URIs from the certificate Authority Information + * Access (AIA) extension. + * + * @return Array of OCSP responder URIs, or null if not present. + * + * @throws IllegalStateException if WolfSSLCertificate has been freed + */ + public String[] getOcspUris() throws IllegalStateException { + + confirmObjectIsActive(); + + synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, + () -> "entering getOcspUris()"); + + return X509_get1_ocsp(this.x509Ptr); + } + } + + /** + * Check if AIA parsing overflowed the internal URI list. + * + * @return 1 if AIA parsing overflowed, 0 if not, or + * WolfSSL.NOT_COMPILED_IN if not available. + * + * @throws IllegalStateException if WolfSSLCertificate has been freed + */ + public int getAiaOverflow() throws IllegalStateException { + + confirmObjectIsActive(); + + synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, + () -> "entering getAiaOverflow()"); + + return X509_get_aia_overflow(this.x509Ptr); + } + } + + /** + * Get CA Issuer URIs from the certificate Authority Information Access + * (AIA) extension. + * + * @return Array of CA Issuer URIs, or null if not present. + * + * @throws IllegalStateException if WolfSSLCertificate has been freed + */ + public String[] getCaIssuerUris() throws IllegalStateException { + + confirmObjectIsActive(); + + synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, + () -> "entering getCaIssuerUris()"); + + return X509_get1_ca_issuers(this.x509Ptr); + } + } + /** * Get DER encoded extension value from a specified OID * @@ -2246,4 +2312,3 @@ protected void finalize() throws Throwable super.finalize(); } } - diff --git a/src/test/com/wolfssl/test/WolfSSLCertificateTest.java b/src/test/com/wolfssl/test/WolfSSLCertificateTest.java index 1854c0a7..6fb195e6 100644 --- a/src/test/com/wolfssl/test/WolfSSLCertificateTest.java +++ b/src/test/com/wolfssl/test/WolfSSLCertificateTest.java @@ -86,6 +86,10 @@ public class WolfSSLCertificateTest { public static String sanTestEmailUriCert = null; public static String sanTestDirNameRidCert = null; public static String sanTestCaCert = null; + public static String aiaMultiCertPem = + "examples/certs/aia/multi-aia-cert.pem"; + public static String aiaOverflowCertPem = + "examples/certs/aia/overflow-aia-cert.pem"; public static String bogusFile = "/dev/null"; private WolfSSLCertificate cert; @@ -116,6 +120,8 @@ public static void setCertPaths() throws WolfSSLException { sanTestEmailUriCert = sanTestDir + "/san-test-email-uri.pem"; sanTestDirNameRidCert = sanTestDir + "/san-test-dirname-rid.pem"; sanTestCaCert = sanTestDir + "/san-test-ca-cert.pem"; + aiaMultiCertPem = WolfSSLTestCommon.getPath(aiaMultiCertPem); + aiaOverflowCertPem = WolfSSLTestCommon.getPath(aiaOverflowCertPem); } @@ -164,6 +170,8 @@ public void test_runCertTestsAfterConstructor() { test_getKeyUsage(); test_getExtendedKeyUsage(); } + test_getAiaMulti(); + test_getAiaOverflow(); test_getExtensionSet(); test_toString(); test_free(); @@ -677,6 +685,141 @@ public void test_getExtendedKeyUsage() { System.out.println("\t... passed"); } + public void test_getAiaMulti() { + String[] ocsp; + String[] ca; + String ocsp1 = "http://127.0.0.1:22221"; + String ocsp2 = "http://127.0.0.1:22222"; + String ca1 = "http://www.wolfssl.com/ca.pem"; + String ca2 = "https://www.wolfssl.com/ca2.pem"; + WolfSSLCertificate tmp = null; + + System.out.print("\t\tgetOcspUris/getCaIssuerUris"); + + try { + if (WolfSSL.FileSystemEnabled() == true) { + tmp = new WolfSSLCertificate(aiaMultiCertPem, + WolfSSL.SSL_FILETYPE_PEM); + } else { + tmp = new WolfSSLCertificate( + fileToByteArray(aiaMultiCertPem), + WolfSSL.SSL_FILETYPE_PEM); + } + + int overflow = tmp.getAiaOverflow(); + if (overflow == WolfSSL.NOT_COMPILED_IN) { + System.out.println("\t... skipped (AIA not compiled in)"); + tmp.free(); + return; + } + + ocsp = tmp.getOcspUris(); + if (ocsp == null || ocsp.length != 2) { + System.out.println("\t... failed"); + fail("Expected 2 OCSP URIs, got " + + ((ocsp == null) ? "null" : ocsp.length)); + } + assertTrue(arrayContains(ocsp, ocsp1)); + assertTrue(arrayContains(ocsp, ocsp2)); + + ca = tmp.getCaIssuerUris(); + if (ca == null || ca.length != 2) { + System.out.println("\t... failed"); + fail("Expected 2 CA Issuer URIs, got " + + ((ca == null) ? "null" : ca.length)); + } + assertTrue(arrayContains(ca, ca1)); + assertTrue(arrayContains(ca, ca2)); + + if (overflow != 0) { + System.out.println("\t... failed"); + fail("Expected no AIA overflow, got " + overflow); + } + + tmp.free(); + } catch (Exception ex) { + if (tmp != null) { + tmp.free(); + } + Logger.getLogger(WolfSSLCertificateTest.class.getName()).log( + Level.SEVERE, null, ex); + System.out.println("\t... failed"); + fail("Error loading AIA multi certificate"); + } + + System.out.println("\t... passed"); + } + + public void test_getAiaOverflow() { + String[] ocsp; + WolfSSLCertificate tmp = null; + + System.out.print("\t\tgetOcspUris overflow"); + + try { + if (WolfSSL.FileSystemEnabled() == true) { + tmp = new WolfSSLCertificate(aiaOverflowCertPem, + WolfSSL.SSL_FILETYPE_PEM); + } else { + tmp = new WolfSSLCertificate( + fileToByteArray(aiaOverflowCertPem), + WolfSSL.SSL_FILETYPE_PEM); + } + + int overflow = tmp.getAiaOverflow(); + if (overflow == WolfSSL.NOT_COMPILED_IN) { + System.out.println("\t... skipped (AIA not compiled in)"); + tmp.free(); + return; + } + + ocsp = tmp.getOcspUris(); + if (ocsp == null || ocsp.length != 8) { + System.out.println("\t... failed"); + fail("Expected 8 OCSP URIs (overflow), got " + + ((ocsp == null) ? "null" : ocsp.length)); + } + assertTrue(arrayContains(ocsp, "http://127.0.0.1:22220")); + assertTrue(arrayContains(ocsp, "http://127.0.0.1:22221")); + assertTrue(arrayContains(ocsp, "http://127.0.0.1:22222")); + assertTrue(arrayContains(ocsp, "http://127.0.0.1:22223")); + assertTrue(arrayContains(ocsp, "http://127.0.0.1:22224")); + assertTrue(arrayContains(ocsp, "http://127.0.0.1:22225")); + assertTrue(arrayContains(ocsp, "http://127.0.0.1:22226")); + assertTrue(arrayContains(ocsp, "http://127.0.0.1:22227")); + assertFalse(arrayContains(ocsp, "http://127.0.0.1:22228")); + + if (overflow != 1) { + System.out.println("\t... failed"); + fail("Expected AIA overflow to be set, got " + overflow); + } + + tmp.free(); + } catch (Exception ex) { + if (tmp != null) { + tmp.free(); + } + Logger.getLogger(WolfSSLCertificateTest.class.getName()).log( + Level.SEVERE, null, ex); + System.out.println("\t... failed"); + fail("Error loading AIA overflow certificate"); + } + + System.out.println("\t... passed"); + } + + private boolean arrayContains(String[] list, String value) { + if (list == null || value == null) { + return false; + } + for (String s : list) { + if (value.equals(s)) { + return true; + } + } + return false; + } + public void test_getExtensionSet() { System.out.print("\t\tgetExtensionSet"); @@ -3059,4 +3202,3 @@ private void test_SAN_CaCertVerification() System.out.println("\t\t... passed"); } } -