aboutsummaryrefslogtreecommitdiffstats
path: root/libraries/spongycastle/core/src/test/java/org/spongycastle/asn1/test/GenerationTest.java
diff options
context:
space:
mode:
Diffstat (limited to 'libraries/spongycastle/core/src/test/java/org/spongycastle/asn1/test/GenerationTest.java')
-rw-r--r--libraries/spongycastle/core/src/test/java/org/spongycastle/asn1/test/GenerationTest.java428
1 files changed, 428 insertions, 0 deletions
diff --git a/libraries/spongycastle/core/src/test/java/org/spongycastle/asn1/test/GenerationTest.java b/libraries/spongycastle/core/src/test/java/org/spongycastle/asn1/test/GenerationTest.java
new file mode 100644
index 000000000..6febc0583
--- /dev/null
+++ b/libraries/spongycastle/core/src/test/java/org/spongycastle/asn1/test/GenerationTest.java
@@ -0,0 +1,428 @@
+package org.spongycastle.asn1.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.text.ParseException;
+import java.util.Date;
+import java.util.Hashtable;
+import java.util.Vector;
+
+import org.spongycastle.asn1.ASN1EncodableVector;
+import org.spongycastle.asn1.ASN1GeneralizedTime;
+import org.spongycastle.asn1.ASN1InputStream;
+import org.spongycastle.asn1.ASN1Integer;
+import org.spongycastle.asn1.ASN1OutputStream;
+import org.spongycastle.asn1.ASN1Primitive;
+import org.spongycastle.asn1.DERNull;
+import org.spongycastle.asn1.DEROctetString;
+import org.spongycastle.asn1.DERSequence;
+import org.spongycastle.asn1.oiw.ElGamalParameter;
+import org.spongycastle.asn1.oiw.OIWObjectIdentifiers;
+import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.spongycastle.asn1.x500.X500Name;
+import org.spongycastle.asn1.x509.AlgorithmIdentifier;
+import org.spongycastle.asn1.x509.AuthorityKeyIdentifier;
+import org.spongycastle.asn1.x509.CRLReason;
+import org.spongycastle.asn1.x509.Extension;
+import org.spongycastle.asn1.x509.Extensions;
+import org.spongycastle.asn1.x509.ExtensionsGenerator;
+import org.spongycastle.asn1.x509.GeneralName;
+import org.spongycastle.asn1.x509.GeneralNames;
+import org.spongycastle.asn1.x509.IssuingDistributionPoint;
+import org.spongycastle.asn1.x509.KeyUsage;
+import org.spongycastle.asn1.x509.RSAPublicKeyStructure;
+import org.spongycastle.asn1.x509.SubjectKeyIdentifier;
+import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.spongycastle.asn1.x509.TBSCertList;
+import org.spongycastle.asn1.x509.TBSCertificate;
+import org.spongycastle.asn1.x509.Time;
+import org.spongycastle.asn1.x509.V1TBSCertificateGenerator;
+import org.spongycastle.asn1.x509.V2TBSCertListGenerator;
+import org.spongycastle.asn1.x509.V3TBSCertificateGenerator;
+import org.spongycastle.asn1.x509.X509Extension;
+import org.spongycastle.asn1.x509.X509Extensions;
+import org.spongycastle.asn1.x509.X509Name;
+import org.spongycastle.util.Arrays;
+import org.spongycastle.util.encoders.Base64;
+import org.spongycastle.util.test.SimpleTest;
+
+public class GenerationTest
+ extends SimpleTest
+{
+ private byte[] v1Cert = Base64.decode(
+ "MIGtAgEBMA0GCSqGSIb3DQEBBAUAMCUxCzAJBgNVBAMMAkFVMRYwFAYDVQQKDA1Cb"
+ + "3VuY3kgQ2FzdGxlMB4XDTcwMDEwMTAwMDAwMVoXDTcwMDEwMTAwMDAxMlowNjELMA"
+ + "kGA1UEAwwCQVUxFjAUBgNVBAoMDUJvdW5jeSBDYXN0bGUxDzANBgNVBAsMBlRlc3Q"
+ + "gMTAaMA0GCSqGSIb3DQEBAQUAAwkAMAYCAQECAQI=");
+
+ private byte[] v3Cert = Base64.decode(
+ "MIIBSKADAgECAgECMA0GCSqGSIb3DQEBBAUAMCUxCzAJBgNVBAMMAkFVMRYwFAYD"
+ + "VQQKDA1Cb3VuY3kgQ2FzdGxlMB4XDTcwMDEwMTAwMDAwMVoXDTcwMDEwMTAwMDAw"
+ + "MlowNjELMAkGA1UEAwwCQVUxFjAUBgNVBAoMDUJvdW5jeSBDYXN0bGUxDzANBgNV"
+ + "BAsMBlRlc3QgMjAYMBAGBisOBwIBATAGAgEBAgECAwQAAgEDo4GVMIGSMGEGA1Ud"
+ + "IwEB/wRXMFWAFDZPdpHPzKi7o8EJokkQU2uqCHRRoTqkODA2MQswCQYDVQQDDAJB"
+ + "VTEWMBQGA1UECgwNQm91bmN5IENhc3RsZTEPMA0GA1UECwwGVGVzdCAyggECMCAG"
+ + "A1UdDgEB/wQWBBQ2T3aRz8you6PBCaJJEFNrqgh0UTALBgNVHQ8EBAMCBBA=");
+
+ private byte[] v3CertNullSubject = Base64.decode(
+ "MIHGoAMCAQICAQIwDQYJKoZIhvcNAQEEBQAwJTELMAkGA1UEAwwCQVUxFjAUBgNVB"
+ + "AoMDUJvdW5jeSBDYXN0bGUwHhcNNzAwMTAxMDAwMDAxWhcNNzAwMTAxMDAwMDAyWj"
+ + "AAMBgwEAYGKw4HAgEBMAYCAQECAQIDBAACAQOjSjBIMEYGA1UdEQEB/wQ8MDqkODA"
+ + "2MQswCQYDVQQDDAJBVTEWMBQGA1UECgwNQm91bmN5IENhc3RsZTEPMA0GA1UECwwG"
+ + "VGVzdCAy");
+
+ private byte[] v2CertList = Base64.decode(
+ "MIIBQwIBATANBgkqhkiG9w0BAQUFADAlMQswCQYDVQQDDAJBVTEWMBQGA1UECgwN" +
+ "Qm91bmN5IENhc3RsZRcNNzAwMTAxMDAwMDAwWhcNNzAwMTAxMDAwMDAyWjAiMCAC" +
+ "AQEXDTcwMDEwMTAwMDAwMVowDDAKBgNVHRUEAwoBCqCBxTCBwjBhBgNVHSMBAf8E" +
+ "VzBVgBQ2T3aRz8you6PBCaJJEFNrqgh0UaE6pDgwNjELMAkGA1UEAwwCQVUxFjAU" +
+ "BgNVBAoMDUJvdW5jeSBDYXN0bGUxDzANBgNVBAsMBlRlc3QgMoIBAjBDBgNVHRIE" +
+ "PDA6pDgwNjELMAkGA1UEAwwCQVUxFjAUBgNVBAoMDUJvdW5jeSBDYXN0bGUxDzAN" +
+ "BgNVBAsMBlRlc3QgMzAKBgNVHRQEAwIBATAMBgNVHRwBAf8EAjAA");
+
+ private void tbsV1CertGen()
+ throws IOException
+ {
+ V1TBSCertificateGenerator gen = new V1TBSCertificateGenerator();
+ Date startDate = new Date(1000);
+ Date endDate = new Date(12000);
+
+ gen.setSerialNumber(new ASN1Integer(1));
+
+ gen.setStartDate(new Time(startDate));
+ gen.setEndDate(new Time(endDate));
+
+ gen.setIssuer(new X500Name("CN=AU,O=Bouncy Castle"));
+ gen.setSubject(new X500Name("CN=AU,O=Bouncy Castle,OU=Test 1"));
+
+ gen.setSignature(new AlgorithmIdentifier(PKCSObjectIdentifiers.md5WithRSAEncryption, DERNull.INSTANCE));
+
+ SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE),
+ new RSAPublicKeyStructure(BigInteger.valueOf(1), BigInteger.valueOf(2)));
+
+ gen.setSubjectPublicKeyInfo(info);
+
+ TBSCertificate tbs = gen.generateTBSCertificate();
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ ASN1OutputStream aOut = new ASN1OutputStream(bOut);
+
+ aOut.writeObject(tbs);
+
+ if (!Arrays.areEqual(bOut.toByteArray(), v1Cert))
+ {
+ fail("failed v1 cert generation");
+ }
+
+ //
+ // read back test
+ //
+ ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(v1Cert));
+ ASN1Primitive o = aIn.readObject();
+
+ bOut = new ByteArrayOutputStream();
+ aOut = new ASN1OutputStream(bOut);
+
+ aOut.writeObject(o);
+
+ if (!Arrays.areEqual(bOut.toByteArray(), v1Cert))
+ {
+ fail("failed v1 cert read back test");
+ }
+ }
+
+ private AuthorityKeyIdentifier createAuthorityKeyId(
+ SubjectPublicKeyInfo info,
+ X500Name name,
+ int sNumber)
+ {
+ GeneralName genName = new GeneralName(name);
+ ASN1EncodableVector v = new ASN1EncodableVector();
+
+ v.add(genName);
+
+ return new AuthorityKeyIdentifier(
+ info, GeneralNames.getInstance(new DERSequence(v)), BigInteger.valueOf(sNumber));
+ }
+
+ private void tbsV3CertGen()
+ throws IOException
+ {
+ V3TBSCertificateGenerator gen = new V3TBSCertificateGenerator();
+ Date startDate = new Date(1000);
+ Date endDate = new Date(2000);
+
+ gen.setSerialNumber(new ASN1Integer(2));
+
+ gen.setStartDate(new Time(startDate));
+ gen.setEndDate(new Time(endDate));
+
+ gen.setIssuer(new X500Name("CN=AU,O=Bouncy Castle"));
+ gen.setSubject(new X500Name("CN=AU,O=Bouncy Castle,OU=Test 2"));
+
+ gen.setSignature(new AlgorithmIdentifier(PKCSObjectIdentifiers.md5WithRSAEncryption, DERNull.INSTANCE));
+
+ SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(BigInteger.valueOf(1), BigInteger.valueOf(2))), new ASN1Integer(3));
+
+ gen.setSubjectPublicKeyInfo(info);
+
+ //
+ // add extensions
+ //
+ Vector order = new Vector();
+ Hashtable extensions = new Hashtable();
+
+ order.addElement(X509Extension.authorityKeyIdentifier);
+ order.addElement(X509Extension.subjectKeyIdentifier);
+ order.addElement(X509Extension.keyUsage);
+
+ extensions.put(X509Extension.authorityKeyIdentifier, new X509Extension(true, new DEROctetString(createAuthorityKeyId(info, new X500Name("CN=AU,O=Bouncy Castle,OU=Test 2"), 2))));
+ extensions.put(X509Extension.subjectKeyIdentifier, new X509Extension(true, new DEROctetString(new SubjectKeyIdentifier(info))));
+ extensions.put(X509Extension.keyUsage, new X509Extension(false, new DEROctetString(new KeyUsage(KeyUsage.dataEncipherment))));
+
+ X509Extensions ex = new X509Extensions(order, extensions);
+
+ gen.setExtensions(ex);
+
+ TBSCertificate tbs = gen.generateTBSCertificate();
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ ASN1OutputStream aOut = new ASN1OutputStream(bOut);
+
+ aOut.writeObject(tbs);
+
+ if (!Arrays.areEqual(bOut.toByteArray(), v3Cert))
+ {
+ fail("failed v3 cert generation");
+ }
+
+ //
+ // read back test
+ //
+ ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(v3Cert));
+ ASN1Primitive o = aIn.readObject();
+
+ bOut = new ByteArrayOutputStream();
+ aOut = new ASN1OutputStream(bOut);
+
+ aOut.writeObject(o);
+
+ if (!Arrays.areEqual(bOut.toByteArray(), v3Cert))
+ {
+ fail("failed v3 cert read back test");
+ }
+ }
+
+ private void tbsV3CertGenWithNullSubject()
+ throws IOException
+ {
+ V3TBSCertificateGenerator gen = new V3TBSCertificateGenerator();
+ Date startDate = new Date(1000);
+ Date endDate = new Date(2000);
+
+ gen.setSerialNumber(new ASN1Integer(2));
+
+ gen.setStartDate(new Time(startDate));
+ gen.setEndDate(new Time(endDate));
+
+ gen.setIssuer(new X500Name("CN=AU,O=Bouncy Castle"));
+
+ gen.setSignature(new AlgorithmIdentifier(PKCSObjectIdentifiers.md5WithRSAEncryption, DERNull.INSTANCE));
+
+ SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(BigInteger.valueOf(1), BigInteger.valueOf(2))), new ASN1Integer(3));
+
+ gen.setSubjectPublicKeyInfo(info);
+
+ try
+ {
+ gen.generateTBSCertificate();
+ fail("null subject not caught!");
+ }
+ catch (IllegalStateException e)
+ {
+ if (!e.getMessage().equals("not all mandatory fields set in V3 TBScertificate generator"))
+ {
+ fail("unexpected exception", e);
+ }
+ }
+
+ //
+ // add extensions
+ //
+ Vector order = new Vector();
+ Hashtable extensions = new Hashtable();
+
+ order.addElement(X509Extension.subjectAlternativeName);
+
+ extensions.put(X509Extension.subjectAlternativeName, new X509Extension(true, new DEROctetString(new GeneralNames(new GeneralName(new X509Name("CN=AU,O=Bouncy Castle,OU=Test 2"))))));
+
+ X509Extensions ex = new X509Extensions(order, extensions);
+
+ gen.setExtensions(ex);
+
+ TBSCertificate tbs = gen.generateTBSCertificate();
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ ASN1OutputStream aOut = new ASN1OutputStream(bOut);
+
+ aOut.writeObject(tbs);
+
+ if (!Arrays.areEqual(bOut.toByteArray(), v3CertNullSubject))
+ {
+ fail("failed v3 null sub cert generation");
+ }
+
+ //
+ // read back test
+ //
+ ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(v3CertNullSubject));
+ ASN1Primitive o = aIn.readObject();
+
+ bOut = new ByteArrayOutputStream();
+ aOut = new ASN1OutputStream(bOut);
+
+ aOut.writeObject(o);
+
+ if (!Arrays.areEqual(bOut.toByteArray(), v3CertNullSubject))
+ {
+ fail("failed v3 null sub cert read back test");
+ }
+ }
+
+ private void tbsV2CertListGen()
+ throws IOException
+ {
+ V2TBSCertListGenerator gen = new V2TBSCertListGenerator();
+
+ gen.setIssuer(new X500Name("CN=AU,O=Bouncy Castle"));
+
+ gen.addCRLEntry(new ASN1Integer(1), new Time(new Date(1000)), CRLReason.aACompromise);
+
+ gen.setNextUpdate(new Time(new Date(2000)));
+
+ gen.setThisUpdate(new Time(new Date(500)));
+
+ gen.setSignature(new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption, DERNull.INSTANCE));
+
+ //
+ // extensions
+ //
+ SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(BigInteger.valueOf(1), BigInteger.valueOf(2))), new ASN1Integer(3));
+
+ ExtensionsGenerator extGen = new ExtensionsGenerator();
+
+ extGen.addExtension(Extension.authorityKeyIdentifier, true, createAuthorityKeyId(info, new X500Name("CN=AU,O=Bouncy Castle,OU=Test 2"), 2));
+ extGen.addExtension(Extension.issuerAlternativeName, false, new GeneralNames(new GeneralName(new X500Name("CN=AU,O=Bouncy Castle,OU=Test 3"))));
+ extGen.addExtension(Extension.cRLNumber, false, new ASN1Integer(1));
+ extGen.addExtension(Extension.issuingDistributionPoint, true, IssuingDistributionPoint.getInstance(new DERSequence()));
+
+ Extensions ex = extGen.generate();
+
+ gen.setExtensions(ex);
+
+ TBSCertList tbs = gen.generateTBSCertList();
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ ASN1OutputStream aOut = new ASN1OutputStream(bOut);
+
+ aOut.writeObject(tbs);
+
+ if (!Arrays.areEqual(bOut.toByteArray(), v2CertList))
+ {
+ System.out.println(new String(Base64.encode(bOut.toByteArray())));
+ fail("failed v2 cert list generation");
+ }
+
+ //
+ // read back test
+ //
+ ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(v2CertList));
+ ASN1Primitive o = aIn.readObject();
+
+ bOut = new ByteArrayOutputStream();
+ aOut = new ASN1OutputStream(bOut);
+
+ aOut.writeObject(o);
+
+ if (!Arrays.areEqual(bOut.toByteArray(), v2CertList))
+ {
+ fail("failed v2 cert list read back test");
+ }
+
+ //
+ // check we can add a custom reason
+ //
+ gen.addCRLEntry(new ASN1Integer(1), new Time(new Date(1000)), CRLReason.aACompromise);
+
+ //
+ // check invalidity date
+ gen.addCRLEntry(new ASN1Integer(2), new Time(new Date(1000)), CRLReason.affiliationChanged, new ASN1GeneralizedTime(new Date(2000)));
+
+ TBSCertList crl = gen.generateTBSCertList();
+
+ TBSCertList.CRLEntry[] entries = crl.getRevokedCertificates();
+ for (int i = 0; i != entries.length; i++)
+ {
+ TBSCertList.CRLEntry entry = entries[i];
+
+ if (entry.getUserCertificate().equals(new ASN1Integer(1)))
+ {
+ Extensions extensions = entry.getExtensions();
+ Extension ext = extensions.getExtension(Extension.reasonCode);
+
+ CRLReason r = CRLReason.getInstance(ext.getParsedValue());
+
+ if (r.getValue().intValue() != CRLReason.aACompromise)
+ {
+ fail("reason code mismatch");
+ }
+ }
+ else if (entry.getUserCertificate().equals(new ASN1Integer(2)))
+ {
+ Extensions extensions = entry.getExtensions();
+ Extension ext = extensions.getExtension(Extension.reasonCode);
+
+ CRLReason r = CRLReason.getInstance(ext.getParsedValue());
+
+ if (r.getValue().intValue() != CRLReason.affiliationChanged)
+ {
+ fail("reason code mismatch");
+ }
+
+ ext = extensions.getExtension(Extension.invalidityDate);
+
+ ASN1GeneralizedTime t = ASN1GeneralizedTime.getInstance(ext.getParsedValue());
+
+ try
+ {
+ if (!t.getDate().equals(new Date(2000)))
+ {
+ fail("invalidity date mismatch");
+ }
+ }
+ catch (ParseException e)
+ {
+ fail("can't parse date", e);
+ }
+ }
+ }
+ }
+
+ public void performTest()
+ throws Exception
+ {
+ tbsV1CertGen();
+ tbsV3CertGen();
+ tbsV3CertGenWithNullSubject();
+ tbsV2CertListGen();
+ }
+
+ public String getName()
+ {
+ return "Generation";
+ }
+
+ public static void main(
+ String[] args)
+ {
+ runTest(new GenerationTest());
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-14 02:11:48 +0000