aboutsummaryrefslogtreecommitdiffstats
path: root/libraries/spongycastle/pkix/src/test/java/org/spongycastle/cert/cmp/test/AllTests.java
diff options
context:
space:
mode:
Diffstat (limited to 'libraries/spongycastle/pkix/src/test/java/org/spongycastle/cert/cmp/test/AllTests.java')
-rw-r--r--libraries/spongycastle/pkix/src/test/java/org/spongycastle/cert/cmp/test/AllTests.java317
1 files changed, 317 insertions, 0 deletions
diff --git a/libraries/spongycastle/pkix/src/test/java/org/spongycastle/cert/cmp/test/AllTests.java b/libraries/spongycastle/pkix/src/test/java/org/spongycastle/cert/cmp/test/AllTests.java
new file mode 100644
index 000000000..ca633903b
--- /dev/null
+++ b/libraries/spongycastle/pkix/src/test/java/org/spongycastle/cert/cmp/test/AllTests.java
@@ -0,0 +1,317 @@
+package org.spongycastle.cert.cmp.test;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+import org.spongycastle.asn1.ASN1Primitive;
+import org.spongycastle.asn1.DERSequence;
+import org.spongycastle.asn1.cmp.CertConfirmContent;
+import org.spongycastle.asn1.cmp.CertRepMessage;
+import org.spongycastle.asn1.cmp.PKIBody;
+import org.spongycastle.asn1.cmp.PKIMessage;
+import org.spongycastle.asn1.crmf.CertReqMessages;
+import org.spongycastle.asn1.crmf.CertReqMsg;
+import org.spongycastle.asn1.crmf.ProofOfPossession;
+import org.spongycastle.asn1.crmf.SubsequentMessage;
+import org.spongycastle.asn1.x500.X500Name;
+import org.spongycastle.asn1.x509.GeneralName;
+import org.spongycastle.cert.CertException;
+import org.spongycastle.cert.X509CertificateHolder;
+import org.spongycastle.cert.X509v3CertificateBuilder;
+import org.spongycastle.cert.cmp.CertificateConfirmationContent;
+import org.spongycastle.cert.cmp.CertificateConfirmationContentBuilder;
+import org.spongycastle.cert.cmp.CertificateStatus;
+import org.spongycastle.cert.cmp.GeneralPKIMessage;
+import org.spongycastle.cert.cmp.ProtectedPKIMessage;
+import org.spongycastle.cert.cmp.ProtectedPKIMessageBuilder;
+import org.spongycastle.cert.crmf.CertificateRequestMessage;
+import org.spongycastle.cert.crmf.CertificateRequestMessageBuilder;
+import org.spongycastle.cert.crmf.PKMACBuilder;
+import org.spongycastle.cert.crmf.jcajce.JcaCertificateRequestMessageBuilder;
+import org.spongycastle.cert.crmf.jcajce.JcePKMACValuesCalculator;
+import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
+import org.spongycastle.cert.jcajce.JcaX509v3CertificateBuilder;
+import org.spongycastle.jce.provider.BouncyCastleProvider;
+import org.spongycastle.operator.ContentSigner;
+import org.spongycastle.operator.ContentVerifierProvider;
+import org.spongycastle.operator.OperatorCreationException;
+import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
+import org.spongycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
+import org.spongycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
+import org.spongycastle.util.io.Streams;
+
+public class AllTests
+ extends TestCase
+{
+ private static final byte[] TEST_DATA = "Hello world!".getBytes();
+ private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
+ private static final String TEST_DATA_HOME = "bc.test.data.home";
+
+ /*
+ *
+ * INFRASTRUCTURE
+ *
+ */
+
+ public AllTests(String name)
+ {
+ super(name);
+ }
+
+ public static void main(String args[])
+ {
+ junit.textui.TestRunner.run(AllTests.class);
+ }
+
+ public static Test suite()
+ {
+ return new TestSuite(AllTests.class);
+ }
+
+ public void setUp()
+ {
+ Security.addProvider(new BouncyCastleProvider());
+ }
+
+ public void tearDown()
+ {
+
+ }
+
+ public void testProtectedMessage()
+ throws Exception
+ {
+ KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
+
+ kGen.initialize(512);
+
+ KeyPair kp = kGen.generateKeyPair();
+ X509CertificateHolder cert = makeV3Certificate(kp, "CN=Test", kp, "CN=Test");
+
+ GeneralName sender = new GeneralName(new X500Name("CN=Sender"));
+ GeneralName recipient = new GeneralName(new X500Name("CN=Recip"));
+
+ ContentSigner signer = new JcaContentSignerBuilder("MD5WithRSAEncryption").setProvider(BC).build(kp.getPrivate());
+ ProtectedPKIMessage message = new ProtectedPKIMessageBuilder(sender, recipient)
+ .setBody(new PKIBody(PKIBody.TYPE_INIT_REP, CertRepMessage.getInstance(new DERSequence(new DERSequence()))))
+ .addCMPCertificate(cert)
+ .build(signer);
+
+ X509Certificate jcaCert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(message.getCertificates()[0]);
+ ContentVerifierProvider verifierProvider = new JcaContentVerifierProviderBuilder().setProvider(BC).build(jcaCert.getPublicKey());
+
+ assertTrue(message.verify(verifierProvider));
+
+ assertEquals(sender, message.getHeader().getSender());
+ assertEquals(recipient, message.getHeader().getRecipient());
+ }
+
+ public void testMacProtectedMessage()
+ throws Exception
+ {
+ KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
+
+ kGen.initialize(512);
+
+ KeyPair kp = kGen.generateKeyPair();
+ X509CertificateHolder cert = makeV3Certificate(kp, "CN=Test", kp, "CN=Test");
+
+ GeneralName sender = new GeneralName(new X500Name("CN=Sender"));
+ GeneralName recipient = new GeneralName(new X500Name("CN=Recip"));
+
+ ProtectedPKIMessage message = new ProtectedPKIMessageBuilder(sender, recipient)
+ .setBody(new PKIBody(PKIBody.TYPE_INIT_REP, CertRepMessage.getInstance(new DERSequence(new DERSequence()))))
+ .addCMPCertificate(cert)
+ .build(new PKMACBuilder(new JcePKMACValuesCalculator().setProvider(BC)).build("secret".toCharArray()));
+
+ PKMACBuilder pkMacBuilder = new PKMACBuilder(new JcePKMACValuesCalculator().setProvider(BC));
+
+ assertTrue(message.verify(pkMacBuilder, "secret".toCharArray()));
+
+ assertEquals(sender, message.getHeader().getSender());
+ assertEquals(recipient, message.getHeader().getRecipient());
+ }
+
+ public void testConfirmationMessage()
+ throws Exception
+ {
+ KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
+
+ kGen.initialize(512);
+
+ KeyPair kp = kGen.generateKeyPair();
+ X509CertificateHolder cert = makeV3Certificate(kp, "CN=Test", kp, "CN=Test");
+
+ GeneralName sender = new GeneralName(new X500Name("CN=Sender"));
+ GeneralName recipient = new GeneralName(new X500Name("CN=Recip"));
+
+ CertificateConfirmationContent content = new CertificateConfirmationContentBuilder()
+ .addAcceptedCertificate(cert, BigInteger.valueOf(1))
+ .build(new JcaDigestCalculatorProviderBuilder().build());
+
+ ContentSigner signer = new JcaContentSignerBuilder("MD5WithRSAEncryption").setProvider(BC).build(kp.getPrivate());
+ ProtectedPKIMessage message = new ProtectedPKIMessageBuilder(sender, recipient)
+ .setBody(new PKIBody(PKIBody.TYPE_CERT_CONFIRM, content.toASN1Structure()))
+ .addCMPCertificate(cert)
+ .build(signer);
+
+ X509Certificate jcaCert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(message.getCertificates()[0]);
+ ContentVerifierProvider verifierProvider = new JcaContentVerifierProviderBuilder().setProvider(BC).build(jcaCert.getPublicKey());
+
+ assertTrue(message.verify(verifierProvider));
+
+ assertEquals(sender, message.getHeader().getSender());
+ assertEquals(recipient, message.getHeader().getRecipient());
+
+ content = new CertificateConfirmationContent(CertConfirmContent.getInstance(message.getBody().getContent()));
+
+ CertificateStatus[] statusList = content.getStatusMessages();
+
+ assertEquals(1, statusList.length);
+ assertTrue(statusList[0].isVerified(cert, new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()));
+ }
+
+ public void testSampleCr()
+ throws Exception
+ {
+ PKIMessage msg = loadMessage("sample_cr.der");
+ ProtectedPKIMessage procMsg = new ProtectedPKIMessage(new GeneralPKIMessage(msg));
+
+ assertTrue(procMsg.verify(new PKMACBuilder(new JcePKMACValuesCalculator().setProvider(BC)), "TopSecret1234".toCharArray()));
+ }
+
+ public void testSubsequentMessage()
+ throws Exception
+ {
+ KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
+
+ kGen.initialize(512);
+
+ KeyPair kp = kGen.generateKeyPair();
+ X509CertificateHolder cert = makeV3Certificate(kp, "CN=Test", kp, "CN=Test");
+
+ ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").setProvider(BC).build(
+ kp.getPrivate());
+
+ GeneralName user = new GeneralName(new X500Name("CN=Test"));
+
+ CertificateRequestMessageBuilder builder = new JcaCertificateRequestMessageBuilder(
+ BigInteger.valueOf(1)).setPublicKey(kp.getPublic()).setProofOfPossessionSubsequentMessage(
+ SubsequentMessage.encrCert);
+
+ ProtectedPKIMessage certRequestMsg = new ProtectedPKIMessageBuilder(user,
+ user).setTransactionID(new byte[] { 1, 2, 3, 4, 5 }).setBody(
+ new PKIBody(PKIBody.TYPE_KEY_UPDATE_REQ, new CertReqMessages(builder.build().toASN1Structure()))).addCMPCertificate(
+ cert).build(signer);
+
+ ProtectedPKIMessage msg = new ProtectedPKIMessage(new GeneralPKIMessage(certRequestMsg.toASN1Structure().getEncoded()));
+
+ CertReqMessages reqMsgs = CertReqMessages.getInstance(msg.getBody().getContent());
+
+ CertReqMsg reqMsg = reqMsgs.toCertReqMsgArray()[0];
+
+ assertEquals(ProofOfPossession.TYPE_KEY_ENCIPHERMENT, reqMsg.getPopo().getType());
+ }
+
+ public void testNotBeforeNotAfter()
+ throws Exception
+ {
+ KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
+
+ kGen.initialize(512);
+
+ KeyPair kp = kGen.generateKeyPair();
+
+ doNotBeforeNotAfterTest(kp, new Date(0L), new Date(60000L));
+ doNotBeforeNotAfterTest(kp, null, new Date(60000L));
+ doNotBeforeNotAfterTest(kp, new Date(0L), null);
+ }
+
+ private void doNotBeforeNotAfterTest(KeyPair kp, Date notBefore, Date notAfter)
+ throws Exception
+ {
+ CertificateRequestMessageBuilder builder = new JcaCertificateRequestMessageBuilder(
+ BigInteger.valueOf(1)).setPublicKey(kp.getPublic()).setProofOfPossessionSubsequentMessage(
+ SubsequentMessage.encrCert);
+
+ builder.setValidity(notBefore, notAfter);
+
+ CertificateRequestMessage message = builder.build();
+
+ if (notBefore != null)
+ {
+ assertEquals(notBefore.getTime(), message.getCertTemplate().getValidity().getNotBefore().getDate().getTime());
+ }
+ else
+ {
+ assertNull(message.getCertTemplate().getValidity().getNotBefore());
+ }
+
+ if (notAfter != null)
+ {
+ assertEquals(notAfter.getTime(), message.getCertTemplate().getValidity().getNotAfter().getDate().getTime());
+ }
+ else
+ {
+ assertNull(message.getCertTemplate().getValidity().getNotAfter());
+ }
+ }
+
+ private static X509CertificateHolder makeV3Certificate(KeyPair subKP, String _subDN, KeyPair issKP, String _issDN)
+ throws GeneralSecurityException, IOException, OperatorCreationException, CertException
+ {
+
+ PublicKey subPub = subKP.getPublic();
+ PrivateKey issPriv = issKP.getPrivate();
+ PublicKey issPub = issKP.getPublic();
+
+ X509v3CertificateBuilder v1CertGen = new JcaX509v3CertificateBuilder(
+ new X500Name(_issDN),
+ BigInteger.valueOf(System.currentTimeMillis()),
+ new Date(System.currentTimeMillis()),
+ new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)),
+ new X500Name(_subDN),
+ subPub);
+
+ ContentSigner signer = new JcaContentSignerBuilder("SHA1WithRSA").setProvider(BC).build(issPriv);
+
+ X509CertificateHolder certHolder = v1CertGen.build(signer);
+
+ ContentVerifierProvider verifier = new JcaContentVerifierProviderBuilder().setProvider(BC).build(issPub);
+
+ assertTrue(certHolder.isSignatureValid(verifier));
+
+ return certHolder;
+ }
+
+ private static PKIMessage loadMessage(String name)
+ {
+ String dataHome = System.getProperty(TEST_DATA_HOME);
+
+ if (dataHome == null)
+ {
+ throw new IllegalStateException(TEST_DATA_HOME + " property not set");
+ }
+
+ try
+ {
+ return PKIMessage.getInstance(ASN1Primitive.fromByteArray(Streams.readAll(new FileInputStream(dataHome + "/cmp/" + name))));
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException(e.toString());
+ }
+ }
+} \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 05:32:17 +0000