diff options
Diffstat (limited to 'libraries/spongycastle/pkix/src/test/java/org/spongycastle/cert/crmf/test/AllTests.java')
-rw-r--r-- | libraries/spongycastle/pkix/src/test/java/org/spongycastle/cert/crmf/test/AllTests.java | 384 |
1 files changed, 384 insertions, 0 deletions
diff --git a/libraries/spongycastle/pkix/src/test/java/org/spongycastle/cert/crmf/test/AllTests.java b/libraries/spongycastle/pkix/src/test/java/org/spongycastle/cert/crmf/test/AllTests.java new file mode 100644 index 000000000..1504f3ff8 --- /dev/null +++ b/libraries/spongycastle/pkix/src/test/java/org/spongycastle/cert/crmf/test/AllTests.java @@ -0,0 +1,384 @@ +package org.spongycastle.cert.crmf.test; + +import java.io.IOException; +import java.math.BigInteger; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.SecureRandom; +import java.security.Security; +import java.security.cert.X509Certificate; +import java.security.interfaces.RSAPublicKey; +import java.util.Date; + +import javax.security.auth.x500.X500Principal; + +import junit.framework.Test; +import junit.framework.TestCase; +import junit.framework.TestSuite; +import org.spongycastle.asn1.ASN1ObjectIdentifier; +import org.spongycastle.asn1.crmf.CRMFObjectIdentifiers; +import org.spongycastle.asn1.crmf.EncKeyWithID; +import org.spongycastle.asn1.crmf.EncryptedValue; +import org.spongycastle.asn1.x500.X500Name; +import org.spongycastle.asn1.x509.GeneralName; +import org.spongycastle.cert.X509CertificateHolder; +import org.spongycastle.cert.X509v1CertificateBuilder; +import org.spongycastle.cert.crmf.EncryptedValueBuilder; +import org.spongycastle.cert.crmf.EncryptedValuePadder; +import org.spongycastle.cert.crmf.EncryptedValueParser; +import org.spongycastle.cert.crmf.FixedLengthMGF1Padder; +import org.spongycastle.cert.crmf.PKIArchiveControl; +import org.spongycastle.cert.crmf.PKMACBuilder; +import org.spongycastle.cert.crmf.ValueDecryptorGenerator; +import org.spongycastle.cert.crmf.jcajce.JcaCertificateRequestMessage; +import org.spongycastle.cert.crmf.jcajce.JcaCertificateRequestMessageBuilder; +import org.spongycastle.cert.crmf.jcajce.JcaEncryptedValueBuilder; +import org.spongycastle.cert.crmf.jcajce.JcaPKIArchiveControlBuilder; +import org.spongycastle.cert.crmf.jcajce.JceAsymmetricValueDecryptorGenerator; +import org.spongycastle.cert.crmf.jcajce.JceCRMFEncryptorBuilder; +import org.spongycastle.cert.crmf.jcajce.JcePKMACValuesCalculator; +import org.spongycastle.cert.jcajce.JcaX509CertificateConverter; +import org.spongycastle.cert.jcajce.JcaX509v1CertificateBuilder; +import org.spongycastle.cms.CMSAlgorithm; +import org.spongycastle.cms.CMSEnvelopedDataGenerator; +import org.spongycastle.cms.RecipientId; +import org.spongycastle.cms.RecipientInformation; +import org.spongycastle.cms.RecipientInformationStore; +import org.spongycastle.cms.jcajce.JceCMSContentEncryptorBuilder; +import org.spongycastle.cms.jcajce.JceKeyTransEnvelopedRecipient; +import org.spongycastle.cms.jcajce.JceKeyTransRecipientId; +import org.spongycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator; +import org.spongycastle.jce.provider.BouncyCastleProvider; +import org.spongycastle.operator.OperatorCreationException; +import org.spongycastle.operator.jcajce.JcaContentSignerBuilder; +import org.spongycastle.operator.jcajce.JcaContentVerifierProviderBuilder; +import org.spongycastle.operator.jcajce.JceAsymmetricKeyWrapper; +import org.spongycastle.util.Arrays; + +public class AllTests + extends TestCase +{ + private static final byte[] TEST_DATA = "Hello world!".getBytes(); + private static final String BC = BouncyCastleProvider.PROVIDER_NAME; + private static final String PASSPHRASE = "hello world"; + + /* + * + * INFRASTRUCTURE + * + */ + + public AllTests(String name) + { + super(name); + } + + public static void main(String args[]) + { + junit.textui.TestRunner.run(AllTests.class); + } + + public static Test suite() + { + return new TestSuite(AllTests.class); + } + + public void setUp() + { + Security.addProvider(new BouncyCastleProvider()); + } + + public void tearDown() + { + + } + + public void testBasicMessageWithArchiveControl() + throws Exception + { + KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC); + + kGen.initialize(512); + + KeyPair kp = kGen.generateKeyPair(); + X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test"); + + JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ONE); + + certReqBuild.setSubject(new X500Principal("CN=Test")) + .setPublicKey(kp.getPublic()); + + certReqBuild.addControl(new JcaPKIArchiveControlBuilder(kp.getPrivate(), new X500Principal("CN=Test")) + .addRecipientGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider(BC)) + .build(new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.AES128_CBC)).setProvider(BC).build())); + + JcaCertificateRequestMessage certReqMsg = new JcaCertificateRequestMessage(certReqBuild.build()); + + assertEquals(new X500Principal("CN=Test"), certReqMsg.getSubjectX500Principal()); + assertEquals(kp.getPublic(), certReqMsg.getPublicKey()); + + PKIArchiveControl archiveControl = (PKIArchiveControl)certReqMsg.getControl(CRMFObjectIdentifiers.id_regCtrl_pkiArchiveOptions); + + assertEquals(PKIArchiveControl.encryptedPrivKey, archiveControl.getArchiveType()); + + assertTrue(archiveControl.isEnvelopedData()); + + RecipientInformationStore recips = archiveControl.getEnvelopedData().getRecipientInfos(); + + RecipientId recipientId = new JceKeyTransRecipientId(cert); + + RecipientInformation recipientInformation = recips.get(recipientId); + + assertNotNull(recipientInformation); + + EncKeyWithID encKeyWithID = EncKeyWithID.getInstance(recipientInformation.getContent(new JceKeyTransEnvelopedRecipient(kp.getPrivate()).setProvider(BC))); + + assertTrue(encKeyWithID.hasIdentifier()); + assertFalse(encKeyWithID.isIdentifierUTF8String()); + + assertEquals(new GeneralName(X500Name.getInstance(new X500Principal("CN=Test").getEncoded())), encKeyWithID.getIdentifier()); + assertTrue(Arrays.areEqual(kp.getPrivate().getEncoded(), encKeyWithID.getPrivateKey().getEncoded())); + } + + public void testProofOfPossessionWithoutSender() + throws Exception + { + KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC); + + kGen.initialize(512); + + KeyPair kp = kGen.generateKeyPair(); + X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test"); + + JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ONE); + + certReqBuild.setPublicKey(kp.getPublic()) + .setAuthInfoPKMAC(new PKMACBuilder(new JcePKMACValuesCalculator()), "fred".toCharArray()) + .setProofOfPossessionSigningKeySigner(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(kp.getPrivate())); + + certReqBuild.addControl(new JcaPKIArchiveControlBuilder(kp.getPrivate(), new X500Principal("CN=test")) + .addRecipientGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider(BC)) + .build(new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.AES128_CBC)).setProvider(BC).build())); + + JcaCertificateRequestMessage certReqMsg = new JcaCertificateRequestMessage(certReqBuild.build().getEncoded()); + + // check that internal check on popo signing is working okay + try + { + certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic())); + fail("IllegalStateException not thrown"); + } + catch (IllegalStateException e) + { + // ignore + } + + assertTrue(certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic()), new PKMACBuilder(new JcePKMACValuesCalculator().setProvider(BC)), "fred".toCharArray())); + + assertEquals(kp.getPublic(), certReqMsg.getPublicKey()); + } + + public void testProofOfPossessionWithSender() + throws Exception + { + KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC); + + kGen.initialize(512); + + KeyPair kp = kGen.generateKeyPair(); + X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test"); + + JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ONE); + + certReqBuild.setPublicKey(kp.getPublic()) + .setAuthInfoSender(new X500Principal("CN=Test")) + .setProofOfPossessionSigningKeySigner(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(kp.getPrivate())); + + certReqBuild.addControl(new JcaPKIArchiveControlBuilder(kp.getPrivate(), new X500Principal("CN=test")) + .addRecipientGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider(BC)) + .build(new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.AES128_CBC)).setProvider(BC).build())); + + JcaCertificateRequestMessage certReqMsg = new JcaCertificateRequestMessage(certReqBuild.build().getEncoded()); + + // check that internal check on popo signing is working okay + try + { + certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic()), new PKMACBuilder(new JcePKMACValuesCalculator().setProvider(BC)), "fred".toCharArray()); + + fail("IllegalStateException not thrown"); + } + catch (IllegalStateException e) + { + // ignore + } + + + assertTrue(certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic()))); + + assertEquals(kp.getPublic(), certReqMsg.getPublicKey()); + } + + public void testProofOfPossessionWithTemplate() + throws Exception + { + KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC); + + kGen.initialize(512); + + KeyPair kp = kGen.generateKeyPair(); + X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test"); + + JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ONE); + + certReqBuild.setPublicKey(kp.getPublic()) + .setSubject(new X500Principal("CN=Test")) + .setAuthInfoSender(new X500Principal("CN=Test")) + .setProofOfPossessionSigningKeySigner(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(kp.getPrivate())); + + certReqBuild.addControl(new JcaPKIArchiveControlBuilder(kp.getPrivate(), new X500Principal("CN=test")) + .addRecipientGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider(BC)) + .build(new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.AES128_CBC)).setProvider(BC).build())); + + JcaCertificateRequestMessage certReqMsg = new JcaCertificateRequestMessage(certReqBuild.build().getEncoded()); + + assertTrue(certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic()))); + + assertEquals(kp.getPublic(), certReqMsg.getPublicKey()); + } + + public void testEncryptedValue() + throws Exception + { + KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC); + + kGen.initialize(512); + + KeyPair kp = kGen.generateKeyPair(); + X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test"); + + JcaEncryptedValueBuilder build = new JcaEncryptedValueBuilder(new JceAsymmetricKeyWrapper(cert.getPublicKey()).setProvider(BC), new JceCRMFEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build()); + EncryptedValue value = build.build(cert); + ValueDecryptorGenerator decGen = new JceAsymmetricValueDecryptorGenerator(kp.getPrivate()).setProvider(BC); + + // try direct + encryptedValueParserTest(value, decGen, cert); + + // try indirect + encryptedValueParserTest(EncryptedValue.getInstance(value.getEncoded()), decGen, cert); + } + + private void encryptedValueParserTest(EncryptedValue value, ValueDecryptorGenerator decGen, X509Certificate cert) + throws Exception + { + EncryptedValueParser parser = new EncryptedValueParser(value); + + X509CertificateHolder holder = parser.readCertificateHolder(decGen); + + assertTrue(Arrays.areEqual(cert.getEncoded(), holder.getEncoded())); + } + + public void testEncryptedValuePassphrase() + throws Exception + { + char[] passphrase = PASSPHRASE.toCharArray(); + KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC); + + kGen.initialize(512); + + KeyPair kp = kGen.generateKeyPair(); + X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test"); + + EncryptedValueBuilder build = new EncryptedValueBuilder(new JceAsymmetricKeyWrapper(cert.getPublicKey()).setProvider(BC), new JceCRMFEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build()); + EncryptedValue value = build.build(passphrase); + ValueDecryptorGenerator decGen = new JceAsymmetricValueDecryptorGenerator(kp.getPrivate()).setProvider(BC); + + // try direct + encryptedValuePassphraseParserTest(value, null, decGen, cert); + + // try indirect + encryptedValuePassphraseParserTest(EncryptedValue.getInstance(value.getEncoded()), null, decGen, cert); + } + + public void testEncryptedValuePassphraseWithPadding() + throws Exception + { + char[] passphrase = PASSPHRASE.toCharArray(); + KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC); + + kGen.initialize(512); + + KeyPair kp = kGen.generateKeyPair(); + X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test"); + + FixedLengthMGF1Padder mgf1Padder = new FixedLengthMGF1Padder(200, new SecureRandom()); + EncryptedValueBuilder build = new EncryptedValueBuilder(new JceAsymmetricKeyWrapper(cert.getPublicKey()).setProvider(BC), new JceCRMFEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build(), mgf1Padder); + EncryptedValue value = build.build(passphrase); + ValueDecryptorGenerator decGen = new JceAsymmetricValueDecryptorGenerator(kp.getPrivate()).setProvider(BC); + + // try direct + encryptedValuePassphraseParserTest(value, mgf1Padder, decGen, cert); + + // try indirect + encryptedValuePassphraseParserTest(EncryptedValue.getInstance(value.getEncoded()), mgf1Padder, decGen, cert); + } + + private void encryptedValuePassphraseParserTest(EncryptedValue value, EncryptedValuePadder padder, ValueDecryptorGenerator decGen, X509Certificate cert) + throws Exception + { + EncryptedValueParser parser = new EncryptedValueParser(value, padder); + + assertTrue(Arrays.areEqual(PASSPHRASE.toCharArray(), parser.readPassphrase(decGen))); + } + + private static X509Certificate makeV1Certificate(KeyPair subKP, String _subDN, KeyPair issKP, String _issDN) + throws GeneralSecurityException, IOException, OperatorCreationException + { + + PublicKey subPub = subKP.getPublic(); + PrivateKey issPriv = issKP.getPrivate(); + PublicKey issPub = issKP.getPublic(); + + X509v1CertificateBuilder v1CertGen = new JcaX509v1CertificateBuilder( + new X500Name(_issDN), + BigInteger.valueOf(System.currentTimeMillis()), + new Date(System.currentTimeMillis()), + new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)), + new X500Name(_subDN), + subPub); + + JcaContentSignerBuilder signerBuilder = null; + + if (issPub instanceof RSAPublicKey) + { + signerBuilder = new JcaContentSignerBuilder("SHA1WithRSA"); + } + else if (issPub.getAlgorithm().equals("DSA")) + { + signerBuilder = new JcaContentSignerBuilder("SHA1withDSA"); + } + else if (issPub.getAlgorithm().equals("ECDSA")) + { + signerBuilder = new JcaContentSignerBuilder("SHA1withECDSA"); + } + else if (issPub.getAlgorithm().equals("ECGOST3410")) + { + signerBuilder = new JcaContentSignerBuilder("GOST3411withECGOST3410"); + } + else + { + signerBuilder = new JcaContentSignerBuilder("GOST3411WithGOST3410"); + } + + signerBuilder.setProvider(BC); + + X509Certificate _cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(v1CertGen.build(signerBuilder.build(issPriv))); + + _cert.checkValidity(new Date()); + _cert.verify(issPub); + + return _cert; + } +}
\ No newline at end of file |