aboutsummaryrefslogtreecommitdiffstats
path: root/libraries/spongycastle/pkix/src/test/java/org/spongycastle/cms/test/NewAuthenticatedDataTest.java
diff options
context:
space:
mode:
Diffstat (limited to 'libraries/spongycastle/pkix/src/test/java/org/spongycastle/cms/test/NewAuthenticatedDataTest.java')
-rw-r--r--libraries/spongycastle/pkix/src/test/java/org/spongycastle/cms/test/NewAuthenticatedDataTest.java473
1 files changed, 473 insertions, 0 deletions
diff --git a/libraries/spongycastle/pkix/src/test/java/org/spongycastle/cms/test/NewAuthenticatedDataTest.java b/libraries/spongycastle/pkix/src/test/java/org/spongycastle/cms/test/NewAuthenticatedDataTest.java
new file mode 100644
index 000000000..523662cc9
--- /dev/null
+++ b/libraries/spongycastle/pkix/src/test/java/org/spongycastle/cms/test/NewAuthenticatedDataTest.java
@@ -0,0 +1,473 @@
+package org.spongycastle.cms.test;
+
+import java.security.KeyPair;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Security;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Iterator;
+
+import javax.crypto.SecretKey;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+import org.spongycastle.asn1.ASN1ObjectIdentifier;
+import org.spongycastle.asn1.DERObjectIdentifier;
+import org.spongycastle.asn1.oiw.OIWObjectIdentifiers;
+import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.spongycastle.asn1.x509.AlgorithmIdentifier;
+import org.spongycastle.cert.X509CertificateHolder;
+import org.spongycastle.cms.CMSAlgorithm;
+import org.spongycastle.cms.CMSAuthenticatedData;
+import org.spongycastle.cms.CMSAuthenticatedDataGenerator;
+import org.spongycastle.cms.CMSException;
+import org.spongycastle.cms.CMSProcessableByteArray;
+import org.spongycastle.cms.OriginatorInfoGenerator;
+import org.spongycastle.cms.PasswordRecipient;
+import org.spongycastle.cms.PasswordRecipientInformation;
+import org.spongycastle.cms.RecipientInformation;
+import org.spongycastle.cms.RecipientInformationStore;
+import org.spongycastle.cms.jcajce.JceCMSMacCalculatorBuilder;
+import org.spongycastle.cms.jcajce.JceKEKAuthenticatedRecipient;
+import org.spongycastle.cms.jcajce.JceKEKRecipientInfoGenerator;
+import org.spongycastle.cms.jcajce.JceKeyAgreeAuthenticatedRecipient;
+import org.spongycastle.cms.jcajce.JceKeyAgreeRecipientInfoGenerator;
+import org.spongycastle.cms.jcajce.JceKeyTransAuthenticatedRecipient;
+import org.spongycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
+import org.spongycastle.cms.jcajce.JcePasswordAuthenticatedRecipient;
+import org.spongycastle.cms.jcajce.JcePasswordRecipientInfoGenerator;
+import org.spongycastle.jce.provider.BouncyCastleProvider;
+import org.spongycastle.operator.DigestCalculatorProvider;
+import org.spongycastle.operator.OperatorCreationException;
+import org.spongycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
+import org.spongycastle.util.encoders.Hex;
+
+public class NewAuthenticatedDataTest
+ extends TestCase
+{
+ private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
+
+ private static String _signDN;
+ private static KeyPair _signKP;
+ private static X509Certificate _signCert;
+
+ private static String _origDN;
+ private static KeyPair _origKP;
+ private static X509Certificate _origCert;
+
+ private static String _reciDN;
+ private static KeyPair _reciKP;
+ private static X509Certificate _reciCert;
+
+ private static KeyPair _origEcKP;
+ private static KeyPair _reciEcKP;
+ private static X509Certificate _reciEcCert;
+
+ private static boolean _initialised = false;
+
+ public boolean DEBUG = true;
+
+ private static void init()
+ throws Exception
+ {
+ if (!_initialised)
+ {
+ _initialised = true;
+ Security.addProvider(new org.spongycastle.jce.provider.BouncyCastleProvider());
+
+ _signDN = "O=Bouncy Castle, C=AU";
+ _signKP = CMSTestUtil.makeKeyPair();
+ _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _signKP, _signDN);
+
+ _origDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU";
+ _origKP = CMSTestUtil.makeKeyPair();
+ _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _signKP, _signDN);
+
+ _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU";
+ _reciKP = CMSTestUtil.makeKeyPair();
+ _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN);
+
+ _origEcKP = CMSTestUtil.makeEcDsaKeyPair();
+ _reciEcKP = CMSTestUtil.makeEcDsaKeyPair();
+ _reciEcCert = CMSTestUtil.makeCertificate(_reciEcKP, _reciDN, _signKP, _signDN);
+ }
+ }
+
+ public void setUp()
+ throws Exception
+ {
+ init();
+ }
+
+ public NewAuthenticatedDataTest(String name)
+ {
+ super(name);
+ }
+
+ public static void main(String args[])
+ {
+ junit.textui.TestRunner.run(NewAuthenticatedDataTest.class);
+ }
+
+ public static Test suite()
+ throws Exception
+ {
+ init();
+
+ return new CMSTestSetup(new TestSuite(NewAuthenticatedDataTest.class));
+ }
+
+ public void testKeyTransDESede()
+ throws Exception
+ {
+ tryKeyTrans(CMSAlgorithm.DES_EDE3_CBC);
+ }
+
+ public void testKeyTransDESedeWithDigest()
+ throws Exception
+ {
+ tryKeyTransWithDigest(CMSAlgorithm.DES_EDE3_CBC);
+ }
+
+ public void testKeyTransRC2()
+ throws Exception
+ {
+ tryKeyTrans(CMSAlgorithm.RC2_CBC);
+ }
+
+ public void testKEKDESede()
+ throws Exception
+ {
+ tryKekAlgorithm(CMSTestUtil.makeDesede192Key(), new DERObjectIdentifier("1.2.840.113549.1.9.16.3.6"));
+ }
+
+ public void testKEKDESedeWithDigest()
+ throws Exception
+ {
+ tryKekAlgorithmWithDigest(CMSTestUtil.makeDesede192Key(), new DERObjectIdentifier("1.2.840.113549.1.9.16.3.6"));
+ }
+
+ public void testPasswordAES256()
+ throws Exception
+ {
+ passwordTest(CMSAuthenticatedDataGenerator.AES256_CBC);
+ }
+
+ public void testECKeyAgree()
+ throws Exception
+ {
+ byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
+
+ CMSAuthenticatedDataGenerator adGen = new CMSAuthenticatedDataGenerator();
+
+ JceKeyAgreeRecipientInfoGenerator recipientGenerator = new JceKeyAgreeRecipientInfoGenerator(CMSAlgorithm.ECDH_SHA1KDF, _origEcKP.getPrivate(), _origEcKP.getPublic(), CMSAlgorithm.AES128_WRAP).setProvider(BC);
+
+ recipientGenerator.addRecipient(_reciEcCert);
+
+ adGen.addRecipientInfoGenerator(recipientGenerator);
+
+ CMSAuthenticatedData ad = adGen.generate(
+ new CMSProcessableByteArray(data),
+ new JceCMSMacCalculatorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build());
+
+ RecipientInformationStore recipients = ad.getRecipientInfos();
+
+ assertEquals(ad.getMacAlgOID(),
+ CMSAuthenticatedDataGenerator.DES_EDE3_CBC);
+
+ Collection c = recipients.getRecipients();
+ Iterator it = c.iterator();
+
+ if (it.hasNext())
+ {
+ RecipientInformation recipient = (RecipientInformation)it.next();
+
+ byte[] recData = recipient.getContent(new JceKeyAgreeAuthenticatedRecipient(_reciEcKP.getPrivate()).setProvider(BC));
+ assertTrue(Arrays.equals(data, recData));
+ assertTrue(Arrays.equals(ad.getMac(), recipient.getMac()));
+ }
+ else
+ {
+ fail("no recipient found");
+ }
+ }
+
+ public void testEncoding()
+ throws Exception
+ {
+ byte[] data = "Eric H. Echidna".getBytes();
+
+ CMSAuthenticatedDataGenerator adGen = new CMSAuthenticatedDataGenerator();
+
+ adGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
+
+ CMSAuthenticatedData ad = adGen.generate(
+ new CMSProcessableByteArray(data),
+ new JceCMSMacCalculatorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build());
+
+ ad = new CMSAuthenticatedData(ad.getEncoded());
+
+ RecipientInformationStore recipients = ad.getRecipientInfos();
+
+ assertEquals(CMSAuthenticatedDataGenerator.DES_EDE3_CBC, ad.getMacAlgOID());
+
+ Collection c = recipients.getRecipients();
+
+ assertEquals(1, c.size());
+
+ Iterator it = c.iterator();
+
+ while (it.hasNext())
+ {
+ RecipientInformation recipient = (RecipientInformation)it.next();
+
+ assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
+
+ byte[] recData = recipient.getContent(new JceKeyTransAuthenticatedRecipient(_reciKP.getPrivate()).setProvider(BC));
+
+ assertTrue(Arrays.equals(data, recData));
+ assertTrue(Arrays.equals(ad.getMac(), recipient.getMac()));
+ }
+ }
+
+ public void testOriginatorInfo()
+ throws Exception
+ {
+ byte[] data = "Eric H. Echidna".getBytes();
+ ASN1ObjectIdentifier macAlg = CMSAlgorithm.DES_EDE3_CBC;
+
+ CMSAuthenticatedDataGenerator adGen = new CMSAuthenticatedDataGenerator();
+
+ X509CertificateHolder origCert = new X509CertificateHolder(_origCert.getEncoded());
+
+ adGen.setOriginatorInfo(new OriginatorInfoGenerator(origCert).generate());
+
+ adGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
+
+ CMSAuthenticatedData ad = adGen.generate(
+ new CMSProcessableByteArray(data),
+ new JceCMSMacCalculatorBuilder(macAlg).setProvider(BC).build());
+
+ assertTrue(ad.getOriginatorInfo().getCertificates().getMatches(null).contains(origCert));
+
+ RecipientInformationStore recipients = ad.getRecipientInfos();
+
+ assertEquals(ad.getMacAlgOID(), macAlg.getId());
+
+ Collection c = recipients.getRecipients();
+
+ assertEquals(1, c.size());
+
+ Iterator it = c.iterator();
+
+ while (it.hasNext())
+ {
+ RecipientInformation recipient = (RecipientInformation)it.next();
+
+ assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
+
+ byte[] recData = recipient.getContent(new JceKeyTransAuthenticatedRecipient(_reciKP.getPrivate()).setProvider(BC));
+
+ assertTrue(Arrays.equals(data, recData));
+ assertTrue(Arrays.equals(ad.getMac(), recipient.getMac()));
+ }
+ }
+
+ private void tryKeyTrans(ASN1ObjectIdentifier macAlg)
+ throws Exception
+ {
+ byte[] data = "Eric H. Echidna".getBytes();
+
+ CMSAuthenticatedDataGenerator adGen = new CMSAuthenticatedDataGenerator();
+
+ adGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
+
+ CMSAuthenticatedData ad = adGen.generate(
+ new CMSProcessableByteArray(data),
+ new JceCMSMacCalculatorBuilder(macAlg).setProvider(BC).build());
+
+ RecipientInformationStore recipients = ad.getRecipientInfos();
+
+ assertEquals(ad.getMacAlgOID(), macAlg.getId());
+
+ Collection c = recipients.getRecipients();
+
+ assertEquals(1, c.size());
+
+ Iterator it = c.iterator();
+
+ while (it.hasNext())
+ {
+ RecipientInformation recipient = (RecipientInformation)it.next();
+
+ assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
+
+ byte[] recData = recipient.getContent(new JceKeyTransAuthenticatedRecipient(_reciKP.getPrivate()).setProvider(BC));
+
+ assertTrue(Arrays.equals(data, recData));
+ assertTrue(Arrays.equals(ad.getMac(), recipient.getMac()));
+ }
+ }
+
+ private void tryKeyTransWithDigest(ASN1ObjectIdentifier macAlg)
+ throws Exception
+ {
+ byte[] data = "Eric H. Echidna".getBytes();
+
+ CMSAuthenticatedDataGenerator adGen = new CMSAuthenticatedDataGenerator();
+ DigestCalculatorProvider calcProvider = new JcaDigestCalculatorProviderBuilder().setProvider(BC).build();
+
+ adGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
+
+ CMSAuthenticatedData ad = adGen.generate(
+ new CMSProcessableByteArray(data),
+ new JceCMSMacCalculatorBuilder(macAlg).setProvider(BC).build(),
+ calcProvider.get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)));
+
+ RecipientInformationStore recipients = ad.getRecipientInfos();
+
+ assertEquals(ad.getMacAlgOID(), macAlg.getId());
+
+ Collection c = recipients.getRecipients();
+
+ assertEquals(1, c.size());
+
+ Iterator it = c.iterator();
+
+ while (it.hasNext())
+ {
+ RecipientInformation recipient = (RecipientInformation)it.next();
+
+ assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
+
+ byte[] recData = recipient.getContent(new JceKeyTransAuthenticatedRecipient(_reciKP.getPrivate()).setProvider(BC));
+
+ assertTrue(Arrays.equals(data, recData));
+ assertTrue(Arrays.equals(ad.getMac(), recipient.getMac()));
+ assertTrue(Arrays.equals(ad.getContentDigest(), recipient.getContentDigest()));
+ }
+ }
+
+ private void tryKekAlgorithm(SecretKey kek, DERObjectIdentifier algOid)
+ throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, OperatorCreationException
+ {
+ byte[] data = "Eric H. Echidna".getBytes();
+
+ CMSAuthenticatedDataGenerator adGen = new CMSAuthenticatedDataGenerator();
+
+ byte[] kekId = new byte[] { 1, 2, 3, 4, 5 };
+
+ adGen.addRecipientInfoGenerator(new JceKEKRecipientInfoGenerator(kekId, kek).setProvider(BC));
+
+ CMSAuthenticatedData ad = adGen.generate(
+ new CMSProcessableByteArray(data),
+ new JceCMSMacCalculatorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build());
+
+ RecipientInformationStore recipients = ad.getRecipientInfos();
+
+ Collection c = recipients.getRecipients();
+ Iterator it = c.iterator();
+
+ assertEquals(ad.getMacAlgOID(), CMSAuthenticatedDataGenerator.DES_EDE3_CBC);
+
+ if (it.hasNext())
+ {
+ RecipientInformation recipient = (RecipientInformation)it.next();
+
+ assertEquals(recipient.getKeyEncryptionAlgOID(), algOid.getId());
+
+ byte[] recData = recipient.getContent(new JceKEKAuthenticatedRecipient(kek).setProvider(BC));
+
+ assertTrue(Arrays.equals(data, recData));
+ assertTrue(Arrays.equals(ad.getMac(), recipient.getMac()));
+ }
+ else
+ {
+ fail("no recipient found");
+ }
+ }
+
+ private void tryKekAlgorithmWithDigest(SecretKey kek, DERObjectIdentifier algOid)
+ throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, OperatorCreationException
+ {
+ byte[] data = "Eric H. Echidna".getBytes();
+
+ CMSAuthenticatedDataGenerator adGen = new CMSAuthenticatedDataGenerator();
+ DigestCalculatorProvider calcProvider = new JcaDigestCalculatorProviderBuilder().setProvider(BC).build();
+
+ byte[] kekId = new byte[] { 1, 2, 3, 4, 5 };
+
+ adGen.addRecipientInfoGenerator(new JceKEKRecipientInfoGenerator(kekId, kek).setProvider(BC));
+
+ CMSAuthenticatedData ad = adGen.generate(
+ new CMSProcessableByteArray(data),
+ new JceCMSMacCalculatorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build(),
+ calcProvider.get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)));
+
+ RecipientInformationStore recipients = ad.getRecipientInfos();
+
+ Collection c = recipients.getRecipients();
+ Iterator it = c.iterator();
+
+ assertEquals(ad.getMacAlgOID(), CMSAuthenticatedDataGenerator.DES_EDE3_CBC);
+
+ if (it.hasNext())
+ {
+ RecipientInformation recipient = (RecipientInformation)it.next();
+
+ assertEquals(recipient.getKeyEncryptionAlgOID(), algOid.getId());
+
+ byte[] recData = recipient.getContent(new JceKEKAuthenticatedRecipient(kek).setProvider(BC));
+
+ assertTrue(Arrays.equals(data, recData));
+ assertTrue(Arrays.equals(ad.getMac(), recipient.getMac()));
+ assertTrue(Arrays.equals(ad.getContentDigest(), recipient.getContentDigest()));
+ }
+ else
+ {
+ fail("no recipient found");
+ }
+ }
+
+
+ private void passwordTest(String algorithm)
+ throws Exception
+ {
+ byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
+
+ CMSAuthenticatedDataGenerator adGen = new CMSAuthenticatedDataGenerator();
+
+ adGen.addRecipientInfoGenerator(new JcePasswordRecipientInfoGenerator(new ASN1ObjectIdentifier(algorithm), "password".toCharArray()).setProvider(BC).setSaltAndIterationCount(new byte[20], 5));
+
+ CMSAuthenticatedData ad = adGen.generate(
+ new CMSProcessableByteArray(data),
+ new JceCMSMacCalculatorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build());
+
+ RecipientInformationStore recipients = ad.getRecipientInfos();
+
+ assertEquals(ad.getMacAlgOID(),
+ CMSAuthenticatedDataGenerator.DES_EDE3_CBC);
+
+ Collection c = recipients.getRecipients();
+ Iterator it = c.iterator();
+
+ if (it.hasNext())
+ {
+ PasswordRecipientInformation recipient = (PasswordRecipientInformation)it.next();
+
+ PasswordRecipient pbeRep = new JcePasswordAuthenticatedRecipient("password".toCharArray()).setProvider(BC);
+
+ byte[] recData = recipient.getContent(pbeRep);
+
+ assertTrue(Arrays.equals(data, recData));
+ assertTrue(Arrays.equals(ad.getMac(), recipient.getMac()));
+ }
+ else
+ {
+ fail("no recipient found");
+ }
+ }
+} \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 20:03:11 +0000