diff options
Diffstat (limited to 'libraries/spongycastle/pkix/src/test/java/org/spongycastle/cms/test/NewSignedDataStreamTest.java')
-rw-r--r-- | libraries/spongycastle/pkix/src/test/java/org/spongycastle/cms/test/NewSignedDataStreamTest.java | 1311 |
1 files changed, 0 insertions, 1311 deletions
diff --git a/libraries/spongycastle/pkix/src/test/java/org/spongycastle/cms/test/NewSignedDataStreamTest.java b/libraries/spongycastle/pkix/src/test/java/org/spongycastle/cms/test/NewSignedDataStreamTest.java deleted file mode 100644 index 8032b71cd..000000000 --- a/libraries/spongycastle/pkix/src/test/java/org/spongycastle/cms/test/NewSignedDataStreamTest.java +++ /dev/null @@ -1,1311 +0,0 @@ -package org.spongycastle.cms.test; - -import java.io.BufferedOutputStream; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.OutputStream; -import java.security.KeyPair; -import java.security.MessageDigest; -import java.security.Security; -import java.security.cert.X509CRL; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.Hashtable; -import java.util.Iterator; -import java.util.List; -import java.util.Map; - -import junit.framework.Test; -import junit.framework.TestCase; -import junit.framework.TestSuite; -import org.spongycastle.asn1.ASN1ObjectIdentifier; -import org.spongycastle.asn1.ASN1OctetString; -import org.spongycastle.asn1.DEROctetString; -import org.spongycastle.asn1.DERSet; -import org.spongycastle.asn1.cms.Attribute; -import org.spongycastle.asn1.cms.AttributeTable; -import org.spongycastle.asn1.cms.CMSAttributes; -import org.spongycastle.asn1.cms.CMSObjectIdentifiers; -import org.spongycastle.asn1.ocsp.OCSPResponse; -import org.spongycastle.cert.X509AttributeCertificateHolder; -import org.spongycastle.cert.X509CertificateHolder; -import org.spongycastle.cert.jcajce.JcaCRLStore; -import org.spongycastle.cert.jcajce.JcaCertStore; -import org.spongycastle.cert.jcajce.JcaX509CRLHolder; -import org.spongycastle.cert.jcajce.JcaX509CertificateHolder; -import org.spongycastle.cert.ocsp.OCSPResp; -import org.spongycastle.cms.CMSAlgorithm; -import org.spongycastle.cms.CMSAttributeTableGenerator; -import org.spongycastle.cms.CMSProcessableByteArray; -import org.spongycastle.cms.CMSSignedData; -import org.spongycastle.cms.CMSSignedDataGenerator; -import org.spongycastle.cms.CMSSignedDataParser; -import org.spongycastle.cms.CMSSignedDataStreamGenerator; -import org.spongycastle.cms.CMSTypedData; -import org.spongycastle.cms.CMSTypedStream; -import org.spongycastle.cms.DefaultSignedAttributeTableGenerator; -import org.spongycastle.cms.SignerInformation; -import org.spongycastle.cms.SignerInformationStore; -import org.spongycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder; -import org.spongycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder; -import org.spongycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder; -import org.spongycastle.jce.provider.BouncyCastleProvider; -import org.spongycastle.operator.ContentSigner; -import org.spongycastle.operator.jcajce.JcaContentSignerBuilder; -import org.spongycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; -import org.spongycastle.util.CollectionStore; -import org.spongycastle.util.Store; -import org.spongycastle.util.encoders.Base64; - -public class NewSignedDataStreamTest - extends TestCase -{ - - byte[] successResp = Base64.decode( - "MIIFnAoBAKCCBZUwggWRBgkrBgEFBQcwAQEEggWCMIIFfjCCARehgZ8wgZwx" - + "CzAJBgNVBAYTAklOMRcwFQYDVQQIEw5BbmRocmEgcHJhZGVzaDESMBAGA1UE" - + "BxMJSHlkZXJhYmFkMQwwCgYDVQQKEwNUQ1MxDDAKBgNVBAsTA0FUQzEeMBwG" - + "A1UEAxMVVENTLUNBIE9DU1AgUmVzcG9uZGVyMSQwIgYJKoZIhvcNAQkBFhVv" - + "Y3NwQHRjcy1jYS50Y3MuY28uaW4YDzIwMDMwNDAyMTIzNDU4WjBiMGAwOjAJ" - + "BgUrDgMCGgUABBRs07IuoCWNmcEl1oHwIak1BPnX8QQUtGyl/iL9WJ1VxjxF" - + "j0hAwJ/s1AcCAQKhERgPMjAwMjA4MjkwNzA5MjZaGA8yMDAzMDQwMjEyMzQ1" - + "OFowDQYJKoZIhvcNAQEFBQADgYEAfbN0TCRFKdhsmvOdUoiJ+qvygGBzDxD/" - + "VWhXYA+16AphHLIWNABR3CgHB3zWtdy2j7DJmQ/R7qKj7dUhWLSqclAiPgFt" - + "QQ1YvSJAYfEIdyHkxv4NP0LSogxrumANcDyC9yt/W9yHjD2ICPBIqCsZLuLk" - + "OHYi5DlwWe9Zm9VFwCGgggPMMIIDyDCCA8QwggKsoAMCAQICAQYwDQYJKoZI" - + "hvcNAQEFBQAwgZQxFDASBgNVBAMTC1RDUy1DQSBPQ1NQMSYwJAYJKoZIhvcN" - + "AQkBFhd0Y3MtY2FAdGNzLWNhLnRjcy5jby5pbjEMMAoGA1UEChMDVENTMQww" - + "CgYDVQQLEwNBVEMxEjAQBgNVBAcTCUh5ZGVyYWJhZDEXMBUGA1UECBMOQW5k" - + "aHJhIHByYWRlc2gxCzAJBgNVBAYTAklOMB4XDTAyMDgyOTA3MTE0M1oXDTAz" - + "MDgyOTA3MTE0M1owgZwxCzAJBgNVBAYTAklOMRcwFQYDVQQIEw5BbmRocmEg" - + "cHJhZGVzaDESMBAGA1UEBxMJSHlkZXJhYmFkMQwwCgYDVQQKEwNUQ1MxDDAK" - + "BgNVBAsTA0FUQzEeMBwGA1UEAxMVVENTLUNBIE9DU1AgUmVzcG9uZGVyMSQw" - + "IgYJKoZIhvcNAQkBFhVvY3NwQHRjcy1jYS50Y3MuY28uaW4wgZ8wDQYJKoZI" - + "hvcNAQEBBQADgY0AMIGJAoGBAM+XWW4caMRv46D7L6Bv8iwtKgmQu0SAybmF" - + "RJiz12qXzdvTLt8C75OdgmUomxp0+gW/4XlTPUqOMQWv463aZRv9Ust4f8MH" - + "EJh4ekP/NS9+d8vEO3P40ntQkmSMcFmtA9E1koUtQ3MSJlcs441JjbgUaVnm" - + "jDmmniQnZY4bU3tVAgMBAAGjgZowgZcwDAYDVR0TAQH/BAIwADALBgNVHQ8E" - + "BAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwNgYIKwYBBQUHAQEEKjAoMCYG" - + "CCsGAQUFBzABhhpodHRwOi8vMTcyLjE5LjQwLjExMDo3NzAwLzAtBgNVHR8E" - + "JjAkMCKgIKAehhxodHRwOi8vMTcyLjE5LjQwLjExMC9jcmwuY3JsMA0GCSqG" - + "SIb3DQEBBQUAA4IBAQB6FovM3B4VDDZ15o12gnADZsIk9fTAczLlcrmXLNN4" - + "PgmqgnwF0Ymj3bD5SavDOXxbA65AZJ7rBNAguLUo+xVkgxmoBH7R2sBxjTCc" - + "r07NEadxM3HQkt0aX5XYEl8eRoifwqYAI9h0ziZfTNes8elNfb3DoPPjqq6V" - + "mMg0f0iMS4W8LjNPorjRB+kIosa1deAGPhq0eJ8yr0/s2QR2/WFD5P4aXc8I" - + "KWleklnIImS3zqiPrq6tl2Bm8DZj7vXlTOwmraSQxUwzCKwYob1yGvNOUQTq" - + "pG6jxn7jgDawHU1+WjWQe4Q34/pWeGLysxTraMa+Ug9kPe+jy/qRX2xwvKBZ"); - - private static final String BC = BouncyCastleProvider.PROVIDER_NAME; - - private static final String TEST_MESSAGE = "Hello World!"; - private static String _signDN; - private static KeyPair _signKP; - private static X509Certificate _signCert; - - private static String _origDN; - private static KeyPair _origKP; - private static X509Certificate _origCert; - - private static String _reciDN; - private static KeyPair _reciKP; - private static X509Certificate _reciCert; - - private static KeyPair _origDsaKP; - private static X509Certificate _origDsaCert; - - private static X509CRL _signCrl; - private static X509CRL _origCrl; - - private static boolean _initialised = false; - - public NewSignedDataStreamTest(String name) - { - super(name); - } - - private static void init() - throws Exception - { - if (!_initialised) - { - _initialised = true; - - if (Security.getProvider(BC) == null) - { - Security.addProvider(new BouncyCastleProvider()); - } - - _signDN = "O=Bouncy Castle, C=AU"; - _signKP = CMSTestUtil.makeKeyPair(); - _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _signKP, _signDN); - - _origDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU"; - _origKP = CMSTestUtil.makeKeyPair(); - _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _signKP, _signDN); - - _origDsaKP = CMSTestUtil.makeDsaKeyPair(); - _origDsaCert = CMSTestUtil.makeCertificate(_origDsaKP, _origDN, _signKP, _signDN); - - _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU"; - _reciKP = CMSTestUtil.makeKeyPair(); - _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN); - - _signCrl = CMSTestUtil.makeCrl(_signKP); - _origCrl = CMSTestUtil.makeCrl(_origKP); - } - } - - private void verifySignatures(CMSSignedDataParser sp, byte[] contentDigest) - throws Exception - { - Store certStore = sp.getCertificates(); - Store crlStore = sp.getCRLs(); - SignerInformationStore signers = sp.getSignerInfos(); - - Collection c = signers.getSigners(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certStore.getMatches(signer.getSID()); - - Iterator certIt = certCollection.iterator(); - X509CertificateHolder cert = (X509CertificateHolder)certIt.next(); - - assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert))); - - if (contentDigest != null) - { - assertTrue(MessageDigest.isEqual(contentDigest, signer.getContentDigest())); - } - } - - assertEquals(certStore.getMatches(null).size(), sp.getCertificates().getMatches(null).size()); - assertEquals(crlStore.getMatches(null).size(), sp.getCRLs().getMatches(null).size()); - } - - private void verifySignatures(CMSSignedDataParser sp) - throws Exception - { - verifySignatures(sp, null); - } - - private void verifyEncodedData(ByteArrayOutputStream bOut) - throws Exception - { - CMSSignedDataParser sp; - sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), bOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - - sp.close(); - } - - private void checkSigParseable(byte[] sig) - throws Exception - { - CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), sig); - sp.getVersion(); - CMSTypedStream sc = sp.getSignedContent(); - if (sc != null) - { - sc.drain(); - } - sp.getCertificates(); - sp.getCRLs(); - sp.getSignerInfos(); - sp.close(); - } - -// public void testEarlyInvalidKeyException() throws Exception -// { -// try -// { -// CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); -// gen.addSigner( _origKP.getPrivate(), _origCert, -// "DSA", // DOESN'T MATCH KEY ALG -// CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); -// -// fail("Expected InvalidKeyException in addSigner"); -// } -// catch (InvalidKeyException e) -// { -// // Ignore -// } -// } - -// public void testEarlyNoSuchAlgorithmException() throws Exception -// { -// try -// { -// CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); -// gen.addSigner( _origKP.getPrivate(), _origCert, -// CMSSignedDataStreamGenerator.DIGEST_SHA1, // BAD OID! -// CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); -// -// fail("Expected NoSuchAlgorithmException in addSigner"); -// } -// catch (NoSuchAlgorithmException e) -// { -// // Ignore -// } -// } - - public void testSha1EncapsulatedSignature() - throws Exception - { - byte[] encapSigData = Base64.decode( - "MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEH" - + "AaCAJIAEDEhlbGxvIFdvcmxkIQAAAAAAAKCCBGIwggINMIIBdqADAgECAgEF" - + "MA0GCSqGSIb3DQEBBAUAMCUxFjAUBgNVBAoTDUJvdW5jeSBDYXN0bGUxCzAJ" - + "BgNVBAYTAkFVMB4XDTA1MDgwNzA2MjU1OVoXDTA1MTExNTA2MjU1OVowJTEW" - + "MBQGA1UEChMNQm91bmN5IENhc3RsZTELMAkGA1UEBhMCQVUwgZ8wDQYJKoZI" - + "hvcNAQEBBQADgY0AMIGJAoGBAI1fZGgH9wgC3QiK6yluH6DlLDkXkxYYL+Qf" - + "nVRszJVYl0LIxZdpb7WEbVpO8fwtEgFtoDsOdxyqh3dTBv+L7NVD/v46kdPt" - + "xVkSNHRbutJVY8Xn4/TC/CDngqtbpbniMO8n0GiB6vs94gBT20M34j96O2IF" - + "73feNHP+x8PkJ+dNAgMBAAGjTTBLMB0GA1UdDgQWBBQ3XUfEE6+D+t+LIJgK" - + "ESSUE58eyzAfBgNVHSMEGDAWgBQ3XUfEE6+D+t+LIJgKESSUE58eyzAJBgNV" - + "HRMEAjAAMA0GCSqGSIb3DQEBBAUAA4GBAFK3r1stYOeXYJOlOyNGDTWEhZ+a" - + "OYdFeFaS6c+InjotHuFLAy+QsS8PslE48zYNFEqYygGfLhZDLlSnJ/LAUTqF" - + "01vlp+Bgn/JYiJazwi5WiiOTf7Th6eNjHFKXS3hfSGPNPIOjvicAp3ce3ehs" - + "uK0MxgLAaxievzhFfJcGSUMDMIICTTCCAbagAwIBAgIBBzANBgkqhkiG9w0B" - + "AQQFADAlMRYwFAYDVQQKEw1Cb3VuY3kgQ2FzdGxlMQswCQYDVQQGEwJBVTAe" - + "Fw0wNTA4MDcwNjI1NTlaFw0wNTExMTUwNjI1NTlaMGUxGDAWBgNVBAMTD0Vy" - + "aWMgSC4gRWNoaWRuYTEkMCIGCSqGSIb3DQEJARYVZXJpY0Bib3VuY3ljYXN0" - + "bGUub3JnMRYwFAYDVQQKEw1Cb3VuY3kgQ2FzdGxlMQswCQYDVQQGEwJBVTCB" - + "nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAgHCJyfwV6/V3kqSu2SOU2E/K" - + "I+N0XohCMUaxPLLNtNBZ3ijxwaV6JGFz7siTgZD/OGfzir/eZimkt+L1iXQn" - + "OAB+ZChivKvHtX+dFFC7Vq+E4Uy0Ftqc/wrGxE6DHb5BR0hprKH8wlDS8wSP" - + "zxovgk4nH0ffUZOoDSuUgjh3gG8CAwEAAaNNMEswHQYDVR0OBBYEFLfY/4EG" - + "mYrvJa7Cky+K9BJ7YmERMB8GA1UdIwQYMBaAFDddR8QTr4P634sgmAoRJJQT" - + "nx7LMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEEBQADgYEADIOmpMd6UHdMjkyc" - + "mIE1yiwfClCsGhCK9FigTg6U1G2FmkBwJIMWBlkeH15uvepsAncsgK+Cn3Zr" - + "dZMb022mwtTJDtcaOM+SNeuCnjdowZ4i71Hf68siPm6sMlZkhz49rA0Yidoo" - + "WuzYOO+dggzwDsMldSsvsDo/ARyCGOulDOAxggEvMIIBKwIBATAqMCUxFjAU" - + "BgNVBAoTDUJvdW5jeSBDYXN0bGUxCzAJBgNVBAYTAkFVAgEHMAkGBSsOAwIa" - + "BQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP" - + "Fw0wNTA4MDcwNjI1NTlaMCMGCSqGSIb3DQEJBDEWBBQu973mCM5UBOl9XwQv" - + "lfifHCMocTANBgkqhkiG9w0BAQEFAASBgGxnBl2qozYKLgZ0ygqSFgWcRGl1" - + "LgNuE587LtO+EKkgoc3aFqEdjXlAyP8K7naRsvWnFrsB6pUpnrgI9Z8ZSKv8" - + "98IlpsSSJ0jBlEb4gzzavwcBpYbr2ryOtDcF+kYmKIpScglyyoLzm+KPXOoT" - + "n7MsJMoKN3Kd2Vzh6s10PFgeAAAAAAAA"); - - CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), encapSigData); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - } - - public void testSHA1WithRSANoAttributes() - throws Exception - { - List certList = new ArrayList(); - CMSTypedData msg = new CMSProcessableByteArray(TEST_MESSAGE.getBytes()); - - certList.add(_origCert); - certList.add(_signCert); - - Store certs = new JcaCertStore(certList); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate()); - - JcaSignerInfoGeneratorBuilder siBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()); - - siBuilder.setDirectSignature(true); - - gen.addSignerInfoGenerator(siBuilder.build(sha1Signer, _origCert)); - - gen.addCertificates(certs); - - CMSSignedData s = gen.generate(msg, false); - - CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), - new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), s.getEncoded()); - - sp.getSignedContent().drain(); - - // - // compute expected content digest - // - MessageDigest md = MessageDigest.getInstance("SHA1", BC); - - verifySignatures(sp, md.digest(TEST_MESSAGE.getBytes())); - } - - public void testDSANoAttributes() - throws Exception - { - List certList = new ArrayList(); - CMSTypedData msg = new CMSProcessableByteArray(TEST_MESSAGE.getBytes()); - - certList.add(_origDsaCert); - certList.add(_signCert); - - JcaCertStore certs = new JcaCertStore(certList); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - JcaSignerInfoGeneratorBuilder builder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()); - - builder.setDirectSignature(true); - - gen.addSignerInfoGenerator(builder.build(new JcaContentSignerBuilder("SHA1withDSA").setProvider(BC).build(_origDsaKP.getPrivate()), _origDsaCert)); - - gen.addCertificates(certs); - - CMSSignedData s = gen.generate(msg); - - CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), - new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), s.getEncoded()); - - sp.getSignedContent().drain(); - - // - // compute expected content digest - // - MessageDigest md = MessageDigest.getInstance("SHA1", BC); - - verifySignatures(sp, md.digest(TEST_MESSAGE.getBytes())); - } - - public void testSHA1WithRSA() - throws Exception - { - List certList = new ArrayList(); - List crlList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - crlList.add(_signCrl); - crlList.add(_origCrl); - - Store certs = new JcaCertStore(certList); - Store crls = new JcaCRLStore(crlList); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate()); - - gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert)); - - gen.addCertificates(certs); - - gen.addCRLs(crls); - - OutputStream sigOut = gen.open(bOut); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - checkSigParseable(bOut.toByteArray()); - - CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), - new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), bOut.toByteArray()); - - sp.getSignedContent().drain(); - - // - // compute expected content digest - // - MessageDigest md = MessageDigest.getInstance("SHA1", BC); - - verifySignatures(sp, md.digest(TEST_MESSAGE.getBytes())); - - // - // try using existing signer - // - gen = new CMSSignedDataStreamGenerator(); - - gen.addSigners(sp.getSignerInfos()); - - gen.addCertificates(sp.getCertificates()); - gen.addCRLs(sp.getCRLs()); - - bOut.reset(); - - sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - verifyEncodedData(bOut); - - // - // look for the CRLs - // - Collection col = sp.getCRLs().getMatches(null); - - assertEquals(2, col.size()); - assertTrue(col.contains(new JcaX509CRLHolder(_signCrl))); - assertTrue(col.contains(new JcaX509CRLHolder(_origCrl))); - } - - public void testSHA1WithRSAAndOtherRevocation() - throws Exception - { - List certList = new ArrayList(); - CMSTypedData msg = new CMSProcessableByteArray("Hello world!".getBytes()); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - Store certs = new JcaCertStore(certList); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate()); - - gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert)); - - gen.addCertificates(certs); - - List otherInfo = new ArrayList(); - OCSPResp response = new OCSPResp(successResp); - - otherInfo.add(response.toASN1Structure()); - - gen.addOtherRevocationInfo(CMSObjectIdentifiers.id_ri_ocsp_response, new CollectionStore(otherInfo)); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), bOut.toByteArray()); - - CMSTypedStream stream = sp.getSignedContent(); - - assertEquals(CMSObjectIdentifiers.data, stream.getContentType()); - - stream.drain(); - - // - // check version - // - assertEquals(5, sp.getVersion()); - - // - // compute expected content digest - // - MessageDigest md = MessageDigest.getInstance("SHA1", BC); - - verifySignatures(sp, md.digest(TEST_MESSAGE.getBytes())); - - Store dataOtherInfo = sp.getOtherRevocationInfo(CMSObjectIdentifiers.id_ri_ocsp_response); - - assertEquals(1, dataOtherInfo.getMatches(null).size()); - - OCSPResp dataResponse = new OCSPResp(OCSPResponse.getInstance(dataOtherInfo.getMatches(null).iterator().next())); - - assertEquals(response, dataResponse); - } - - public void testSHA1WithRSANonData() - throws Exception - { - List certList = new ArrayList(); - List crlList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(new JcaX509CertificateHolder(_origCert)); - certList.add(new JcaX509CertificateHolder(_signCert)); - - crlList.add(new JcaX509CRLHolder(_signCrl)); - crlList.add(new JcaX509CRLHolder(_origCrl)); - - Store certs = new JcaCertStore(certList); - Store crls = new JcaCRLStore(crlList); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate()); - - gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert)); - - gen.addCertificates(certs); - gen.addCRLs(crls); - - OutputStream sigOut = gen.open(new ASN1ObjectIdentifier("1.2.3.4"), bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), bOut.toByteArray()); - - CMSTypedStream stream = sp.getSignedContent(); - - assertEquals(new ASN1ObjectIdentifier("1.2.3.4"), stream.getContentType()); - - stream.drain(); - - // - // compute expected content digest - // - MessageDigest md = MessageDigest.getInstance("SHA1", BC); - - verifySignatures(sp, md.digest(TEST_MESSAGE.getBytes())); - } - - public void testSHA1AndMD5WithRSA() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - Store certs = new JcaCertStore(certList); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - JcaSignerInfoGeneratorBuilder signerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()); - ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate()); - ContentSigner md5Signer = new JcaContentSignerBuilder("MD5withRSA").setProvider(BC).build(_origKP.getPrivate()); - - gen.addSignerInfoGenerator(signerInfoGeneratorBuilder.build(sha1Signer, _origCert)); - - gen.addSignerInfoGenerator(signerInfoGeneratorBuilder.build(md5Signer, _origCert)); - - gen.addCertificates(certs); - - OutputStream sigOut = gen.open(bOut); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - checkSigParseable(bOut.toByteArray()); - - CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), - new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), bOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - } - - public void testSHA1WithRSAEncapsulatedBufferedStream() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - Store certs = new JcaCertStore(certList); - - // - // find unbuffered length - // - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate()); - - gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert)); - - gen.addCertificates(certs); - - OutputStream sigOut = gen.open(bOut, true); - - for (int i = 0; i != 2000; i++) - { - sigOut.write(i & 0xff); - } - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), bOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - - int unbufferedLength = bOut.toByteArray().length; - - // - // find buffered length with buffered stream - should be equal - // - bOut = new ByteArrayOutputStream(); - - gen = new CMSSignedDataStreamGenerator(); - - gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert)); - - gen.addCertificates(certs); - - sigOut = gen.open(bOut, true); - - BufferedOutputStream bfOut = new BufferedOutputStream(sigOut, 300); - - for (int i = 0; i != 2000; i++) - { - bfOut.write(i & 0xff); - } - - bfOut.close(); - - verifyEncodedData(bOut); - - assertTrue(bOut.toByteArray().length == unbufferedLength); - } - - public void testSHA1WithRSAEncapsulatedBuffered() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - Store certs = new JcaCertStore(certList); - - // - // find unbuffered length - // - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate()); - - gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert)); - - gen.addCertificates(certs); - - OutputStream sigOut = gen.open(bOut, true); - - for (int i = 0; i != 2000; i++) - { - sigOut.write(i & 0xff); - } - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), bOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - - int unbufferedLength = bOut.toByteArray().length; - - // - // find buffered length - buffer size less than default - // - bOut = new ByteArrayOutputStream(); - - gen = new CMSSignedDataStreamGenerator(); - - gen.setBufferSize(300); - - gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert)); - - gen.addCertificates(certs); - - sigOut = gen.open(bOut, true); - - for (int i = 0; i != 2000; i++) - { - sigOut.write(i & 0xff); - } - - sigOut.close(); - - verifyEncodedData(bOut); - - assertTrue(bOut.toByteArray().length > unbufferedLength); - } - - public void testSHA1WithRSAEncapsulated() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - Store certs = new JcaCertStore(certList); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate()); - - gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert)); - - gen.addCertificates(certs); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), bOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - - byte[] contentDigest = (byte[])gen.getGeneratedDigests().get(CMSAlgorithm.SHA1.getId()); - - AttributeTable table = ((SignerInformation)sp.getSignerInfos().getSigners().iterator().next()).getSignedAttributes(); - Attribute hash = table.get(CMSAttributes.messageDigest); - - assertTrue(MessageDigest.isEqual(contentDigest, ((ASN1OctetString)hash.getAttrValues().getObjectAt(0)).getOctets())); - - // - // try using existing signer - // - gen = new CMSSignedDataStreamGenerator(); - - gen.addSigners(sp.getSignerInfos()); - - gen.addCertificates(sp.getCertificates()); - - bOut.reset(); - - sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedData sd = new CMSSignedData(new CMSProcessableByteArray(TEST_MESSAGE.getBytes()), bOut.toByteArray()); - - assertEquals(1, sd.getSignerInfos().getSigners().size()); - - verifyEncodedData(bOut); - } - - public void testSHA1WithRSAEncapsulatedSubjectKeyID() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - Store certs = new JcaCertStore(certList); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate()); - - gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, CMSTestUtil.createSubjectKeyId(_origCert.getPublicKey()).getKeyIdentifier())); - - gen.addCertificates(certs); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), bOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - - byte[] contentDigest = (byte[])gen.getGeneratedDigests().get(CMSAlgorithm.SHA1.getId()); - - AttributeTable table = ((SignerInformation)sp.getSignerInfos().getSigners().iterator().next()).getSignedAttributes(); - Attribute hash = table.get(CMSAttributes.messageDigest); - - assertTrue(MessageDigest.isEqual(contentDigest, ((ASN1OctetString)hash.getAttrValues().getObjectAt(0)).getOctets())); - - // - // try using existing signer - // - gen = new CMSSignedDataStreamGenerator(); - - gen.addSigners(sp.getSignerInfos()); - - gen.addCertificates(sp.getCertificates()); - - bOut.reset(); - - sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedData sd = new CMSSignedData(new CMSProcessableByteArray(TEST_MESSAGE.getBytes()), bOut.toByteArray()); - - assertEquals(1, sd.getSignerInfos().getSigners().size()); - - verifyEncodedData(bOut); - } - - public void testAttributeGenerators() - throws Exception - { - final ASN1ObjectIdentifier dummyOid1 = new ASN1ObjectIdentifier("1.2.3"); - final ASN1ObjectIdentifier dummyOid2 = new ASN1ObjectIdentifier("1.2.3.4"); - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - JcaCertStore certs = new JcaCertStore(certList); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - CMSAttributeTableGenerator signedGen = new DefaultSignedAttributeTableGenerator() - { - public AttributeTable getAttributes(Map parameters) - { - Hashtable table = createStandardAttributeTable(parameters); - - DEROctetString val = new DEROctetString((byte[])parameters.get(CMSAttributeTableGenerator.DIGEST)); - Attribute attr = new Attribute(dummyOid1, new DERSet(val)); - - table.put(attr.getAttrType(), attr); - - return new AttributeTable(table); - } - }; - - CMSAttributeTableGenerator unsignedGen = new CMSAttributeTableGenerator() - { - public AttributeTable getAttributes(Map parameters) - { - DEROctetString val = new DEROctetString((byte[])parameters.get(CMSAttributeTableGenerator.SIGNATURE)); - Attribute attr = new Attribute(dummyOid2, new DERSet(val)); - - return new AttributeTable(new DERSet(attr)); - } - }; - ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate()); - - JcaSignerInfoGeneratorBuilder siBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()); - - siBuilder.setSignedAttributeGenerator(signedGen).setUnsignedAttributeGenerator(unsignedGen); - - gen.addSignerInfoGenerator(siBuilder.build(sha1Signer, _origCert)); - - gen.addCertificates(certs); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), bOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - - // - // check attributes - // - SignerInformationStore signers = sp.getSignerInfos(); - - Collection c = signers.getSigners(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - checkAttribute(signer.getContentDigest(), signer.getSignedAttributes().get(dummyOid1)); - checkAttribute(signer.getSignature(), signer.getUnsignedAttributes().get(dummyOid2)); - } - } - - private void checkAttribute(byte[] expected, Attribute attr) - { - DEROctetString value = (DEROctetString)attr.getAttrValues().getObjectAt(0); - - assertEquals(new DEROctetString(expected), value); - } - - public void testWithAttributeCertificate() - throws Exception - { - List certList = new ArrayList(); - - certList.add(_signCert); - - Store certs = new JcaCertStore(certList); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate()); - - gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert)); - - gen.addCertificates(certs); - - X509AttributeCertificateHolder attrCert = CMSTestUtil.getAttributeCertificate(); - - Store store = new CollectionStore(Collections.singleton(attrCert)); - - gen.addAttributeCertificates(store); - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), bOut.toByteArray()); - - sp.getSignedContent().drain(); - - assertEquals(4, sp.getVersion()); - -// store = sp.getAttributeCertificates(); -// -// Collection coll = store.getMatches(null); -// -// assertEquals(1, coll.size()); -// -// assertTrue(coll.contains(new JcaX509AttributeCertificateHolder(attrCert))); - } - - public void testSignerStoreReplacement() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - byte[] data = TEST_MESSAGE.getBytes(); - - certList.add(_origCert); - certList.add(_signCert); - - Store certs = new JcaCertStore(certList); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BC).build("SHA1withRSA", _origKP.getPrivate(), _origCert)); - - gen.addCertificates(certs); - - OutputStream sigOut = gen.open(bOut, false); - - sigOut.write(data); - - sigOut.close(); - - checkSigParseable(bOut.toByteArray()); - - // - // create new Signer - // - ByteArrayInputStream original = new ByteArrayInputStream(bOut.toByteArray()); - - bOut.reset(); - - gen = new CMSSignedDataStreamGenerator(); - - gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BC).build("SHA224withRSA", _origKP.getPrivate(), _origCert)); - - gen.addCertificates(certs); - - sigOut = gen.open(bOut); - - sigOut.write(data); - - sigOut.close(); - - checkSigParseable(bOut.toByteArray()); - - CMSSignedData sd = new CMSSignedData(bOut.toByteArray()); - - // - // replace signer - // - ByteArrayOutputStream newOut = new ByteArrayOutputStream(); - - CMSSignedDataParser.replaceSigners(original, sd.getSignerInfos(), newOut); - - sd = new CMSSignedData(new CMSProcessableByteArray(data), newOut.toByteArray()); - SignerInformation signer = (SignerInformation)sd.getSignerInfos().getSigners().iterator().next(); - - assertEquals(signer.getDigestAlgOID(), CMSAlgorithm.SHA224.getId()); - - CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), new CMSTypedStream(new ByteArrayInputStream(data)), newOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - } - - public void testEncapsulatedSignerStoreReplacement() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - Store certs = new JcaCertStore(certList); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BC).build("SHA1withRSA", _origKP.getPrivate(), _origCert)); - - gen.addCertificates(certs); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - // - // create new Signer - // - ByteArrayInputStream original = new ByteArrayInputStream(bOut.toByteArray()); - - bOut.reset(); - - gen = new CMSSignedDataStreamGenerator(); - - gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BC).build("SHA224withRSA", _origKP.getPrivate(), _origCert)); - - gen.addCertificates(certs); - - sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedData sd = new CMSSignedData(bOut.toByteArray()); - - // - // replace signer - // - ByteArrayOutputStream newOut = new ByteArrayOutputStream(); - - CMSSignedDataParser.replaceSigners(original, sd.getSignerInfos(), newOut); - - sd = new CMSSignedData(newOut.toByteArray()); - SignerInformation signer = (SignerInformation)sd.getSignerInfos().getSigners().iterator().next(); - - assertEquals(signer.getDigestAlgOID(), CMSAlgorithm.SHA224.getId()); - - CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), newOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - } - - public void testCertStoreReplacement() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - byte[] data = TEST_MESSAGE.getBytes(); - - certList.add(_origDsaCert); - - JcaCertStore certs = new JcaCertStore(certList); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - JcaSignerInfoGeneratorBuilder builder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()); - - gen.addSignerInfoGenerator(builder.build(new JcaContentSignerBuilder("SHA1withRSA").build(_origKP.getPrivate()), _origCert)); - - gen.addCertificates(certs); - - OutputStream sigOut = gen.open(bOut); - - sigOut.write(data); - - sigOut.close(); - - checkSigParseable(bOut.toByteArray()); - - // - // create new certstore with the right certificates - // - certList = new ArrayList(); - certList.add(_origCert); - certList.add(_signCert); - - certs = new JcaCertStore(certList); - - - // - // replace certs - // - ByteArrayInputStream original = new ByteArrayInputStream(bOut.toByteArray()); - ByteArrayOutputStream newOut = new ByteArrayOutputStream(); - - CMSSignedDataParser.replaceCertificatesAndCRLs(original, certs, null, null, newOut); - - CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), new CMSTypedStream(new ByteArrayInputStream(data)), newOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - } - - public void testEncapsulatedCertStoreReplacement() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origDsaCert); - - Store certs = new JcaCertStore(certList); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - JcaSignerInfoGeneratorBuilder builder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()); - - gen.addSignerInfoGenerator(builder.build(new JcaContentSignerBuilder("SHA1withRSA").build(_origKP.getPrivate()), _origCert)); - - gen.addCertificates(certs); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - // - // create new certstore with the right certificates - // - certList = new ArrayList(); - certList.add(_origCert); - certList.add(_signCert); - - certs = new JcaCertStore(certList); - - // - // replace certs - // - ByteArrayInputStream original = new ByteArrayInputStream(bOut.toByteArray()); - ByteArrayOutputStream newOut = new ByteArrayOutputStream(); - - CMSSignedDataParser.replaceCertificatesAndCRLs(original, certs, null, null, newOut); - - CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), newOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - } - - public void testCertOrdering1() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - Store certs = new JcaCertStore(certList); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BC).build("SHA1withRSA", _origKP.getPrivate(), _origCert)); - - gen.addCertificates(certs); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), bOut.toByteArray()); - - sp.getSignedContent().drain(); - certs = sp.getCertificates(); - Iterator it = certs.getMatches(null).iterator(); - - assertEquals(new JcaX509CertificateHolder(_origCert), it.next()); - assertEquals(new JcaX509CertificateHolder(_signCert), it.next()); - } - - public void testCertOrdering2() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_signCert); - certList.add(_origCert); - - Store certs = new JcaCertStore(certList); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BC).build("SHA1withRSA", _origKP.getPrivate(), _origCert)); - - gen.addCertificates(certs); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), bOut.toByteArray()); - - sp.getSignedContent().drain(); - certs = sp.getCertificates(); - Iterator it = certs.getMatches(null).iterator(); - - assertEquals(new JcaX509CertificateHolder(_signCert), it.next()); - assertEquals(new JcaX509CertificateHolder(_origCert), it.next()); - } - - public void testCertsOnly() - throws Exception - { - List certList = new ArrayList(); - certList.add(_origCert); - certList.add(_signCert); - - Store certs = new JcaCertStore(certList); - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - gen.addCertificates(certs); - - gen.open(bOut).close(); - - checkSigParseable(bOut.toByteArray()); - } - - public static Test suite() - throws Exception - { - init(); - - return new CMSTestSetup(new TestSuite(NewSignedDataStreamTest.class)); - } -} |