Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/quite/humla-spongycastle.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/pkix
diff options
context:
space:
mode:
authorDavid Hook <dgh@cryptoworkshop.com>2014-06-30 08:31:21 +0400
committerDavid Hook <dgh@cryptoworkshop.com>2014-06-30 08:31:21 +0400
commit86d074dbcf9b6bab29985eee7b7187f3b85b0f43 (patch)
tree11aaa17be8b26f3f421e591355217e8d2d992994 /pkix
parent626e4c25f77c8441046881a2dbb4367d4f0d6d51 (diff)
1.3 compatibility updates, minor cleanups.
Diffstat (limited to 'pkix')
-rw-r--r--pkix/src/test/java/org/bouncycastle/cert/test/BcCertTest.java1
-rw-r--r--pkix/src/test/jdk1.3/org/bouncycastle/cert/path/test/CertPathTest.java370
-rw-r--r--pkix/src/test/jdk1.3/org/bouncycastle/cert/test/BcCertTest.java1418
-rw-r--r--pkix/src/test/jdk1.3/org/bouncycastle/cert/test/PKCS10Test.java2
-rw-r--r--pkix/src/test/jdk1.3/org/bouncycastle/cms/test/AllTests.java24
-rw-r--r--pkix/src/test/jdk1.3/org/bouncycastle/cms/test/Rfc4134Test.java430
-rw-r--r--pkix/src/test/jdk1.3/org/bouncycastle/cms/test/SignedDataStreamTest.java1158
-rw-r--r--pkix/src/test/jdk1.3/org/bouncycastle/cms/test/SignedDataTest.java1573
-rw-r--r--pkix/src/test/jdk1.3/org/bouncycastle/openssl/test/ReaderTest.java323
9 files changed, 1806 insertions, 3493 deletions
diff --git a/pkix/src/test/java/org/bouncycastle/cert/test/BcCertTest.java b/pkix/src/test/java/org/bouncycastle/cert/test/BcCertTest.java
index a0eb89c7..fd551381 100644
--- a/pkix/src/test/java/org/bouncycastle/cert/test/BcCertTest.java
+++ b/pkix/src/test/java/org/bouncycastle/cert/test/BcCertTest.java
@@ -62,7 +62,6 @@ import org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory;
-import org.bouncycastle.cert.test.PEMData;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
diff --git a/pkix/src/test/jdk1.3/org/bouncycastle/cert/path/test/CertPathTest.java b/pkix/src/test/jdk1.3/org/bouncycastle/cert/path/test/CertPathTest.java
new file mode 100644
index 00000000..d487afb0
--- /dev/null
+++ b/pkix/src/test/jdk1.3/org/bouncycastle/cert/path/test/CertPathTest.java
@@ -0,0 +1,370 @@
+package org.bouncycastle.cert.path.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.ObjectOutputStream;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.SignatureException;
+import org.bouncycastle.jce.cert.CertPath;
+import org.bouncycastle.jce.cert.CertPathBuilder;
+import org.bouncycastle.jce.cert.CertPathBuilderException;
+import org.bouncycastle.jce.cert.CertPathBuilderResult;
+import org.bouncycastle.jce.cert.CertStore;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import org.bouncycastle.jce.cert.CertificateFactory;
+import org.bouncycastle.jce.cert.CollectionCertStoreParameters;
+import org.bouncycastle.jce.cert.PKIXBuilderParameters;
+import org.bouncycastle.jce.cert.TrustAnchor;
+import org.bouncycastle.jce.cert.X509CertSelector;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+import java.util.Vector;
+
+import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.util.encoders.Base64;
+import org.bouncycastle.util.test.SimpleTest;
+
+public class CertPathTest
+ extends SimpleTest
+{
+ public static byte[] rootCertBin = Base64.decode(
+ "MIIBqzCCARQCAQEwDQYJKoZIhvcNAQEFBQAwHjEcMBoGA1UEAxMTVGVzdCBDQSBDZXJ0aWZpY2F0ZTAeFw0wODA5MDQwNDQ1MDhaFw0wODA5MTEwNDQ1MDhaMB4xHDAaBgNVBAMTE1Rlc3QgQ0EgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMRLUjhPe4YUdLo6EcjKcWUOG7CydFTH53Pr1lWjOkbmszYDpkhCTT9LOsI+disk18nkBxSl8DAHTqV+VxtuTPt64iyi10YxyDeep+DwZG/f8cVQv97U3hA9cLurZ2CofkMLGr6JpSGCMZ9FcstcTdHB4lbErIJ54YqfF4pNOs4/AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAgyrTEFY7ALpeY59jL6xFOLpuPqoBOWrUWv6O+zy5BCU0qiX71r3BpigtxRj+DYcfLIM9FNERDoHu3TthD3nwYWUBtFX8N0QUJIdJabxqAMhLjSC744koiFpCYse5Ye3ZvEdFwDzgAQsJTp5eFGgTZPkPzcdhkFJ2p9+OWs+cb24=");
+
+
+ static byte[] interCertBin = Base64.decode(
+ "MIICSzCCAbSgAwIBAgIBATANBgkqhkiG9w0BAQUFADAeMRwwGgYDVQQDExNUZXN0IENBIENlcnRpZmljYXRlMB4XDTA4MDkwNDA0NDUwOFoXDTA4MDkxMTA0NDUwOFowKDEmMCQGA1UEAxMdVGVzdCBJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAISS9OOZ2wxzdWny9aVvk4Joq+dwSJ+oqvHUxX3PflZyuiLiCBUOUE4q59dGKdtNX5fIfwyK3cpV0e73Y/0fwfM3m9rOWFrCKOhfeswNTes0w/2PqPVVDDsF/nj7NApuqXwioeQlgTL251RDF4sVoxXqAU7lRkcqwZt3mwqS4KTJAgMBAAGjgY4wgYswRgYDVR0jBD8wPYAUhv8BOT27EB9JaCccJD4YASPP5XWhIqQgMB4xHDAaBgNVBAMTE1Rlc3QgQ0EgQ2VydGlmaWNhdGWCAQEwHQYDVR0OBBYEFL/IwAGOkHzaQyPZegy79CwM5oTFMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4GBAE4TRgUz4sUvZyVdZxqV+XyNRnqXAeLOOqFGYv2D96tQrS+zjd0elVlT6lFrtchZdOmmX7R6/H/tjMWMcTBICZyRYrvK8cCAmDOI+EIdq5p6lj2Oq6Pbw/wruojAqNrpaR6IkwNpWtdOSSupv4IJL+YU9q2YFTh4R1j3tOkPoFGr");
+
+ static byte[] finalCertBin = Base64.decode(
+ "MIICRjCCAa+gAwIBAgIBATANBgkqhkiG9w0BAQUFADAoMSYwJAYDVQQDEx1UZXN0IEludGVybWVkaWF0ZSBDZXJ0aWZpY2F0ZTAeFw0wODA5MDQwNDQ1MDhaFw0wODA5MTEwNDQ1MDhaMB8xHTAbBgNVBAMTFFRlc3QgRW5kIENlcnRpZmljYXRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChpUeo0tPYywWKiLlbWKNJBcCpSaLSlaZ+4+yer1AxI5yJIVHP6SAlBghlbD5Qne5ImnN/15cz1xwYAiul6vGKJkVPlFEe2Mr+g/J/WJPQQPsjbZ1G+vxbAwXEDA4KaQrnpjRZFq+CdKHwOjuPLYS/MYQNgdIvDVEQcTbPQ8GaiQIDAQABo4GIMIGFMEYGA1UdIwQ/MD2AFL/IwAGOkHzaQyPZegy79CwM5oTFoSKkIDAeMRwwGgYDVQQDExNUZXN0IENBIENlcnRpZmljYXRlggEBMB0GA1UdDgQWBBSVkw+VpqBf3zsLc/9GdkK9TzHPwDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFoDANBgkqhkiG9w0BAQUFAAOBgQBLv/0bVDjzTs/y1vN3FUiZNknEbzupIZduTuXJjqv/vBX+LDPjUfu/+iOCXOSKoRn6nlOWhwB1z6taG2usQkFG8InMkRcPREi2uVgFdhJ/1C3dAWhsdlubjdL926bftXvxnx/koDzyrePW5U96RlOQM2qLvbaky2Giz6hrc3Wl+w==");
+ public static byte[] rootCrlBin = Base64.decode(
+ "MIIBYjCBzAIBATANBgkqhkiG9w0BAQsFADAeMRwwGgYDVQQDExNUZXN0IENBIENlcnRpZmljYXRlFw0wODA5MDQwNDQ1MDhaFw0wODA5MDQwNzMxNDhaMCIwIAIBAhcNMDgwOTA0MDQ0NTA4WjAMMAoGA1UdFQQDCgEJoFYwVDBGBgNVHSMEPzA9gBSG/wE5PbsQH0loJxwkPhgBI8/ldaEipCAwHjEcMBoGA1UEAxMTVGVzdCBDQSBDZXJ0aWZpY2F0ZYIBATAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQsFAAOBgQCAbaFCo0BNG4AktVf6jjBLeawP1u0ELYkOCEGvYZE0mBpQ+OvFg7subZ6r3lRIj030nUli28sPFtu5ZQMBNcpE4nS1ziF44RfT3Lp5UgHx9x17Krz781iEyV+7zU8YxYMY9wULD+DCuK294kGKIssVNbmTYXZatBNoXQN5CLIocA==");
+ static byte[] interCrlBin = Base64.decode(
+ "MIIBbDCB1gIBATANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDEx1UZXN0IEludGVybWVkaWF0ZSBDZXJ0aWZpY2F0ZRcNMDgwOTA0MDQ0NTA4WhcNMDgwOTA0MDczMTQ4WjAiMCACAQIXDTA4MDkwNDA0NDUwOFowDDAKBgNVHRUEAwoBCaBWMFQwRgYDVR0jBD8wPYAUv8jAAY6QfNpDI9l6DLv0LAzmhMWhIqQgMB4xHDAaBgNVBAMTE1Rlc3QgQ0EgQ2VydGlmaWNhdGWCAQEwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQELBQADgYEAEVCr5TKs5yguGgLH+dBzmSPoeSIWJFLsgWwJEit/iUDJH3dgYmaczOcGxIDtbYYHLWIHM+P2YRyQz3MEkCXEgm/cx4y7leAmux5l+xQWgmxFPz+197vaphPeCZo+B7V1CWtm518gcq4mrs9ovfgNqgyFj7KGjcBpWdJE32KMt50=");
+
+ /*
+ * certpath with a circular reference
+ */
+ static byte[] certA = Base64.decode(
+ "MIIC6jCCAlOgAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBjTEPMA0GA1UEAxMGSW50"
+ + "ZXIzMQswCQYDVQQGEwJDSDEPMA0GA1UEBxMGWnVyaWNoMQswCQYDVQQIEwJaSDEX"
+ + "MBUGA1UEChMOUHJpdmFzcGhlcmUgQUcxEDAOBgNVBAsTB1Rlc3RpbmcxJDAiBgkq"
+ + "hkiG9w0BCQEWFWFybWluQHByaXZhc3BoZXJlLmNvbTAeFw0wNzA0MDIwODQ2NTda"
+ + "Fw0xNzAzMzAwODQ0MDBaMIGlMScwJQYDVQQDHh4AQQByAG0AaQBuACAASADkAGIA"
+ + "ZQByAGwAaQBuAGcxCzAJBgNVBAYTAkNIMQ8wDQYDVQQHEwZadXJpY2gxCzAJBgNV"
+ + "BAgTAlpIMRcwFQYDVQQKEw5Qcml2YXNwaGVyZSBBRzEQMA4GA1UECxMHVGVzdGlu"
+ + "ZzEkMCIGCSqGSIb3DQEJARYVYXJtaW5AcHJpdmFzcGhlcmUuY29tMIGfMA0GCSqG"
+ + "SIb3DQEBAQUAA4GNADCBiQKBgQCfHfyVs5dbxG35H/Thd29qR4NZU88taCu/OWA1"
+ + "GdACI02lXWYpmLWiDgnU0ULP+GG8OnVp1IES9fz2zcrXKQ19xZzsen/To3h5sNte"
+ + "cJpS00XMM24q/jDwy5NvkBP9YIfFKQ1E/0hFHXcqwlw+b/y/v6YGsZCU2h6QDzc4"
+ + "5m0+BwIDAQABo0AwPjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIE8DAeBglg"
+ + "hkgBhvhCAQ0EERYPeGNhIGNlcnRpZmljYXRlMA0GCSqGSIb3DQEBBQUAA4GBAJEu"
+ + "KiSfIwsY7SfobMLrv2v/BtLhGLi4RnmjiwzBhuv5rn4rRfBpq1ppmqQMJ2pmA67v"
+ + "UWCY+mNwuyjHyivpCCyJGsZ9d5H09g2vqxzkDBMz7X9VNMZYFH8j/R3/Cfvqks31"
+ + "z0OFslJkeKLa1I0P/dfVHsRKNkLRT3Ws5LKksErQ");
+
+ static byte[] certB = Base64.decode(
+ "MIICtTCCAh6gAwIBAgIBBDANBgkqhkiG9w0BAQQFADCBjTEPMA0GA1UEAxMGSW50"
+ + "ZXIyMQswCQYDVQQGEwJDSDEPMA0GA1UEBxMGWnVyaWNoMQswCQYDVQQIEwJaSDEX"
+ + "MBUGA1UEChMOUHJpdmFzcGhlcmUgQUcxEDAOBgNVBAsTB1Rlc3RpbmcxJDAiBgkq"
+ + "hkiG9w0BCQEWFWFybWluQHByaXZhc3BoZXJlLmNvbTAeFw0wNzA0MDIwODQ2Mzha"
+ + "Fw0xNzAzMzAwODQ0MDBaMIGNMQ8wDQYDVQQDEwZJbnRlcjMxCzAJBgNVBAYTAkNI"
+ + "MQ8wDQYDVQQHEwZadXJpY2gxCzAJBgNVBAgTAlpIMRcwFQYDVQQKEw5Qcml2YXNw"
+ + "aGVyZSBBRzEQMA4GA1UECxMHVGVzdGluZzEkMCIGCSqGSIb3DQEJARYVYXJtaW5A"
+ + "cHJpdmFzcGhlcmUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxCXIB"
+ + "QRnmVvl2h7Q+0SsRxDLnyM1dJG9jMa+UCCmHy0k/ZHs5VirSbjEJSjkQ9BGeh9SC"
+ + "7JwbMpXO7UE+gcVc2RnWUY+MA+fWIeTV4KtkYA8WPu8wVGCXbN8wwh/StOocszxb"
+ + "g+iLvGeh8CYSRqg6QN3S/02etH3o8H4e7Z0PZwIDAQABoyMwITAPBgNVHRMBAf8E"
+ + "BTADAQH/MA4GA1UdDwEB/wQEAwIB9jANBgkqhkiG9w0BAQQFAAOBgQCtWdirSsmt"
+ + "+CBBCNn6ZnbU3QqQfiiQIomjenNEHESJgaS/+PvPE5i3xWFXsunTHLW321/Km16I"
+ + "7+ZvT8Su1cqHg79NAT8QB0yke1saKSy2C0Pic4HwrNqVBWFNSxMU0hQzpx/ZXDbZ"
+ + "DqIXAp5EfyRYBy2ul+jm6Rot6aFgzuopKg==");
+
+ static byte[] certC = Base64.decode(
+ "MIICtTCCAh6gAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBjTEPMA0GA1UEAxMGSW50"
+ + "ZXIxMQswCQYDVQQGEwJDSDEPMA0GA1UEBxMGWnVyaWNoMQswCQYDVQQIEwJaSDEX"
+ + "MBUGA1UEChMOUHJpdmFzcGhlcmUgQUcxEDAOBgNVBAsTB1Rlc3RpbmcxJDAiBgkq"
+ + "hkiG9w0BCQEWFWFybWluQHByaXZhc3BoZXJlLmNvbTAeFw0wNzA0MDIwODQ0Mzla"
+ + "Fw0xNzAzMzAwODQ0MDBaMIGNMQ8wDQYDVQQDEwZJbnRlcjIxCzAJBgNVBAYTAkNI"
+ + "MQ8wDQYDVQQHEwZadXJpY2gxCzAJBgNVBAgTAlpIMRcwFQYDVQQKEw5Qcml2YXNw"
+ + "aGVyZSBBRzEQMA4GA1UECxMHVGVzdGluZzEkMCIGCSqGSIb3DQEJARYVYXJtaW5A"
+ + "cHJpdmFzcGhlcmUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0rLr6"
+ + "f2/ONeJzTb0q9M/NNX+MnAFMSqiQGVBkT76u5nOH4KLkpHXkzI82JI7GuQMzoT3a"
+ + "+RP1hO6FneO92ms2soC6xiOFb4EC69Dfhh87Nww5O35JxVF0bzmbmIAWd6P/7zGh"
+ + "nd2S4tKkaZcubps+C0j9Fgi0hipVicAOUVVoDQIDAQABoyMwITAPBgNVHRMBAf8E"
+ + "BTADAQH/MA4GA1UdDwEB/wQEAwIB9jANBgkqhkiG9w0BAQQFAAOBgQCLPvc1IMA4"
+ + "YP+PmnEldyUoRWRnvPWjBGeu0WheBP7fdcnGBf93Nmc5j68ZN+eTZ5VMuZ99YdvH"
+ + "CXGNX6oodONLU//LlFKdLl5xjLAS5X9p1RbOEGytnalqeiEpjk4+C/7rIBG1kllO"
+ + "dItmI6LlEMV09Hkpg6ZRAUmRkb8KrM4X7A==");
+
+ static byte[] certD = Base64.decode(
+ "MIICtTCCAh6gAwIBAgIBBjANBgkqhkiG9w0BAQQFADCBjTEPMA0GA1UEAxMGSW50"
+ + "ZXIzMQswCQYDVQQGEwJDSDEPMA0GA1UEBxMGWnVyaWNoMQswCQYDVQQIEwJaSDEX"
+ + "MBUGA1UEChMOUHJpdmFzcGhlcmUgQUcxEDAOBgNVBAsTB1Rlc3RpbmcxJDAiBgkq"
+ + "hkiG9w0BCQEWFWFybWluQHByaXZhc3BoZXJlLmNvbTAeFw0wNzA0MDIwODQ5NTNa"
+ + "Fw0xNzAzMzAwODQ0MDBaMIGNMQ8wDQYDVQQDEwZJbnRlcjExCzAJBgNVBAYTAkNI"
+ + "MQ8wDQYDVQQHEwZadXJpY2gxCzAJBgNVBAgTAlpIMRcwFQYDVQQKEw5Qcml2YXNw"
+ + "aGVyZSBBRzEQMA4GA1UECxMHVGVzdGluZzEkMCIGCSqGSIb3DQEJARYVYXJtaW5A"
+ + "cHJpdmFzcGhlcmUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCae3TP"
+ + "jIVKeASqvNabaiUHAMGUgFxB7L0yUsIj39azLcLtUj4S7XkDf7SMGtYV0JY1XNaQ"
+ + "sHJAsnJivDZc50oiYvqDYfgFZx5+AsN5l5X5rjRzs/OX+Jo+k1OgsIyu6+mf9Kfb"
+ + "5IdWOVB2EcOg4f9tPjLM8CIj9Pp7RbKLyqUUgwIDAQABoyMwITAPBgNVHRMBAf8E"
+ + "BTADAQH/MA4GA1UdDwEB/wQEAwIB9jANBgkqhkiG9w0BAQQFAAOBgQCgr9kUdWUT"
+ + "Lt9UcztSzR3pnHRsyvS0E/z850OKQKS5/VxLEalpFvhj+3EcZ7Y6mFxaaS2B7vXg"
+ + "2YWyqV1PRb6iF7/u9EXkpSTKGrJahwANirCa3V/HTUuPdCE2GITlnWI8h3eVA+xQ"
+ + "D4LF0PXHOkXbwmhXRSb10lW1bSGkUxE9jg==");
+
+ private void testExceptions()
+ throws Exception
+ {
+ byte[] enc = { (byte)0, (byte)2, (byte)3, (byte)4, (byte)5 };
+ MyCertPath mc = new MyCertPath(enc);
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ ByteArrayInputStream is;
+ byte[] arr;
+
+ ObjectOutputStream oOut = new ObjectOutputStream(os);
+ oOut.writeObject(mc);
+ oOut.flush();
+ oOut.close();
+
+ try
+ {
+ CertificateFactory cFac = CertificateFactory.getInstance("X.509",
+ "BC");
+ arr = os.toByteArray();
+ is = new ByteArrayInputStream(arr);
+ cFac.generateCertPath(is);
+ }
+ catch (CertificateException e)
+ {
+ // ignore okay
+ }
+
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ List certCol = new ArrayList();
+
+ certCol.add(cf.generateCertificate(new ByteArrayInputStream(certA)));
+ certCol.add(cf.generateCertificate(new ByteArrayInputStream(certB)));
+ certCol.add(cf.generateCertificate(new ByteArrayInputStream(certC)));
+ certCol.add(cf.generateCertificate(new ByteArrayInputStream(certD)));
+
+ CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX", "BC");
+ X509CertSelector select = new X509CertSelector();
+ select.setSubject(((X509Principal)((X509Certificate)certCol.get(0)).getSubjectDN()).getEncoded());
+
+ Set trustanchors = new HashSet();
+ trustanchors.add(new TrustAnchor((X509Certificate)cf.generateCertificate(new ByteArrayInputStream(rootCertBin)), null));
+
+ CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certCol));
+
+ PKIXBuilderParameters params = new PKIXBuilderParameters(trustanchors, select);
+ params.addCertStore(certStore);
+
+ try
+ {
+ CertPathBuilderResult result = pathBuilder.build(params);
+ CertPath path = result.getCertPath();
+ fail("found cert path in circular set");
+ }
+ catch (CertPathBuilderException e)
+ {
+ // expected
+ }
+ }
+
+ public void performTest()
+ throws Exception
+ {
+ CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
+
+ X509Certificate rootCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(rootCertBin));
+ X509Certificate interCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(interCertBin));
+ X509Certificate finalCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(finalCertBin));
+
+ //Testing CertPath generation from List
+ List list = new ArrayList();
+ list.add(interCert);
+ CertPath certPath1 = cf.generateCertPath(list);
+
+ //Testing CertPath encoding as PkiPath
+ byte[] encoded = certPath1.getEncoded("PkiPath");
+
+ //Testing CertPath generation from InputStream
+ ByteArrayInputStream inStream = new ByteArrayInputStream(encoded);
+ CertPath certPath2 = cf.generateCertPath(inStream, "PkiPath");
+
+ //Comparing both CertPathes
+ if (!certPath2.equals(certPath1))
+ {
+ fail("CertPath differ after encoding and decoding.");
+ }
+
+ encoded = certPath1.getEncoded("PKCS7");
+
+ //Testing CertPath generation from InputStream
+ inStream = new ByteArrayInputStream(encoded);
+ certPath2 = cf.generateCertPath(inStream, "PKCS7");
+
+ //Comparing both CertPathes
+ if (!certPath2.equals(certPath1))
+ {
+ fail("CertPath differ after encoding and decoding.");
+ }
+
+ encoded = certPath1.getEncoded("PEM");
+
+ //Testing CertPath generation from InputStream
+ inStream = new ByteArrayInputStream(encoded);
+ certPath2 = cf.generateCertPath(inStream, "PEM");
+
+ //Comparing both CertPathes
+ if (!certPath2.equals(certPath1))
+ {
+ fail("CertPath differ after encoding and decoding.");
+ }
+
+ //
+ // empty list test
+ //
+ list = new ArrayList();
+
+ CertPath certPath = CertificateFactory.getInstance("X.509","BC").generateCertPath(list);
+ if (certPath.getCertificates().size() != 0)
+ {
+ fail("list wrong size.");
+ }
+
+ //
+ // exception tests
+ //
+ testExceptions();
+ }
+
+ public String getName()
+ {
+ return "CertPath";
+ }
+
+ public static void main(
+ String[] args)
+ {
+ Security.addProvider(new BouncyCastleProvider());
+
+ runTest(new CertPathTest());
+ }
+
+ private static class MyCertificate extends Certificate
+ {
+ private final byte[] encoding;
+
+ public MyCertificate(String type, byte[] encoding)
+ {
+ super(type);
+ // don't copy to allow null parameter in test
+ this.encoding = encoding;
+ }
+
+ public byte[] getEncoded() throws CertificateEncodingException
+ {
+ // do copy to force NPE in test
+ return (byte[])encoding.clone();
+ }
+
+ public void verify(PublicKey key) throws CertificateException,
+ NoSuchAlgorithmException, InvalidKeyException,
+ NoSuchProviderException, SignatureException
+ {
+ }
+
+ public void verify(PublicKey key, String sigProvider)
+ throws CertificateException, NoSuchAlgorithmException,
+ InvalidKeyException, NoSuchProviderException,
+ SignatureException
+ {
+ }
+
+ public String toString()
+ {
+ return "[My test Certificate, type: " + getType() + "]";
+ }
+
+ public PublicKey getPublicKey()
+ {
+ return new PublicKey()
+ {
+ public String getAlgorithm()
+ {
+ return "TEST";
+ }
+
+ public byte[] getEncoded()
+ {
+ return new byte[] { (byte)1, (byte)2, (byte)3 };
+ }
+
+ public String getFormat()
+ {
+ return "TEST_FORMAT";
+ }
+ };
+ }
+ }
+
+ private static class MyCertPath extends CertPath
+ {
+ private final Vector certificates;
+
+ private final Vector encodingNames;
+
+ private final byte[] encoding;
+
+ public MyCertPath(byte[] encoding)
+ {
+ super("MyEncoding");
+ this.encoding = encoding;
+ certificates = new Vector();
+ certificates.add(new MyCertificate("MyEncoding", encoding));
+ encodingNames = new Vector();
+ encodingNames.add("MyEncoding");
+ }
+
+ public List getCertificates()
+ {
+ return Collections.unmodifiableList(certificates);
+ }
+
+ public byte[] getEncoded() throws CertificateEncodingException
+ {
+ return (byte[])encoding.clone();
+ }
+
+ public byte[] getEncoded(String encoding)
+ throws CertificateEncodingException
+ {
+ if (getType().equals(encoding))
+ {
+ return (byte[])this.encoding.clone();
+ }
+ throw new CertificateEncodingException("Encoding not supported: "
+ + encoding);
+ }
+
+ public Iterator getEncodings()
+ {
+ return Collections.unmodifiableCollection(encodingNames).iterator();
+ }
+ }
+}
+
diff --git a/pkix/src/test/jdk1.3/org/bouncycastle/cert/test/BcCertTest.java b/pkix/src/test/jdk1.3/org/bouncycastle/cert/test/BcCertTest.java
new file mode 100644
index 00000000..e414c856
--- /dev/null
+++ b/pkix/src/test/jdk1.3/org/bouncycastle/cert/test/BcCertTest.java
@@ -0,0 +1,1418 @@
+package org.bouncycastle.cert.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.math.BigInteger;
+import java.security.SecureRandom;
+import java.security.cert.CRL;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509CRL;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import junit.framework.TestCase;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1Enumerated;
+import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x500.X500NameBuilder;
+import org.bouncycastle.asn1.x500.style.RFC4519Style;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
+import org.bouncycastle.asn1.x509.CRLReason;
+import org.bouncycastle.asn1.x509.Certificate;
+import org.bouncycastle.asn1.x509.Extension;
+import org.bouncycastle.asn1.x509.Extensions;
+import org.bouncycastle.asn1.x509.ExtensionsGenerator;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.asn1.x509.GeneralNames;
+import org.bouncycastle.asn1.x509.KeyPurposeId;
+import org.bouncycastle.asn1.x509.KeyUsage;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.cert.CertException;
+import org.bouncycastle.cert.X509CRLEntryHolder;
+import org.bouncycastle.cert.X509CRLHolder;
+import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.X509v1CertificateBuilder;
+import org.bouncycastle.cert.X509v2CRLBuilder;
+import org.bouncycastle.cert.X509v3CertificateBuilder;
+import org.bouncycastle.cert.bc.BcX509ExtensionUtils;
+import org.bouncycastle.cert.bc.BcX509v1CertificateBuilder;
+import org.bouncycastle.cert.bc.BcX509v3CertificateBuilder;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator;
+import org.bouncycastle.crypto.generators.DSAKeyPairGenerator;
+import org.bouncycastle.crypto.generators.DSAParametersGenerator;
+import org.bouncycastle.crypto.generators.RSAKeyPairGenerator;
+import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
+import org.bouncycastle.crypto.params.DSAKeyGenerationParameters;
+import org.bouncycastle.crypto.params.DSAParameters;
+import org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
+import org.bouncycastle.crypto.params.RSAKeyParameters;
+import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
+import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory;
+import org.bouncycastle.cert.test.PEMData;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.ContentVerifierProvider;
+import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
+import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.operator.bc.BcDSAContentSignerBuilder;
+import org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder;
+import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
+import org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder;
+import org.bouncycastle.util.encoders.Base64;
+
+public class BcCertTest
+ extends TestCase
+{
+ DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder();
+ DefaultDigestAlgorithmIdentifierFinder digAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
+
+ //
+ // server.crt
+ //
+ byte[] cert1 = Base64.decode(
+ "MIIDXjCCAsegAwIBAgIBBzANBgkqhkiG9w0BAQQFADCBtzELMAkGA1UEBhMCQVUx"
+ + "ETAPBgNVBAgTCFZpY3RvcmlhMRgwFgYDVQQHEw9Tb3V0aCBNZWxib3VybmUxGjAY"
+ + "BgNVBAoTEUNvbm5lY3QgNCBQdHkgTHRkMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBB"
+ + "dXRob3JpdHkxFTATBgNVBAMTDENvbm5lY3QgNCBDQTEoMCYGCSqGSIb3DQEJARYZ"
+ + "d2VibWFzdGVyQGNvbm5lY3Q0LmNvbS5hdTAeFw0wMDA2MDIwNzU2MjFaFw0wMTA2"
+ + "MDIwNzU2MjFaMIG4MQswCQYDVQQGEwJBVTERMA8GA1UECBMIVmljdG9yaWExGDAW"
+ + "BgNVBAcTD1NvdXRoIE1lbGJvdXJuZTEaMBgGA1UEChMRQ29ubmVjdCA0IFB0eSBM"
+ + "dGQxFzAVBgNVBAsTDldlYnNlcnZlciBUZWFtMR0wGwYDVQQDExR3d3cyLmNvbm5l"
+ + "Y3Q0LmNvbS5hdTEoMCYGCSqGSIb3DQEJARYZd2VibWFzdGVyQGNvbm5lY3Q0LmNv"
+ + "bS5hdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArvDxclKAhyv7Q/Wmr2re"
+ + "Gw4XL9Cnh9e+6VgWy2AWNy/MVeXdlxzd7QAuc1eOWQkGQEiLPy5XQtTY+sBUJ3AO"
+ + "Rvd2fEVJIcjf29ey7bYua9J/vz5MG2KYo9/WCHIwqD9mmG9g0xLcfwq/s8ZJBswE"
+ + "7sb85VU+h94PTvsWOsWuKaECAwEAAaN3MHUwJAYDVR0RBB0wG4EZd2VibWFzdGVy"
+ + "QGNvbm5lY3Q0LmNvbS5hdTA6BglghkgBhvhCAQ0ELRYrbW9kX3NzbCBnZW5lcmF0"
+ + "ZWQgY3VzdG9tIHNlcnZlciBjZXJ0aWZpY2F0ZTARBglghkgBhvhCAQEEBAMCBkAw"
+ + "DQYJKoZIhvcNAQEEBQADgYEAotccfKpwSsIxM1Hae8DR7M/Rw8dg/RqOWx45HNVL"
+ + "iBS4/3N/TO195yeQKbfmzbAA2jbPVvIvGgTxPgO1MP4ZgvgRhasaa0qCJCkWvpM4"
+ + "yQf33vOiYQbpv4rTwzU8AmRlBG45WdjyNIigGV+oRc61aKCTnLq7zB8N3z1TF/bF"
+ + "5/8=");
+
+ //
+ // ca.crt
+ //
+ byte[] cert2 = Base64.decode(
+ "MIIDbDCCAtWgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBtzELMAkGA1UEBhMCQVUx"
+ + "ETAPBgNVBAgTCFZpY3RvcmlhMRgwFgYDVQQHEw9Tb3V0aCBNZWxib3VybmUxGjAY"
+ + "BgNVBAoTEUNvbm5lY3QgNCBQdHkgTHRkMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBB"
+ + "dXRob3JpdHkxFTATBgNVBAMTDENvbm5lY3QgNCBDQTEoMCYGCSqGSIb3DQEJARYZ"
+ + "d2VibWFzdGVyQGNvbm5lY3Q0LmNvbS5hdTAeFw0wMDA2MDIwNzU1MzNaFw0wMTA2"
+ + "MDIwNzU1MzNaMIG3MQswCQYDVQQGEwJBVTERMA8GA1UECBMIVmljdG9yaWExGDAW"
+ + "BgNVBAcTD1NvdXRoIE1lbGJvdXJuZTEaMBgGA1UEChMRQ29ubmVjdCA0IFB0eSBM"
+ + "dGQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEVMBMGA1UEAxMMQ29u"
+ + "bmVjdCA0IENBMSgwJgYJKoZIhvcNAQkBFhl3ZWJtYXN0ZXJAY29ubmVjdDQuY29t"
+ + "LmF1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgs5ptNG6Qv1ZpCDuUNGmv"
+ + "rhjqMDPd3ri8JzZNRiiFlBA4e6/ReaO1U8ASewDeQMH6i9R6degFdQRLngbuJP0s"
+ + "xcEE+SksEWNvygfzLwV9J/q+TQDyJYK52utb++lS0b48A1KPLwEsyL6kOAgelbur"
+ + "ukwxowprKUIV7Knf1ajetQIDAQABo4GFMIGCMCQGA1UdEQQdMBuBGXdlYm1hc3Rl"
+ + "ckBjb25uZWN0NC5jb20uYXUwDwYDVR0TBAgwBgEB/wIBADA2BglghkgBhvhCAQ0E"
+ + "KRYnbW9kX3NzbCBnZW5lcmF0ZWQgY3VzdG9tIENBIGNlcnRpZmljYXRlMBEGCWCG"
+ + "SAGG+EIBAQQEAwICBDANBgkqhkiG9w0BAQQFAAOBgQCsGvfdghH8pPhlwm1r3pQk"
+ + "msnLAVIBb01EhbXm2861iXZfWqGQjrGAaA0ZpXNk9oo110yxoqEoSJSzniZa7Xtz"
+ + "soTwNUpE0SLHvWf/SlKdFWlzXA+vOZbzEv4UmjeelekTm7lc01EEa5QRVzOxHFtQ"
+ + "DhkaJ8VqOMajkQFma2r9iA==");
+
+ //
+ // testx509.pem
+ //
+ byte[] cert3 = Base64.decode(
+ "MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV"
+ + "BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz"
+ + "MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM"
+ + "RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF"
+ + "AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO"
+ + "/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE"
+ + "Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ"
+ + "zl9HYIMxATFyqSiD9jsx");
+
+ //
+ // v3-cert1.pem
+ //
+ byte[] cert4 = Base64.decode(
+ "MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx"
+ + "NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz"
+ + "dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw"
+ + "ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu"
+ + "ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2"
+ + "ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp"
+ + "miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C"
+ + "AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK"
+ + "Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x"
+ + "DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR"
+ + "MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB"
+ + "AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21"
+ + "X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3"
+ + "WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO");
+
+ //
+ // v3-cert2.pem
+ //
+ byte[] cert5 = Base64.decode(
+ "MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD"
+ + "YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0"
+ + "ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu"
+ + "dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1"
+ + "WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV"
+ + "BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx"
+ + "FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA"
+ + "6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT"
+ + "G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ"
+ + "YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm"
+ + "b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc"
+ + "F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz"
+ + "lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap"
+ + "jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU=");
+
+ //
+ // pem encoded pkcs7
+ //
+ byte[] cert6 = Base64.decode(
+ "MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJbzCCAj0w"
+ + "ggGmAhEAzbp/VvDf5LxU/iKss3KqVTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUG"
+ + "A1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2Vy"
+ + "dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMjgwODAxMjM1OTU5WjBfMQsw"
+ + "CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVi"
+ + "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0A"
+ + "MIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiH"
+ + "mgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNePNGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF"
+ + "4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEwDQYJKoZIhvcNAQECBQADgYEATD+4i8Zo3+5DMw5d"
+ + "6abLB4RNejP/khv0Nq3YlSI2aBFsfELM85wuxAc/FLAPT/+Qknb54rxK6Y/NoIAK98Up8YIiXbix"
+ + "3YEjo3slFUYweRb46gVLlH8dwhzI47f0EEA8E8NfH1PoSOSGtHuhNbB7Jbq4046rPzidADQAmPPR"
+ + "cZQwggMuMIICl6ADAgECAhEA0nYujRQMPX2yqCVdr+4NdTANBgkqhkiG9w0BAQIFADBfMQswCQYD"
+ + "VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGlj"
+ + "IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTgwNTEyMDAwMDAwWhcNMDgwNTEy"
+ + "MjM1OTU5WjCBzDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy"
+ + "dXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5j"
+ + "b3JwLiBCeSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDEgQ0Eg"
+ + "SW5kaXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEgTm90IFZhbGlkYXRlZDCBnzANBgkqhkiG9w0B"
+ + "AQEFAAOBjQAwgYkCgYEAu1pEigQWu1X9A3qKLZRPFXg2uA1Ksm+cVL+86HcqnbnwaLuV2TFBcHqB"
+ + "S7lIE1YtxwjhhEKrwKKSq0RcqkLwgg4C6S/7wju7vsknCl22sDZCM7VuVIhPh0q/Gdr5FegPh7Yc"
+ + "48zGmo5/aiSS4/zgZbqnsX7vyds3ashKyAkG5JkCAwEAAaN8MHowEQYJYIZIAYb4QgEBBAQDAgEG"
+ + "MEcGA1UdIARAMD4wPAYLYIZIAYb4RQEHAQEwLTArBggrBgEFBQcCARYfd3d3LnZlcmlzaWduLmNv"
+ + "bS9yZXBvc2l0b3J5L1JQQTAPBgNVHRMECDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B"
+ + "AQIFAAOBgQCIuDc73dqUNwCtqp/hgQFxHpJqbS/28Z3TymQ43BuYDAeGW4UVag+5SYWklfEXfWe0"
+ + "fy0s3ZpCnsM+tI6q5QsG3vJWKvozx74Z11NMw73I4xe1pElCY+zCphcPXVgaSTyQXFWjZSAA/Rgg"
+ + "5V+CprGoksVYasGNAzzrw80FopCubjCCA/gwggNhoAMCAQICEBbbn/1G1zppD6KsP01bwywwDQYJ"
+ + "KoZIhvcNAQEEBQAwgcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln"
+ + "biBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvUlBB"
+ + "IEluY29ycC4gQnkgUmVmLixMSUFCLkxURChjKTk4MUgwRgYDVQQDEz9WZXJpU2lnbiBDbGFzcyAx"
+ + "IENBIEluZGl2aWR1YWwgU3Vic2NyaWJlci1QZXJzb25hIE5vdCBWYWxpZGF0ZWQwHhcNMDAxMDAy"
+ + "MDAwMDAwWhcNMDAxMjAxMjM1OTU5WjCCAQcxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYD"
+ + "VQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3Jl"
+ + "cG9zaXRvcnkvUlBBIEluY29ycC4gYnkgUmVmLixMSUFCLkxURChjKTk4MR4wHAYDVQQLExVQZXJz"
+ + "b25hIE5vdCBWYWxpZGF0ZWQxJzAlBgNVBAsTHkRpZ2l0YWwgSUQgQ2xhc3MgMSAtIE1pY3Jvc29m"
+ + "dDETMBEGA1UEAxQKRGF2aWQgUnlhbjElMCMGCSqGSIb3DQEJARYWZGF2aWRAbGl2ZW1lZGlhLmNv"
+ + "bS5hdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqxBsdeNmSvFqhMNwhQgNzM8mdjX9eSXb"
+ + "DawpHtQHjmh0AKJSa3IwUY0VIsyZHuXWktO/CgaMBVPt6OVf/n0R2sQigMP6Y+PhEiS0vCJBL9aK"
+ + "0+pOo2qXrjVBmq+XuCyPTnc+BOSrU26tJsX0P9BYorwySiEGxGanBNATdVL4NdUCAwEAAaOBnDCB"
+ + "mTAJBgNVHRMEAjAAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHAQgwKjAoBggrBgEFBQcCARYcaHR0"
+ + "cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTARBglghkgBhvhCAQEEBAMCB4AwMwYDVR0fBCwwKjAo"
+ + "oCagJIYiaHR0cDovL2NybC52ZXJpc2lnbi5jb20vY2xhc3MxLmNybDANBgkqhkiG9w0BAQQFAAOB"
+ + "gQBC8yIIdVGpFTf8/YiL14cMzcmL0nIRm4kGR3U59z7UtcXlfNXXJ8MyaeI/BnXwG/gD5OKYqW6R"
+ + "yca9vZOxf1uoTBl82gInk865ED3Tej6msCqFzZffnSUQvOIeqLxxDlqYRQ6PmW2nAnZeyjcnbI5Y"
+ + "syQSM2fmo7n6qJFP+GbFezGCAkUwggJBAgEBMIHhMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5j"
+ + "LjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWdu"
+ + "LmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UE"
+ + "AxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJbmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3Qg"
+ + "VmFsaWRhdGVkAhAW25/9Rtc6aQ+irD9NW8MsMAkGBSsOAwIaBQCggbowGAYJKoZIhvcNAQkDMQsG"
+ + "CSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDAxMDAyMTczNTE4WjAjBgkqhkiG9w0BCQQxFgQU"
+ + "gZjSaBEY2oxGvlQUIMnxSXhivK8wWwYJKoZIhvcNAQkPMU4wTDAKBggqhkiG9w0DBzAOBggqhkiG"
+ + "9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwBwYFKw4DAh0w"
+ + "DQYJKoZIhvcNAQEBBQAEgYAzk+PU91/ZFfoiuKOECjxEh9fDYE2jfDCheBIgh5gdcCo+sS1WQs8O"
+ + "HreQ9Nop/JdJv1DQMBK6weNBBDoP0EEkRm1XCC144XhXZC82jBZohYmi2WvDbbC//YN58kRMYMyy"
+ + "srrfn4Z9I+6kTriGXkrpGk9Q0LSGjmG2BIsqiF0dvwAAAAAAAA==");
+
+ //
+ // dsaWithSHA1 cert
+ //
+ byte[] cert7 = Base64.decode(
+ "MIIEXAYJKoZIhvcNAQcCoIIETTCCBEkCAQExCzAJBgUrDgMCGgUAMAsGCSqG"
+ + "SIb3DQEHAaCCAsMwggK/MIIB4AIBADCBpwYFKw4DAhswgZ0CQQEkJRHP+mN7"
+ + "d8miwTMN55CUSmo3TO8WGCxgY61TX5k+7NU4XPf1TULjw3GobwaJX13kquPh"
+ + "fVXk+gVy46n4Iw3hAhUBSe/QF4BUj+pJOF9ROBM4u+FEWA8CQQD4mSJbrABj"
+ + "TUWrlnAte8pS22Tq4/FPO7jHSqjijUHfXKTrHL1OEqV3SVWcFy5j/cqBgX/z"
+ + "m8Q12PFp/PjOhh+nMA4xDDAKBgNVBAMTA0lEMzAeFw05NzEwMDEwMDAwMDBa"
+ + "Fw0zODAxMDEwMDAwMDBaMA4xDDAKBgNVBAMTA0lEMzCB8DCBpwYFKw4DAhsw"
+ + "gZ0CQQEkJRHP+mN7d8miwTMN55CUSmo3TO8WGCxgY61TX5k+7NU4XPf1TULj"
+ + "w3GobwaJX13kquPhfVXk+gVy46n4Iw3hAhUBSe/QF4BUj+pJOF9ROBM4u+FE"
+ + "WA8CQQD4mSJbrABjTUWrlnAte8pS22Tq4/FPO7jHSqjijUHfXKTrHL1OEqV3"
+ + "SVWcFy5j/cqBgX/zm8Q12PFp/PjOhh+nA0QAAkEAkYkXLYMtGVGWj9OnzjPn"
+ + "sB9sefSRPrVegZJCZbpW+Iv0/1RP1u04pHG9vtRpIQLjzUiWvLMU9EKQTThc"
+ + "eNMmWDCBpwYFKw4DAhswgZ0CQQEkJRHP+mN7d8miwTMN55CUSmo3TO8WGCxg"
+ + "Y61TX5k+7NU4XPf1TULjw3GobwaJX13kquPhfVXk+gVy46n4Iw3hAhUBSe/Q"
+ + "F4BUj+pJOF9ROBM4u+FEWA8CQQD4mSJbrABjTUWrlnAte8pS22Tq4/FPO7jH"
+ + "SqjijUHfXKTrHL1OEqV3SVWcFy5j/cqBgX/zm8Q12PFp/PjOhh+nAy8AMCwC"
+ + "FBY3dBSdeprGcqpr6wr3xbG+6WW+AhRMm/facKJNxkT3iKgJbp7R8Xd3QTGC"
+ + "AWEwggFdAgEBMBMwDjEMMAoGA1UEAxMDSUQzAgEAMAkGBSsOAwIaBQCgXTAY"
+ + "BgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wMjA1"
+ + "MjQyMzEzMDdaMCMGCSqGSIb3DQEJBDEWBBS4WMsoJhf7CVbZYCFcjoTRzPkJ"
+ + "xjCBpwYFKw4DAhswgZ0CQQEkJRHP+mN7d8miwTMN55CUSmo3TO8WGCxgY61T"
+ + "X5k+7NU4XPf1TULjw3GobwaJX13kquPhfVXk+gVy46n4Iw3hAhUBSe/QF4BU"
+ + "j+pJOF9ROBM4u+FEWA8CQQD4mSJbrABjTUWrlnAte8pS22Tq4/FPO7jHSqji"
+ + "jUHfXKTrHL1OEqV3SVWcFy5j/cqBgX/zm8Q12PFp/PjOhh+nBC8wLQIVALID"
+ + "dt+MHwawrDrwsO1Z6sXBaaJsAhRaKssrpevmLkbygKPV07XiAKBG02Zvb2Jh"
+ + "cg==");
+
+ //
+ // testcrl.pem
+ //
+ byte[] crl1 = Base64.decode(
+ "MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT"
+ + "F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy"
+ + "IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw"
+ + "MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw"
+ + "MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw"
+ + "MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw"
+ + "MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw"
+ + "MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw"
+ + "MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw"
+ + "NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw"
+ + "NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF"
+ + "AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ"
+ + "wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt"
+ + "JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v");
+
+ //
+ // ecdsa cert with extra octet string.
+ //
+ byte[] oldEcdsa = Base64.decode(
+ "MIICljCCAkCgAwIBAgIBATALBgcqhkjOPQQBBQAwgY8xCzAJBgNVBAYTAkFVMSgwJ"
+ + "gYDVQQKEx9UaGUgTGVnaW9uIG9mIHRoZSBCb3VuY3kgQ2FzdGxlMRIwEAYDVQQHEw"
+ + "lNZWxib3VybmUxETAPBgNVBAgTCFZpY3RvcmlhMS8wLQYJKoZIhvcNAQkBFiBmZWV"
+ + "kYmFjay1jcnlwdG9AYm91bmN5Y2FzdGxlLm9yZzAeFw0wMTEyMDcwMTAwMDRaFw0w"
+ + "MTEyMDcwMTAxNDRaMIGPMQswCQYDVQQGEwJBVTEoMCYGA1UEChMfVGhlIExlZ2lvb"
+ + "iBvZiB0aGUgQm91bmN5IENhc3RsZTESMBAGA1UEBxMJTWVsYm91cm5lMREwDwYDVQ"
+ + "QIEwhWaWN0b3JpYTEvMC0GCSqGSIb3DQEJARYgZmVlZGJhY2stY3J5cHRvQGJvdW5"
+ + "jeWNhc3RsZS5vcmcwgeQwgb0GByqGSM49AgEwgbECAQEwKQYHKoZIzj0BAQIef///"
+ + "////////////f///////gAAAAAAAf///////MEAEHn///////////////3///////"
+ + "4AAAAAAAH///////AQeawFsO9zxiUHQ1lSSFHXKcanbL7J9HTd5YYXClCwKBB8CD/"
+ + "qWPNyogWzMM7hkK+35BcPTWFc9Pyf7vTs8uaqvAh5///////////////9///+eXpq"
+ + "fXZBx+9FSJoiQnQsDIgAEHwJbbcU7xholSP+w9nFHLebJUhqdLSU05lq/y9X+DHAw"
+ + "CwYHKoZIzj0EAQUAA0MAMEACHnz6t4UNoVROp74ma4XNDjjGcjaqiIWPZLK8Bdw3G"
+ + "QIeLZ4j3a6ividZl344UH+UPUE7xJxlYGuy7ejTsqRR");
+
+ byte[] keyUsage = Base64.decode(
+ "MIIE7TCCBFagAwIBAgIEOAOR7jANBgkqhkiG9w0BAQQFADCByTELMAkGA1UE"
+ + "BhMCVVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MUgwRgYDVQQLFD93d3cuZW50"
+ + "cnVzdC5uZXQvQ2xpZW50X0NBX0luZm8vQ1BTIGluY29ycC4gYnkgcmVmLiBs"
+ + "aW1pdHMgbGlhYi4xJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExp"
+ + "bWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENsaWVudCBDZXJ0aWZpY2F0"
+ + "aW9uIEF1dGhvcml0eTAeFw05OTEwMTIxOTI0MzBaFw0xOTEwMTIxOTU0MzBa"
+ + "MIHJMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxSDBGBgNV"
+ + "BAsUP3d3dy5lbnRydXN0Lm5ldC9DbGllbnRfQ0FfSW5mby9DUFMgaW5jb3Jw"
+ + "LiBieSByZWYuIGxpbWl0cyBsaWFiLjElMCMGA1UECxMcKGMpIDE5OTkgRW50"
+ + "cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQgQ2xpZW50"
+ + "IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUAA4GL"
+ + "ADCBhwKBgQDIOpleMRffrCdvkHvkGf9FozTC28GoT/Bo6oT9n3V5z8GKUZSv"
+ + "x1cDR2SerYIbWtp/N3hHuzeYEpbOxhN979IMMFGpOZ5V+Pux5zDeg7K6PvHV"
+ + "iTs7hbqqdCz+PzFur5GVbgbUB01LLFZHGARS2g4Qk79jkJvh34zmAqTmT173"
+ + "iwIBA6OCAeAwggHcMBEGCWCGSAGG+EIBAQQEAwIABzCCASIGA1UdHwSCARkw"
+ + "ggEVMIHkoIHhoIHepIHbMIHYMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50"
+ + "cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9DbGllbnRfQ0Ff"
+ + "SW5mby9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjElMCMGA1UE"
+ + "CxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50"
+ + "cnVzdC5uZXQgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MQ0wCwYD"
+ + "VQQDEwRDUkwxMCygKqAohiZodHRwOi8vd3d3LmVudHJ1c3QubmV0L0NSTC9D"
+ + "bGllbnQxLmNybDArBgNVHRAEJDAigA8xOTk5MTAxMjE5MjQzMFqBDzIwMTkx"
+ + "MDEyMTkyNDMwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUxPucKXuXzUyW"
+ + "/O5bs8qZdIuV6kwwHQYDVR0OBBYEFMT7nCl7l81MlvzuW7PKmXSLlepMMAwG"
+ + "A1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI"
+ + "hvcNAQEEBQADgYEAP66K8ddmAwWePvrqHEa7pFuPeJoSSJn59DXeDDYHAmsQ"
+ + "OokUgZwxpnyyQbJq5wcBoUv5nyU7lsqZwz6hURzzwy5E97BnRqqS5TvaHBkU"
+ + "ODDV4qIxJS7x7EU47fgGWANzYrAQMY9Av2TgXD7FTx/aEkP/TOYGJqibGapE"
+ + "PHayXOw=");
+
+ byte[] nameCert = Base64.decode(
+ "MIIEFjCCA3+gAwIBAgIEdS8BozANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJE"+
+ "RTERMA8GA1UEChQIREFURVYgZUcxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRQ0Eg"+
+ "REFURVYgRDAzIDE6UE4wIhgPMjAwMTA1MTAxMDIyNDhaGA8yMDA0MDUwOTEwMjI0"+
+ "OFowgYQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIFAZCYXllcm4xEjAQBgNVBAcUCU7I"+
+ "dXJuYmVyZzERMA8GA1UEChQIREFURVYgZUcxHTAbBgNVBAUTFDAwMDAwMDAwMDA4"+
+ "OTU3NDM2MDAxMR4wHAYDVQQDFBVEaWV0bWFyIFNlbmdlbmxlaXRuZXIwgaEwDQYJ"+
+ "KoZIhvcNAQEBBQADgY8AMIGLAoGBAJLI/LJLKaHoMk8fBECW/od8u5erZi6jI8Ug"+
+ "C0a/LZyQUO/R20vWJs6GrClQtXB+AtfiBSnyZOSYzOdfDI8yEKPEv8qSuUPpOHps"+
+ "uNCFdLZF1vavVYGEEWs2+y+uuPmg8q1oPRyRmUZ+x9HrDvCXJraaDfTEd9olmB/Z"+
+ "AuC/PqpjAgUAwAAAAaOCAcYwggHCMAwGA1UdEwEB/wQCMAAwDwYDVR0PAQH/BAUD"+
+ "AwdAADAxBgNVHSAEKjAoMCYGBSskCAEBMB0wGwYIKwYBBQUHAgEWD3d3dy56cy5k"+
+ "YXRldi5kZTApBgNVHREEIjAggR5kaWV0bWFyLnNlbmdlbmxlaXRuZXJAZGF0ZXYu"+
+ "ZGUwgYQGA1UdIwR9MHuhc6RxMG8xCzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1"+
+ "bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0"+
+ "MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjVSLUNBIDE6UE6CBACm8LkwDgYHAoIG"+
+ "AQoMAAQDAQEAMEcGA1UdHwRAMD4wPKAUoBKGEHd3dy5jcmwuZGF0ZXYuZGWiJKQi"+
+ "MCAxCzAJBgNVBAYTAkRFMREwDwYDVQQKFAhEQVRFViBlRzAWBgUrJAgDBAQNMAsT"+
+ "A0VVUgIBBQIBATAdBgNVHQ4EFgQUfv6xFP0xk7027folhy+ziZvBJiwwLAYIKwYB"+
+ "BQUHAQEEIDAeMBwGCCsGAQUFBzABhhB3d3cuZGlyLmRhdGV2LmRlMA0GCSqGSIb3"+
+ "DQEBBQUAA4GBAEOVX6uQxbgtKzdgbTi6YLffMftFr2mmNwch7qzpM5gxcynzgVkg"+
+ "pnQcDNlm5AIbS6pO8jTCLfCd5TZ5biQksBErqmesIl3QD+VqtB+RNghxectZ3VEs"+
+ "nCUtcE7tJ8O14qwCb3TxS9dvIUFiVi4DjbxX46TdcTbTaK8/qr6AIf+l");
+
+ byte[] probSelfSignedCert = Base64.decode(
+ "MIICxTCCAi6gAwIBAgIQAQAAAAAAAAAAAAAAAAAAATANBgkqhkiG9w0BAQUFADBF"
+ + "MScwJQYDVQQKEx4gRElSRUNUSU9OIEdFTkVSQUxFIERFUyBJTVBPVFMxGjAYBgNV"
+ + "BAMTESBBQyBNSU5FRkkgQiBURVNUMB4XDTA0MDUwNzEyMDAwMFoXDTE0MDUwNzEy"
+ + "MDAwMFowRTEnMCUGA1UEChMeIERJUkVDVElPTiBHRU5FUkFMRSBERVMgSU1QT1RT"
+ + "MRowGAYDVQQDExEgQUMgTUlORUZJIEIgVEVTVDCBnzANBgkqhkiG9w0BAQEFAAOB"
+ + "jQAwgYkCgYEAveoCUOAukZdcFCs2qJk76vSqEX0ZFzHqQ6faBPZWjwkgUNwZ6m6m"
+ + "qWvvyq1cuxhoDvpfC6NXILETawYc6MNwwxsOtVVIjuXlcF17NMejljJafbPximEt"
+ + "DQ4LcQeSp4K7FyFlIAMLyt3BQ77emGzU5fjFTvHSUNb3jblx0sV28c0CAwEAAaOB"
+ + "tTCBsjAfBgNVHSMEGDAWgBSEJ4bLbvEQY8cYMAFKPFD1/fFXlzAdBgNVHQ4EFgQU"
+ + "hCeGy27xEGPHGDABSjxQ9f3xV5cwDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIB"
+ + "AQQEAwIBBjA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vYWRvbmlzLnBrNy5jZXJ0"
+ + "cGx1cy5uZXQvZGdpLXRlc3QuY3JsMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN"
+ + "AQEFBQADgYEAmToHJWjd3+4zknfsP09H6uMbolHNGG0zTS2lrLKpzcmkQfjhQpT9"
+ + "LUTBvfs1jdjo9fGmQLvOG+Sm51Rbjglb8bcikVI5gLbclOlvqLkm77otjl4U4Z2/"
+ + "Y0vP14Aov3Sn3k+17EfReYUZI4liuB95ncobC4e8ZM++LjQcIM0s+Vs=");
+
+
+ byte[] gost34102001base = Base64.decode(
+ "MIIB1DCCAYECEEjpVKXP6Wn1yVz3VeeDQa8wCgYGKoUDAgIDBQAwbTEfMB0G"
+ + "A1UEAwwWR29zdFIzNDEwLTIwMDEgZXhhbXBsZTESMBAGA1UECgwJQ3J5cHRv"
+ + "UHJvMQswCQYDVQQGEwJSVTEpMCcGCSqGSIb3DQEJARYaR29zdFIzNDEwLTIw"
+ + "MDFAZXhhbXBsZS5jb20wHhcNMDUwMjAzMTUxNjQ2WhcNMTUwMjAzMTUxNjQ2"
+ + "WjBtMR8wHQYDVQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQK"
+ + "DAlDcnlwdG9Qcm8xCzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0"
+ + "UjM0MTAtMjAwMUBleGFtcGxlLmNvbTBjMBwGBiqFAwICEzASBgcqhQMCAiQA"
+ + "BgcqhQMCAh4BA0MABECElWh1YAIaQHUIzROMMYks/eUFA3pDXPRtKw/nTzJ+"
+ + "V4/rzBa5lYgD0Jp8ha4P5I3qprt+VsfLsN8PZrzK6hpgMAoGBiqFAwICAwUA"
+ + "A0EAHw5dw/aw/OiNvHyOE65kvyo4Hp0sfz3csM6UUkp10VO247ofNJK3tsLb"
+ + "HOLjUaqzefrlGb11WpHYrvWFg+FcLA==");
+
+ private final byte[] emptyDNCert = Base64.decode(
+ "MIICfTCCAeagAwIBAgIBajANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJVUzEMMAoGA1UEChMD"
+ + "Q0RXMQkwBwYDVQQLEwAxCTAHBgNVBAcTADEJMAcGA1UECBMAMRowGAYDVQQDExFUZW1wbGFyIFRl"
+ + "c3QgMTAyNDEiMCAGCSqGSIb3DQEJARYTdGVtcGxhcnRlc3RAY2R3LmNvbTAeFw0wNjA1MjIwNTAw"
+ + "MDBaFw0xMDA1MjIwNTAwMDBaMHwxCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNDRFcxCTAHBgNVBAsT"
+ + "ADEJMAcGA1UEBxMAMQkwBwYDVQQIEwAxGjAYBgNVBAMTEVRlbXBsYXIgVGVzdCAxMDI0MSIwIAYJ"
+ + "KoZIhvcNAQkBFhN0ZW1wbGFydGVzdEBjZHcuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB"
+ + "gQDH3aJpJBfM+A3d84j5YcU6zEQaQ76u5xO9NSBmHjZykKS2kCcUqPpvVOPDA5WgV22dtKPh+lYV"
+ + "iUp7wyCVwAKibq8HIbihHceFqMKzjwC639rMoDJ7bi/yzQWz1Zg+075a4FGPlUKn7Yfu89wKkjdW"
+ + "wDpRPXc/agqBnrx5pJTXzQIDAQABow8wDTALBgNVHQ8EBAMCALEwDQYJKoZIhvcNAQEEBQADgYEA"
+ + "RRsRsjse3i2/KClFVd6YLZ+7K1BE0WxFyY2bbytkwQJSxvv3vLSuweFUbhNxutb68wl/yW4GLy4b"
+ + "1QdyswNxrNDXTuu5ILKhRDDuWeocz83aG2KGtr3JlFyr3biWGEyn5WUOE6tbONoQDJ0oPYgI6CAc"
+ + "EHdUp0lioOCt6UOw7Cs=");
+
+ private AsymmetricKeyParameter dudPublicKey = new AsymmetricKeyParameter(true)
+ {
+ public String getAlgorithm()
+ {
+ return null;
+ }
+
+ public String getFormat()
+ {
+ return null;
+ }
+
+ public byte[] getEncoded()
+ {
+ return null;
+ }
+
+ };
+
+ public String getName()
+ {
+ return "CertTest";
+ }
+
+ public void checkCertificate(
+ int id,
+ byte[] bytes)
+ {
+ try
+ {
+ X509CertificateHolder certHldr = new X509CertificateHolder(bytes);
+
+ SubjectPublicKeyInfo k = certHldr.getSubjectPublicKeyInfo();
+ // System.out.println(cert);
+ }
+ catch (Exception e)
+ {
+ fail(e.toString());
+ }
+ }
+ /*
+ public void checkNameCertificate(
+ int id,
+ byte[] bytes)
+ {
+ ByteArrayInputStream bIn;
+ String dump = "";
+
+ try
+ {
+ bIn = new ByteArrayInputStream(bytes);
+
+ CertificateFactory fact = CertificateFactory.getInstance("X.509", "LKBX-BC");
+
+ X509Certificate cert = (X509Certificate)fact.generateCertificate(bIn);
+
+ AsymmetricKeyParameter k = cert.getAsymmetricKeyParameter();
+ if (!cert.getIssuerDN().toString().equals("C=DE,O=DATEV eG,0.2.262.1.10.7.20=1+CN=CA DATEV D03 1:PN"))
+ {
+ fail(id + " failed - name test.");
+ }
+ // System.out.println(cert);
+ }
+ catch (Exception e)
+ {
+ fail(dump + System.getProperty("line.separator") + getName() + ": "+ id + " failed - exception " + e.toString(), e);
+ }
+
+ }
+ */
+ public void checkKeyUsage(
+ int id,
+ byte[] bytes)
+ throws IOException
+ {
+
+ X509CertificateHolder certHld = new X509CertificateHolder(bytes);
+
+ if ((DERBitString.getInstance(certHld.getExtension(Extension.keyUsage).getParsedValue()).getBytes()[0] & 0x01) != 0)
+ {
+ fail("error generating cert - key usage wrong.");
+ }
+
+
+ }
+
+
+ public void checkSelfSignedCertificate(
+ int id,
+ byte[] bytes)
+ throws OperatorCreationException, IOException, CertException
+ {
+
+ X509CertificateHolder certHolder = new X509CertificateHolder(bytes);
+
+ assertTrue(certHolder.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(certHolder)));
+
+
+ }
+
+ /**
+ * we generate a self signed certificate for the sake of testing - RSA
+ */
+ public void checkCreation1()
+ throws Exception
+ {
+ //
+ // a sample key pair.
+ //
+ AsymmetricKeyParameter pubKey = new RSAKeyParameters(
+ false,
+ new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
+ new BigInteger("11", 16));
+
+ AsymmetricKeyParameter privKey = new RSAPrivateCrtKeyParameters(
+ new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
+ new BigInteger("11", 16),
+ new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
+ new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
+ new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
+ new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
+ new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
+ new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
+
+ //
+ // distinguished name table.
+ //
+ X500NameBuilder builder = new X500NameBuilder(RFC4519Style.INSTANCE);
+
+ builder.addRDN(RFC4519Style.c, "AU");
+ builder.addRDN(RFC4519Style.o, "The Legion of the Bouncy Castle");
+ builder.addRDN(RFC4519Style.l, "Melbourne");
+ builder.addRDN(RFC4519Style.st, "Victoria");
+ builder.addRDN(PKCSObjectIdentifiers.pkcs_9_at_emailAddress, "feedback-crypto@bouncycastle.org");
+
+ //
+ // extensions
+ //
+
+ //
+ // create the certificate - version 3 - without extensions
+ //
+ AlgorithmIdentifier sigAlg = sigAlgFinder.find("SHA256WithRSAEncryption");
+ ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlg, digAlgFinder.find(sigAlg)).build(privKey);
+ X509v3CertificateBuilder certGen = new BcX509v3CertificateBuilder(builder.build(), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - 50000), new Date(System.currentTimeMillis() + 50000),builder.build(), pubKey);
+
+ X509CertificateHolder certH = certGen.build(sigGen);
+
+ assertTrue(certH.isValidOn(new Date()));
+
+ ContentVerifierProvider contentVerifierProvider = new BcRSAContentVerifierProviderBuilder(new DefaultDigestAlgorithmIdentifierFinder()).build(pubKey);
+
+ assertTrue(certH.isSignatureValid(contentVerifierProvider));
+
+ X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certH);
+ Set dummySet = cert.getNonCriticalExtensionOIDs();
+ if (dummySet != null)
+ {
+ fail("non-critical oid set should be null");
+ }
+ dummySet = cert.getCriticalExtensionOIDs();
+ if (dummySet != null)
+ {
+ fail("critical oid set should be null");
+ }
+
+ //
+ // create the certificate - version 3 - with extensions
+ //
+ sigGen = new BcRSAContentSignerBuilder(sigAlgFinder.find("MD5WithRSA"), digAlgFinder.find(sigAlgFinder.find("MD5withRSA"))).build(privKey);
+ certGen = new BcX509v3CertificateBuilder(builder.build(), BigInteger.valueOf(1)
+ , new Date(System.currentTimeMillis() - 50000)
+ , new Date(System.currentTimeMillis() + 50000)
+ , builder.build()
+ , pubKey)
+ .addExtension(new ASN1ObjectIdentifier("2.5.29.15"), true,
+ new KeyUsage(KeyUsage.encipherOnly))
+ .addExtension(new ASN1ObjectIdentifier("2.5.29.37"), true,
+ new DERSequence(KeyPurposeId.anyExtendedKeyUsage))
+ .addExtension(new ASN1ObjectIdentifier("2.5.29.17"), true,
+ new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test")));
+
+ X509CertificateHolder certHolder = certGen.build(sigGen);
+
+ assertTrue(certHolder.isValidOn(new Date()));
+
+ contentVerifierProvider = new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey);
+ if (!certHolder.isSignatureValid(contentVerifierProvider))
+ {
+ fail("signature test failed");
+ }
+
+ ByteArrayInputStream bIn = new ByteArrayInputStream(certHolder.getEncoded());
+ CertificateFactory certFact = CertificateFactory.getInstance("X.509");
+
+ cert = (X509Certificate)certFact.generateCertificate(bIn);
+
+ if (!cert.getKeyUsage()[7])
+ {
+ fail("error generating cert - key usage wrong.");
+ }
+
+ // System.out.println(cert);
+
+ //
+ // create the certificate - version 1
+ //
+ sigGen = new BcRSAContentSignerBuilder(sigAlgFinder.find("MD5WithRSA"), digAlgFinder.find(sigAlgFinder.find("MD5withRSA"))).build(privKey);
+ X509v1CertificateBuilder certGen1 = new BcX509v1CertificateBuilder(builder.build(), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey);
+
+ cert = new JcaX509CertificateConverter().getCertificate(certGen1.build(sigGen));
+
+ assertTrue(certHolder.isValidOn(new Date()));
+
+ contentVerifierProvider = new BcRSAContentVerifierProviderBuilder(new DefaultDigestAlgorithmIdentifierFinder()).build(pubKey);
+
+ assertTrue(certHolder.isSignatureValid(contentVerifierProvider));
+
+ bIn = new ByteArrayInputStream(cert.getEncoded());
+ certFact = CertificateFactory.getInstance("X.509");
+
+ cert = (X509Certificate)certFact.generateCertificate(bIn);
+
+ // System.out.println(cert);
+ if (!cert.getIssuerDN().equals(cert.getSubjectDN()))
+ {
+ fail("name comparison fails");
+ }
+
+//
+ // a lightweight key pair.
+ //
+ RSAKeyParameters lwPubKey = new RSAKeyParameters(
+ false,
+ new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
+ new BigInteger("11", 16));
+
+ RSAPrivateCrtKeyParameters lwPrivKey = new RSAPrivateCrtKeyParameters(
+ new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
+ new BigInteger("11", 16),
+ new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
+ new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
+ new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
+ new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
+ new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
+ new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
+
+ //
+ // distinguished name table.
+ //
+ builder = new X500NameBuilder(RFC4519Style.INSTANCE);
+
+ builder.addRDN(RFC4519Style.c, "AU");
+ builder.addRDN(RFC4519Style.o, "The Legion of the Bouncy Castle");
+ builder.addRDN(RFC4519Style.l, "Melbourne");
+ builder.addRDN(RFC4519Style.st, "Victoria");
+ builder.addRDN(PKCSObjectIdentifiers.pkcs_9_at_emailAddress, "feedback-crypto@bouncycastle.org");
+
+ //
+ // extensions
+ //
+
+ //
+ // create the certificate - version 3 - without extensions
+ //
+ AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption");
+ AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
+
+ sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(lwPrivKey);
+ SubjectPublicKeyInfo pubInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(lwPubKey);
+ certGen = new X509v3CertificateBuilder(builder.build(), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - 50000), new Date(System.currentTimeMillis() + 50000), builder.build(), pubInfo);
+
+ certHolder = certGen.build(sigGen);
+
+ assertTrue(certHolder.isValidOn(new Date()));
+
+ contentVerifierProvider = new BcRSAContentVerifierProviderBuilder(new DefaultDigestAlgorithmIdentifierFinder()).build(lwPubKey);
+
+ assertTrue(certHolder.isSignatureValid(contentVerifierProvider));
+
+ if (!certHolder.isSignatureValid(contentVerifierProvider))
+ {
+ fail("lw sig verification failed");
+ }
+ }
+
+ /**
+ * we generate a self signed certificate for the sake of testing - DSA
+ */
+ public void checkCreation2()
+ throws Exception
+ {
+ //
+ // set up the keys
+ //
+ AsymmetricKeyParameter privKey;
+ AsymmetricKeyParameter pubKey;
+
+ AsymmetricCipherKeyPairGenerator kpg = new DSAKeyPairGenerator();
+ BigInteger r = new BigInteger("68076202252361894315274692543577577550894681403");
+ BigInteger s = new BigInteger("1089214853334067536215539335472893651470583479365");
+ DSAParametersGenerator pGen = new DSAParametersGenerator();
+
+ pGen.init(512, 80, new SecureRandom());
+
+ DSAParameters params = pGen.generateParameters();
+ DSAKeyGenerationParameters genParam = new DSAKeyGenerationParameters(new SecureRandom(), params);
+
+ kpg.init(genParam);
+
+ AsymmetricCipherKeyPair pair = kpg.generateKeyPair();
+
+ privKey = (AsymmetricKeyParameter)pair.getPrivate();
+ pubKey = (AsymmetricKeyParameter)pair.getPublic();
+
+ //
+ // distinguished name table.
+ //
+ X500NameBuilder builder = createStdBuilder();
+
+ //
+ // extensions
+ //
+
+ //
+ // create the certificate - version 3
+ //
+ AlgorithmIdentifier sigAlgId = sigAlgFinder.find("SHA1withDSA");
+ AlgorithmIdentifier digAlgId = digAlgFinder.find(sigAlgId);
+
+ ContentSigner sigGen = new BcDSAContentSignerBuilder(sigAlgId, digAlgId).build(privKey);
+ X509v3CertificateBuilder certGen = new BcX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey);
+
+
+ X509CertificateHolder cert = certGen.build(sigGen);
+
+ assertTrue(cert.isValidOn(new Date()));
+
+ assertTrue(cert.isSignatureValid(new BcDSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey)));
+
+
+ //
+ // create the certificate - version 1
+ //
+ sigAlgId = sigAlgFinder.find("SHA1withDSA");
+ digAlgId = digAlgFinder.find(sigAlgId);
+
+ sigGen = new BcDSAContentSignerBuilder(sigAlgId, digAlgId).build(privKey);
+ X509v1CertificateBuilder certGen1 = new BcX509v1CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey);
+
+ cert = certGen1.build(sigGen);
+
+ assertTrue(cert.isValidOn(new Date()));
+
+ assertTrue(cert.isSignatureValid(new BcDSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey)));
+
+ ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded());
+ CertificateFactory fact = CertificateFactory.getInstance("X.509");
+
+ X509Certificate x509cert = (X509Certificate)fact.generateCertificate(bIn);
+
+ //System.out.println(cert);
+ }
+
+ private X500NameBuilder createStdBuilder()
+ {
+ X500NameBuilder builder = new X500NameBuilder(RFC4519Style.INSTANCE);
+
+ builder.addRDN(RFC4519Style.c, "AU");
+ builder.addRDN(RFC4519Style.o, "The Legion of the Bouncy Castle");
+ builder.addRDN(RFC4519Style.l, "Melbourne");
+ builder.addRDN(RFC4519Style.st, "Victoria");
+ builder.addRDN(PKCSObjectIdentifiers.pkcs_9_at_emailAddress, "feedback-crypto@bouncycastle.org");
+
+ return builder;
+ }
+
+ private void checkCRL(
+ int id,
+ byte[] bytes)
+ {
+ String dump = "";
+
+ try
+ {
+ X509CRLHolder crlHolder = new X509CRLHolder(bytes);
+
+ }
+ catch (Exception e)
+ {
+ fail(dump + System.getProperty("line.separator") + getName() + ": "+ id + " failed - exception " + e.toString());
+ }
+
+ }
+
+ public void checkCRLCreation1()
+ throws Exception
+ {
+ AsymmetricCipherKeyPairGenerator kpg = new RSAKeyPairGenerator();
+ RSAKeyGenerationParameters genParam = new RSAKeyGenerationParameters(
+ BigInteger.valueOf(0x1001), new SecureRandom(), 1024, 25);
+
+ kpg.init(genParam);
+
+ AsymmetricCipherKeyPair pair = kpg.generateKeyPair();
+ Date now = new Date();
+
+ X509v2CRLBuilder crlGen = new X509v2CRLBuilder(new X500Name("CN=Test CA"), now);
+
+ BcX509ExtensionUtils extFact = new BcX509ExtensionUtils(new SHA1DigestCalculator());
+
+ crlGen.setNextUpdate(new Date(now.getTime() + 100000));
+
+ crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn);
+
+ crlGen.addExtension(Extension.authorityKeyIdentifier, false, extFact.createAuthorityKeyIdentifier(pair.getPublic()));
+
+ AlgorithmIdentifier sigAlg = sigAlgFinder.find("SHA256withRSAEncryption");
+ AlgorithmIdentifier digAlg = digAlgFinder.find(sigAlg);
+
+ X509CRLHolder crl = crlGen.build(new BcRSAContentSignerBuilder(sigAlg, digAlg).build(pair.getPrivate()));
+
+ if (!crl.getIssuer().equals(new X500Name("CN=Test CA")))
+ {
+ fail("failed CRL issuer test");
+ }
+
+ Extension authExt = crl.getExtension(Extension.authorityKeyIdentifier);
+
+ if (authExt == null)
+ {
+ fail("failed to find CRL extension");
+ }
+
+ AuthorityKeyIdentifier authId = AuthorityKeyIdentifier.getInstance(authExt.getParsedValue());
+
+ X509CRLEntryHolder entry = crl.getRevokedCertificate(BigInteger.ONE);
+
+ if (entry == null)
+ {
+ fail("failed to find CRL entry");
+ }
+
+ if (!entry.getSerialNumber().equals(BigInteger.ONE))
+ {
+ fail("CRL cert serial number does not match");
+ }
+
+ if (!entry.hasExtensions())
+ {
+ fail("CRL entry extension not found");
+ }
+
+ Extension ext = entry.getExtension(Extension.reasonCode);
+
+ if (ext != null)
+ {
+ ASN1Enumerated reasonCode = ASN1Enumerated.getInstance(ext.getParsedValue());
+
+ if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
+ {
+ fail("CRL entry reasonCode wrong");
+ }
+ }
+ else
+ {
+ fail("CRL entry reasonCode not found");
+ }
+ }
+
+ public void checkCRLCreation2()
+ throws Exception
+ {
+ AsymmetricCipherKeyPairGenerator kpg = new RSAKeyPairGenerator();
+ RSAKeyGenerationParameters genParam = new RSAKeyGenerationParameters(
+ BigInteger.valueOf(0x1001), new SecureRandom(), 1024, 25);
+
+ kpg.init(genParam);
+
+ AsymmetricCipherKeyPair pair = kpg.generateKeyPair();
+ Date now = new Date();
+
+ X509v2CRLBuilder crlGen = new X509v2CRLBuilder(new X500Name("CN=Test CA"), now);
+
+ crlGen.setNextUpdate(new Date(now.getTime() + 100000));
+
+ ExtensionsGenerator extGen = new ExtensionsGenerator();
+
+ CRLReason crlReason = CRLReason.lookup(CRLReason.privilegeWithdrawn);
+
+ extGen.addExtension(Extension.reasonCode, false, crlReason);
+
+ BcX509ExtensionUtils extFact = new BcX509ExtensionUtils(new SHA1DigestCalculator());
+
+ crlGen.addCRLEntry(BigInteger.ONE, now, extGen.generate());
+
+ crlGen.addExtension(Extension.authorityKeyIdentifier, false, extFact.createAuthorityKeyIdentifier((AsymmetricKeyParameter)pair.getPublic()));
+
+ AlgorithmIdentifier sigAlg = sigAlgFinder.find("SHA256withRSAEncryption");
+ AlgorithmIdentifier digAlg = digAlgFinder.find(sigAlg);
+
+ X509CRLHolder crlHolder = crlGen.build(new BcRSAContentSignerBuilder(sigAlg, digAlg).build((AsymmetricKeyParameter)pair.getPrivate()));
+
+ if (!crlHolder.getIssuer().equals(new X500Name("CN=Test CA")))
+ {
+ fail("failed CRL issuer test");
+ }
+
+ Extension authExt = crlHolder.getExtension(Extension.authorityKeyIdentifier);
+
+ if (authExt == null)
+ {
+ fail("failed to find CRL extension");
+ }
+
+ AuthorityKeyIdentifier authId = AuthorityKeyIdentifier.getInstance(authExt.getParsedValue());
+
+ X509CRLEntryHolder entry = crlHolder.getRevokedCertificate(BigInteger.ONE);
+
+ if (entry == null)
+ {
+ fail("failed to find CRL entry");
+ }
+
+ if (!entry.getSerialNumber().equals(BigInteger.ONE))
+ {
+ fail("CRL cert serial number does not match");
+ }
+
+ if (!entry.hasExtensions())
+ {
+ fail("CRL entry extension not found");
+ }
+
+ Extension ext = entry.getExtension(Extension.reasonCode);
+
+ if (ext != null)
+ {
+ ASN1Enumerated reasonCode = ASN1Enumerated.getInstance(ext.getParsedValue());
+
+ if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
+ {
+ fail("CRL entry reasonCode wrong");
+ }
+ }
+ else
+ {
+ fail("CRL entry reasonCode not found");
+ }
+ }
+
+ public void checkCRLCreation3()
+ throws Exception
+ {
+ AsymmetricCipherKeyPairGenerator kpg = new RSAKeyPairGenerator();
+ RSAKeyGenerationParameters genParam = new RSAKeyGenerationParameters(
+ BigInteger.valueOf(0x1001), new SecureRandom(), 1024, 25);
+
+ kpg.init(genParam);
+
+ AsymmetricCipherKeyPair pair = kpg.generateKeyPair();
+ Date now = new Date();
+ X509v2CRLBuilder crlGen = new X509v2CRLBuilder(new X500Name("CN=Test CA"), now);
+
+ crlGen.setNextUpdate(new Date(now.getTime() + 100000));
+
+ ExtensionsGenerator extGen = new ExtensionsGenerator();
+
+ CRLReason crlReason = CRLReason.lookup(CRLReason.privilegeWithdrawn);
+
+ extGen.addExtension(Extension.reasonCode, false, crlReason);
+
+ BcX509ExtensionUtils extFact = new BcX509ExtensionUtils(new SHA1DigestCalculator());
+
+ Extensions entryExtensions = extGen.generate();
+
+ crlGen.addCRLEntry(BigInteger.ONE, now, entryExtensions);
+
+ crlGen.addExtension(Extension.authorityKeyIdentifier, false, extFact.createAuthorityKeyIdentifier((AsymmetricKeyParameter)pair.getPublic()));
+
+ AlgorithmIdentifier sigAlg = sigAlgFinder.find("SHA256withRSAEncryption");
+ AlgorithmIdentifier digAlg = digAlgFinder.find(sigAlg);
+
+ X509CRLHolder crlHolder = crlGen.build(new BcRSAContentSignerBuilder(sigAlg, digAlg).build((AsymmetricKeyParameter)pair.getPrivate()));
+
+ if (!crlHolder.getIssuer().equals(new X500Name("CN=Test CA")))
+ {
+ fail("failed CRL issuer test");
+ }
+
+ Extension authExt = crlHolder.getExtension(Extension.authorityKeyIdentifier);
+
+ if (authExt == null)
+ {
+ fail("failed to find CRL extension");
+ }
+
+ AuthorityKeyIdentifier authId = AuthorityKeyIdentifier.getInstance(authExt.getParsedValue());
+
+ X509CRLEntryHolder entry = crlHolder.getRevokedCertificate(BigInteger.ONE);
+
+ if (entry == null)
+ {
+ fail("failed to find CRL entry");
+ }
+
+ if (!entry.getSerialNumber().equals(BigInteger.ONE))
+ {
+ fail("CRL cert serial number does not match");
+ }
+
+ if (!entry.hasExtensions())
+ {
+ fail("CRL entry extension not found");
+ }
+
+ Extension ext = entry.getExtension(Extension.reasonCode);
+
+ if (ext != null)
+ {
+ ASN1Enumerated reasonCode = ASN1Enumerated.getInstance(ext.getParsedValue());
+
+ if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
+ {
+ fail("CRL entry reasonCode wrong");
+ }
+ }
+ else
+ {
+ fail("CRL entry reasonCode not found");
+ }
+
+ //
+ // check loading of existing CRL
+ //
+ now = new Date();
+ crlGen = new X509v2CRLBuilder(new X500Name("CN=Test CA"), now);
+
+ crlGen.setNextUpdate(new Date(now.getTime() + 100000));
+
+ crlGen.addCRL(crlHolder);
+
+ crlGen.addCRLEntry(BigInteger.valueOf(2), now, entryExtensions);
+
+ crlGen.addExtension(Extension.authorityKeyIdentifier, false, extFact.createAuthorityKeyIdentifier(pair.getPublic()));
+
+ crlHolder = crlGen.build(new BcRSAContentSignerBuilder(sigAlg, digAlg).build(pair.getPrivate()));
+
+ int count = 0;
+ boolean oneFound = false;
+ boolean twoFound = false;
+
+ Iterator it = crlHolder.getRevokedCertificates().iterator();
+ while (it.hasNext())
+ {
+ X509CRLEntryHolder crlEnt = (X509CRLEntryHolder)it.next();
+
+ if (crlEnt.getSerialNumber().intValue() == 1)
+ {
+ oneFound = true;
+ Extension extn = crlEnt.getExtension(Extension.reasonCode);
+
+ if (extn != null)
+ {
+ ASN1Enumerated reasonCode = ASN1Enumerated.getInstance(extn.getParsedValue());
+
+ if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
+ {
+ fail("CRL entry reasonCode wrong on recheck");
+ }
+ }
+ else
+ {
+ fail("CRL entry reasonCode not found on recheck");
+ }
+ }
+ else if (crlEnt.getSerialNumber().intValue() == 2)
+ {
+ twoFound = true;
+ }
+
+ count++;
+ }
+
+ if (count != 2)
+ {
+ fail("wrong number of CRLs found, got: " + count);
+ }
+
+ if (!oneFound || !twoFound)
+ {
+ fail("wrong CRLs found in copied list");
+ }
+
+ //
+ // check factory read back
+ //
+ CertificateFactory cFact = CertificateFactory.getInstance("X.509");
+
+ X509CRL readCrl = (X509CRL)cFact.generateCRL(new ByteArrayInputStream(crlHolder.getEncoded()));
+
+ if (readCrl == null)
+ {
+ fail("crl not returned!");
+ }
+
+ Collection col = cFact.generateCRLs(new ByteArrayInputStream(crlHolder.getEncoded()));
+
+ if (col.size() != 1)
+ {
+ fail("wrong number of CRLs found in collection");
+ }
+ }
+
+ public void checkCreation5()
+ throws Exception
+ {
+ //
+ // a sample key pair.
+ //
+ AsymmetricKeyParameter pubKey = new RSAKeyParameters(
+ false,
+ new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
+ new BigInteger("11", 16));
+
+ AsymmetricKeyParameter privKey = new RSAPrivateCrtKeyParameters(
+ new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
+ new BigInteger("11", 16),
+ new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
+ new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
+ new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
+ new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
+ new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
+ new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
+
+ //
+ // set up the keys
+ //
+ SecureRandom rand = new SecureRandom();
+
+ //
+ // distinguished name table.
+ //
+ X500NameBuilder builder = createStdBuilder();
+
+ //
+ // create base certificate - version 3
+ //
+ AlgorithmIdentifier sigAlg = sigAlgFinder.find("MD5WithRSA");
+ AlgorithmIdentifier digAlg = digAlgFinder.find(sigAlg);
+
+ ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlg, digAlg).build(privKey);
+ ASN1ObjectIdentifier extOid = new ASN1ObjectIdentifier("2.5.29.37");
+ X509v3CertificateBuilder certGen = new BcX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey)
+ .addExtension(new ASN1ObjectIdentifier("2.5.29.15"), true,
+ new KeyUsage(KeyUsage.encipherOnly))
+ .addExtension(extOid, true,
+ new DERSequence(KeyPurposeId.anyExtendedKeyUsage))
+ .addExtension(new ASN1ObjectIdentifier("2.5.29.17"), true,
+ new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test")));
+
+ X509CertificateHolder baseCert = certGen.build(sigGen);
+
+ //
+ // copy certificate
+ //
+
+ certGen = new BcX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey)
+ .copyAndAddExtension(new ASN1ObjectIdentifier("2.5.29.15"), true, baseCert)
+ .copyAndAddExtension(extOid, false, baseCert);
+
+ X509CertificateHolder cert = certGen.build(sigGen);
+
+ assertTrue(cert.isValidOn(new Date()));
+
+ assertTrue(cert.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey)));
+
+ if (!baseCert.getExtension(new ASN1ObjectIdentifier("2.5.29.15")).equals(cert.getExtension(new ASN1ObjectIdentifier("2.5.29.15"))))
+ {
+ fail("2.5.29.15 differs");
+ }
+
+ assertTrue(baseCert.getExtension(extOid).getExtnId().equals(cert.getExtension(extOid).getExtnId()));
+ assertFalse(baseCert.getExtension(extOid).isCritical() == cert.getExtension(extOid).isCritical());
+ if (!baseCert.getExtension(extOid).getParsedValue().equals(cert.getExtension(extOid).getParsedValue()))
+ {
+ fail("2.5.29.37 differs");
+ }
+
+ //
+ // exception test
+ //
+
+ try
+ {
+ certGen.copyAndAddExtension(new ASN1ObjectIdentifier("2.5.99.99"), true, baseCert);
+
+ fail("exception not thrown on dud extension copy");
+ }
+ catch (NullPointerException e)
+ {
+ // expected
+ }
+
+// try
+// {
+// certGen.setPublicKey(dudPublicKey);
+//
+// certGen.generate(privKey, BC);
+//
+// fail("key without encoding not detected in v3");
+// }
+// catch (IllegalArgumentException e)
+// {
+// // expected
+// }
+
+ }
+
+ public void testForgedSignature()
+ throws Exception
+ {
+ String cert = "MIIBsDCCAVoCAQYwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV"
+ + "BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD"
+ + "VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw0wNjA5MTEyMzU4NTVa"
+ + "Fw0wNjEwMTEyMzU4NTVaMGMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNs"
+ + "YW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEjMCEGA1UEAxMaU2VydmVy"
+ + "IHRlc3QgY2VydCAoNTEyIGJpdCkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PD"
+ + "hCeV/xIxUg8V70YRxK2A5jZbD92A12GN4PxyRQk0/lVmRUNMaJdq/qigpd9feP/u"
+ + "12S4PwTLb/8q/v657QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAbynCRIlUQgaqyNgU"
+ + "DF6P14yRKUtX8akOP2TwStaSiVf/akYqfLFm3UGka5XbPj4rifrZ0/sOoZEEBvHQ"
+ + "e20sRA==";
+
+ X509CertificateHolder hldr = new X509CertificateHolder(Base64.decode(cert));
+
+ assertFalse(hldr.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(hldr)));
+ }
+
+ private void pemTest()
+ throws Exception
+ {
+ CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
+
+ X509Certificate cert = readPEMCert(cf, PEMData.CERTIFICATE_1);
+ if (cert == null)
+ {
+ fail("PEM cert not read");
+ }
+ cert = readPEMCert(cf, "-----BEGIN CERTIFICATE-----" + PEMData.CERTIFICATE_2);
+ if (cert == null)
+ {
+ fail("PEM cert with extraneous header not read");
+ }
+ CRL crl = cf.generateCRL(new ByteArrayInputStream(PEMData.CRL_1.getBytes("US-ASCII")));
+ if (crl == null)
+ {
+ fail("PEM crl not read");
+ }
+ Collection col = cf.generateCertificates(new ByteArrayInputStream(PEMData.CERTIFICATE_2.getBytes("US-ASCII")));
+ if (col.size() != 1 || !col.contains(cert))
+ {
+ fail("PEM cert collection not right");
+ }
+ col = cf.generateCRLs(new ByteArrayInputStream(PEMData.CRL_2.getBytes("US-ASCII")));
+ if (col.size() != 1 || !col.contains(crl))
+ {
+ fail("PEM crl collection not right");
+ }
+ }
+
+ private static X509Certificate readPEMCert(CertificateFactory cf, String pemData)
+ throws CertificateException, UnsupportedEncodingException
+ {
+ return (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(pemData.getBytes("US-ASCII")));
+ }
+
+ private void createPSSCert(String algorithm)
+ throws Exception
+ {
+ AsymmetricCipherKeyPair pair = generateLongFixedKeys();
+
+ AsymmetricKeyParameter privKey = (AsymmetricKeyParameter)pair.getPrivate();
+ AsymmetricKeyParameter pubKey = (AsymmetricKeyParameter)pair.getPublic();
+
+ //
+ // distinguished name table.
+ //
+
+ X500NameBuilder builder = createStdBuilder();
+
+ //
+ // create base certificate - version 3
+ //
+ BcX509ExtensionUtils extFact = new BcX509ExtensionUtils(new SHA1DigestCalculator());
+
+ AlgorithmIdentifier sigAlgId = sigAlgFinder.find(algorithm);
+ AlgorithmIdentifier digAlgId = digAlgFinder.find(sigAlgId);
+
+ ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privKey);
+ BcX509v3CertificateBuilder certGen = new BcX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1),
+ new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey);
+
+ certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.15"), true,
+ new KeyUsage(KeyUsage.encipherOnly));
+ certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.37"), true,
+ new DERSequence(KeyPurposeId.anyExtendedKeyUsage));
+ certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.17"), true,
+ new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test")));
+
+ certGen.addExtension(Extension.authorityKeyIdentifier, true, extFact.createAuthorityKeyIdentifier(pubKey));
+
+ X509CertificateHolder baseCert = certGen.build(sigGen);
+
+ assertTrue(baseCert.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey)));
+ }
+
+ private AsymmetricCipherKeyPair generateLongFixedKeys()
+ {
+ RSAKeyParameters pubKeySpec = new RSAKeyParameters(
+ false,
+ new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16),
+ new BigInteger("010001",16));
+
+ RSAKeyParameters privKeySpec = new RSAPrivateCrtKeyParameters(
+ new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16),
+ new BigInteger("010001",16),
+ new BigInteger("33a5042a90b27d4f5451ca9bbbd0b44771a101af884340aef9885f2a4bbe92e894a724ac3c568c8f97853ad07c0266c8c6a3ca0929f1e8f11231884429fc4d9ae55fee896a10ce707c3ed7e734e44727a39574501a532683109c2abacaba283c31b4bd2f53c3ee37e352cee34f9e503bd80c0622ad79c6dcee883547c6a3b325",16),
+ new BigInteger("e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443",16),
+ new BigInteger("b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd",16),
+ new BigInteger("28fa13938655be1f8a159cbaca5a72ea190c30089e19cd274a556f36c4f6e19f554b34c077790427bbdd8dd3ede2448328f385d81b30e8e43b2fffa027861979",16),
+ new BigInteger("1a8b38f398fa712049898d7fb79ee0a77668791299cdfa09efc0e507acb21ed74301ef5bfd48be455eaeb6e1678255827580a8e4e8e14151d1510a82a3f2e729",16),
+ new BigInteger("27156aba4126d24a81f3a528cbfb27f56886f840a9f6e86e17a44b94fe9319584b8e22fdde1e5a2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24a79f4d",16));
+
+ return new AsymmetricCipherKeyPair(pubKeySpec, privKeySpec);
+ }
+
+ public void testNullDerNullCert()
+ throws Exception
+ {
+ AsymmetricCipherKeyPair pair = generateLongFixedKeys();
+ AsymmetricKeyParameter pubKey = (AsymmetricKeyParameter)pair.getPublic();
+ AsymmetricKeyParameter privKey = (AsymmetricKeyParameter)pair.getPrivate();
+
+ DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder();
+ DefaultDigestAlgorithmIdentifierFinder digAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
+
+ AlgorithmIdentifier sigAlgId = sigAlgFinder.find("MD5withRSA");
+ AlgorithmIdentifier digAlgId = digAlgFinder.find(sigAlgId);
+
+ ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privKey);
+ BcX509v3CertificateBuilder certGen = new BcX509v3CertificateBuilder(new X500Name("CN=Test"),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),new X500Name("CN=Test"),pubKey);
+ X509CertificateHolder cert = certGen.build(sigGen);
+
+ Certificate struct = Certificate.getInstance(cert.getEncoded());
+
+ ASN1Object tbsCertificate = struct.getTBSCertificate();
+ AlgorithmIdentifier sig = struct.getSignatureAlgorithm();
+
+ ASN1EncodableVector v = new ASN1EncodableVector();
+
+ v.add(tbsCertificate);
+ v.add(new AlgorithmIdentifier(sig.getAlgorithm()));
+ v.add(struct.getSignature());
+
+ // verify
+ ByteArrayInputStream bIn;
+ String dump = "";
+
+ bIn = new ByteArrayInputStream(new DERSequence(v).getEncoded());
+
+ cert = new X509CertificateHolder(new DERSequence(v).getEncoded());
+
+ assertTrue(cert.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey)));
+ }
+
+ public void testCertificates()
+ throws Exception
+ {
+ checkCertificate(1, cert1);
+ checkCertificate(2, cert2);
+ checkCertificate(3, cert3);
+ checkCertificate(4, cert4);
+ checkCertificate(5, cert5);
+ //checkCertificate(7, cert7);
+
+ checkKeyUsage(8, keyUsage);
+
+ checkSelfSignedCertificate(11, probSelfSignedCert);
+
+ checkCRL(1, crl1);
+
+ checkCreation1();
+ checkCreation2();
+ checkCreation5();
+
+ createPSSCert("SHA1withRSAandMGF1");
+ createPSSCert("SHA224withRSAandMGF1");
+ createPSSCert("SHA256withRSAandMGF1");
+ createPSSCert("SHA384withRSAandMGF1");
+
+ checkCRLCreation1();
+ checkCRLCreation2();
+ checkCRLCreation3();
+
+ pemTest();
+
+ checkCertificate(18, emptyDNCert);
+ }
+}
diff --git a/pkix/src/test/jdk1.3/org/bouncycastle/cert/test/PKCS10Test.java b/pkix/src/test/jdk1.3/org/bouncycastle/cert/test/PKCS10Test.java
index 8109824e..2865e825 100644
--- a/pkix/src/test/jdk1.3/org/bouncycastle/cert/test/PKCS10Test.java
+++ b/pkix/src/test/jdk1.3/org/bouncycastle/cert/test/PKCS10Test.java
@@ -24,6 +24,7 @@ import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
@@ -40,6 +41,7 @@ import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
+import org.bouncycastle.cert.bc.BcX509ExtensionUtils;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest;
diff --git a/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/AllTests.java b/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/AllTests.java
index f8358aa5..2a7f57e0 100644
--- a/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/AllTests.java
+++ b/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/AllTests.java
@@ -16,16 +16,24 @@ public class AllTests
public static Test suite()
throws Exception
- {
+ {
TestSuite suite = new TestSuite("CMS tests");
-
- suite.addTest(CompressedDataTest.suite());
- suite.addTest(SignedDataTest.suite());
- suite.addTest(EnvelopedDataTest.suite());
- suite.addTest(CompressedDataStreamTest.suite());
- suite.addTest(SignedDataStreamTest.suite());
- suite.addTest(EnvelopedDataStreamTest.suite());
+ suite.addTest(NewCompressedDataTest.suite());
+ suite.addTest(NewSignedDataTest.suite());
+ suite.addTest(NewEnvelopedDataTest.suite());
+ suite.addTest(NewAuthenticatedDataTest.suite());
+ suite.addTest(NewAuthenticatedDataStreamTest.suite());
+ suite.addTest(NewCompressedDataStreamTest.suite());
+ suite.addTest(NewSignedDataStreamTest.suite());
+ suite.addTest(NewEnvelopedDataStreamTest.suite());
+
+ suite.addTest(MiscDataStreamTest.suite());
+ suite.addTest(Rfc4134Test.suite());
+ suite.addTest(ConverterTest.suite());
+
+ suite.addTest(BcEnvelopedDataTest.suite());
+ suite.addTest(BcSignedDataTest.suite());
return suite;
}
diff --git a/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/Rfc4134Test.java b/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/Rfc4134Test.java
deleted file mode 100644
index 39ae6c09..00000000
--- a/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/Rfc4134Test.java
+++ /dev/null
@@ -1,430 +0,0 @@
-package org.bouncycastle.cms.test;
-
-import java.io.ByteArrayInputStream;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.security.KeyFactory;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.Security;
-import org.bouncycastle.jce.cert.CertStore;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.security.interfaces.DSAParams;
-import java.security.interfaces.DSAPublicKey;
-import java.security.spec.DSAPublicKeySpec;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Iterator;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.DERUTF8String;
-import org.bouncycastle.asn1.cms.Attribute;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.CMSAttributes;
-import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.cms.CMSEnvelopedData;
-import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
-import org.bouncycastle.cms.CMSEnvelopedDataParser;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.CMSProcessableByteArray;
-import org.bouncycastle.cms.CMSSignedData;
-import org.bouncycastle.cms.CMSSignedDataParser;
-import org.bouncycastle.cms.CMSTypedStream;
-import org.bouncycastle.cms.RecipientInformation;
-import org.bouncycastle.cms.RecipientInformationStore;
-import org.bouncycastle.cms.SignerInformation;
-import org.bouncycastle.cms.SignerInformationStore;
-import org.bouncycastle.cms.jcajce.JcaX509CertSelectorConverter;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.util.encoders.Hex;
-import org.bouncycastle.util.io.Streams;
-
-public class Rfc4134Test
- extends TestCase
-{
- private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
- private static final String TEST_DATA_HOME = "bc.test.data.home";
-
- private static byte[] exContent = getRfc4134Data("ExContent.bin");
- private static byte[] sha1 = Hex.decode("406aec085279ba6e16022d9e0629c0229687dd48");
-
- private static final JcaX509CertSelectorConverter selectorConverter = new JcaX509CertSelectorConverter();
-
- public Rfc4134Test(String name)
- {
- super(name);
- }
-
- public static void main(String args[])
- {
- Security.addProvider(new BouncyCastleProvider());
-
- junit.textui.TestRunner.run(Rfc4134Test.class);
- }
-
- public static Test suite()
- throws Exception
- {
- return new CMSTestSetup(new TestSuite(Rfc4134Test.class));
- }
-
- public void test4_1()
- throws Exception
- {
- byte[] data = getRfc4134Data("4.1.bin");
- CMSSignedData signedData = new CMSSignedData(data);
-
- verifySignatures(signedData);
-
- CMSSignedDataParser parser = new CMSSignedDataParser(data);
-
- verifySignatures(parser);
- }
-
- public void test4_2()
- throws Exception
- {
- byte[] data = getRfc4134Data("4.2.bin");
- CMSSignedData signedData = new CMSSignedData(data);
-
- verifySignatures(signedData);
-
- CMSSignedDataParser parser = new CMSSignedDataParser(data);
-
- verifySignatures(parser);
- }
-
- public void testRfc4_3()
- throws Exception
- {
- byte[] data = getRfc4134Data("4.3.bin");
- CMSSignedData signedData = new CMSSignedData(new CMSProcessableByteArray(exContent), data);
-
- verifySignatures(signedData, sha1);
-
- CMSSignedDataParser parser = new CMSSignedDataParser(
- new CMSTypedStream(new ByteArrayInputStream(exContent)),
- data);
-
- verifySignatures(parser);
- }
-
- public void test4_4()
- throws Exception
- {
- byte[] data = getRfc4134Data("4.4.bin");
- byte[] counterSigCert = getRfc4134Data("AliceRSASignByCarl.cer");
- CMSSignedData signedData = new CMSSignedData(data);
-
- verifySignatures(signedData, sha1);
-
- verifySignerInfo4_4(getFirstSignerInfo(signedData.getSignerInfos()), counterSigCert);
-
- CMSSignedDataParser parser = new CMSSignedDataParser(data);
-
- verifySignatures(parser);
-
- verifySignerInfo4_4(getFirstSignerInfo(parser.getSignerInfos()), counterSigCert);
- }
-
- public void test4_5()
- throws Exception
- {
- byte[] data = getRfc4134Data("4.5.bin");
- CMSSignedData signedData = new CMSSignedData(data);
-
- verifySignatures(signedData);
-
- CMSSignedDataParser parser = new CMSSignedDataParser(data);
-
- verifySignatures(parser);
- }
-
- public void test4_6()
- throws Exception
- {
- byte[] data = getRfc4134Data("4.6.bin");
- CMSSignedData signedData = new CMSSignedData(data);
-
- verifySignatures(signedData);
-
- CMSSignedDataParser parser = new CMSSignedDataParser(data);
-
- verifySignatures(parser);
- }
-
- public void test4_7()
- throws Exception
- {
- byte[] data = getRfc4134Data("4.7.bin");
- CMSSignedData signedData = new CMSSignedData(data);
-
- verifySignatures(signedData);
-
- CMSSignedDataParser parser = new CMSSignedDataParser(data);
-
- verifySignatures(parser);
- }
-
- public void test5_1()
- throws Exception
- {
- byte[] data = getRfc4134Data("5.1.bin");
- CMSEnvelopedData envelopedData = new CMSEnvelopedData(data);
-
- verifyEnvelopedData(envelopedData, CMSEnvelopedDataGenerator.DES_EDE3_CBC);
-
- CMSEnvelopedDataParser envelopedParser = new CMSEnvelopedDataParser(data);
-
- verifyEnvelopedData(envelopedParser, CMSEnvelopedDataGenerator.DES_EDE3_CBC);
- }
-
- public void test5_2()
- throws Exception
- {
- byte[] data = getRfc4134Data("5.2.bin");
- CMSEnvelopedData envelopedData = new CMSEnvelopedData(data);
-
- verifyEnvelopedData(envelopedData, CMSEnvelopedDataGenerator.RC2_CBC);
-
- CMSEnvelopedDataParser envelopedParser = new CMSEnvelopedDataParser(data);
-
- verifyEnvelopedData(envelopedParser, CMSEnvelopedDataGenerator.RC2_CBC);
- }
-
- private void verifyEnvelopedData(CMSEnvelopedData envelopedData, String symAlgorithmOID)
- throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException, CMSException
- {
- byte[] privKeyData = getRfc4134Data("BobPrivRSAEncrypt.pri");
- PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privKeyData);
- KeyFactory keyFact = KeyFactory.getInstance("RSA", BC);
- PrivateKey privKey = keyFact.generatePrivate(keySpec);
-
- RecipientInformationStore recipients = envelopedData.getRecipientInfos();
-
- assertEquals(envelopedData.getEncryptionAlgOID(), symAlgorithmOID);
-
- Collection c = recipients.getRecipients();
- assertTrue(c.size() >= 1 && c.size() <= 2);
-
- Iterator it = c.iterator();
- verifyRecipient((RecipientInformation)it.next(), privKey);
-
- if (c.size() == 2)
- {
- RecipientInformation recInfo = (RecipientInformation)it.next();
-
- assertEquals(PKCSObjectIdentifiers.id_alg_CMSRC2wrap.getId(), recInfo.getKeyEncryptionAlgOID());
- }
- }
-
- private void verifyEnvelopedData(CMSEnvelopedDataParser envelopedParser, String symAlgorithmOID)
- throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException, CMSException
- {
- byte[] privKeyData = getRfc4134Data("BobPrivRSAEncrypt.pri");
- PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privKeyData);
- KeyFactory keyFact = KeyFactory.getInstance("RSA", BC);
- PrivateKey privKey = keyFact.generatePrivate(keySpec);
-
- RecipientInformationStore recipients = envelopedParser.getRecipientInfos();
-
- assertEquals(envelopedParser.getEncryptionAlgOID(), symAlgorithmOID);
-
- Collection c = recipients.getRecipients();
- assertTrue(c.size() >= 1 && c.size() <= 2);
-
- Iterator it = c.iterator();
- verifyRecipient((RecipientInformation)it.next(), privKey);
-
- if (c.size() == 2)
- {
- RecipientInformation recInfo = (RecipientInformation)it.next();
-
- assertEquals(PKCSObjectIdentifiers.id_alg_CMSRC2wrap.getId(), recInfo.getKeyEncryptionAlgOID());
- }
- }
-
- private void verifyRecipient(RecipientInformation recipient, PrivateKey privKey)
- throws CMSException, NoSuchProviderException
- {
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- byte[] recData = recipient.getContent(privKey, BC);
-
- assertEquals(true, Arrays.equals(exContent, recData));
- }
-
- private void verifySignerInfo4_4(SignerInformation signerInfo, byte[] counterSigCert)
- throws Exception
- {
- verifyCounterSignature(signerInfo, counterSigCert);
-
- verifyContentHint(signerInfo);
- }
-
- private SignerInformation getFirstSignerInfo(SignerInformationStore store)
- {
- return (SignerInformation)store.getSigners().iterator().next();
- }
-
- private void verifyCounterSignature(SignerInformation signInfo, byte[] certificate)
- throws Exception
- {
- SignerInformation csi = (SignerInformation)signInfo.getCounterSignatures().getSigners().iterator().next();
-
- CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC);
- X509Certificate cert = (X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(certificate));
-
- assertTrue(csi.verify(cert, BC));
- }
-
- private void verifyContentHint(SignerInformation signInfo)
- {
- AttributeTable attrTable = signInfo.getUnsignedAttributes();
-
- Attribute attr = attrTable.get(CMSAttributes.contentHint);
-
- assertEquals(1, attr.getAttrValues().size());
-
- ASN1EncodableVector v = new ASN1EncodableVector();
-
- v.add(new DERUTF8String("Content Hints Description Buffer"));
- v.add(CMSObjectIdentifiers.data);
-
- assertTrue(attr.getAttrValues().getObjectAt(0).equals(new DERSequence(v)));
- }
-
- private void verifySignatures(CMSSignedData s, byte[] contentDigest)
- throws Exception
- {
- CertStore certStore = s.getCertificatesAndCRLs("Collection", BC);
- SignerInformationStore signers = s.getSignerInfos();
-
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certStore.getCertificates(selectorConverter.getCertSelector(signer.getSID()));
-
- Iterator certIt = certCollection.iterator();
- X509Certificate cert = (X509Certificate)certIt.next();
-
- verifySigner(signer, cert);
-
- if (contentDigest != null)
- {
- assertTrue(MessageDigest.isEqual(contentDigest, signer.getContentDigest()));
- }
- }
-
- Collection certColl = certStore.getCertificates(null);
- Collection crlColl = certStore.getCRLs(null);
-
- assertEquals(certColl.size(), s.getCertificates("Collection", BC).getMatches(null).size());
- assertEquals(crlColl.size(), s.getCRLs("Collection", BC).getMatches(null).size());
- }
-
- private void verifySignatures(CMSSignedData s)
- throws Exception
- {
- verifySignatures(s, null);
- }
-
- private void verifySignatures(CMSSignedDataParser sp)
- throws Exception
- {
- CMSTypedStream sc = sp.getSignedContent();
- if (sc != null)
- {
- sc.drain();
- }
-
- CertStore certs = sp.getCertificatesAndCRLs("Collection", BC);
- SignerInformationStore signers = sp.getSignerInfos();
-
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certs.getCertificates(selectorConverter.getCertSelector(signer.getSID()));
-
- Iterator certIt = certCollection.iterator();
- X509Certificate cert = (X509Certificate)certIt.next();
-
- verifySigner(signer, cert);
- }
- }
-
- private void verifySigner(SignerInformation signer, X509Certificate cert)
- throws Exception
- {
- if (cert.getPublicKey() instanceof DSAPublicKey)
- {
- DSAPublicKey key = (DSAPublicKey)cert.getPublicKey();
-
- if (key.getParams() == null)
- {
- assertEquals(true, signer.verify(getInheritedKey(key), BC));
- }
- else
- {
- assertEquals(true, signer.verify(cert, BC));
- }
- }
- else
- {
- assertEquals(true, signer.verify(cert, BC));
- }
- }
-
- private PublicKey getInheritedKey(DSAPublicKey key)
- throws Exception
- {
- CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC);
-
- X509Certificate cert = (X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(getRfc4134Data("CarlDSSSelf.cer")));
-
- DSAParams dsaParams = ((DSAPublicKey)cert.getPublicKey()).getParams();
-
- DSAPublicKeySpec dsaPubKeySpec = new DSAPublicKeySpec(
- key.getY(), dsaParams.getP(), dsaParams.getQ(), dsaParams.getG());
-
- KeyFactory keyFactory = KeyFactory.getInstance("DSA", BC);
-
- return keyFactory.generatePublic(dsaPubKeySpec);
- }
-
- private static byte[] getRfc4134Data(String name)
- {
- String dataHome = System.getProperty(TEST_DATA_HOME);
-
- if (dataHome == null)
- {
- throw new IllegalStateException(TEST_DATA_HOME + " property not set");
- }
-
- try
- {
- return Streams.readAll(new FileInputStream(dataHome + "/rfc4134/" + name));
- }
- catch (IOException e)
- {
- throw new RuntimeException(e.toString());
- }
- }
-}
diff --git a/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/SignedDataStreamTest.java b/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/SignedDataStreamTest.java
deleted file mode 100644
index 39becc42..00000000
--- a/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/SignedDataStreamTest.java
+++ /dev/null
@@ -1,1158 +0,0 @@
-package org.bouncycastle.cms.test;
-
-import java.io.BufferedOutputStream;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.OutputStream;
-import java.security.InvalidKeyException;
-import java.security.KeyPair;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import org.bouncycastle.jce.cert.CertStore;
-import org.bouncycastle.jce.cert.CollectionCertStoreParameters;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Hashtable;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.cms.Attribute;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.CMSAttributes;
-import org.bouncycastle.cms.CMSAttributeTableGenerator;
-import org.bouncycastle.cms.CMSProcessable;
-import org.bouncycastle.cms.CMSProcessableByteArray;
-import org.bouncycastle.cms.CMSSignedData;
-import org.bouncycastle.cms.CMSSignedDataGenerator;
-import org.bouncycastle.cms.CMSSignedDataParser;
-import org.bouncycastle.cms.CMSSignedDataStreamGenerator;
-import org.bouncycastle.cms.CMSSignedGenerator;
-import org.bouncycastle.cms.CMSTypedStream;
-import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
-import org.bouncycastle.cms.SignerInformation;
-import org.bouncycastle.cms.SignerInformationStore;
-import org.bouncycastle.cms.jcajce.JcaX509CertSelectorConverter;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.x509.X509AttributeCertificate;
-import org.bouncycastle.x509.X509CollectionStoreParameters;
-import org.bouncycastle.x509.X509Store;
-
-public class SignedDataStreamTest
- extends TestCase
-{
- private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
-
- private static final String TEST_MESSAGE = "Hello World!";
- private static String _signDN;
- private static KeyPair _signKP;
- private static X509Certificate _signCert;
-
- private static String _origDN;
- private static KeyPair _origKP;
- private static X509Certificate _origCert;
-
- private static String _reciDN;
- private static KeyPair _reciKP;
- private static X509Certificate _reciCert;
-
- private static KeyPair _origDsaKP;
- private static X509Certificate _origDsaCert;
-
- private static X509CRL _signCrl;
- private static X509CRL _origCrl;
-
- private static boolean _initialised = false;
-
- private static final JcaX509CertSelectorConverter selectorConverter = new JcaX509CertSelectorConverter();
-
- public SignedDataStreamTest(String name)
- {
- super(name);
- }
-
- private static void init()
- throws Exception
- {
- if (!_initialised)
- {
- _initialised = true;
-
- _signDN = "O=Bouncy Castle, C=AU";
- _signKP = CMSTestUtil.makeKeyPair();
- _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _signKP, _signDN);
-
- _origDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU";
- _origKP = CMSTestUtil.makeKeyPair();
- _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _signKP, _signDN);
-
- _origDsaKP = CMSTestUtil.makeDsaKeyPair();
- _origDsaCert = CMSTestUtil.makeCertificate(_origDsaKP, _origDN, _signKP, _signDN);
-
- _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU";
- _reciKP = CMSTestUtil.makeKeyPair();
- _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN);
-
- _signCrl = CMSTestUtil.makeCrl(_signKP);
- _origCrl = CMSTestUtil.makeCrl(_origKP);
- }
- }
-
- private void verifySignatures(CMSSignedDataParser sp, byte[] contentDigest)
- throws Exception
- {
- CertStore certStore = sp.getCertificatesAndCRLs("Collection", BC);
- SignerInformationStore signers = sp.getSignerInfos();
-
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certStore.getCertificates(selectorConverter.getCertSelector(signer.getSID()));
-
- Iterator certIt = certCollection.iterator();
- X509Certificate cert = (X509Certificate)certIt.next();
-
- assertEquals(true, signer.verify(cert, BC));
-
- if (contentDigest != null)
- {
- assertTrue(MessageDigest.isEqual(contentDigest, signer.getContentDigest()));
- }
- }
-
- Collection certColl = certStore.getCertificates(null);
- Collection crlColl = certStore.getCRLs(null);
-
- assertEquals(certColl.size(), sp.getCertificates("Collection", BC).getMatches(null).size());
- assertEquals(crlColl.size(), sp.getCRLs("Collection", BC).getMatches(null).size());
- }
-
- private void verifySignatures(CMSSignedDataParser sp)
- throws Exception
- {
- verifySignatures(sp, null);
- }
-
- private void verifyEncodedData(ByteArrayOutputStream bOut)
- throws Exception
- {
- CMSSignedDataParser sp;
- sp = new CMSSignedDataParser(bOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
-
- sp.close();
- }
-
- private void checkSigParseable(byte[] sig)
- throws Exception
- {
- CMSSignedDataParser sp = new CMSSignedDataParser(sig);
- sp.getVersion();
- CMSTypedStream sc = sp.getSignedContent();
- if (sc != null)
- {
- sc.drain();
- }
- sp.getCertificatesAndCRLs("Collection", BC);
- sp.getSignerInfos();
- sp.close();
- }
-
- public void testEarlyInvalidKeyException() throws Exception
- {
- try
- {
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
- gen.addSigner( _origKP.getPrivate(), _origCert,
- "DSA", // DOESN'T MATCH KEY ALG
- CMSSignedDataStreamGenerator.DIGEST_SHA1, BC);
-
- fail("Expected InvalidKeyException in addSigner");
- }
- catch (InvalidKeyException e)
- {
- // Ignore
- }
- }
-
- public void testEarlyNoSuchAlgorithmException() throws Exception
- {
- try
- {
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
- gen.addSigner( _origKP.getPrivate(), _origCert,
- CMSSignedDataStreamGenerator.DIGEST_SHA1, // BAD OID!
- CMSSignedDataStreamGenerator.DIGEST_SHA1, BC);
-
- fail("Expected NoSuchAlgorithmException in addSigner");
- }
- catch (NoSuchAlgorithmException e)
- {
- // Ignore
- }
- }
-
- public void testSha1EncapsulatedSignature()
- throws Exception
- {
- byte[] encapSigData = Base64.decode(
- "MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEH"
- + "AaCAJIAEDEhlbGxvIFdvcmxkIQAAAAAAAKCCBGIwggINMIIBdqADAgECAgEF"
- + "MA0GCSqGSIb3DQEBBAUAMCUxFjAUBgNVBAoTDUJvdW5jeSBDYXN0bGUxCzAJ"
- + "BgNVBAYTAkFVMB4XDTA1MDgwNzA2MjU1OVoXDTA1MTExNTA2MjU1OVowJTEW"
- + "MBQGA1UEChMNQm91bmN5IENhc3RsZTELMAkGA1UEBhMCQVUwgZ8wDQYJKoZI"
- + "hvcNAQEBBQADgY0AMIGJAoGBAI1fZGgH9wgC3QiK6yluH6DlLDkXkxYYL+Qf"
- + "nVRszJVYl0LIxZdpb7WEbVpO8fwtEgFtoDsOdxyqh3dTBv+L7NVD/v46kdPt"
- + "xVkSNHRbutJVY8Xn4/TC/CDngqtbpbniMO8n0GiB6vs94gBT20M34j96O2IF"
- + "73feNHP+x8PkJ+dNAgMBAAGjTTBLMB0GA1UdDgQWBBQ3XUfEE6+D+t+LIJgK"
- + "ESSUE58eyzAfBgNVHSMEGDAWgBQ3XUfEE6+D+t+LIJgKESSUE58eyzAJBgNV"
- + "HRMEAjAAMA0GCSqGSIb3DQEBBAUAA4GBAFK3r1stYOeXYJOlOyNGDTWEhZ+a"
- + "OYdFeFaS6c+InjotHuFLAy+QsS8PslE48zYNFEqYygGfLhZDLlSnJ/LAUTqF"
- + "01vlp+Bgn/JYiJazwi5WiiOTf7Th6eNjHFKXS3hfSGPNPIOjvicAp3ce3ehs"
- + "uK0MxgLAaxievzhFfJcGSUMDMIICTTCCAbagAwIBAgIBBzANBgkqhkiG9w0B"
- + "AQQFADAlMRYwFAYDVQQKEw1Cb3VuY3kgQ2FzdGxlMQswCQYDVQQGEwJBVTAe"
- + "Fw0wNTA4MDcwNjI1NTlaFw0wNTExMTUwNjI1NTlaMGUxGDAWBgNVBAMTD0Vy"
- + "aWMgSC4gRWNoaWRuYTEkMCIGCSqGSIb3DQEJARYVZXJpY0Bib3VuY3ljYXN0"
- + "bGUub3JnMRYwFAYDVQQKEw1Cb3VuY3kgQ2FzdGxlMQswCQYDVQQGEwJBVTCB"
- + "nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAgHCJyfwV6/V3kqSu2SOU2E/K"
- + "I+N0XohCMUaxPLLNtNBZ3ijxwaV6JGFz7siTgZD/OGfzir/eZimkt+L1iXQn"
- + "OAB+ZChivKvHtX+dFFC7Vq+E4Uy0Ftqc/wrGxE6DHb5BR0hprKH8wlDS8wSP"
- + "zxovgk4nH0ffUZOoDSuUgjh3gG8CAwEAAaNNMEswHQYDVR0OBBYEFLfY/4EG"
- + "mYrvJa7Cky+K9BJ7YmERMB8GA1UdIwQYMBaAFDddR8QTr4P634sgmAoRJJQT"
- + "nx7LMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEEBQADgYEADIOmpMd6UHdMjkyc"
- + "mIE1yiwfClCsGhCK9FigTg6U1G2FmkBwJIMWBlkeH15uvepsAncsgK+Cn3Zr"
- + "dZMb022mwtTJDtcaOM+SNeuCnjdowZ4i71Hf68siPm6sMlZkhz49rA0Yidoo"
- + "WuzYOO+dggzwDsMldSsvsDo/ARyCGOulDOAxggEvMIIBKwIBATAqMCUxFjAU"
- + "BgNVBAoTDUJvdW5jeSBDYXN0bGUxCzAJBgNVBAYTAkFVAgEHMAkGBSsOAwIa"
- + "BQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP"
- + "Fw0wNTA4MDcwNjI1NTlaMCMGCSqGSIb3DQEJBDEWBBQu973mCM5UBOl9XwQv"
- + "lfifHCMocTANBgkqhkiG9w0BAQEFAASBgGxnBl2qozYKLgZ0ygqSFgWcRGl1"
- + "LgNuE587LtO+EKkgoc3aFqEdjXlAyP8K7naRsvWnFrsB6pUpnrgI9Z8ZSKv8"
- + "98IlpsSSJ0jBlEb4gzzavwcBpYbr2ryOtDcF+kYmKIpScglyyoLzm+KPXOoT"
- + "n7MsJMoKN3Kd2Vzh6s10PFgeAAAAAAAA");
-
- CMSSignedDataParser sp = new CMSSignedDataParser(encapSigData);
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
- }
-
- public void testSHA1WithRSANoAttributes()
- throws Exception
- {
- List certList = new ArrayList();
- CMSProcessable msg = new CMSProcessableByteArray(TEST_MESSAGE.getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1);
-
- gen.addCertificatesAndCRLs(certs);
-
- CMSSignedData s = gen.generate(CMSSignedDataGenerator.DATA, msg, false, BC, false);
-
- CMSSignedDataParser sp = new CMSSignedDataParser(
- new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), s.getEncoded());
-
- sp.getSignedContent().drain();
-
- //
- // compute expected content digest
- //
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
-
- verifySignatures(sp, md.digest(TEST_MESSAGE.getBytes()));
- }
-
- public void testDSANoAttributes()
- throws Exception
- {
- List certList = new ArrayList();
- CMSProcessable msg = new CMSProcessableByteArray(TEST_MESSAGE.getBytes());
-
- certList.add(_origDsaCert);
- certList.add(_signCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- gen.addSigner(_origDsaKP.getPrivate(), _origDsaCert, CMSSignedDataGenerator.DIGEST_SHA1);
-
- gen.addCertificatesAndCRLs(certs);
-
- CMSSignedData s = gen.generate(CMSSignedDataGenerator.DATA, msg, false, BC, false);
-
- CMSSignedDataParser sp = new CMSSignedDataParser(
- new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), s.getEncoded());
-
- sp.getSignedContent().drain();
-
- //
- // compute expected content digest
- //
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
-
- verifySignatures(sp, md.digest(TEST_MESSAGE.getBytes()));
- }
-
- public void testSHA1WithRSA()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- certList.add(_signCrl);
- certList.add(_origCrl);
-
- CertStore certsAndCrls = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC);
-
- gen.addCertificatesAndCRLs(certsAndCrls);
-
- OutputStream sigOut = gen.open(bOut);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- checkSigParseable(bOut.toByteArray());
-
- CMSSignedDataParser sp = new CMSSignedDataParser(
- new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), bOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- //
- // compute expected content digest
- //
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
-
- verifySignatures(sp, md.digest(TEST_MESSAGE.getBytes()));
-
- //
- // try using existing signer
- //
- gen = new CMSSignedDataStreamGenerator();
-
- gen.addSigners(sp.getSignerInfos());
-
- gen.addCertificatesAndCRLs(sp.getCertificatesAndCRLs("Collection", BC));
-
- bOut.reset();
-
- sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- verifyEncodedData(bOut);
-
- //
- // look for the CRLs
- //
- Collection col = certsAndCrls.getCRLs(null);
-
- assertEquals(2, col.size());
- assertTrue(col.contains(_signCrl));
- assertTrue(col.contains(_origCrl));
- }
-
- public void testSHA1WithRSANonData()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- certList.add(_signCrl);
- certList.add(_origCrl);
-
- CertStore certsAndCrls = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC);
-
- gen.addCertificatesAndCRLs(certsAndCrls);
-
- OutputStream sigOut = gen.open(bOut, "1.2.3.4", true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray());
-
- CMSTypedStream stream = sp.getSignedContent();
-
- assertEquals(new ASN1ObjectIdentifier("1.2.3.4"), stream.getContentType());
-
- stream.drain();
-
- //
- // compute expected content digest
- //
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
-
- verifySignatures(sp, md.digest(TEST_MESSAGE.getBytes()));
- }
-
- public void testSHA1AndMD5WithRSA()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC);
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_MD5, BC);
-
- gen.addCertificatesAndCRLs(certs);
-
- OutputStream sigOut = gen.open(bOut);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- checkSigParseable(bOut.toByteArray());
-
- CMSSignedDataParser sp = new CMSSignedDataParser(
- new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), bOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
- }
-
- public void testSHA1WithRSAEncapsulatedBufferedStream()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- //
- // find unbuffered length
- //
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC);
-
- gen.addCertificatesAndCRLs(certs);
-
- OutputStream sigOut = gen.open(bOut, true);
-
- for (int i = 0; i != 2000; i++)
- {
- sigOut.write(i & 0xff);
- }
-
- sigOut.close();
-
- CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
-
- int unbufferedLength = bOut.toByteArray().length;
-
- //
- // find buffered length with buffered stream - should be equal
- //
- bOut = new ByteArrayOutputStream();
-
- gen = new CMSSignedDataStreamGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC);
-
- gen.addCertificatesAndCRLs(certs);
-
- sigOut = gen.open(bOut, true);
-
- BufferedOutputStream bfOut = new BufferedOutputStream(sigOut, 300);
-
- for (int i = 0; i != 2000; i++)
- {
- bfOut.write(i & 0xff);
- }
-
- bfOut.close();
-
- verifyEncodedData(bOut);
-
- assertTrue(bOut.toByteArray().length == unbufferedLength);
- }
-
- public void testSHA1WithRSAEncapsulatedBuffered()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- //
- // find unbuffered length
- //
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC);
-
- gen.addCertificatesAndCRLs(certs);
-
- OutputStream sigOut = gen.open(bOut, true);
-
- for (int i = 0; i != 2000; i++)
- {
- sigOut.write(i & 0xff);
- }
-
- sigOut.close();
-
- CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
-
- int unbufferedLength = bOut.toByteArray().length;
-
- //
- // find buffered length - buffer size less than default
- //
- bOut = new ByteArrayOutputStream();
-
- gen = new CMSSignedDataStreamGenerator();
-
- gen.setBufferSize(300);
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC);
-
- gen.addCertificatesAndCRLs(certs);
-
- sigOut = gen.open(bOut, true);
-
- for (int i = 0; i != 2000; i++)
- {
- sigOut.write(i & 0xff);
- }
-
- sigOut.close();
-
- verifyEncodedData(bOut);
-
- assertTrue(bOut.toByteArray().length > unbufferedLength);
- }
-
- public void testSHA1WithRSAEncapsulated()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC);
-
- gen.addCertificatesAndCRLs(certs);
-
- OutputStream sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
-
- byte[] contentDigest = (byte[])gen.getGeneratedDigests().get(CMSSignedGenerator.DIGEST_SHA1);
-
- AttributeTable table = ((SignerInformation)sp.getSignerInfos().getSigners().iterator().next()).getSignedAttributes();
- Attribute hash = table.get(CMSAttributes.messageDigest);
-
- assertTrue(MessageDigest.isEqual(contentDigest, ((ASN1OctetString)hash.getAttrValues().getObjectAt(0)).getOctets()));
-
- //
- // try using existing signer
- //
- gen = new CMSSignedDataStreamGenerator();
-
- gen.addSigners(sp.getSignerInfos());
-
- gen.addCertificatesAndCRLs(sp.getCertificatesAndCRLs("Collection", BC));
-
- bOut.reset();
-
- sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- CMSSignedData sd = new CMSSignedData(new CMSProcessableByteArray(TEST_MESSAGE.getBytes()), bOut.toByteArray());
-
- assertEquals(1, sd.getSignerInfos().getSigners().size());
-
- verifyEncodedData(bOut);
- }
-
- public void testSHA1WithRSAEncapsulatedSubjectKeyID()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- gen.addSigner(_origKP.getPrivate(), CMSTestUtil.createSubjectKeyId(_origCert.getPublicKey()).getKeyIdentifier(), CMSSignedDataStreamGenerator.DIGEST_SHA1, BC);
-
- gen.addCertificatesAndCRLs(certs);
-
- OutputStream sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
-
- byte[] contentDigest = (byte[])gen.getGeneratedDigests().get(CMSSignedGenerator.DIGEST_SHA1);
-
- AttributeTable table = ((SignerInformation)sp.getSignerInfos().getSigners().iterator().next()).getSignedAttributes();
- Attribute hash = table.get(CMSAttributes.messageDigest);
-
- assertTrue(MessageDigest.isEqual(contentDigest, ((ASN1OctetString)hash.getAttrValues().getObjectAt(0)).getOctets()));
-
- //
- // try using existing signer
- //
- gen = new CMSSignedDataStreamGenerator();
-
- gen.addSigners(sp.getSignerInfos());
-
- gen.addCertificatesAndCRLs(sp.getCertificatesAndCRLs("Collection", BC));
-
- bOut.reset();
-
- sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- CMSSignedData sd = new CMSSignedData(new CMSProcessableByteArray(TEST_MESSAGE.getBytes()), bOut.toByteArray());
-
- assertEquals(1, sd.getSignerInfos().getSigners().size());
-
- verifyEncodedData(bOut);
- }
-
- public void testAttributeGenerators()
- throws Exception
- {
- final ASN1ObjectIdentifier dummyOid1 = new ASN1ObjectIdentifier("1.2.3");
- final ASN1ObjectIdentifier dummyOid2 = new ASN1ObjectIdentifier("1.2.3.4");
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- CMSAttributeTableGenerator signedGen = new DefaultSignedAttributeTableGenerator()
- {
- public AttributeTable getAttributes(Map parameters)
- {
- Hashtable table = createStandardAttributeTable(parameters);
-
- DEROctetString val = new DEROctetString((byte[])parameters.get(CMSAttributeTableGenerator.DIGEST));
- Attribute attr = new Attribute(dummyOid1, new DERSet(val));
-
- table.put(attr.getAttrType(), attr);
-
- return new AttributeTable(table);
- }
- };
-
- CMSAttributeTableGenerator unsignedGen = new CMSAttributeTableGenerator()
- {
- public AttributeTable getAttributes(Map parameters)
- {
- DEROctetString val = new DEROctetString((byte[])parameters.get(CMSAttributeTableGenerator.SIGNATURE));
- Attribute attr = new Attribute(dummyOid2, new DERSet(val));
-
- return new AttributeTable(new DERSet(attr));
- }
- };
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, signedGen, unsignedGen, BC);
-
- gen.addCertificatesAndCRLs(certs);
-
- OutputStream sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
-
- //
- // check attributes
- //
- SignerInformationStore signers = sp.getSignerInfos();
-
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- checkAttribute(signer.getContentDigest(), signer.getSignedAttributes().get(dummyOid1));
- checkAttribute(signer.getSignature(), signer.getUnsignedAttributes().get(dummyOid2));
- }
- }
-
- private void checkAttribute(byte[] expected, Attribute attr)
- {
- DEROctetString value = (DEROctetString)attr.getAttrValues().getObjectAt(0);
-
- assertEquals(new DEROctetString(expected), value);
- }
-
- public void testWithAttributeCertificate()
- throws Exception
- {
- List certList = new ArrayList();
-
- certList.add(_signCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1, BC);
-
- gen.addCertificatesAndCRLs(certs);
-
- X509AttributeCertificate attrCert = CMSTestUtil.getAttributeCertificate();
-
- X509Store store = X509Store.getInstance("AttributeCertificate/Collection",
- new X509CollectionStoreParameters(Collections.singleton(attrCert)), BC);
-
- gen.addAttributeCertificates(store);
-
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- OutputStream sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- assertEquals(4, sp.getVersion());
-
- store = sp.getAttributeCertificates("Collection", BC);
-
- Collection coll = store.getMatches(null);
-
- assertEquals(1, coll.size());
-
- assertTrue(coll.contains(attrCert));
- }
-
- public void testSignerStoreReplacement()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- byte[] data = TEST_MESSAGE.getBytes();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC);
-
- gen.addCertificatesAndCRLs(certs);
-
- OutputStream sigOut = gen.open(bOut, false);
-
- sigOut.write(data);
-
- sigOut.close();
-
- checkSigParseable(bOut.toByteArray());
-
- //
- // create new Signer
- //
- ByteArrayInputStream original = new ByteArrayInputStream(bOut.toByteArray());
-
- bOut.reset();
-
- gen = new CMSSignedDataStreamGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA224, BC);
-
- gen.addCertificatesAndCRLs(certs);
-
- sigOut = gen.open(bOut);
-
- sigOut.write(data);
-
- sigOut.close();
-
- checkSigParseable(bOut.toByteArray());
-
- CMSSignedData sd = new CMSSignedData(bOut.toByteArray());
-
- //
- // replace signer
- //
- ByteArrayOutputStream newOut = new ByteArrayOutputStream();
-
- CMSSignedDataParser.replaceSigners(original, sd.getSignerInfos(), newOut);
-
- sd = new CMSSignedData(new CMSProcessableByteArray(data), newOut.toByteArray());
- SignerInformation signer = (SignerInformation)sd.getSignerInfos().getSigners().iterator().next();
-
- assertEquals(signer.getDigestAlgOID(), CMSSignedDataStreamGenerator.DIGEST_SHA224);
-
- CMSSignedDataParser sp = new CMSSignedDataParser(new CMSTypedStream(new ByteArrayInputStream(data)), newOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
- }
-
- public void testEncapsulatedSignerStoreReplacement()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC);
-
- gen.addCertificatesAndCRLs(certs);
-
- OutputStream sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- //
- // create new Signer
- //
- ByteArrayInputStream original = new ByteArrayInputStream(bOut.toByteArray());
-
- bOut.reset();
-
- gen = new CMSSignedDataStreamGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA224, BC);
-
- gen.addCertificatesAndCRLs(certs);
-
- sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- CMSSignedData sd = new CMSSignedData(bOut.toByteArray());
-
- //
- // replace signer
- //
- ByteArrayOutputStream newOut = new ByteArrayOutputStream();
-
- CMSSignedDataParser.replaceSigners(original, sd.getSignerInfos(), newOut);
-
- sd = new CMSSignedData(newOut.toByteArray());
- SignerInformation signer = (SignerInformation)sd.getSignerInfos().getSigners().iterator().next();
-
- assertEquals(signer.getDigestAlgOID(), CMSSignedDataStreamGenerator.DIGEST_SHA224);
-
- CMSSignedDataParser sp = new CMSSignedDataParser(newOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
- }
-
- public void testCertStoreReplacement()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- byte[] data = TEST_MESSAGE.getBytes();
-
- certList.add(_origDsaCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC);
-
- gen.addCertificatesAndCRLs(certs);
-
- OutputStream sigOut = gen.open(bOut);
-
- sigOut.write(data);
-
- sigOut.close();
-
- checkSigParseable(bOut.toByteArray());
-
- //
- // create new certstore with the right certificates
- //
- certList = new ArrayList();
- certList.add(_origCert);
- certList.add(_signCert);
-
- certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- //
- // replace certs
- //
- ByteArrayInputStream original = new ByteArrayInputStream(bOut.toByteArray());
- ByteArrayOutputStream newOut = new ByteArrayOutputStream();
-
- CMSSignedDataParser.replaceCertificatesAndCRLs(original, certs, newOut);
-
- CMSSignedDataParser sp = new CMSSignedDataParser(new CMSTypedStream(new ByteArrayInputStream(data)), newOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
- }
-
- public void testEncapsulatedCertStoreReplacement()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_origDsaCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC);
-
- gen.addCertificatesAndCRLs(certs);
-
- OutputStream sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- //
- // create new certstore with the right certificates
- //
- certList = new ArrayList();
- certList.add(_origCert);
- certList.add(_signCert);
-
- certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- //
- // replace certs
- //
- ByteArrayInputStream original = new ByteArrayInputStream(bOut.toByteArray());
- ByteArrayOutputStream newOut = new ByteArrayOutputStream();
-
- CMSSignedDataParser.replaceCertificatesAndCRLs(original, certs, newOut);
-
- CMSSignedDataParser sp = new CMSSignedDataParser(newOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
- }
-
- public void testCertOrdering1()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC);
-
- gen.addCertificatesAndCRLs(certs);
-
- OutputStream sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray());
-
- sp.getSignedContent().drain();
- certs = sp.getCertificatesAndCRLs("Collection", BC);
- Iterator it = certs.getCertificates(null).iterator();
-
- assertEquals(_origCert, it.next());
- assertEquals(_signCert, it.next());
- }
-
- public void testCertOrdering2()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_signCert);
- certList.add(_origCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC);
-
- gen.addCertificatesAndCRLs(certs);
-
- OutputStream sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray());
-
- sp.getSignedContent().drain();
- certs = sp.getCertificatesAndCRLs("Collection", BC);
- Iterator it = certs.getCertificates(null).iterator();
-
- assertEquals(_signCert, it.next());
- assertEquals(_origCert, it.next());
- }
-
- public static Test suite()
- throws Exception
- {
- init();
-
- return new CMSTestSetup(new TestSuite(SignedDataStreamTest.class));
- }
-}
diff --git a/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/SignedDataTest.java b/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/SignedDataTest.java
deleted file mode 100644
index ef3f8de5..00000000
--- a/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/SignedDataTest.java
+++ /dev/null
@@ -1,1573 +0,0 @@
-package org.bouncycastle.cms.test;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.security.KeyFactory;
-import java.security.KeyPair;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import org.bouncycastle.jce.cert.CertStore;
-import org.bouncycastle.jce.cert.CollectionCertStoreParameters;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.security.spec.X509EncodedKeySpec;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.cms.Attribute;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.CMSAttributes;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.cms.CMSConfig;
-import org.bouncycastle.cms.CMSProcessable;
-import org.bouncycastle.cms.CMSProcessableByteArray;
-import org.bouncycastle.cms.CMSSignedData;
-import org.bouncycastle.cms.CMSSignedDataGenerator;
-import org.bouncycastle.cms.CMSSignedDataParser;
-import org.bouncycastle.cms.SignerId;
-import org.bouncycastle.cms.SignerInformation;
-import org.bouncycastle.cms.SignerInformationStore;
-import org.bouncycastle.cms.jcajce.JcaX509CertSelectorConverter;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.io.Streams;
-import org.bouncycastle.x509.X509AttributeCertificate;
-import org.bouncycastle.x509.X509CollectionStoreParameters;
-import org.bouncycastle.x509.X509Store;
-
-public class SignedDataTest
- extends TestCase
-{
- private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
-
- boolean DEBUG = true;
-
- private static String _origDN;
- private static KeyPair _origKP;
- private static X509Certificate _origCert;
-
- private static String _signDN;
- private static KeyPair _signKP;
- private static X509Certificate _signCert;
-
- private static KeyPair _signGostKP;
- private static X509Certificate _signGostCert;
-
- private static KeyPair _signEcDsaKP;
- private static X509Certificate _signEcDsaCert;
-
- private static KeyPair _signEcGostKP;
- private static X509Certificate _signEcGostCert;
-
- private static KeyPair _signDsaKP;
- private static X509Certificate _signDsaCert;
-
- private static String _reciDN;
- private static KeyPair _reciKP;
- private static X509Certificate _reciCert;
-
- private static X509CRL _signCrl;
-
- private static boolean _initialised = false;
-
- private byte[] disorderedMessage = Base64.decode(
- "SU9fc3RkaW5fdXNlZABfX2xpYmNfc3RhcnRfbWFpbgBnZXRob3N0aWQAX19n"
- + "bW9uX3M=");
-
- private byte[] disorderedSet = Base64.decode(
- "MIIYXQYJKoZIhvcNAQcCoIIYTjCCGEoCAQExCzAJBgUrDgMCGgUAMAsGCSqG"
- + "SIb3DQEHAaCCFqswggJUMIIBwKADAgECAgMMg6wwCgYGKyQDAwECBQAwbzEL"
- + "MAkGA1UEBhMCREUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbI"
- + "dXIgVGVsZWtvbW11bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwEx"
- + "MBEGA1UEAxQKNFItQ0EgMTpQTjAiGA8yMDAwMDMyMjA5NDM1MFoYDzIwMDQw"
- + "MTIxMTYwNDUzWjBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxpZXJ1"
- + "bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9zdDEh"
- + "MAwGBwKCBgEKBxQTATEwEQYDVQQDFAo1Ui1DQSAxOlBOMIGhMA0GCSqGSIb3"
- + "DQEBAQUAA4GPADCBiwKBgQCKHkFTJx8GmoqFTxEOxpK9XkC3NZ5dBEKiUv0I"
- + "fe3QMqeGMoCUnyJxwW0k2/53duHxtv2yHSZpFKjrjvE/uGwdOMqBMTjMzkFg"
- + "19e9JPv061wyADOucOIaNAgha/zFt9XUyrHF21knKCvDNExv2MYIAagkTKaj"
- + "LMAw0bu1J0FadQIFAMAAAAEwCgYGKyQDAwECBQADgYEAgFauXpoTLh3Z3pT/"
- + "3bhgrxO/2gKGZopWGSWSJPNwq/U3x2EuctOJurj+y2inTcJjespThflpN+7Q"
- + "nvsUhXU+jL2MtPlObU0GmLvWbi47cBShJ7KElcZAaxgWMBzdRGqTOdtMv+ev"
- + "2t4igGF/q71xf6J2c3pTLWr6P8s6tzLfOCMwggJDMIIBr6ADAgECAgQAuzyu"
- + "MAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1bGll"
- + "cnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0"
- + "MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjVSLUNBIDE6UE4wIhgPMjAwMTA4"
- + "MjAwODA4MjBaGA8yMDA1MDgyMDA4MDgyMFowSzELMAkGA1UEBhMCREUxEjAQ"
- + "BgNVBAoUCVNpZ250cnVzdDEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFDQSBT"
- + "SUdOVFJVU1QgMTpQTjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAhV12"
- + "N2WhlR6f+3CXP57GrBM9la5Vnsu2b92zv5MZqQOPeEsYbZqDCFkYg1bSwsDE"
- + "XsGVQqXdQNAGUaapr/EUVVN+hNZ07GcmC1sPeQECgUkxDYjGi4ihbvzxlahj"
- + "L4nX+UTzJVBfJwXoIvJ+lMHOSpnOLIuEL3SRhBItvRECxN0CAwEAAaMSMBAw"
- + "DgYDVR0PAQH/BAQDAgEGMAoGBiskAwMBAgUAA4GBACDc9Pc6X8sK1cerphiV"
- + "LfFv4kpZb9ev4WPy/C6987Qw1SOTElhZAmxaJQBqmDHWlQ63wj1DEqswk7hG"
- + "LrvQk/iX6KXIn8e64uit7kx6DHGRKNvNGofPjr1WelGeGW/T2ZJKgmPDjCkf"
- + "sIKt2c3gwa2pDn4mmCz/DStUIqcPDbqLMIICVTCCAcGgAwIBAgIEAJ16STAK"
- + "BgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxpZXJ1"
- + "bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9zdDEh"
- + "MAwGBwKCBgEKBxQTATEwEQYDVQQDFAo1Ui1DQSAxOlBOMCIYDzIwMDEwMjAx"
- + "MTM0NDI1WhgPMjAwNTAzMjIwODU1NTFaMG8xCzAJBgNVBAYTAkRFMT0wOwYD"
- + "VQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0"
- + "aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNhIDE6"
- + "UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGLAoGBAIOiqxUkzVyqnvthihnl"
- + "tsE5m1Xn5TZKeR/2MQPStc5hJ+V4yptEtIx+Fn5rOoqT5VEVWhcE35wdbPvg"
- + "JyQFn5msmhPQT/6XSGOlrWRoFummXN9lQzAjCj1sgTcmoLCVQ5s5WpCAOXFw"
- + "VWu16qndz3sPItn3jJ0F3Kh3w79NglvPAgUAwAAAATAKBgYrJAMDAQIFAAOB"
- + "gQBpSRdnDb6AcNVaXSmGo6+kVPIBhot1LzJOGaPyDNpGXxd7LV4tMBF1U7gr"
- + "4k1g9BO6YiMWvw9uiTZmn0CfV8+k4fWEuG/nmafRoGIuay2f+ILuT+C0rnp1"
- + "4FgMsEhuVNJJAmb12QV0PZII+UneyhAneZuQQzVUkTcVgYxogxdSOzCCAlUw"
- + "ggHBoAMCAQICBACdekowCgYGKyQDAwECBQAwbzELMAkGA1UEBhMCREUxPTA7"
- + "BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11bmlr"
- + "YXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNlItQ2Eg"
- + "MTpQTjAiGA8yMDAxMDIwMTEzNDcwN1oYDzIwMDUwMzIyMDg1NTUxWjBvMQsw"
- + "CQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1"
- + "ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEw"
- + "EQYDVQQDFAo1Ui1DQSAxOlBOMIGhMA0GCSqGSIb3DQEBAQUAA4GPADCBiwKB"
- + "gQCKHkFTJx8GmoqFTxEOxpK9XkC3NZ5dBEKiUv0Ife3QMqeGMoCUnyJxwW0k"
- + "2/53duHxtv2yHSZpFKjrjvE/uGwdOMqBMTjMzkFg19e9JPv061wyADOucOIa"
- + "NAgha/zFt9XUyrHF21knKCvDNExv2MYIAagkTKajLMAw0bu1J0FadQIFAMAA"
- + "AAEwCgYGKyQDAwECBQADgYEAV1yTi+2gyB7sUhn4PXmi/tmBxAfe5oBjDW8m"
- + "gxtfudxKGZ6l/FUPNcrSc5oqBYxKWtLmf3XX87LcblYsch617jtNTkMzhx9e"
- + "qxiD02ufcrxz2EVt0Akdqiz8mdVeqp3oLcNU/IttpSrcA91CAnoUXtDZYwb/"
- + "gdQ4FI9l3+qo/0UwggJVMIIBwaADAgECAgQAxIymMAoGBiskAwMBAgUAMG8x"
- + "CzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBm"
- + "yHVyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMB"
- + "MTARBgNVBAMUCjZSLUNhIDE6UE4wIhgPMjAwMTEwMTUxMzMxNThaGA8yMDA1"
- + "MDYwMTA5NTIxN1owbzELMAkGA1UEBhMCREUxPTA7BgNVBAoUNFJlZ3VsaWVy"
- + "dW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11bmlrYXRpb24gdW5kIFBvc3Qx"
- + "ITAMBgcCggYBCgcUEwExMBEGA1UEAxQKN1ItQ0EgMTpQTjCBoTANBgkqhkiG"
- + "9w0BAQEFAAOBjwAwgYsCgYEAiokD/j6lEP4FexF356OpU5teUpGGfUKjIrFX"
- + "BHc79G0TUzgVxqMoN1PWnWktQvKo8ETaugxLkP9/zfX3aAQzDW4Zki6x6GDq"
- + "fy09Agk+RJvhfbbIzRkV4sBBco0n73x7TfG/9NTgVr/96U+I+z/1j30aboM6"
- + "9OkLEhjxAr0/GbsCBQDAAAABMAoGBiskAwMBAgUAA4GBAHWRqRixt+EuqHhR"
- + "K1kIxKGZL2vZuakYV0R24Gv/0ZR52FE4ECr+I49o8FP1qiGSwnXB0SwjuH2S"
- + "iGiSJi+iH/MeY85IHwW1P5e+bOMvEOFhZhQXQixOD7totIoFtdyaj1XGYRef"
- + "0f2cPOjNJorXHGV8wuBk+/j++sxbd/Net3FtMIICVTCCAcGgAwIBAgIEAMSM"
- + "pzAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxp"
- + "ZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9z"
- + "dDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo3Ui1DQSAxOlBOMCIYDzIwMDEx"
- + "MDE1MTMzNDE0WhgPMjAwNTA2MDEwOTUyMTdaMG8xCzAJBgNVBAYTAkRFMT0w"
- + "OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5p"
- + "a2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNh"
- + "IDE6UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGLAoGBAIOiqxUkzVyqnvth"
- + "ihnltsE5m1Xn5TZKeR/2MQPStc5hJ+V4yptEtIx+Fn5rOoqT5VEVWhcE35wd"
- + "bPvgJyQFn5msmhPQT/6XSGOlrWRoFummXN9lQzAjCj1sgTcmoLCVQ5s5WpCA"
- + "OXFwVWu16qndz3sPItn3jJ0F3Kh3w79NglvPAgUAwAAAATAKBgYrJAMDAQIF"
- + "AAOBgQBi5W96UVDoNIRkCncqr1LLG9vF9SGBIkvFpLDIIbcvp+CXhlvsdCJl"
- + "0pt2QEPSDl4cmpOet+CxJTdTuMeBNXxhb7Dvualog69w/+K2JbPhZYxuVFZs"
- + "Zh5BkPn2FnbNu3YbJhE60aIkikr72J4XZsI5DxpZCGh6xyV/YPRdKSljFjCC"
- + "AlQwggHAoAMCAQICAwyDqzAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9"
- + "MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVu"
- + "aWthdGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo1Ui1D"
- + "QSAxOlBOMCIYDzIwMDAwMzIyMDk0MTI3WhgPMjAwNDAxMjExNjA0NTNaMG8x"
- + "CzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBm"
- + "yHVyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMB"
- + "MTARBgNVBAMUCjRSLUNBIDE6UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGL"
- + "AoGBAI8x26tmrFJanlm100B7KGlRemCD1R93PwdnG7svRyf5ZxOsdGrDszNg"
- + "xg6ouO8ZHQMT3NC2dH8TvO65Js+8bIyTm51azF6clEg0qeWNMKiiXbBXa+ph"
- + "hTkGbXiLYvACZ6/MTJMJ1lcrjpRF7BXtYeYMcEF6znD4pxOqrtbf9z5hAgUA"
- + "wAAAATAKBgYrJAMDAQIFAAOBgQB99BjSKlGPbMLQAgXlvA9jUsDNhpnVm3a1"
- + "YkfxSqS/dbQlYkbOKvCxkPGA9NBxisBM8l1zFynVjJoy++aysRmcnLY/sHaz"
- + "23BF2iU7WERy18H3lMBfYB6sXkfYiZtvQZcWaO48m73ZBySuiV3iXpb2wgs/"
- + "Cs20iqroAWxwq/W/9jCCAlMwggG/oAMCAQICBDsFZ9UwCgYGKyQDAwECBQAw"
- + "bzELMAkGA1UEBhMCREUxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNFItQ0Eg"
- + "MTpQTjE9MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxl"
- + "a29tbXVuaWthdGlvbiB1bmQgUG9zdDAiGA8xOTk5MDEyMTE3MzUzNFoYDzIw"
- + "MDQwMTIxMTYwMDAyWjBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxp"
- + "ZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9z"
- + "dDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAozUi1DQSAxOlBOMIGfMA0GCSqG"
- + "SIb3DQEBAQUAA4GNADCBiQKBgI4B557mbKQg/AqWBXNJhaT/6lwV93HUl4U8"
- + "u35udLq2+u9phns1WZkdM3gDfEpL002PeLfHr1ID/96dDYf04lAXQfombils"
- + "of1C1k32xOvxjlcrDOuPEMxz9/HDAQZA5MjmmYHAIulGI8Qg4Tc7ERRtg/hd"
- + "0QX0/zoOeXoDSEOBAgTAAAABMAoGBiskAwMBAgUAA4GBAIyzwfT3keHI/n2P"
- + "LrarRJv96mCohmDZNpUQdZTVjGu5VQjVJwk3hpagU0o/t/FkdzAjOdfEw8Ql"
- + "3WXhfIbNLv1YafMm2eWSdeYbLcbB5yJ1od+SYyf9+tm7cwfDAcr22jNRBqx8"
- + "wkWKtKDjWKkevaSdy99sAI8jebHtWz7jzydKMIID9TCCA16gAwIBAgICbMcw"
- + "DQYJKoZIhvcNAQEFBQAwSzELMAkGA1UEBhMCREUxEjAQBgNVBAoUCVNpZ250"
- + "cnVzdDEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFDQSBTSUdOVFJVU1QgMTpQ"
- + "TjAeFw0wNDA3MzAxMzAyNDZaFw0wNzA3MzAxMzAyNDZaMDwxETAPBgNVBAMM"
- + "CFlhY29tOlBOMQ4wDAYDVQRBDAVZYWNvbTELMAkGA1UEBhMCREUxCjAIBgNV"
- + "BAUTATEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIWzLlYLQApocXIp"
- + "pgCCpkkOUVLgcLYKeOd6/bXAnI2dTHQqT2bv7qzfUnYvOqiNgYdF13pOYtKg"
- + "XwXMTNFL4ZOI6GoBdNs9TQiZ7KEWnqnr2945HYx7UpgTBclbOK/wGHuCdcwO"
- + "x7juZs1ZQPFG0Lv8RoiV9s6HP7POqh1sO0P/AgMBAAGjggH1MIIB8TCBnAYD"
- + "VR0jBIGUMIGRgBQcZzNghfnXoXRm8h1+VITC5caNRqFzpHEwbzELMAkGA1UE"
- + "BhMCREUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVs"
- + "ZWtvbW11bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UE"
- + "AxQKNVItQ0EgMTpQToIEALs8rjAdBgNVHQ4EFgQU2e5KAzkVuKaM9I5heXkz"
- + "bcAIuR8wDgYDVR0PAQH/BAQDAgZAMBIGA1UdIAQLMAkwBwYFKyQIAQEwfwYD"
- + "VR0fBHgwdjB0oCygKoYobGRhcDovL2Rpci5zaWdudHJ1c3QuZGUvbz1TaWdu"
- + "dHJ1c3QsYz1kZaJEpEIwQDEdMBsGA1UEAxMUQ1JMU2lnblNpZ250cnVzdDE6"
- + "UE4xEjAQBgNVBAoTCVNpZ250cnVzdDELMAkGA1UEBhMCREUwYgYIKwYBBQUH"
- + "AQEEVjBUMFIGCCsGAQUFBzABhkZodHRwOi8vZGlyLnNpZ250cnVzdC5kZS9T"
- + "aWdudHJ1c3QvT0NTUC9zZXJ2bGV0L2h0dHBHYXRld2F5LlBvc3RIYW5kbGVy"
- + "MBgGCCsGAQUFBwEDBAwwCjAIBgYEAI5GAQEwDgYHAoIGAQoMAAQDAQH/MA0G"
- + "CSqGSIb3DQEBBQUAA4GBAHn1m3GcoyD5GBkKUY/OdtD6Sj38LYqYCF+qDbJR"
- + "6pqUBjY2wsvXepUppEler+stH8mwpDDSJXrJyuzf7xroDs4dkLl+Rs2x+2tg"
- + "BjU+ABkBDMsym2WpwgA8LCdymmXmjdv9tULxY+ec2pjSEzql6nEZNEfrU8nt"
- + "ZCSCavgqW4TtMYIBejCCAXYCAQEwUTBLMQswCQYDVQQGEwJERTESMBAGA1UE"
- + "ChQJU2lnbnRydXN0MSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMUEUNBIFNJR05U"
- + "UlVTVCAxOlBOAgJsxzAJBgUrDgMCGgUAoIGAMBgGCSqGSIb3DQEJAzELBgkq"
- + "hkiG9w0BBwEwIwYJKoZIhvcNAQkEMRYEFIYfhPoyfGzkLWWSSLjaHb4HQmaK"
- + "MBwGCSqGSIb3DQEJBTEPFw0wNTAzMjQwNzM4MzVaMCEGBSskCAYFMRgWFi92"
- + "YXIvZmlsZXMvdG1wXzEvdGVzdDEwDQYJKoZIhvcNAQEFBQAEgYA2IvA8lhVz"
- + "VD5e/itUxbFboKxeKnqJ5n/KuO/uBCl1N14+7Z2vtw1sfkIG+bJdp3OY2Cmn"
- + "mrQcwsN99Vjal4cXVj8t+DJzFG9tK9dSLvD3q9zT/GQ0kJXfimLVwCa4NaSf"
- + "Qsu4xtG0Rav6bCcnzabAkKuNNvKtH8amSRzk870DBg==");
-
- public static byte[] xtraCounterSig = Base64.decode(
- "MIIR/AYJKoZIhvcNAQcCoIIR7TCCEekCAQExCzAJBgUrDgMCGgUAMBoGCSqG"
- + "SIb3DQEHAaANBAtIZWxsbyB3b3JsZKCCDnkwggTPMIIDt6ADAgECAgRDnYD3"
- + "MA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNVBAYTAklUMRowGAYDVQQKExFJbi5U"
- + "ZS5TLkEuIFMucC5BLjEtMCsGA1UEAxMkSW4uVGUuUy5BLiAtIENlcnRpZmlj"
- + "YXRpb24gQXV0aG9yaXR5MB4XDTA4MDkxMjExNDMxMloXDTEwMDkxMjExNDMx"
- + "MlowgdgxCzAJBgNVBAYTAklUMSIwIAYDVQQKDBlJbnRlc2EgUy5wLkEuLzA1"
- + "MjYyODkwMDE0MSowKAYDVQQLDCFCdXNpbmVzcyBDb2xsYWJvcmF0aW9uICYg"
- + "U2VjdXJpdHkxHjAcBgNVBAMMFU1BU1NJTUlMSUFOTyBaSUNDQVJESTERMA8G"
- + "A1UEBAwIWklDQ0FSREkxFTATBgNVBCoMDE1BU1NJTUlMSUFOTzEcMBoGA1UE"
- + "BRMTSVQ6WkNDTVNNNzZIMTRMMjE5WTERMA8GA1UELhMIMDAwMDI1ODUwgaAw"
- + "DQYJKoZIhvcNAQEBBQADgY4AMIGKAoGBALeJTjmyFgx1SIP6c2AuB/kuyHo5"
- + "j/prKELTALsFDimre/Hxr3wOSet1TdQfFzU8Lu+EJqgfV9cV+cI1yeH1rZs7"
- + "lei7L3tX/VR565IywnguX5xwvteASgWZr537Fkws50bvTEMyYOj1Tf3FZvZU"
- + "z4n4OD39KI4mfR9i1eEVIxR3AgQAizpNo4IBoTCCAZ0wHQYDVR0RBBYwFIES"
- + "emljY2FyZGlAaW50ZXNhLml0MC8GCCsGAQUFBwEDBCMwITAIBgYEAI5GAQEw"
- + "CwYGBACORgEDAgEUMAgGBgQAjkYBBDBZBgNVHSAEUjBQME4GBgQAizABATBE"
- + "MEIGCCsGAQUFBwIBFjZodHRwOi8vZS10cnVzdGNvbS5pbnRlc2EuaXQvY2Ff"
- + "cHViYmxpY2EvQ1BTX0lOVEVTQS5odG0wDgYDVR0PAQH/BAQDAgZAMIGDBgNV"
- + "HSMEfDB6gBQZCQOW0bjFWBt+EORuxPagEgkQqKFcpFowWDELMAkGA1UEBhMC"
- + "SVQxGjAYBgNVBAoTEUluLlRlLlMuQS4gUy5wLkEuMS0wKwYDVQQDEyRJbi5U"
- + "ZS5TLkEuIC0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCBDzRARMwOwYDVR0f"
- + "BDQwMjAwoC6gLIYqaHR0cDovL2UtdHJ1c3Rjb20uaW50ZXNhLml0L0NSTC9J"
- + "TlRFU0EuY3JsMB0GA1UdDgQWBBTf5ItL8KmQh541Dxt7YxcWI1254TANBgkq"
- + "hkiG9w0BAQUFAAOCAQEAgW+uL1CVWQepbC/wfCmR6PN37Sueb4xiKQj2mTD5"
- + "UZ5KQjpivy/Hbuf0NrfKNiDEhAvoHSPC31ebGiKuTMFNyZPHfPEUnyYGSxea"
- + "2w837aXJFr6utPNQGBRi89kH90sZDlXtOSrZI+AzJJn5QK3F9gjcayU2NZXQ"
- + "MJgRwYmFyn2w4jtox+CwXPQ9E5XgxiMZ4WDL03cWVXDLX00EOJwnDDMUNTRI"
- + "m9Zv+4SKTNlfFbi9UTBqWBySkDzAelsfB2U61oqc2h1xKmCtkGMmN9iZT+Qz"
- + "ZC/vaaT+hLEBFGAH2gwFrYc4/jTBKyBYeU1vsAxsibIoTs1Apgl6MH75qPDL"
- + "BzCCBM8wggO3oAMCAQICBEOdgPcwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE"
- + "BhMCSVQxGjAYBgNVBAoTEUluLlRlLlMuQS4gUy5wLkEuMS0wKwYDVQQDEyRJ"
- + "bi5UZS5TLkEuIC0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwOTEy"
- + "MTE0MzEyWhcNMTAwOTEyMTE0MzEyWjCB2DELMAkGA1UEBhMCSVQxIjAgBgNV"
- + "BAoMGUludGVzYSBTLnAuQS4vMDUyNjI4OTAwMTQxKjAoBgNVBAsMIUJ1c2lu"
- + "ZXNzIENvbGxhYm9yYXRpb24gJiBTZWN1cml0eTEeMBwGA1UEAwwVTUFTU0lN"
- + "SUxJQU5PIFpJQ0NBUkRJMREwDwYDVQQEDAhaSUNDQVJESTEVMBMGA1UEKgwM"
- + "TUFTU0lNSUxJQU5PMRwwGgYDVQQFExNJVDpaQ0NNU003NkgxNEwyMTlZMREw"
- + "DwYDVQQuEwgwMDAwMjU4NTCBoDANBgkqhkiG9w0BAQEFAAOBjgAwgYoCgYEA"
- + "t4lOObIWDHVIg/pzYC4H+S7IejmP+msoQtMAuwUOKat78fGvfA5J63VN1B8X"
- + "NTwu74QmqB9X1xX5wjXJ4fWtmzuV6Lsve1f9VHnrkjLCeC5fnHC+14BKBZmv"
- + "nfsWTCznRu9MQzJg6PVN/cVm9lTPifg4Pf0ojiZ9H2LV4RUjFHcCBACLOk2j"
- + "ggGhMIIBnTAdBgNVHREEFjAUgRJ6aWNjYXJkaUBpbnRlc2EuaXQwLwYIKwYB"
- + "BQUHAQMEIzAhMAgGBgQAjkYBATALBgYEAI5GAQMCARQwCAYGBACORgEEMFkG"
- + "A1UdIARSMFAwTgYGBACLMAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9lLXRy"
- + "dXN0Y29tLmludGVzYS5pdC9jYV9wdWJibGljYS9DUFNfSU5URVNBLmh0bTAO"
- + "BgNVHQ8BAf8EBAMCBkAwgYMGA1UdIwR8MHqAFBkJA5bRuMVYG34Q5G7E9qAS"
- + "CRCooVykWjBYMQswCQYDVQQGEwJJVDEaMBgGA1UEChMRSW4uVGUuUy5BLiBT"
- + "LnAuQS4xLTArBgNVBAMTJEluLlRlLlMuQS4gLSBDZXJ0aWZpY2F0aW9uIEF1"
- + "dGhvcml0eYIEPNEBEzA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vZS10cnVz"
- + "dGNvbS5pbnRlc2EuaXQvQ1JML0lOVEVTQS5jcmwwHQYDVR0OBBYEFN/ki0vw"
- + "qZCHnjUPG3tjFxYjXbnhMA0GCSqGSIb3DQEBBQUAA4IBAQCBb64vUJVZB6ls"
- + "L/B8KZHo83ftK55vjGIpCPaZMPlRnkpCOmK/L8du5/Q2t8o2IMSEC+gdI8Lf"
- + "V5saIq5MwU3Jk8d88RSfJgZLF5rbDzftpckWvq6081AYFGLz2Qf3SxkOVe05"
- + "Ktkj4DMkmflArcX2CNxrJTY1ldAwmBHBiYXKfbDiO2jH4LBc9D0TleDGIxnh"
- + "YMvTdxZVcMtfTQQ4nCcMMxQ1NEib1m/7hIpM2V8VuL1RMGpYHJKQPMB6Wx8H"
- + "ZTrWipzaHXEqYK2QYyY32JlP5DNkL+9ppP6EsQEUYAfaDAWthzj+NMErIFh5"
- + "TW+wDGyJsihOzUCmCXowfvmo8MsHMIIEzzCCA7egAwIBAgIEQ52A9zANBgkq"
- + "hkiG9w0BAQUFADBYMQswCQYDVQQGEwJJVDEaMBgGA1UEChMRSW4uVGUuUy5B"
- + "LiBTLnAuQS4xLTArBgNVBAMTJEluLlRlLlMuQS4gLSBDZXJ0aWZpY2F0aW9u"
- + "IEF1dGhvcml0eTAeFw0wODA5MTIxMTQzMTJaFw0xMDA5MTIxMTQzMTJaMIHY"
- + "MQswCQYDVQQGEwJJVDEiMCAGA1UECgwZSW50ZXNhIFMucC5BLi8wNTI2Mjg5"
- + "MDAxNDEqMCgGA1UECwwhQnVzaW5lc3MgQ29sbGFib3JhdGlvbiAmIFNlY3Vy"
- + "aXR5MR4wHAYDVQQDDBVNQVNTSU1JTElBTk8gWklDQ0FSREkxETAPBgNVBAQM"
- + "CFpJQ0NBUkRJMRUwEwYDVQQqDAxNQVNTSU1JTElBTk8xHDAaBgNVBAUTE0lU"
- + "OlpDQ01TTTc2SDE0TDIxOVkxETAPBgNVBC4TCDAwMDAyNTg1MIGgMA0GCSqG"
- + "SIb3DQEBAQUAA4GOADCBigKBgQC3iU45shYMdUiD+nNgLgf5Lsh6OY/6ayhC"
- + "0wC7BQ4pq3vx8a98DknrdU3UHxc1PC7vhCaoH1fXFfnCNcnh9a2bO5Xouy97"
- + "V/1UeeuSMsJ4Ll+ccL7XgEoFma+d+xZMLOdG70xDMmDo9U39xWb2VM+J+Dg9"
- + "/SiOJn0fYtXhFSMUdwIEAIs6TaOCAaEwggGdMB0GA1UdEQQWMBSBEnppY2Nh"
- + "cmRpQGludGVzYS5pdDAvBggrBgEFBQcBAwQjMCEwCAYGBACORgEBMAsGBgQA"
- + "jkYBAwIBFDAIBgYEAI5GAQQwWQYDVR0gBFIwUDBOBgYEAIswAQEwRDBCBggr"
- + "BgEFBQcCARY2aHR0cDovL2UtdHJ1c3Rjb20uaW50ZXNhLml0L2NhX3B1YmJs"
- + "aWNhL0NQU19JTlRFU0EuaHRtMA4GA1UdDwEB/wQEAwIGQDCBgwYDVR0jBHww"
- + "eoAUGQkDltG4xVgbfhDkbsT2oBIJEKihXKRaMFgxCzAJBgNVBAYTAklUMRow"
- + "GAYDVQQKExFJbi5UZS5TLkEuIFMucC5BLjEtMCsGA1UEAxMkSW4uVGUuUy5B"
- + "LiAtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ80QETMDsGA1UdHwQ0MDIw"
- + "MKAuoCyGKmh0dHA6Ly9lLXRydXN0Y29tLmludGVzYS5pdC9DUkwvSU5URVNB"
- + "LmNybDAdBgNVHQ4EFgQU3+SLS/CpkIeeNQ8be2MXFiNdueEwDQYJKoZIhvcN"
- + "AQEFBQADggEBAIFvri9QlVkHqWwv8Hwpkejzd+0rnm+MYikI9pkw+VGeSkI6"
- + "Yr8vx27n9Da3yjYgxIQL6B0jwt9XmxoirkzBTcmTx3zxFJ8mBksXmtsPN+2l"
- + "yRa+rrTzUBgUYvPZB/dLGQ5V7Tkq2SPgMySZ+UCtxfYI3GslNjWV0DCYEcGJ"
- + "hcp9sOI7aMfgsFz0PROV4MYjGeFgy9N3FlVwy19NBDicJwwzFDU0SJvWb/uE"
- + "ikzZXxW4vVEwalgckpA8wHpbHwdlOtaKnNodcSpgrZBjJjfYmU/kM2Qv72mk"
- + "/oSxARRgB9oMBa2HOP40wSsgWHlNb7AMbImyKE7NQKYJejB++ajwywcxggM8"
- + "MIIDOAIBATBgMFgxCzAJBgNVBAYTAklUMRowGAYDVQQKExFJbi5UZS5TLkEu"
- + "IFMucC5BLjEtMCsGA1UEAxMkSW4uVGUuUy5BLiAtIENlcnRpZmljYXRpb24g"
- + "QXV0aG9yaXR5AgRDnYD3MAkGBSsOAwIaBQAwDQYJKoZIhvcNAQEBBQAEgYB+"
- + "lH2cwLqc91mP8prvgSV+RRzk13dJdZvdoVjgQoFrPhBiZCNIEoHvIhMMA/sM"
- + "X6euSRZk7EjD24FasCEGYyd0mJVLEy6TSPmuW+wWz/28w3a6IWXBGrbb/ild"
- + "/CJMkPgLPGgOVD1WDwiNKwfasiQSFtySf5DPn3jFevdLeMmEY6GCAjIwggEV"
- + "BgkqhkiG9w0BCQYxggEGMIIBAgIBATBgMFgxCzAJBgNVBAYTAklUMRowGAYD"
- + "VQQKExFJbi5UZS5TLkEuIFMucC5BLjEtMCsGA1UEAxMkSW4uVGUuUy5BLiAt"
- + "IENlcnRpZmljYXRpb24gQXV0aG9yaXR5AgRDnYD3MAkGBSsOAwIaBQAwDQYJ"
- + "KoZIhvcNAQEBBQAEgYBHlOULfT5GDigIvxP0qZOy8VbpntmzaPF55VV4buKV"
- + "35J+uHp98gXKp0LrHM69V5IRKuyuQzHHFBqsXxsRI9o6KoOfgliD9Xc+BeMg"
- + "dKzQhBhBYoFREq8hQM0nSbqDNHYAQyNHMzUA/ZQUO5dlFuH8Dw3iDYAhNtfd"
- + "PrlchKJthDCCARUGCSqGSIb3DQEJBjGCAQYwggECAgEBMGAwWDELMAkGA1UE"
- + "BhMCSVQxGjAYBgNVBAoTEUluLlRlLlMuQS4gUy5wLkEuMS0wKwYDVQQDEyRJ"
- + "bi5UZS5TLkEuIC0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCBEOdgPcwCQYF"
- + "Kw4DAhoFADANBgkqhkiG9w0BAQEFAASBgEeU5Qt9PkYOKAi/E/Spk7LxVume"
- + "2bNo8XnlVXhu4pXfkn64en3yBcqnQusczr1XkhEq7K5DMccUGqxfGxEj2joq"
- + "g5+CWIP1dz4F4yB0rNCEGEFigVESryFAzSdJuoM0dgBDI0czNQD9lBQ7l2UW"
- + "4fwPDeINgCE2190+uVyEom2E");
-
- byte[] noSignedAttrSample2 = Base64.decode(
- "MIIIlAYJKoZIhvcNAQcCoIIIhTCCCIECAQExCzAJBgUrDgMCGgUAMAsGCSqG"
- + "SIb3DQEHAaCCB3UwggOtMIIDa6ADAgECAgEzMAsGByqGSM44BAMFADCBkDEL"
- + "MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlQYWxvIEFsdG8x"
- + "HTAbBgNVBAoTFFN1biBNaWNyb3N5c3RlbXMgSW5jMSMwIQYDVQQLExpKYXZh"
- + "IFNvZnR3YXJlIENvZGUgU2lnbmluZzEcMBoGA1UEAxMTSkNFIENvZGUgU2ln"
- + "bmluZyBDQTAeFw0wMTA1MjkxNjQ3MTFaFw0wNjA1MjgxNjQ3MTFaMG4xHTAb"
- + "BgNVBAoTFFN1biBNaWNyb3N5c3RlbXMgSW5jMSMwIQYDVQQLExpKYXZhIFNv"
- + "ZnR3YXJlIENvZGUgU2lnbmluZzEoMCYGA1UEAxMfVGhlIExlZ2lvbiBvZiB0"
- + "aGUgQm91bmN5IENhc3RsZTCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OB"
- + "HXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2"
- + "y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUP"
- + "BPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvM"
- + "spK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9"
- + "B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj"
- + "rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtV"
- + "JWQBTDv+z0kqA4GEAAKBgBWry/FCAZ6miyy39+ftsa+h9lxoL+JtV0MJcUyQ"
- + "E4VAhpAwWb8vyjba9AwOylYQTktHX5sAkFvjBiU0LOYDbFSTVZSHMRJgfjxB"
- + "SHtICjOEvr1BJrrOrdzqdxcOUge5n7El124BCrv91x5Ol8UTwtiO9LrRXF/d"
- + "SyK+RT5n1klRo3YwdDARBglghkgBhvhCAQEEBAMCAIcwDgYDVR0PAQH/BAQD"
- + "AgHGMB0GA1UdDgQWBBQwMY4NRcco1AO3w1YsokfDLVseEjAPBgNVHRMBAf8E"
- + "BTADAQH/MB8GA1UdIwQYMBaAFGXi9IbJ007wkU5Yomr12HhamsGmMAsGByqG"
- + "SM44BAMFAAMvADAsAhRmigTu6QV0sTfEkVljgij/hhdVfAIUQZvMxAnIHc30"
- + "y/u0C1T5UEG9glUwggPAMIIDfqADAgECAgEQMAsGByqGSM44BAMFADCBkDEL"
- + "MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlQYWxvIEFsdG8x"
- + "HTAbBgNVBAoTFFN1biBNaWNyb3N5c3RlbXMgSW5jMSMwIQYDVQQLExpKYXZh"
- + "IFNvZnR3YXJlIENvZGUgU2lnbmluZzEcMBoGA1UEAxMTSkNFIENvZGUgU2ln"
- + "bmluZyBDQTAeFw0wMTA0MjUwNzAwMDBaFw0yMDA0MjUwNzAwMDBaMIGQMQsw"
- + "CQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVBhbG8gQWx0bzEd"
- + "MBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxIzAhBgNVBAsTGkphdmEg"
- + "U29mdHdhcmUgQ29kZSBTaWduaW5nMRwwGgYDVQQDExNKQ0UgQ29kZSBTaWdu"
- + "aW5nIENBMIIBtzCCASwGByqGSM44BAEwggEfAoGBAOuvNwQeylEeaV2w8o/2"
- + "tUkfxqSZBdcpv3S3avUZ2B7kG/gKAZqY/3Cr4kpWhmxTs/zhyIGMMfDE87CL"
- + "5nAG7PdpaNuDTHIpiSk2F1w7SgegIAIqRpdRHXDICBgLzgxum3b3BePn+9Nh"
- + "eeFgmiSNBpWDPFEg4TDPOFeCphpyDc7TAhUAhCVF4bq5qWKreehbMLiJaxv/"
- + "e3UCgYEAq8l0e3Tv7kK1alNNO92QBnJokQ8LpCl2LlU71a5NZVx+KjoEpmem"
- + "0HGqpde34sFyDaTRqh6SVEwgAAmisAlBGTMAssNcrkL4sYvKfJbYEH83RFuq"
- + "zHjI13J2N2tAmahVZvqoAx6LShECactMuCUGHKB30sms0j3pChD6dnC3+9wD"
- + "gYQAAoGALQmYXKy4nMeZfu4gGSo0kPnXq6uu3WtylQ1m+O8nj0Sy7ShEx/6v"
- + "sKYnbwBnRYJbB6hWVjvSKVFhXmk51y50dxLPGUr1LcjLcmHETm/6R0M/FLv6"
- + "vBhmKMLZZot6LS/CYJJLFP5YPiF/aGK+bEhJ+aBLXoWdGRD5FUVRG3HU9wuj"
- + "ZjBkMBEGCWCGSAGG+EIBAQQEAwIABzAPBgNVHRMBAf8EBTADAQH/MB8GA1Ud"
- + "IwQYMBaAFGXi9IbJ007wkU5Yomr12HhamsGmMB0GA1UdDgQWBBRl4vSGydNO"
- + "8JFOWKJq9dh4WprBpjALBgcqhkjOOAQDBQADLwAwLAIUKvfPPJdd+Xi2CNdB"
- + "tNkNRUzktJwCFEXNdWkOIfod1rMpsun3Mx0z/fxJMYHoMIHlAgEBMIGWMIGQ"
- + "MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVBhbG8gQWx0"
- + "bzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxIzAhBgNVBAsTGkph"
- + "dmEgU29mdHdhcmUgQ29kZSBTaWduaW5nMRwwGgYDVQQDExNKQ0UgQ29kZSBT"
- + "aWduaW5nIENBAgEzMAkGBSsOAwIaBQAwCwYHKoZIzjgEAQUABC8wLQIVAIGV"
- + "khm+kbV4a/+EP45PHcq0hIViAhR4M9os6IrJnoEDS3Y3l7O6zrSosA==");
-
- private JcaX509CertSelectorConverter selectorConverter = new JcaX509CertSelectorConverter();
-
- /*
- *
- * INFRASTRUCTURE
- *
- */
-
- public SignedDataTest(String name)
- {
- super(name);
- }
-
- public static void main(String args[])
- {
-
- junit.textui.TestRunner.run(SignedDataTest.class);
- }
-
- public static Test suite()
- throws Exception
- {
- init();
-
- return new CMSTestSetup(new TestSuite(SignedDataTest.class));
- }
-
- private static void init()
- throws Exception
- {
- if (!_initialised)
- {
- _initialised = true;
-
- _origDN = "O=Bouncy Castle, C=AU";
- _origKP = CMSTestUtil.makeKeyPair();
- _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _origKP, _origDN);
-
- _signDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU";
- _signKP = CMSTestUtil.makeKeyPair();
- _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _origKP, _origDN);
-
- _signGostKP = CMSTestUtil.makeGostKeyPair();
- _signGostCert = CMSTestUtil.makeCertificate(_signGostKP, _signDN, _origKP, _origDN);
-
- _signDsaKP = CMSTestUtil.makeDsaKeyPair();
- _signDsaCert = CMSTestUtil.makeCertificate(_signDsaKP, _signDN, _origKP, _origDN);
-
- _signEcDsaKP = CMSTestUtil.makeEcDsaKeyPair();
- _signEcDsaCert = CMSTestUtil.makeCertificate(_signEcDsaKP, _signDN, _origKP, _origDN);
-
- _signEcGostKP = CMSTestUtil.makeEcGostKeyPair();
- _signEcGostCert = CMSTestUtil.makeCertificate(_signEcGostKP, _signDN, _origKP, _origDN);
-
- _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU";
- _reciKP = CMSTestUtil.makeKeyPair();
- _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN);
-
- _signCrl = CMSTestUtil.makeCrl(_signKP);
- }
- }
-
- private void verifySignatures(CMSSignedData s, byte[] contentDigest)
- throws Exception
- {
- CertStore certStore = s.getCertificatesAndCRLs("Collection", BC);
- SignerInformationStore signers = s.getSignerInfos();
-
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certStore.getCertificates(selectorConverter.getCertSelector(signer.getSID()));
-
- Iterator certIt = certCollection.iterator();
- X509Certificate cert = (X509Certificate)certIt.next();
-
- assertEquals(true, signer.verify(cert, BC));
-
- if (contentDigest != null)
- {
- assertTrue(MessageDigest.isEqual(contentDigest, signer.getContentDigest()));
- }
- }
-
- Collection certColl = certStore.getCertificates(null);
- Collection crlColl = certStore.getCRLs(null);
-
- assertEquals(certColl.size(), s.getCertificates("Collection", BC).getMatches(null).size());
- assertEquals(crlColl.size(), s.getCRLs("Collection", BC).getMatches(null).size());
- }
-
- private void verifySignatures(CMSSignedData s)
- throws Exception
- {
- verifySignatures(s, null);
- }
-
- public void testDetachedVerification()
- throws Exception
- {
- byte[] data = "Hello World!".getBytes();
- List certList = new ArrayList();
- CMSProcessable msg = new CMSProcessableByteArray(data);
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1);
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_MD5);
-
- gen.addCertificatesAndCRLs(certs);
-
- CMSSignedData s = gen.generate(msg, BC);
-
- MessageDigest sha1 = MessageDigest.getInstance("SHA1", BC);
- MessageDigest md5 = MessageDigest.getInstance("MD5", BC);
- Map hashes = new HashMap();
- byte[] sha1Hash = sha1.digest(data);
- byte[] md5Hash = md5.digest(data);
-
- hashes.put(CMSSignedDataGenerator.DIGEST_SHA1, sha1Hash);
- hashes.put(CMSSignedDataGenerator.DIGEST_MD5, md5Hash);
-
- s = new CMSSignedData(hashes, s.getEncoded());
-
- verifySignatures(s, null);
- }
-
- public void testSHA1AndMD5WithRSAEncapsulatedRepeated()
- throws Exception
- {
- List certList = new ArrayList();
- CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1);
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_MD5);
-
- gen.addCertificatesAndCRLs(certs);
-
- CMSSignedData s = gen.generate(msg, true, BC);
-
- ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded());
- ASN1InputStream aIn = new ASN1InputStream(bIn);
-
- s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
-
- certs = s.getCertificatesAndCRLs("Collection", BC);
-
- SignerInformationStore signers = s.getSignerInfos();
-
- assertEquals(2, signers.size());
-
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
- SignerId sid = null;
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certs.getCertificates(selectorConverter.getCertSelector(signer.getSID()));
-
- Iterator certIt = certCollection.iterator();
- X509Certificate cert = (X509Certificate)certIt.next();
-
- sid = signer.getSID();
-
- assertEquals(true, signer.verify(cert, BC));
-
- //
- // check content digest
- //
-
- byte[] contentDigest = (byte[])gen.getGeneratedDigests().get(signer.getDigestAlgOID());
-
- AttributeTable table = signer.getSignedAttributes();
- Attribute hash = table.get(CMSAttributes.messageDigest);
-
- assertTrue(MessageDigest.isEqual(contentDigest, ((ASN1OctetString)hash.getAttrValues().getObjectAt(0)).getOctets()));
- }
-
- c = signers.getSigners(sid);
-
- assertEquals(2, c.size());
-
-
- //
- // try using existing signer
- //
-
- gen = new CMSSignedDataGenerator();
-
- gen.addSigners(s.getSignerInfos());
-
- gen.addCertificatesAndCRLs(s.getCertificatesAndCRLs("Collection", BC));
-
- s = gen.generate(msg, true, BC);
-
- bIn = new ByteArrayInputStream(s.getEncoded());
- aIn = new ASN1InputStream(bIn);
-
- s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
-
- certs = s.getCertificatesAndCRLs("Collection", BC);
-
- signers = s.getSignerInfos();
- c = signers.getSigners();
- it = c.iterator();
-
- assertEquals(2, c.size());
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certs.getCertificates(selectorConverter.getCertSelector(signer.getSID()));
-
- Iterator certIt = certCollection.iterator();
- X509Certificate cert = (X509Certificate)certIt.next();
-
- assertEquals(true, signer.verify(cert, BC));
- }
-
- checkSignerStoreReplacement(s, signers);
- }
-
- public void testSHA1WithRSANoAttributes()
- throws Exception
- {
- List certList = new ArrayList();
- CMSProcessable msg = new CMSProcessableByteArray("Hello world!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1);
-
- gen.addCertificatesAndCRLs(certs);
-
- CMSSignedData s = gen.generate(CMSSignedDataGenerator.DATA, msg, false, BC, false);
-
- //
- // compute expected content digest
- //
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
-
- verifySignatures(s, md.digest("Hello world!".getBytes()));
- }
-
- public void testSHA1WithRSAViaConfig()
- throws Exception
- {
- List certList = new ArrayList();
- CMSProcessable msg = new CMSProcessableByteArray("Hello world!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- // set some bogus mappings.
- CMSConfig.setSigningEncryptionAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption.getId(), "XXXX");
- CMSConfig.setSigningDigestAlgorithmMapping(OIWObjectIdentifiers.idSHA1.getId(), "YYYY");
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1);
-
- gen.addCertificatesAndCRLs(certs);
-
- CMSSignedData s;
-
- try
- {
- // try the bogus mappings
- s = gen.generate(CMSSignedDataGenerator.DATA, msg, false, BC, false);
- }
- catch (NoSuchAlgorithmException e)
- {
- if (!e.getMessage().startsWith("Unknown signature type requested: YYYYWITHXXXX"))
- {
- throw e;
- }
- }
- finally
- {
- // reset to the real ones
- CMSConfig.setSigningEncryptionAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption.getId(), "RSA");
- CMSConfig.setSigningDigestAlgorithmMapping(OIWObjectIdentifiers.idSHA1.getId(), "SHA1");
- }
-
- s = gen.generate(CMSSignedDataGenerator.DATA, msg, false, BC, false);
-
- //
- // compute expected content digest
- //
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
-
- verifySignatures(s, md.digest("Hello world!".getBytes()));
- }
-
- public void testSHA1WithRSAAndAttributeTable()
- throws Exception
- {
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
- List certList = new ArrayList();
- CMSProcessable msg = new CMSProcessableByteArray("Hello world!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- Attribute attr = new Attribute(CMSAttributes.messageDigest,
- new DERSet(
- new DEROctetString(
- md.digest("Hello world!".getBytes()))));
-
- ASN1EncodableVector v = new ASN1EncodableVector();
-
- v.add(attr);
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1, new AttributeTable(v), null);
-
- gen.addCertificatesAndCRLs(certs);
-
-
- CMSSignedData s = gen.generate(CMSSignedDataGenerator.DATA, null, false, BC);
-
- //
- // the signature is detached, so need to add msg before passing on
- //
- s = new CMSSignedData(msg, s.getEncoded());
- //
- // compute expected content digest
- //
-
- verifySignatures(s, md.digest("Hello world!".getBytes()));
- }
-
- public void testSHA1WithRSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signKP, _signCert, CMSSignedDataGenerator.DIGEST_SHA1);
- }
-
- public void testSHA1WithRSAEncapsulatedSubjectKeyID()
- throws Exception
- {
- subjectKeyIDTest(_signKP, _signCert, CMSSignedDataGenerator.DIGEST_SHA1);
- }
-
- public void testSHA1WithRSAPSS()
- throws Exception
- {
- rsaPSSTest("SHA1", CMSSignedDataGenerator.DIGEST_SHA1);
- }
-
- public void testSHA224WithRSAPSS()
- throws Exception
- {
- rsaPSSTest("SHA224", CMSSignedDataGenerator.DIGEST_SHA224);
- }
-
- public void testSHA256WithRSAPSS()
- throws Exception
- {
- rsaPSSTest("SHA256", CMSSignedDataGenerator.DIGEST_SHA256);
- }
-
- public void testSHA384WithRSAPSS()
- throws Exception
- {
- rsaPSSTest("SHA384", CMSSignedDataGenerator.DIGEST_SHA384);
- }
-
- public void testSHA224WithRSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signKP, _signCert, CMSSignedDataGenerator.DIGEST_SHA224);
- }
-
- public void testSHA256WithRSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signKP, _signCert, CMSSignedDataGenerator.DIGEST_SHA256);
- }
-
- public void testRIPEMD128WithRSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signKP, _signCert, CMSSignedDataGenerator.DIGEST_RIPEMD128);
- }
-
- public void testRIPEMD160WithRSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signKP, _signCert, CMSSignedDataGenerator.DIGEST_RIPEMD160);
- }
-
- public void testRIPEMD256WithRSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signKP, _signCert, CMSSignedDataGenerator.DIGEST_RIPEMD256);
- }
-
- public void testECDSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signEcDsaKP, _signEcDsaCert, CMSSignedDataGenerator.DIGEST_SHA1);
- }
-
- public void testECDSAEncapsulatedSubjectKeyID()
- throws Exception
- {
- subjectKeyIDTest(_signEcDsaKP, _signEcDsaCert, CMSSignedDataGenerator.DIGEST_SHA1);
- }
-
- public void testECDSASHA224Encapsulated()
- throws Exception
- {
- encapsulatedTest(_signEcDsaKP, _signEcDsaCert, CMSSignedDataGenerator.DIGEST_SHA224);
- }
-
- public void testECDSASHA256Encapsulated()
- throws Exception
- {
- encapsulatedTest(_signEcDsaKP, _signEcDsaCert, CMSSignedDataGenerator.DIGEST_SHA256);
- }
-
- public void testECDSASHA384Encapsulated()
- throws Exception
- {
- encapsulatedTest(_signEcDsaKP, _signEcDsaCert, CMSSignedDataGenerator.DIGEST_SHA384);
- }
-
- public void testECDSASHA512Encapsulated()
- throws Exception
- {
- encapsulatedTest(_signEcDsaKP, _signEcDsaCert, CMSSignedDataGenerator.DIGEST_SHA512);
- }
-
- public void testECDSASHA512EncapsulatedWithKeyFactoryAsEC()
- throws Exception
- {
- X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(_signEcDsaKP.getPublic().getEncoded());
- PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(_signEcDsaKP.getPrivate().getEncoded());
- KeyFactory keyFact = KeyFactory.getInstance("EC", BC);
- KeyPair kp = new KeyPair(keyFact.generatePublic(pubSpec), keyFact.generatePrivate(privSpec));
-
- encapsulatedTest(kp, _signEcDsaCert, CMSSignedDataGenerator.DIGEST_SHA512);
- }
-
- public void testDSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signDsaKP, _signDsaCert, CMSSignedDataGenerator.DIGEST_SHA1);
- }
-
- public void testDSAEncapsulatedSubjectKeyID()
- throws Exception
- {
- subjectKeyIDTest(_signDsaKP, _signDsaCert, CMSSignedDataGenerator.DIGEST_SHA1);
- }
-
- public void testGOST3411WithGOST3410Encapsulated()
- throws Exception
- {
- encapsulatedTest(_signGostKP, _signGostCert, CMSSignedDataGenerator.DIGEST_GOST3411);
- }
-
- public void testGOST3411WithECGOST3410Encapsulated()
- throws Exception
- {
- encapsulatedTest(_signEcGostKP, _signEcGostCert, CMSSignedDataGenerator.DIGEST_GOST3411);
- }
-
- public void testSHA1WithRSACounterSignature()
- throws Exception
- {
- List certList = new ArrayList();
- CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
- certList.add(_signCert);
- certList.add(_origCert);
-
- certList.add(_signCrl);
-
- CertStore certsAndCrls = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- gen.addSigner(_signKP.getPrivate(), _signCert, CMSSignedDataGenerator.DIGEST_SHA1);
-
- gen.addCertificatesAndCRLs(certsAndCrls);
-
- CMSSignedData s = gen.generate(msg, true, BC);
- SignerInformation origSigner = (SignerInformation)s.getSignerInfos().getSigners().toArray()[0];
- SignerInformationStore counterSigners1 = gen.generateCounterSigners(origSigner, BC);
- SignerInformationStore counterSigners2 = gen.generateCounterSigners(origSigner, BC);
-
- SignerInformation signer1 = SignerInformation.addCounterSigners(origSigner, counterSigners1);
- SignerInformation signer2 = SignerInformation.addCounterSigners(signer1, counterSigners2);
-
- SignerInformationStore cs = signer2.getCounterSignatures();
- Collection csSigners = cs.getSigners();
- assertEquals(2, csSigners.size());
-
- Iterator it = csSigners.iterator();
- while (it.hasNext())
- {
- SignerInformation cSigner = (SignerInformation)it.next();
- Collection certCollection = certsAndCrls.getCertificates(selectorConverter.getCertSelector(cSigner.getSID()));
-
- Iterator certIt = certCollection.iterator();
- X509Certificate cert = (X509Certificate)certIt.next();
-
- assertNull(cSigner.getSignedAttributes().get(PKCSObjectIdentifiers.pkcs_9_at_contentType));
- assertEquals(true, cSigner.verify(cert, BC));
- }
- }
-
- private void rsaPSSTest(String digestName, String digestOID)
- throws Exception
- {
- List certList = new ArrayList();
- CMSProcessable msg = new CMSProcessableByteArray("Hello world!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.ENCRYPTION_RSA_PSS, digestOID);
-
- gen.addCertificatesAndCRLs(certs);
-
- CMSSignedData s = gen.generate(CMSSignedDataGenerator.DATA, msg, false, BC, false);
-
- //
- // compute expected content digest
- //
- MessageDigest md = MessageDigest.getInstance(digestName, BC);
-
- verifySignatures(s, md.digest("Hello world!".getBytes()));
- }
-
- private void subjectKeyIDTest(
- KeyPair signaturePair,
- X509Certificate signatureCert,
- String digestAlgorithm)
- throws Exception
- {
- List certList = new ArrayList();
- CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
- certList.add(signatureCert);
- certList.add(_origCert);
-
- certList.add(_signCrl);
-
- CertStore certsAndCrls = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- gen.addSigner(signaturePair.getPrivate(), CMSTestUtil.createSubjectKeyId(signatureCert.getPublicKey()).getKeyIdentifier(), digestAlgorithm);
-
- gen.addCertificatesAndCRLs(certsAndCrls);
-
- CMSSignedData s = gen.generate(msg, true, BC);
-
- assertEquals(3, s.getVersion());
-
- ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded());
- ASN1InputStream aIn = new ASN1InputStream(bIn);
-
- s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
-
- certsAndCrls = s.getCertificatesAndCRLs("Collection", BC);
-
- SignerInformationStore signers = s.getSignerInfos();
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certsAndCrls.getCertificates(selectorConverter.getCertSelector(signer.getSID()));
-
- Iterator certIt = certCollection.iterator();
- X509Certificate cert = (X509Certificate)certIt.next();
-
- assertEquals(true, signer.verify(cert, BC));
- }
-
- //
- // check for CRLs
- //
- Collection crls = certsAndCrls.getCRLs(null);
-
- assertEquals(1, crls.size());
-
- assertTrue(crls.contains(_signCrl));
-
- //
- // try using existing signer
- //
-
- gen = new CMSSignedDataGenerator();
-
- gen.addSigners(s.getSignerInfos());
-
- gen.addCertificatesAndCRLs(s.getCertificatesAndCRLs("Collection", BC));
-
- s = gen.generate(msg, true, BC);
-
- bIn = new ByteArrayInputStream(s.getEncoded());
- aIn = new ASN1InputStream(bIn);
-
- s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
-
- certsAndCrls = s.getCertificatesAndCRLs("Collection", BC);
-
- signers = s.getSignerInfos();
- c = signers.getSigners();
- it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certsAndCrls.getCertificates(selectorConverter.getCertSelector(signer.getSID()));
-
- Iterator certIt = certCollection.iterator();
- X509Certificate cert = (X509Certificate)certIt.next();
-
- assertEquals(true, signer.verify(cert, BC));
- }
-
- checkSignerStoreReplacement(s, signers);
- }
-
- private void encapsulatedTest(
- KeyPair signaturePair,
- X509Certificate signatureCert,
- String digestAlgorithm)
- throws Exception
- {
- List certList = new ArrayList();
- CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
- certList.add(signatureCert);
- certList.add(_origCert);
-
- certList.add(_signCrl);
-
- CertStore certsAndCrls = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- gen.addSigner(signaturePair.getPrivate(), signatureCert, digestAlgorithm);
-
- gen.addCertificatesAndCRLs(certsAndCrls);
-
- CMSSignedData s = gen.generate(msg, true, BC);
-
- ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded());
- ASN1InputStream aIn = new ASN1InputStream(bIn);
-
- s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
-
- certsAndCrls = s.getCertificatesAndCRLs("Collection", BC);
-
- SignerInformationStore signers = s.getSignerInfos();
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certsAndCrls.getCertificates(selectorConverter.getCertSelector(signer.getSID()));
-
- Iterator certIt = certCollection.iterator();
- X509Certificate cert = (X509Certificate)certIt.next();
-
- assertEquals(true, signer.verify(cert, BC));
- }
-
- //
- // check for CRLs
- //
- Collection crls = certsAndCrls.getCRLs(null);
-
- assertEquals(1, crls.size());
-
- assertTrue(crls.contains(_signCrl));
-
- //
- // try using existing signer
- //
-
- gen = new CMSSignedDataGenerator();
-
- gen.addSigners(s.getSignerInfos());
-
- gen.addCertificatesAndCRLs(s.getCertificatesAndCRLs("Collection", BC));
-
- s = gen.generate(msg, true, BC);
-
- bIn = new ByteArrayInputStream(s.getEncoded());
- aIn = new ASN1InputStream(bIn);
-
- s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
-
- certsAndCrls = s.getCertificatesAndCRLs("Collection", BC);
-
- signers = s.getSignerInfos();
- c = signers.getSigners();
- it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certsAndCrls.getCertificates(selectorConverter.getCertSelector(signer.getSID()));
-
- Iterator certIt = certCollection.iterator();
- X509Certificate cert = (X509Certificate)certIt.next();
-
- assertEquals(true, signer.verify(cert, BC));
- }
-
- checkSignerStoreReplacement(s, signers);
- }
-
- //
- // signerInformation store replacement test.
- //
- private void checkSignerStoreReplacement(
- CMSSignedData orig,
- SignerInformationStore signers)
- throws Exception
- {
- CMSSignedData s = CMSSignedData.replaceSigners(orig, signers);
-
- CertStore certs = s.getCertificatesAndCRLs("Collection", BC);
-
- signers = s.getSignerInfos();
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certs.getCertificates(selectorConverter.getCertSelector(signer.getSID()));
-
- Iterator certIt = certCollection.iterator();
- X509Certificate cert = (X509Certificate)certIt.next();
-
- assertEquals(true, signer.verify(cert, BC));
- }
- }
-
- public void testUnsortedAttributes()
- throws Exception
- {
- CMSSignedData s = new CMSSignedData(new CMSProcessableByteArray(disorderedMessage), disorderedSet);
-
- CertStore certs = s.getCertificatesAndCRLs("Collection", BC);
-
- SignerInformationStore signers = s.getSignerInfos();
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certs.getCertificates(selectorConverter.getCertSelector(signer.getSID()));
-
- Iterator certIt = certCollection.iterator();
- X509Certificate cert = (X509Certificate)certIt.next();
-
- assertEquals(true, signer.verify(cert, BC));
- }
- }
-
- public void testNullContentWithSigner()
- throws Exception
- {
- List certList = new ArrayList();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1);
-
- gen.addCertificatesAndCRLs(certs);
-
- CMSSignedData s = gen.generate(null, false, BC);
-
- ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded());
- ASN1InputStream aIn = new ASN1InputStream(bIn);
-
- s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
-
- verifySignatures(s);
- }
-
- public void testWithAttributeCertificate()
- throws Exception
- {
- List certList = new ArrayList();
- CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
-
- certList.add(_signDsaCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1);
-
- gen.addCertificatesAndCRLs(certs);
-
- X509AttributeCertificate attrCert = CMSTestUtil.getAttributeCertificate();
-
- X509Store store = X509Store.getInstance("AttributeCertificate/Collection",
- new X509CollectionStoreParameters(Collections.singleton(attrCert)), BC);
-
- gen.addAttributeCertificates(store);
-
- CMSSignedData sd = gen.generate(msg, BC);
-
- assertEquals(4, sd.getVersion());
-
- store = sd.getAttributeCertificates("Collection", BC);
-
- Collection coll = store.getMatches(null);
-
- assertEquals(1, coll.size());
-
- assertTrue(coll.contains(attrCert));
-
- //
- // create new certstore
- //
- certList = new ArrayList();
- certList.add(_origCert);
- certList.add(_signCert);
-
- certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
-
- //
- // replace certs
- //
- sd = CMSSignedData.replaceCertificatesAndCRLs(sd, certs);
-
- verifySignatures(sd);
- }
-
- public void testCertStoreReplacement()
- throws Exception
- {
- List certList = new ArrayList();
- CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
-
- certList.add(_signDsaCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1);
-
- gen.addCertificatesAndCRLs(certs);
-
- CMSSignedData sd = gen.generate(msg, BC);
-
- //
- // create new certstore
- //
- certList = new ArrayList();
- certList.add(_origCert);
- certList.add(_signCert);
-
- certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- //
- // replace certs
- //
- sd = CMSSignedData.replaceCertificatesAndCRLs(sd, certs);
-
- verifySignatures(sd);
- }
-
- public void testEncapsulatedCertStoreReplacement()
- throws Exception
- {
- List certList = new ArrayList();
- CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
-
- certList.add(_signDsaCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1);
-
- gen.addCertificatesAndCRLs(certs);
-
- CMSSignedData sd = gen.generate(msg, true, BC);
-
- //
- // create new certstore
- //
- certList = new ArrayList();
- certList.add(_origCert);
- certList.add(_signCert);
-
- certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- //
- // replace certs
- //
- sd = CMSSignedData.replaceCertificatesAndCRLs(sd, certs);
-
- verifySignatures(sd);
- }
-
- public void testCertOrdering1()
- throws Exception
- {
- List certList = new ArrayList();
- CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
- certList.add(_signDsaCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1);
-
- gen.addCertificatesAndCRLs(certs);
-
- CMSSignedData sd = gen.generate(msg, true, BC);
-
- certs = sd.getCertificatesAndCRLs("Collection", BC);
- Iterator it = certs.getCertificates(null).iterator();
-
- assertEquals(_origCert, it.next());
- assertEquals(_signCert, it.next());
- assertEquals(_signDsaCert, it.next());
- }
-
- public void testCertOrdering2()
- throws Exception
- {
- List certList = new ArrayList();
- CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
- certList.add(_signCert);
- certList.add(_signDsaCert);
- certList.add(_origCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1);
-
- gen.addCertificatesAndCRLs(certs);
-
- CMSSignedData sd = gen.generate(msg, true, BC);
-
- certs = sd.getCertificatesAndCRLs("Collection", BC);
- Iterator it = certs.getCertificates(null).iterator();
-
- assertEquals(_signCert, it.next());
- assertEquals(_signDsaCert, it.next());
- assertEquals(_origCert, it.next());
- }
-
- public void testSignerStoreReplacement()
- throws Exception
- {
- List certList = new ArrayList();
- CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- CertStore certs = CertStore.getInstance("Collection",
- new CollectionCertStoreParameters(certList), BC);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1);
-
- gen.addCertificatesAndCRLs(certs);
-
- CMSSignedData original = gen.generate(msg, true, BC);
-
- //
- // create new Signer
- //
- gen = new CMSSignedDataGenerator();
-
- gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA224);
-
- gen.addCertificatesAndCRLs(certs);
-
- CMSSignedData newSD = gen.generate(msg, true, BC);
-
- //
- // replace signer
- //
- CMSSignedData sd = CMSSignedData.replaceSigners(original, newSD.getSignerInfos());
-
- SignerInformation signer = (SignerInformation)sd.getSignerInfos().getSigners().iterator().next();
-
- assertEquals(CMSSignedDataGenerator.DIGEST_SHA224, signer.getDigestAlgOID());
-
- // we use a parser here as it requires the digests to be correct in the digest set, if it
- // isn't we'll get a NullPointerException
- CMSSignedDataParser sp = new CMSSignedDataParser(sd.getEncoded());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
- }
-
- public void testEncapsulatedSamples()
- throws Exception
- {
- testSample("PSSSignDataSHA1Enc.sig");
- testSample("PSSSignDataSHA256Enc.sig");
- testSample("PSSSignDataSHA512Enc.sig");
- }
-
- public void testSamples()
- throws Exception
- {
- testSample("PSSSignData.data", "PSSSignDataSHA1.sig");
- testSample("PSSSignData.data", "PSSSignDataSHA256.sig");
- testSample("PSSSignData.data", "PSSSignDataSHA512.sig");
- }
-
- public void testCounterSig()
- throws Exception
- {
- CMSSignedData sig = new CMSSignedData(getInput("counterSig.p7m"));
-
- SignerInformationStore ss = sig.getSignerInfos();
- Collection signers = ss.getSigners();
-
- SignerInformationStore cs = ((SignerInformation)signers.iterator().next()).getCounterSignatures();
- Collection csSigners = cs.getSigners();
- assertEquals(1, csSigners.size());
-
- Iterator it = csSigners.iterator();
- while (it.hasNext())
- {
- SignerInformation cSigner = (SignerInformation)it.next();
- Collection certCollection = sig.getCertificatesAndCRLs("Collection", BC).getCertificates(selectorConverter.getCertSelector(cSigner.getSID()));
-
- Iterator certIt = certCollection.iterator();
- X509Certificate cert = (X509Certificate)certIt.next();
-
- assertNull(cSigner.getSignedAttributes().get(PKCSObjectIdentifiers.pkcs_9_at_contentType));
- assertEquals(true, cSigner.verify(cert, BC));
- }
-
- verifySignatures(sig);
- }
-
- private void testSample(String sigName)
- throws Exception
- {
- CMSSignedData sig = new CMSSignedData(getInput(sigName));
-
- verifySignatures(sig);
- }
-
- private void testSample(String messageName, String sigName)
- throws Exception
- {
- CMSSignedData sig = new CMSSignedData(new CMSProcessableByteArray(getInput(messageName)), getInput(sigName));
-
- verifySignatures(sig);
- }
-
- private byte[] getInput(String name)
- throws IOException
- {
- return Streams.readAll(getClass().getResourceAsStream(name));
- }
-
- public void testForMultipleCounterSignatures()
- throws Exception
- {
- CMSSignedData sd = new CMSSignedData(xtraCounterSig);
-
- for (Iterator sI = sd.getSignerInfos().getSigners().iterator(); sI.hasNext();)
- {
- SignerInformation sigI = (SignerInformation)sI.next();
-
- SignerInformationStore counter = sigI.getCounterSignatures();
- List sigs = new ArrayList(counter.getSigners());
-
- assertEquals(2, sigs.size());
- }
- }
-
- private void verifySignatures(CMSSignedDataParser sp)
- throws Exception
- {
- CertStore certs = sp.getCertificatesAndCRLs("Collection", BC);
- SignerInformationStore signers = sp.getSignerInfos();
-
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certs.getCertificates(selectorConverter.getCertSelector(signer.getSID()));
-
- Iterator certIt = certCollection.iterator();
- X509Certificate cert = (X509Certificate)certIt.next();
-
- assertEquals(true, signer.verify(cert, BC));
- }
- }
-}
diff --git a/pkix/src/test/jdk1.3/org/bouncycastle/openssl/test/ReaderTest.java b/pkix/src/test/jdk1.3/org/bouncycastle/openssl/test/ReaderTest.java
deleted file mode 100644
index 54f9d046..00000000
--- a/pkix/src/test/jdk1.3/org/bouncycastle/openssl/test/ReaderTest.java
+++ /dev/null
@@ -1,323 +0,0 @@
-package org.bouncycastle.openssl.test;
-
-import java.io.BufferedReader;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.OutputStreamWriter;
-import java.io.Reader;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.Security;
-import java.security.Signature;
-import java.security.interfaces.DSAPrivateKey;
-import java.security.interfaces.RSAPrivateKey;
-
-import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
-import org.bouncycastle.openssl.PEMWriter;
-import org.bouncycastle.openssl.PasswordFinder;
-import org.bouncycastle.util.test.SimpleTest;
-
-/**
- * basic class for reading test.pem - the password is "secret"
- */
-public class ReaderTest
- extends SimpleTest
-{
- private static class Password
- implements PasswordFinder
- {
- char[] password;
-
- Password(
- char[] word)
- {
- this.password = word;
- }
-
- public char[] getPassword()
- {
- return password;
- }
- }
-
- public String getName()
- {
- return "PEMReaderTest";
- }
-
- private PEMReader openPEMResource(
- String fileName,
- PasswordFinder pGet)
- {
- InputStream res = this.getClass().getResourceAsStream(fileName);
- Reader fRd = new BufferedReader(new InputStreamReader(res));
- return new PEMReader(fRd, pGet);
- }
-
- public void performTest()
- throws Exception
- {
- PasswordFinder pGet = new Password("secret".toCharArray());
- PEMReader pemRd = openPEMResource("test.pem", pGet);
- Object o;
- KeyPair pair;
-
- while ((o = pemRd.readObject()) != null)
- {
- if (o instanceof KeyPair)
- {
- //pair = (KeyPair)o;
-
- //System.out.println(pair.getPublic());
- //System.out.println(pair.getPrivate());
- }
- else
- {
- //System.out.println(o.toString());
- }
- }
-
- //
- // pkcs 7 data
- //
- pemRd = openPEMResource("pkcs7.pem", null);
- ContentInfo d = (ContentInfo)pemRd.readObject();
-
- if (!d.getContentType().equals(CMSObjectIdentifiers.envelopedData))
- {
- fail("failed envelopedData check");
- }
-
- //
- // ECKey
- //
- pemRd = openPEMResource("eckey.pem", null);
- ECNamedCurveParameterSpec spec = (ECNamedCurveParameterSpec)pemRd.readObject();
-
- pair = (KeyPair)pemRd.readObject();
- Signature sgr = Signature.getInstance("ECDSA", "BC");
-
- sgr.initSign(pair.getPrivate());
-
- byte[] message = new byte[] { (byte)'a', (byte)'b', (byte)'c' };
-
- sgr.update(message);
-
- byte[] sigBytes = sgr.sign();
-
- sgr.initVerify(pair.getPublic());
-
- sgr.update(message);
-
- if (!sgr.verify(sigBytes))
- {
- fail("EC verification failed");
- }
-
- if (!pair.getPublic().getAlgorithm().equals("ECDSA"))
- {
- fail("wrong algorithm name on public got: " + pair.getPublic().getAlgorithm());
- }
-
- if (!pair.getPrivate().getAlgorithm().equals("ECDSA"))
- {
- fail("wrong algorithm name on private");
- }
-
- //
- // writer/parser test
- //
- KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
-
- pair = kpGen.generateKeyPair();
-
- keyPairTest("RSA", pair);
-
- kpGen = KeyPairGenerator.getInstance("DSA", "BC");
- kpGen.initialize(512, new SecureRandom());
- pair = kpGen.generateKeyPair();
-
- keyPairTest("DSA", pair);
-
- //
- // PKCS7
- //
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- PEMWriter pWrt = new PEMWriter(new OutputStreamWriter(bOut));
-
- pWrt.writeObject(d);
-
- pWrt.close();
-
- pemRd = new PEMReader(new InputStreamReader(new ByteArrayInputStream(bOut.toByteArray())));
- d = (ContentInfo)pemRd.readObject();
-
- if (!d.getContentType().equals(CMSObjectIdentifiers.envelopedData))
- {
- fail("failed envelopedData recode check");
- }
-
-
- // OpenSSL test cases (as embedded resources)
- doOpenSslDsaTest("unencrypted");
- doOpenSslRsaTest("unencrypted");
-
- doOpenSslTests("aes128");
- doOpenSslTests("aes192");
- doOpenSslTests("aes256");
- doOpenSslTests("blowfish");
- doOpenSslTests("des1");
- doOpenSslTests("des2");
- doOpenSslTests("des3");
- doOpenSslTests("rc2_128");
-
- doOpenSslDsaTest("rc2_40_cbc");
- doOpenSslRsaTest("rc2_40_cbc");
- doOpenSslDsaTest("rc2_64_cbc");
- doOpenSslRsaTest("rc2_64_cbc");
-
- // heap space check - a failure by the ASN.1 library to detect an
- // out of band stream will cause this to run out of memory.
- try
- {
- pGet = new Password("7fd98".toCharArray());
-
- pemRd = openPEMResource("test.pem", pGet);
-
- while ((o = pemRd.readObject()) != null)
- {
- }
- fail("bounds issue not detected");
- }
- catch (IOException e)
- {
- }
- }
-
- private void keyPairTest(
- String name,
- KeyPair pair)
- throws IOException
- {
- PEMReader pemRd;
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- PEMWriter pWrt = new PEMWriter(new OutputStreamWriter(bOut));
-
- pWrt.writeObject(pair.getPublic());
-
- pWrt.close();
-
- pemRd = new PEMReader(new InputStreamReader(new ByteArrayInputStream(bOut.toByteArray())));
-
- PublicKey k = (PublicKey)pemRd.readObject();
- if (!k.equals(pair.getPublic()))
- {
- fail("Failed public key read: " + name);
- }
-
- bOut = new ByteArrayOutputStream();
- pWrt = new PEMWriter(new OutputStreamWriter(bOut));
-
- pWrt.writeObject(pair.getPrivate());
-
- pWrt.close();
-
- pemRd = new PEMReader(new InputStreamReader(new ByteArrayInputStream(bOut.toByteArray())));
-
- KeyPair kPair = (KeyPair)pemRd.readObject();
- if (!kPair.getPrivate().equals(pair.getPrivate()))
- {
- fail("Failed private key read: " + name);
- }
-
- if (!kPair.getPublic().equals(pair.getPublic()))
- {
- fail("Failed private key public read: " + name);
- }
- }
-
- private void doOpenSslTests(
- String baseName)
- throws IOException
- {
- doOpenSslDsaModesTest(baseName);
- doOpenSslRsaModesTest(baseName);
- }
-
- private void doOpenSslDsaModesTest(
- String baseName)
- throws IOException
- {
- doOpenSslDsaTest(baseName + "_cbc");
- doOpenSslDsaTest(baseName + "_cfb");
- doOpenSslDsaTest(baseName + "_ecb");
- doOpenSslDsaTest(baseName + "_ofb");
- }
-
- private void doOpenSslRsaModesTest(
- String baseName)
- throws IOException
- {
- doOpenSslRsaTest(baseName + "_cbc");
- doOpenSslRsaTest(baseName + "_cfb");
- doOpenSslRsaTest(baseName + "_ecb");
- doOpenSslRsaTest(baseName + "_ofb");
- }
-
- private void doOpenSslDsaTest(
- String name)
- throws IOException
- {
- String fileName = "dsa/openssl_dsa_" + name + ".pem";
-
- doOpenSslTestFile(fileName, DSAPrivateKey.class);
- }
-
- private void doOpenSslRsaTest(
- String name)
- throws IOException
- {
- String fileName = "rsa/openssl_rsa_" + name + ".pem";
-
- doOpenSslTestFile(fileName, RSAPrivateKey.class);
- }
-
- private void doOpenSslTestFile(
- String fileName,
- Class expectedPrivKeyClass)
- throws IOException
- {
- PEMReader pr = openPEMResource("data/" + fileName, new Password("changeit".toCharArray()));
- Object o = pr.readObject();
-
- if (o == null || !(o instanceof KeyPair))
- {
- fail("Didn't find OpenSSL key");
- }
-
- KeyPair kp = (KeyPair) o;
- PrivateKey privKey = kp.getPrivate();
-
- if (!expectedPrivKeyClass.isInstance(privKey))
- {
- fail("Returned key not of correct type");
- }
- }
-
- public static void main(
- String[] args)
- {
- Security.addProvider(new BouncyCastleProvider());
-
- runTest(new ReaderTest());
- }
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-23 23:31:22 +0300