Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/quite/humla-spongycastle.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'pkix/src/test/java/org/bouncycastle')
-rw-r--r--pkix/src/test/java/org/bouncycastle/cert/cmp/test/AllTests.java317
-rw-r--r--pkix/src/test/java/org/bouncycastle/cert/crmf/test/AllTests.java384
-rw-r--r--pkix/src/test/java/org/bouncycastle/cert/ocsp/test/AllTests.java44
-rw-r--r--pkix/src/test/java/org/bouncycastle/cert/ocsp/test/OCSPTest.java972
-rw-r--r--pkix/src/test/java/org/bouncycastle/cert/ocsp/test/OCSPTestUtil.java177
-rw-r--r--pkix/src/test/java/org/bouncycastle/cert/path/test/CertPathTest.java369
-rw-r--r--pkix/src/test/java/org/bouncycastle/cert/path/test/CertPathValidationTest.java403
-rw-r--r--pkix/src/test/java/org/bouncycastle/cert/test/AllTests.java57
-rw-r--r--pkix/src/test/java/org/bouncycastle/cert/test/AttrCertSelectorTest.java243
-rw-r--r--pkix/src/test/java/org/bouncycastle/cert/test/AttrCertTest.java667
-rw-r--r--pkix/src/test/java/org/bouncycastle/cert/test/BcAttrCertSelectorTest.java212
-rw-r--r--pkix/src/test/java/org/bouncycastle/cert/test/BcAttrCertTest.java636
-rw-r--r--pkix/src/test/java/org/bouncycastle/cert/test/BcCertTest.java1434
-rw-r--r--pkix/src/test/java/org/bouncycastle/cert/test/BcPKCS10Test.java230
-rw-r--r--pkix/src/test/java/org/bouncycastle/cert/test/CertTest.java2995
-rw-r--r--pkix/src/test/java/org/bouncycastle/cert/test/ConverterTest.java66
-rw-r--r--pkix/src/test/java/org/bouncycastle/cert/test/PEMData.java114
-rw-r--r--pkix/src/test/java/org/bouncycastle/cert/test/PKCS10Test.java616
-rw-r--r--pkix/src/test/java/org/bouncycastle/cert/test/SHA1DigestCalculator.java44
-rw-r--r--pkix/src/test/java/org/bouncycastle/cert/test/X509ExtensionUtilsTest.java55
-rw-r--r--pkix/src/test/java/org/bouncycastle/cms/test/AllTests.java51
-rw-r--r--pkix/src/test/java/org/bouncycastle/cms/test/BcEnvelopedDataTest.java969
-rw-r--r--pkix/src/test/java/org/bouncycastle/cms/test/BcSignedDataTest.java1835
-rw-r--r--pkix/src/test/java/org/bouncycastle/cms/test/CMSSampleMessages.java147
-rw-r--r--pkix/src/test/java/org/bouncycastle/cms/test/CMSTestSetup.java24
-rw-r--r--pkix/src/test/java/org/bouncycastle/cms/test/CMSTestUtil.java503
-rw-r--r--pkix/src/test/java/org/bouncycastle/cms/test/ConverterTest.java111
-rw-r--r--pkix/src/test/java/org/bouncycastle/cms/test/MiscDataStreamTest.java265
-rw-r--r--pkix/src/test/java/org/bouncycastle/cms/test/NewAuthenticatedDataStreamTest.java251
-rw-r--r--pkix/src/test/java/org/bouncycastle/cms/test/NewAuthenticatedDataTest.java472
-rw-r--r--pkix/src/test/java/org/bouncycastle/cms/test/NewCompressedDataStreamTest.java127
-rw-r--r--pkix/src/test/java/org/bouncycastle/cms/test/NewCompressedDataTest.java151
-rw-r--r--pkix/src/test/java/org/bouncycastle/cms/test/NewEnvelopedDataStreamTest.java760
-rw-r--r--pkix/src/test/java/org/bouncycastle/cms/test/NewEnvelopedDataTest.java1488
-rw-r--r--pkix/src/test/java/org/bouncycastle/cms/test/NewSignedDataStreamTest.java1311
-rw-r--r--pkix/src/test/java/org/bouncycastle/cms/test/NewSignedDataTest.java2060
-rw-r--r--pkix/src/test/java/org/bouncycastle/cms/test/NullProviderTest.java281
-rw-r--r--pkix/src/test/java/org/bouncycastle/cms/test/Rfc4134Test.java445
-rw-r--r--pkix/src/test/java/org/bouncycastle/cms/test/SHA1DigestCalculator.java44
-rw-r--r--pkix/src/test/java/org/bouncycastle/cms/test/SunProviderTest.java284
-rw-r--r--pkix/src/test/java/org/bouncycastle/dvcs/test/AllTests.java239
-rw-r--r--pkix/src/test/java/org/bouncycastle/dvcs/test/DVCSParseTest.java390
-rw-r--r--pkix/src/test/java/org/bouncycastle/dvcs/test/DVCSTestSetup.java28
-rw-r--r--pkix/src/test/java/org/bouncycastle/dvcs/test/SHA1DigestCalculator.java44
-rw-r--r--pkix/src/test/java/org/bouncycastle/eac/test/AllTests.java201
-rw-r--r--pkix/src/test/java/org/bouncycastle/eac/test/EACTestSetup.java28
-rw-r--r--pkix/src/test/java/org/bouncycastle/mozilla/test/AllTests.java43
-rw-r--r--pkix/src/test/java/org/bouncycastle/mozilla/test/SPKACTest.java113
-rw-r--r--pkix/src/test/java/org/bouncycastle/openssl/test/AllTests.java151
-rw-r--r--pkix/src/test/java/org/bouncycastle/openssl/test/ParserTest.java500
-rw-r--r--pkix/src/test/java/org/bouncycastle/openssl/test/WriterTest.java248
-rw-r--r--pkix/src/test/java/org/bouncycastle/pkcs/test/AllTests.java24
-rw-r--r--pkix/src/test/java/org/bouncycastle/pkcs/test/BCTestSetup.java26
-rw-r--r--pkix/src/test/java/org/bouncycastle/pkcs/test/PKCS10Test.java78
-rw-r--r--pkix/src/test/java/org/bouncycastle/pkcs/test/PfxPduTest.java1255
-rw-r--r--pkix/src/test/java/org/bouncycastle/tsp/GenTimeAccuracyUnitTest.java105
-rw-r--r--pkix/src/test/java/org/bouncycastle/tsp/TimeStampTokenInfoUnitTest.java144
-rw-r--r--pkix/src/test/java/org/bouncycastle/tsp/test/AllTests.java32
-rw-r--r--pkix/src/test/java/org/bouncycastle/tsp/test/CMSTimeStampedDataGeneratorTest.java309
-rw-r--r--pkix/src/test/java/org/bouncycastle/tsp/test/CMSTimeStampedDataParserTest.java91
-rw-r--r--pkix/src/test/java/org/bouncycastle/tsp/test/CMSTimeStampedDataTest.java84
-rw-r--r--pkix/src/test/java/org/bouncycastle/tsp/test/NewTSPTest.java833
-rw-r--r--pkix/src/test/java/org/bouncycastle/tsp/test/ParseTest.java417
-rw-r--r--pkix/src/test/java/org/bouncycastle/tsp/test/SHA1DigestCalculator.java44
-rw-r--r--pkix/src/test/java/org/bouncycastle/tsp/test/SHA256DigestCalculator.java44
-rw-r--r--pkix/src/test/java/org/bouncycastle/tsp/test/TSPTestUtil.java229
66 files changed, 0 insertions, 27314 deletions
diff --git a/pkix/src/test/java/org/bouncycastle/cert/cmp/test/AllTests.java b/pkix/src/test/java/org/bouncycastle/cert/cmp/test/AllTests.java
deleted file mode 100644
index 27630832..00000000
--- a/pkix/src/test/java/org/bouncycastle/cert/cmp/test/AllTests.java
+++ /dev/null
@@ -1,317 +0,0 @@
-package org.bouncycastle.cert.cmp.test;
-
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.Security;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.asn1.ASN1Primitive;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.cmp.CertConfirmContent;
-import org.bouncycastle.asn1.cmp.CertRepMessage;
-import org.bouncycastle.asn1.cmp.PKIBody;
-import org.bouncycastle.asn1.cmp.PKIMessage;
-import org.bouncycastle.asn1.crmf.CertReqMessages;
-import org.bouncycastle.asn1.crmf.CertReqMsg;
-import org.bouncycastle.asn1.crmf.ProofOfPossession;
-import org.bouncycastle.asn1.crmf.SubsequentMessage;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.cert.CertException;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.X509v3CertificateBuilder;
-import org.bouncycastle.cert.cmp.CertificateConfirmationContent;
-import org.bouncycastle.cert.cmp.CertificateConfirmationContentBuilder;
-import org.bouncycastle.cert.cmp.CertificateStatus;
-import org.bouncycastle.cert.cmp.GeneralPKIMessage;
-import org.bouncycastle.cert.cmp.ProtectedPKIMessage;
-import org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder;
-import org.bouncycastle.cert.crmf.CertificateRequestMessage;
-import org.bouncycastle.cert.crmf.CertificateRequestMessageBuilder;
-import org.bouncycastle.cert.crmf.PKMACBuilder;
-import org.bouncycastle.cert.crmf.jcajce.JcaCertificateRequestMessageBuilder;
-import org.bouncycastle.cert.crmf.jcajce.JcePKMACValuesCalculator;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
-import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.ContentVerifierProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
-import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
-import org.bouncycastle.util.io.Streams;
-
-public class AllTests
- extends TestCase
-{
- private static final byte[] TEST_DATA = "Hello world!".getBytes();
- private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
- private static final String TEST_DATA_HOME = "bc.test.data.home";
-
- /*
- *
- * INFRASTRUCTURE
- *
- */
-
- public AllTests(String name)
- {
- super(name);
- }
-
- public static void main(String args[])
- {
- junit.textui.TestRunner.run(AllTests.class);
- }
-
- public static Test suite()
- {
- return new TestSuite(AllTests.class);
- }
-
- public void setUp()
- {
- Security.addProvider(new BouncyCastleProvider());
- }
-
- public void tearDown()
- {
-
- }
-
- public void testProtectedMessage()
- throws Exception
- {
- KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
-
- kGen.initialize(512);
-
- KeyPair kp = kGen.generateKeyPair();
- X509CertificateHolder cert = makeV3Certificate(kp, "CN=Test", kp, "CN=Test");
-
- GeneralName sender = new GeneralName(new X500Name("CN=Sender"));
- GeneralName recipient = new GeneralName(new X500Name("CN=Recip"));
-
- ContentSigner signer = new JcaContentSignerBuilder("MD5WithRSAEncryption").setProvider(BC).build(kp.getPrivate());
- ProtectedPKIMessage message = new ProtectedPKIMessageBuilder(sender, recipient)
- .setBody(new PKIBody(PKIBody.TYPE_INIT_REP, CertRepMessage.getInstance(new DERSequence(new DERSequence()))))
- .addCMPCertificate(cert)
- .build(signer);
-
- X509Certificate jcaCert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(message.getCertificates()[0]);
- ContentVerifierProvider verifierProvider = new JcaContentVerifierProviderBuilder().setProvider(BC).build(jcaCert.getPublicKey());
-
- assertTrue(message.verify(verifierProvider));
-
- assertEquals(sender, message.getHeader().getSender());
- assertEquals(recipient, message.getHeader().getRecipient());
- }
-
- public void testMacProtectedMessage()
- throws Exception
- {
- KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
-
- kGen.initialize(512);
-
- KeyPair kp = kGen.generateKeyPair();
- X509CertificateHolder cert = makeV3Certificate(kp, "CN=Test", kp, "CN=Test");
-
- GeneralName sender = new GeneralName(new X500Name("CN=Sender"));
- GeneralName recipient = new GeneralName(new X500Name("CN=Recip"));
-
- ProtectedPKIMessage message = new ProtectedPKIMessageBuilder(sender, recipient)
- .setBody(new PKIBody(PKIBody.TYPE_INIT_REP, CertRepMessage.getInstance(new DERSequence(new DERSequence()))))
- .addCMPCertificate(cert)
- .build(new PKMACBuilder(new JcePKMACValuesCalculator().setProvider(BC)).build("secret".toCharArray()));
-
- PKMACBuilder pkMacBuilder = new PKMACBuilder(new JcePKMACValuesCalculator().setProvider(BC));
-
- assertTrue(message.verify(pkMacBuilder, "secret".toCharArray()));
-
- assertEquals(sender, message.getHeader().getSender());
- assertEquals(recipient, message.getHeader().getRecipient());
- }
-
- public void testConfirmationMessage()
- throws Exception
- {
- KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
-
- kGen.initialize(512);
-
- KeyPair kp = kGen.generateKeyPair();
- X509CertificateHolder cert = makeV3Certificate(kp, "CN=Test", kp, "CN=Test");
-
- GeneralName sender = new GeneralName(new X500Name("CN=Sender"));
- GeneralName recipient = new GeneralName(new X500Name("CN=Recip"));
-
- CertificateConfirmationContent content = new CertificateConfirmationContentBuilder()
- .addAcceptedCertificate(cert, BigInteger.valueOf(1))
- .build(new JcaDigestCalculatorProviderBuilder().build());
-
- ContentSigner signer = new JcaContentSignerBuilder("MD5WithRSAEncryption").setProvider(BC).build(kp.getPrivate());
- ProtectedPKIMessage message = new ProtectedPKIMessageBuilder(sender, recipient)
- .setBody(new PKIBody(PKIBody.TYPE_CERT_CONFIRM, content.toASN1Structure()))
- .addCMPCertificate(cert)
- .build(signer);
-
- X509Certificate jcaCert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(message.getCertificates()[0]);
- ContentVerifierProvider verifierProvider = new JcaContentVerifierProviderBuilder().setProvider(BC).build(jcaCert.getPublicKey());
-
- assertTrue(message.verify(verifierProvider));
-
- assertEquals(sender, message.getHeader().getSender());
- assertEquals(recipient, message.getHeader().getRecipient());
-
- content = new CertificateConfirmationContent(CertConfirmContent.getInstance(message.getBody().getContent()));
-
- CertificateStatus[] statusList = content.getStatusMessages();
-
- assertEquals(1, statusList.length);
- assertTrue(statusList[0].isVerified(cert, new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()));
- }
-
- public void testSampleCr()
- throws Exception
- {
- PKIMessage msg = loadMessage("sample_cr.der");
- ProtectedPKIMessage procMsg = new ProtectedPKIMessage(new GeneralPKIMessage(msg));
-
- assertTrue(procMsg.verify(new PKMACBuilder(new JcePKMACValuesCalculator().setProvider(BC)), "TopSecret1234".toCharArray()));
- }
-
- public void testSubsequentMessage()
- throws Exception
- {
- KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
-
- kGen.initialize(512);
-
- KeyPair kp = kGen.generateKeyPair();
- X509CertificateHolder cert = makeV3Certificate(kp, "CN=Test", kp, "CN=Test");
-
- ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").setProvider(BC).build(
- kp.getPrivate());
-
- GeneralName user = new GeneralName(new X500Name("CN=Test"));
-
- CertificateRequestMessageBuilder builder = new JcaCertificateRequestMessageBuilder(
- BigInteger.valueOf(1)).setPublicKey(kp.getPublic()).setProofOfPossessionSubsequentMessage(
- SubsequentMessage.encrCert);
-
- ProtectedPKIMessage certRequestMsg = new ProtectedPKIMessageBuilder(user,
- user).setTransactionID(new byte[] { 1, 2, 3, 4, 5 }).setBody(
- new PKIBody(PKIBody.TYPE_KEY_UPDATE_REQ, new CertReqMessages(builder.build().toASN1Structure()))).addCMPCertificate(
- cert).build(signer);
-
- ProtectedPKIMessage msg = new ProtectedPKIMessage(new GeneralPKIMessage(certRequestMsg.toASN1Structure().getEncoded()));
-
- CertReqMessages reqMsgs = CertReqMessages.getInstance(msg.getBody().getContent());
-
- CertReqMsg reqMsg = reqMsgs.toCertReqMsgArray()[0];
-
- assertEquals(ProofOfPossession.TYPE_KEY_ENCIPHERMENT, reqMsg.getPopo().getType());
- }
-
- public void testNotBeforeNotAfter()
- throws Exception
- {
- KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
-
- kGen.initialize(512);
-
- KeyPair kp = kGen.generateKeyPair();
-
- doNotBeforeNotAfterTest(kp, new Date(0L), new Date(60000L));
- doNotBeforeNotAfterTest(kp, null, new Date(60000L));
- doNotBeforeNotAfterTest(kp, new Date(0L), null);
- }
-
- private void doNotBeforeNotAfterTest(KeyPair kp, Date notBefore, Date notAfter)
- throws Exception
- {
- CertificateRequestMessageBuilder builder = new JcaCertificateRequestMessageBuilder(
- BigInteger.valueOf(1)).setPublicKey(kp.getPublic()).setProofOfPossessionSubsequentMessage(
- SubsequentMessage.encrCert);
-
- builder.setValidity(notBefore, notAfter);
-
- CertificateRequestMessage message = builder.build();
-
- if (notBefore != null)
- {
- assertEquals(notBefore.getTime(), message.getCertTemplate().getValidity().getNotBefore().getDate().getTime());
- }
- else
- {
- assertNull(message.getCertTemplate().getValidity().getNotBefore());
- }
-
- if (notAfter != null)
- {
- assertEquals(notAfter.getTime(), message.getCertTemplate().getValidity().getNotAfter().getDate().getTime());
- }
- else
- {
- assertNull(message.getCertTemplate().getValidity().getNotAfter());
- }
- }
-
- private static X509CertificateHolder makeV3Certificate(KeyPair subKP, String _subDN, KeyPair issKP, String _issDN)
- throws GeneralSecurityException, IOException, OperatorCreationException, CertException
- {
-
- PublicKey subPub = subKP.getPublic();
- PrivateKey issPriv = issKP.getPrivate();
- PublicKey issPub = issKP.getPublic();
-
- X509v3CertificateBuilder v1CertGen = new JcaX509v3CertificateBuilder(
- new X500Name(_issDN),
- BigInteger.valueOf(System.currentTimeMillis()),
- new Date(System.currentTimeMillis()),
- new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)),
- new X500Name(_subDN),
- subPub);
-
- ContentSigner signer = new JcaContentSignerBuilder("SHA1WithRSA").setProvider(BC).build(issPriv);
-
- X509CertificateHolder certHolder = v1CertGen.build(signer);
-
- ContentVerifierProvider verifier = new JcaContentVerifierProviderBuilder().setProvider(BC).build(issPub);
-
- assertTrue(certHolder.isSignatureValid(verifier));
-
- return certHolder;
- }
-
- private static PKIMessage loadMessage(String name)
- {
- String dataHome = System.getProperty(TEST_DATA_HOME);
-
- if (dataHome == null)
- {
- throw new IllegalStateException(TEST_DATA_HOME + " property not set");
- }
-
- try
- {
- return PKIMessage.getInstance(ASN1Primitive.fromByteArray(Streams.readAll(new FileInputStream(dataHome + "/cmp/" + name))));
- }
- catch (IOException e)
- {
- throw new RuntimeException(e.toString());
- }
- }
-} \ No newline at end of file
diff --git a/pkix/src/test/java/org/bouncycastle/cert/crmf/test/AllTests.java b/pkix/src/test/java/org/bouncycastle/cert/crmf/test/AllTests.java
deleted file mode 100644
index 712210e4..00000000
--- a/pkix/src/test/java/org/bouncycastle/cert/crmf/test/AllTests.java
+++ /dev/null
@@ -1,384 +0,0 @@
-package org.bouncycastle.cert.crmf.test;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.Security;
-import java.security.cert.X509Certificate;
-import java.security.interfaces.RSAPublicKey;
-import java.util.Date;
-
-import javax.security.auth.x500.X500Principal;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.crmf.CRMFObjectIdentifiers;
-import org.bouncycastle.asn1.crmf.EncKeyWithID;
-import org.bouncycastle.asn1.crmf.EncryptedValue;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.X509v1CertificateBuilder;
-import org.bouncycastle.cert.crmf.EncryptedValueBuilder;
-import org.bouncycastle.cert.crmf.EncryptedValuePadder;
-import org.bouncycastle.cert.crmf.EncryptedValueParser;
-import org.bouncycastle.cert.crmf.PKIArchiveControl;
-import org.bouncycastle.cert.crmf.PKMACBuilder;
-import org.bouncycastle.cert.crmf.ValueDecryptorGenerator;
-import org.bouncycastle.cert.crmf.bc.BcFixedLengthMGF1Padder;
-import org.bouncycastle.cert.crmf.jcajce.JcaCertificateRequestMessage;
-import org.bouncycastle.cert.crmf.jcajce.JcaCertificateRequestMessageBuilder;
-import org.bouncycastle.cert.crmf.jcajce.JcaEncryptedValueBuilder;
-import org.bouncycastle.cert.crmf.jcajce.JcaPKIArchiveControlBuilder;
-import org.bouncycastle.cert.crmf.jcajce.JceAsymmetricValueDecryptorGenerator;
-import org.bouncycastle.cert.crmf.jcajce.JceCRMFEncryptorBuilder;
-import org.bouncycastle.cert.crmf.jcajce.JcePKMACValuesCalculator;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
-import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder;
-import org.bouncycastle.cms.CMSAlgorithm;
-import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
-import org.bouncycastle.cms.RecipientId;
-import org.bouncycastle.cms.RecipientInformation;
-import org.bouncycastle.cms.RecipientInformationStore;
-import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
-import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
-import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId;
-import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
-import org.bouncycastle.operator.jcajce.JceAsymmetricKeyWrapper;
-import org.bouncycastle.util.Arrays;
-
-public class AllTests
- extends TestCase
-{
- private static final byte[] TEST_DATA = "Hello world!".getBytes();
- private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
- private static final String PASSPHRASE = "hello world";
-
- /*
- *
- * INFRASTRUCTURE
- *
- */
-
- public AllTests(String name)
- {
- super(name);
- }
-
- public static void main(String args[])
- {
- junit.textui.TestRunner.run(AllTests.class);
- }
-
- public static Test suite()
- {
- return new TestSuite(AllTests.class);
- }
-
- public void setUp()
- {
- Security.addProvider(new BouncyCastleProvider());
- }
-
- public void tearDown()
- {
-
- }
-
- public void testBasicMessageWithArchiveControl()
- throws Exception
- {
- KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
-
- kGen.initialize(512);
-
- KeyPair kp = kGen.generateKeyPair();
- X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test");
-
- JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ONE);
-
- certReqBuild.setSubject(new X500Principal("CN=Test"))
- .setPublicKey(kp.getPublic());
-
- certReqBuild.addControl(new JcaPKIArchiveControlBuilder(kp.getPrivate(), new X500Principal("CN=Test"))
- .addRecipientGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider(BC))
- .build(new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.AES128_CBC)).setProvider(BC).build()));
-
- JcaCertificateRequestMessage certReqMsg = new JcaCertificateRequestMessage(certReqBuild.build());
-
- assertEquals(new X500Principal("CN=Test"), certReqMsg.getSubjectX500Principal());
- assertEquals(kp.getPublic(), certReqMsg.getPublicKey());
-
- PKIArchiveControl archiveControl = (PKIArchiveControl)certReqMsg.getControl(CRMFObjectIdentifiers.id_regCtrl_pkiArchiveOptions);
-
- assertEquals(PKIArchiveControl.encryptedPrivKey, archiveControl.getArchiveType());
-
- assertTrue(archiveControl.isEnvelopedData());
-
- RecipientInformationStore recips = archiveControl.getEnvelopedData().getRecipientInfos();
-
- RecipientId recipientId = new JceKeyTransRecipientId(cert);
-
- RecipientInformation recipientInformation = recips.get(recipientId);
-
- assertNotNull(recipientInformation);
-
- EncKeyWithID encKeyWithID = EncKeyWithID.getInstance(recipientInformation.getContent(new JceKeyTransEnvelopedRecipient(kp.getPrivate()).setProvider(BC)));
-
- assertTrue(encKeyWithID.hasIdentifier());
- assertFalse(encKeyWithID.isIdentifierUTF8String());
-
- assertEquals(new GeneralName(X500Name.getInstance(new X500Principal("CN=Test").getEncoded())), encKeyWithID.getIdentifier());
- assertTrue(Arrays.areEqual(kp.getPrivate().getEncoded(), encKeyWithID.getPrivateKey().getEncoded()));
- }
-
- public void testProofOfPossessionWithoutSender()
- throws Exception
- {
- KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
-
- kGen.initialize(512);
-
- KeyPair kp = kGen.generateKeyPair();
- X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test");
-
- JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ONE);
-
- certReqBuild.setPublicKey(kp.getPublic())
- .setAuthInfoPKMAC(new PKMACBuilder(new JcePKMACValuesCalculator()), "fred".toCharArray())
- .setProofOfPossessionSigningKeySigner(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(kp.getPrivate()));
-
- certReqBuild.addControl(new JcaPKIArchiveControlBuilder(kp.getPrivate(), new X500Principal("CN=test"))
- .addRecipientGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider(BC))
- .build(new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.AES128_CBC)).setProvider(BC).build()));
-
- JcaCertificateRequestMessage certReqMsg = new JcaCertificateRequestMessage(certReqBuild.build().getEncoded());
-
- // check that internal check on popo signing is working okay
- try
- {
- certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic()));
- fail("IllegalStateException not thrown");
- }
- catch (IllegalStateException e)
- {
- // ignore
- }
-
- assertTrue(certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic()), new PKMACBuilder(new JcePKMACValuesCalculator().setProvider(BC)), "fred".toCharArray()));
-
- assertEquals(kp.getPublic(), certReqMsg.getPublicKey());
- }
-
- public void testProofOfPossessionWithSender()
- throws Exception
- {
- KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
-
- kGen.initialize(512);
-
- KeyPair kp = kGen.generateKeyPair();
- X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test");
-
- JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ONE);
-
- certReqBuild.setPublicKey(kp.getPublic())
- .setAuthInfoSender(new X500Principal("CN=Test"))
- .setProofOfPossessionSigningKeySigner(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(kp.getPrivate()));
-
- certReqBuild.addControl(new JcaPKIArchiveControlBuilder(kp.getPrivate(), new X500Principal("CN=test"))
- .addRecipientGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider(BC))
- .build(new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.AES128_CBC)).setProvider(BC).build()));
-
- JcaCertificateRequestMessage certReqMsg = new JcaCertificateRequestMessage(certReqBuild.build().getEncoded());
-
- // check that internal check on popo signing is working okay
- try
- {
- certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic()), new PKMACBuilder(new JcePKMACValuesCalculator().setProvider(BC)), "fred".toCharArray());
-
- fail("IllegalStateException not thrown");
- }
- catch (IllegalStateException e)
- {
- // ignore
- }
-
-
- assertTrue(certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic())));
-
- assertEquals(kp.getPublic(), certReqMsg.getPublicKey());
- }
-
- public void testProofOfPossessionWithTemplate()
- throws Exception
- {
- KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
-
- kGen.initialize(512);
-
- KeyPair kp = kGen.generateKeyPair();
- X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test");
-
- JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ONE);
-
- certReqBuild.setPublicKey(kp.getPublic())
- .setSubject(new X500Principal("CN=Test"))
- .setAuthInfoSender(new X500Principal("CN=Test"))
- .setProofOfPossessionSigningKeySigner(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(kp.getPrivate()));
-
- certReqBuild.addControl(new JcaPKIArchiveControlBuilder(kp.getPrivate(), new X500Principal("CN=test"))
- .addRecipientGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider(BC))
- .build(new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.AES128_CBC)).setProvider(BC).build()));
-
- JcaCertificateRequestMessage certReqMsg = new JcaCertificateRequestMessage(certReqBuild.build().getEncoded());
-
- assertTrue(certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic())));
-
- assertEquals(kp.getPublic(), certReqMsg.getPublicKey());
- }
-
- public void testEncryptedValue()
- throws Exception
- {
- KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
-
- kGen.initialize(512);
-
- KeyPair kp = kGen.generateKeyPair();
- X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test");
-
- JcaEncryptedValueBuilder build = new JcaEncryptedValueBuilder(new JceAsymmetricKeyWrapper(cert.getPublicKey()).setProvider(BC), new JceCRMFEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
- EncryptedValue value = build.build(cert);
- ValueDecryptorGenerator decGen = new JceAsymmetricValueDecryptorGenerator(kp.getPrivate()).setProvider(BC);
-
- // try direct
- encryptedValueParserTest(value, decGen, cert);
-
- // try indirect
- encryptedValueParserTest(EncryptedValue.getInstance(value.getEncoded()), decGen, cert);
- }
-
- private void encryptedValueParserTest(EncryptedValue value, ValueDecryptorGenerator decGen, X509Certificate cert)
- throws Exception
- {
- EncryptedValueParser parser = new EncryptedValueParser(value);
-
- X509CertificateHolder holder = parser.readCertificateHolder(decGen);
-
- assertTrue(Arrays.areEqual(cert.getEncoded(), holder.getEncoded()));
- }
-
- public void testEncryptedValuePassphrase()
- throws Exception
- {
- char[] passphrase = PASSPHRASE.toCharArray();
- KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
-
- kGen.initialize(512);
-
- KeyPair kp = kGen.generateKeyPair();
- X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test");
-
- EncryptedValueBuilder build = new EncryptedValueBuilder(new JceAsymmetricKeyWrapper(cert.getPublicKey()).setProvider(BC), new JceCRMFEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
- EncryptedValue value = build.build(passphrase);
- ValueDecryptorGenerator decGen = new JceAsymmetricValueDecryptorGenerator(kp.getPrivate()).setProvider(BC);
-
- // try direct
- encryptedValuePassphraseParserTest(value, null, decGen, cert);
-
- // try indirect
- encryptedValuePassphraseParserTest(EncryptedValue.getInstance(value.getEncoded()), null, decGen, cert);
- }
-
- public void testEncryptedValuePassphraseWithPadding()
- throws Exception
- {
- char[] passphrase = PASSPHRASE.toCharArray();
- KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
-
- kGen.initialize(512);
-
- KeyPair kp = kGen.generateKeyPair();
- X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test");
-
- BcFixedLengthMGF1Padder mgf1Padder = new BcFixedLengthMGF1Padder(200, new SecureRandom());
- EncryptedValueBuilder build = new EncryptedValueBuilder(new JceAsymmetricKeyWrapper(cert.getPublicKey()).setProvider(BC), new JceCRMFEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build(), mgf1Padder);
- EncryptedValue value = build.build(passphrase);
- ValueDecryptorGenerator decGen = new JceAsymmetricValueDecryptorGenerator(kp.getPrivate()).setProvider(BC);
-
- // try direct
- encryptedValuePassphraseParserTest(value, mgf1Padder, decGen, cert);
-
- // try indirect
- encryptedValuePassphraseParserTest(EncryptedValue.getInstance(value.getEncoded()), mgf1Padder, decGen, cert);
- }
-
- private void encryptedValuePassphraseParserTest(EncryptedValue value, EncryptedValuePadder padder, ValueDecryptorGenerator decGen, X509Certificate cert)
- throws Exception
- {
- EncryptedValueParser parser = new EncryptedValueParser(value, padder);
-
- assertTrue(Arrays.areEqual(PASSPHRASE.toCharArray(), parser.readPassphrase(decGen)));
- }
-
- private static X509Certificate makeV1Certificate(KeyPair subKP, String _subDN, KeyPair issKP, String _issDN)
- throws GeneralSecurityException, IOException, OperatorCreationException
- {
-
- PublicKey subPub = subKP.getPublic();
- PrivateKey issPriv = issKP.getPrivate();
- PublicKey issPub = issKP.getPublic();
-
- X509v1CertificateBuilder v1CertGen = new JcaX509v1CertificateBuilder(
- new X500Name(_issDN),
- BigInteger.valueOf(System.currentTimeMillis()),
- new Date(System.currentTimeMillis()),
- new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)),
- new X500Name(_subDN),
- subPub);
-
- JcaContentSignerBuilder signerBuilder = null;
-
- if (issPub instanceof RSAPublicKey)
- {
- signerBuilder = new JcaContentSignerBuilder("SHA1WithRSA");
- }
- else if (issPub.getAlgorithm().equals("DSA"))
- {
- signerBuilder = new JcaContentSignerBuilder("SHA1withDSA");
- }
- else if (issPub.getAlgorithm().equals("ECDSA"))
- {
- signerBuilder = new JcaContentSignerBuilder("SHA1withECDSA");
- }
- else if (issPub.getAlgorithm().equals("ECGOST3410"))
- {
- signerBuilder = new JcaContentSignerBuilder("GOST3411withECGOST3410");
- }
- else
- {
- signerBuilder = new JcaContentSignerBuilder("GOST3411WithGOST3410");
- }
-
- signerBuilder.setProvider(BC);
-
- X509Certificate _cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(v1CertGen.build(signerBuilder.build(issPriv)));
-
- _cert.checkValidity(new Date());
- _cert.verify(issPub);
-
- return _cert;
- }
-} \ No newline at end of file
diff --git a/pkix/src/test/java/org/bouncycastle/cert/ocsp/test/AllTests.java b/pkix/src/test/java/org/bouncycastle/cert/ocsp/test/AllTests.java
deleted file mode 100644
index 1f720de3..00000000
--- a/pkix/src/test/java/org/bouncycastle/cert/ocsp/test/AllTests.java
+++ /dev/null
@@ -1,44 +0,0 @@
-package org.bouncycastle.cert.ocsp.test;
-
-import java.security.Security;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.util.test.SimpleTestResult;
-
-public class AllTests
- extends TestCase
-{
- public void testOCSP()
- {
- Security.addProvider(new BouncyCastleProvider());
-
- org.bouncycastle.util.test.Test[] tests = new org.bouncycastle.util.test.Test[] { new OCSPTest() };
-
- for (int i = 0; i != tests.length; i++)
- {
- SimpleTestResult result = (SimpleTestResult)tests[i].perform();
-
- if (!result.isSuccessful())
- {
- fail(result.toString());
- }
- }
- }
-
- public static void main (String[] args)
- {
- junit.textui.TestRunner.run(suite());
- }
-
- public static Test suite()
- {
- TestSuite suite = new TestSuite("OCSP Tests");
-
- suite.addTestSuite(AllTests.class);
-
- return suite;
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cert/ocsp/test/OCSPTest.java b/pkix/src/test/java/org/bouncycastle/cert/ocsp/test/OCSPTest.java
deleted file mode 100644
index 5c57c7f6..00000000
--- a/pkix/src/test/java/org/bouncycastle/cert/ocsp/test/OCSPTest.java
+++ /dev/null
@@ -1,972 +0,0 @@
-package org.bouncycastle.cert.ocsp.test;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.KeyPair;
-import java.security.Security;
-import java.util.Date;
-import java.util.Random;
-import java.util.Set;
-import java.util.Vector;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1Exception;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
-import org.bouncycastle.asn1.x509.Extension;
-import org.bouncycastle.asn1.x509.ExtensionsGenerator;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.X509Name;
-import org.bouncycastle.cert.CertIOException;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
-import org.bouncycastle.cert.ocsp.BasicOCSPResp;
-import org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder;
-import org.bouncycastle.cert.ocsp.CertificateID;
-import org.bouncycastle.cert.ocsp.CertificateStatus;
-import org.bouncycastle.cert.ocsp.OCSPReq;
-import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
-import org.bouncycastle.cert.ocsp.OCSPResp;
-import org.bouncycastle.cert.ocsp.OCSPRespBuilder;
-import org.bouncycastle.cert.ocsp.Req;
-import org.bouncycastle.cert.ocsp.RespID;
-import org.bouncycastle.cert.ocsp.SingleResp;
-import org.bouncycastle.cert.ocsp.jcajce.JcaBasicOCSPRespBuilder;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
-import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.test.SimpleTest;
-
-public class OCSPTest
- extends SimpleTest
-{
- byte[] testResp1 = Base64.decode(
- "MIIFnAoBAKCCBZUwggWRBgkrBgEFBQcwAQEEggWCMIIFfjCCARehgZ8wgZwx"
- + "CzAJBgNVBAYTAklOMRcwFQYDVQQIEw5BbmRocmEgcHJhZGVzaDESMBAGA1UE"
- + "BxMJSHlkZXJhYmFkMQwwCgYDVQQKEwNUQ1MxDDAKBgNVBAsTA0FUQzEeMBwG"
- + "A1UEAxMVVENTLUNBIE9DU1AgUmVzcG9uZGVyMSQwIgYJKoZIhvcNAQkBFhVv"
- + "Y3NwQHRjcy1jYS50Y3MuY28uaW4YDzIwMDMwNDAyMTIzNDU4WjBiMGAwOjAJ"
- + "BgUrDgMCGgUABBRs07IuoCWNmcEl1oHwIak1BPnX8QQUtGyl/iL9WJ1VxjxF"
- + "j0hAwJ/s1AcCAQKhERgPMjAwMjA4MjkwNzA5MjZaGA8yMDAzMDQwMjEyMzQ1"
- + "OFowDQYJKoZIhvcNAQEFBQADgYEAfbN0TCRFKdhsmvOdUoiJ+qvygGBzDxD/"
- + "VWhXYA+16AphHLIWNABR3CgHB3zWtdy2j7DJmQ/R7qKj7dUhWLSqclAiPgFt"
- + "QQ1YvSJAYfEIdyHkxv4NP0LSogxrumANcDyC9yt/W9yHjD2ICPBIqCsZLuLk"
- + "OHYi5DlwWe9Zm9VFwCGgggPMMIIDyDCCA8QwggKsoAMCAQICAQYwDQYJKoZI"
- + "hvcNAQEFBQAwgZQxFDASBgNVBAMTC1RDUy1DQSBPQ1NQMSYwJAYJKoZIhvcN"
- + "AQkBFhd0Y3MtY2FAdGNzLWNhLnRjcy5jby5pbjEMMAoGA1UEChMDVENTMQww"
- + "CgYDVQQLEwNBVEMxEjAQBgNVBAcTCUh5ZGVyYWJhZDEXMBUGA1UECBMOQW5k"
- + "aHJhIHByYWRlc2gxCzAJBgNVBAYTAklOMB4XDTAyMDgyOTA3MTE0M1oXDTAz"
- + "MDgyOTA3MTE0M1owgZwxCzAJBgNVBAYTAklOMRcwFQYDVQQIEw5BbmRocmEg"
- + "cHJhZGVzaDESMBAGA1UEBxMJSHlkZXJhYmFkMQwwCgYDVQQKEwNUQ1MxDDAK"
- + "BgNVBAsTA0FUQzEeMBwGA1UEAxMVVENTLUNBIE9DU1AgUmVzcG9uZGVyMSQw"
- + "IgYJKoZIhvcNAQkBFhVvY3NwQHRjcy1jYS50Y3MuY28uaW4wgZ8wDQYJKoZI"
- + "hvcNAQEBBQADgY0AMIGJAoGBAM+XWW4caMRv46D7L6Bv8iwtKgmQu0SAybmF"
- + "RJiz12qXzdvTLt8C75OdgmUomxp0+gW/4XlTPUqOMQWv463aZRv9Ust4f8MH"
- + "EJh4ekP/NS9+d8vEO3P40ntQkmSMcFmtA9E1koUtQ3MSJlcs441JjbgUaVnm"
- + "jDmmniQnZY4bU3tVAgMBAAGjgZowgZcwDAYDVR0TAQH/BAIwADALBgNVHQ8E"
- + "BAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwNgYIKwYBBQUHAQEEKjAoMCYG"
- + "CCsGAQUFBzABhhpodHRwOi8vMTcyLjE5LjQwLjExMDo3NzAwLzAtBgNVHR8E"
- + "JjAkMCKgIKAehhxodHRwOi8vMTcyLjE5LjQwLjExMC9jcmwuY3JsMA0GCSqG"
- + "SIb3DQEBBQUAA4IBAQB6FovM3B4VDDZ15o12gnADZsIk9fTAczLlcrmXLNN4"
- + "PgmqgnwF0Ymj3bD5SavDOXxbA65AZJ7rBNAguLUo+xVkgxmoBH7R2sBxjTCc"
- + "r07NEadxM3HQkt0aX5XYEl8eRoifwqYAI9h0ziZfTNes8elNfb3DoPPjqq6V"
- + "mMg0f0iMS4W8LjNPorjRB+kIosa1deAGPhq0eJ8yr0/s2QR2/WFD5P4aXc8I"
- + "KWleklnIImS3zqiPrq6tl2Bm8DZj7vXlTOwmraSQxUwzCKwYob1yGvNOUQTq"
- + "pG6jxn7jgDawHU1+WjWQe4Q34/pWeGLysxTraMa+Ug9kPe+jy/qRX2xwvKBZ");
-
- byte[] testResp2 = Base64.decode(
- "MIII1QoBAKCCCM4wggjKBgkrBgEFBQcwAQEEggi7MIIItzCBjqADAgEAoSMw"
- + "ITEfMB0GA1UEAxMWT0NTUCBjZXJ0LVFBLUNMSUVOVC04NxgPMjAwMzA1MTky"
- + "MDI2MzBaMFEwTzA6MAkGBSsOAwIaBQAEFJniwiUuyrhKIEF2TjVdVdCAOw0z"
- + "BBR2olPKrPOJUVyGZ7BXOC4L2BmAqgIBL4AAGA8yMDAzMDUxOTIwMjYzMFow"
- + "DQYJKoZIhvcNAQEEBQADggEBALImFU3kUtpNVf4tIFKg/1sDHvGpk5Pk0uhH"
- + "TiNp6vdPfWjOgPkVXskx9nOTabVOBE8RusgwEcK1xeBXSHODb6mnjt9pkfv3"
- + "ZdbFLFvH/PYjOb6zQOgdIOXhquCs5XbcaSFCX63hqnSaEqvc9w9ctmQwds5X"
- + "tCuyCB1fWu/ie8xfuXR5XZKTBf5c6dO82qFE65gTYbGOxJBYiRieIPW1XutZ"
- + "A76qla4m+WdxubV6SPG8PVbzmAseqjsJRn4jkSKOGenqSOqbPbZn9oBsU0Ku"
- + "hul3pwsNJvcBvw2qxnWybqSzV+n4OvYXk+xFmtTjw8H9ChV3FYYDs8NuUAKf"
- + "jw1IjWegggcOMIIHCjCCAzMwggIboAMCAQICAQIwDQYJKoZIhvcNAQEEBQAw"
- + "bzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1BMRAwDgYDVQQHEwdXYWx0aGFt"
- + "MRYwFAYDVQQKEw1Gb3J1bSBTeXN0ZW1zMQswCQYDVQQLEwJRQTEcMBoGA1UE"
- + "AxMTQ2VydGlmaWNhdGUgTWFuYWdlcjAeFw0wMzAzMjEwNTAwMDBaFw0yNTAz"
- + "MjEwNTAwMDBaMCExHzAdBgNVBAMTFk9DU1AgY2VydC1RQS1DTElFTlQtODcw"
- + "ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVuxRCZgJAYAftYuRy"
- + "9axdtsHrkIJyVVRorLCTWOoLmx2tlrGqKbHOGKmvqEPEpeCDYQk+0WIlWMuM"
- + "2pgiYAolwqSFBwCjkjQN3fCIHXiby0JBgCCLoe7wa0pZffE+8XZH0JdSjoT3"
- + "2OYD19wWZeY2VB0JWJFWYAnIL+R5Eg7LwJ5QZSdvghnOWKTv60m/O1rC0see"
- + "9lbPO+3jRuaDyCUKYy/YIKBYC9rtC4hS47jg70dTfmE2nccjn7rFCPBrVr4M"
- + "5szqdRzwu3riL9W+IE99LTKXOH/24JX0S4woeGXMS6me7SyZE6x7P2tYkNXM"
- + "OfXk28b3SJF75K7vX6T6ecWjAgMBAAGjKDAmMBMGA1UdJQQMMAoGCCsGAQUF"
- + "BwMJMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEEBQADggEBAKNSn7pp"
- + "UEC1VTN/Iqk8Sc2cAYM7KSmeB++tuyes1iXY4xSQaEgOxRa5AvPAKnXKSzfY"
- + "vqi9WLdzdkpTo4AzlHl5nqU/NCUv3yOKI9lECVMgMxLAvZgMALS5YXNZsqrs"
- + "hP3ASPQU99+5CiBGGYa0PzWLstXLa6SvQYoHG2M8Bb2lHwgYKsyrUawcfc/s"
- + "jE3jFJeyCyNwzH0eDJUVvW1/I3AhLNWcPaT9/VfyIWu5qqZU+ukV/yQXrKiB"
- + "glY8v4QDRD4aWQlOuiV2r9sDRldOPJe2QSFDBe4NtBbynQ+MRvF2oQs/ocu+"
- + "OAHX7uiskg9GU+9cdCWPwJf9cP/Zem6MemgwggPPMIICt6ADAgECAgEBMA0G"
- + "CSqGSIb3DQEBBQUAMG8xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNQTEQMA4G"
- + "A1UEBxMHV2FsdGhhbTEWMBQGA1UEChMNRm9ydW0gU3lzdGVtczELMAkGA1UE"
- + "CxMCUUExHDAaBgNVBAMTE0NlcnRpZmljYXRlIE1hbmFnZXIwHhcNMDMwMzIx"
- + "MDUwMDAwWhcNMjUwMzIxMDUwMDAwWjBvMQswCQYDVQQGEwJVUzELMAkGA1UE"
- + "CBMCTUExEDAOBgNVBAcTB1dhbHRoYW0xFjAUBgNVBAoTDUZvcnVtIFN5c3Rl"
- + "bXMxCzAJBgNVBAsTAlFBMRwwGgYDVQQDExNDZXJ0aWZpY2F0ZSBNYW5hZ2Vy"
- + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4VeU+48VBjI0mGRt"
- + "9qlD+WAhx3vv4KCOD5f3HWLj8D2DcoszVTVDqtRK+HS1eSpO/xWumyXhjV55"
- + "FhG2eYi4e0clv0WyswWkGLqo7IxYn3ZhVmw04ohdTjdhVv8oS+96MUqPmvVW"
- + "+MkVRyqm75HdgWhKRr/lEpDNm+RJe85xMCipkyesJG58p5tRmAZAAyRs3jYw"
- + "5YIFwDOnt6PCme7ui4xdas2zolqOlynMuq0ctDrUPKGLlR4mVBzgAVPeatcu"
- + "ivEQdB3rR6UN4+nv2jx9kmQNNb95R1M3J9xHfOWX176UWFOZHJwVq8eBGF9N"
- + "pav4ZGBAyqagW7HMlo7Hw0FzUwIDAQABo3YwdDARBglghkgBhvhCAQEEBAMC"
- + "AJcwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU64zBxl1yKES8tjU3/rBA"
- + "NaeBpjkwHwYDVR0jBBgwFoAU64zBxl1yKES8tjU3/rBANaeBpjkwDgYDVR0P"
- + "AQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IBAQAzHnf+Z+UgxDVOpCu0DHF+"
- + "qYZf8IaUQxLhUD7wjwnt3lJ0QV1z4oyc6Vs9J5xa8Mvf7u1WMmOxvN8r8Kb0"
- + "k8DlFszLd0Qwr+NVu5NQO4Vn01UAzCtH4oX2bgrVzotqDnzZ4TcIr11EX3Nb"
- + "tO8yWWl+xWIuxKoAO8a0Rh97TyYfAj4++GIm43b2zIvRXEWAytjz7rXUMwRC"
- + "1ipRQwSA9gyw2y0s8emV/VwJQXsTe9xtDqlEC67b90V/BgL/jxck5E8yrY9Z"
- + "gNxlOgcqscObisAkB5I6GV+dfa+BmZrhSJ/bvFMUrnFzjLFvZp/9qiK11r5K"
- + "A5oyOoNv0w+8bbtMNEc1");
-
- /**
- * extra version number encoding.
- */
- private static byte[] irregReq = Base64.decode(
- "MIIQpTBUoAMCAQAwTTBLMEkwCQYFKw4DAhoFAAQUIcFvFFVjPem15pKox4cfcnzF"
- + "Kf4EFJf8OQzmVmyJ/hc4EhitQbXcqAzDAhB9ePsP19SuP6CsAgFwQuEAoIIQSzCC"
- + "EEcwDQYJKoZIhvcNAQEFBQADgYEAlq/Tjl8OtFM8Tib1JYTiaPy9vFDr8UZhqXJI"
- + "FyrdgtUyyDt0EcrgnBGacAeRZzF5sokIC6DjXweU7EItGqrpw/RaCUPUWFpPxR6y"
- + "HjuzrLmICocTI9MH7dRUXm0qpxoY987sx1PtWB4pSR99ixBtq3OPNdsI0uJ+Qkei"
- + "LbEZyvWggg+wMIIPrDCCA5owggKCoAMCAQICEEAxXx/eFe7gm/NX7AkcS68wDQYJ"
- + "KoZIhvcNAQEFBQAwgZoxCzAJBgNVBAYTAlNFMTMwMQYDVQQKDCpMw6Ruc2bDtnJz"
- + "w6RrcmluZ2FyIEJhbmsgQWt0aWVib2xhZyAocHVibCkxFTATBgNVBAUTDDExMTEx"
- + "MTExMTExMTE/MD0GA1UEAww2TMOkbnNmw7Zyc8Oka3JpbmdhciBCYW5rIFB1cmNo"
- + "YXNlciBDQTEgZm9yIEJhbmtJRCBURVNUMB4XDTA4MTAwNjIyMDAwMFoXDTEwMTAx"
- + "MDIxNTk1OVowgZExCzAJBgNVBAYTAlNFMTMwMQYDVQQKDCpMw6Ruc2bDtnJzw6Rr"
- + "cmluZ2FyIEJhbmsgQWt0aWVib2xhZyAocHVibCkxFTATBgNVBAUTDDExMTExMTEx"
- + "MTExMTE2MDQGA1UEAwwtTMOkbnNmw7Zyc8Oka3JpbmdhciBCYW5rIE9DU1AgZm9y"
- + "IEJhbmtJRCBURVNUMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5e/h6aL2m"
- + "DVpWeu5e5p1Ps9kbvuuGeAp9zJDYLbZz7uzT67X+s59HaViroD2+2my/gg7rX7tK"
- + "H9VXpJad1W9O19SjfNyxgeAMwVMkrbb4IlrQwu0v/Ub8JPxSWwZZXYiODq5abeXA"
- + "abMYIHxSaSkhrsUj1dpSAohHLJRlq707swIDAQABo2cwZTAfBgNVHSMEGDAWgBTR"
- + "vcp2QyNdNGZ+q7TjKSrrHZqxmDATBgNVHSAEDDAKMAgGBiqFcDwBBjAOBgNVHQ8B"
- + "Af8EBAMCBkAwHQYDVR0OBBYEFF/3557FEvkA8iiPv2XcBclxKnTdMA0GCSqGSIb3"
- + "DQEBBQUAA4IBAQAOxRvHO89XJ0v83BZdPFzEBA4B2Tqc1oABUn13S6fAkcGWvOmG"
- + "eY61MK16aMnLPNDadZrAqJc6PEtVY57uaywE9acwv9XpHO0bcS94tLwvZZJ2KBt0"
- + "Oq96gaI6gnJViUjyWjm+qBZvod0QPOLGv6wUPoiNcCpSid/COTjKpLYpCJj3ZWUV"
- + "nsTRWSRVXsdY/xI0gs/A8/c5P1PuTxoi99RTmcruoFxvV4MmhWyX7IGqG4OAtLdo"
- + "yefz/90FPGOrmqY9OgEb+gNuTM26YDvSs1dfarPl89d8jjwxHgNbZjh2VHFqKolJ"
- + "8TB8ZS5aNvhHPumOOE47y95rTBxrxSmGvKb8MIIENDCCAxygAwIBAgIRAJAFaeOw"
- + "7XbxH/DN/Vvhjx8wDQYJKoZIhvcNAQEFBQAwgZUxCzAJBgNVBAYTAlNFMTMwMQYD"
- + "VQQKDCpMw6Ruc2bDtnJzw6RrcmluZ2FyIEJhbmsgQWt0aWVib2xhZyAocHVibCkx"
- + "FTATBgNVBAUTDDExMTExMTExMTExMTE6MDgGA1UEAwwxTMOkbnNmw7Zyc8Oka3Jp"
- + "bmdhciBCYW5rIFJvb3QgQ0ExIGZvciBCYW5rSUQgVEVTVDAeFw0wNzEwMDExMjAw"
- + "MzdaFw0yOTA3MDExMjAwMzdaMIGaMQswCQYDVQQGEwJTRTEzMDEGA1UECgwqTMOk"
- + "bnNmw7Zyc8Oka3JpbmdhciBCYW5rIEFrdGllYm9sYWcgKHB1YmwpMRUwEwYDVQQF"
- + "EwwxMTExMTExMTExMTExPzA9BgNVBAMMNkzDpG5zZsO2cnPDpGtyaW5nYXIgQmFu"
- + "ayBQdXJjaGFzZXIgQ0ExIGZvciBCYW5rSUQgVEVTVDCCASIwDQYJKoZIhvcNAQEB"
- + "BQADggEPADCCAQoCggEBAMK5WbYojYRX1ZKrbxJBgbd4x503LfMWgr67sVD5L0NY"
- + "1RPhZVFJRKJWvawE5/eXJ4oNQwc831h2jiOgINXuKyGXqdAVGBcpFwIxTfzxwT4l"
- + "fvztr8pE6wk7mLLwKUvIjbM3EF1IL3zUI3UU/U5ioyGmcb/o4GGN71kMmvV/vrkU"
- + "02/s7xicXNxYej4ExLiCkS5+j/+3sR47Uq5cL9e8Yg7t5/6FyLGQjKoS8HU/abYN"
- + "4kpx/oyrxzrXMhnMVDiI8QX9NYGJwI8KZ/LU6GDq/NnZ3gG5v4l4UU1GhgUbrk4I"
- + "AZPDu99zvwCtkdj9lJN0eDv8jdyEPZ6g1qPBE0pCNqcCAwEAAaN4MHYwDwYDVR0T"
- + "AQH/BAUwAwEB/zATBgNVHSAEDDAKMAgGBiqFcDwBBjAOBgNVHQ8BAf8EBAMCAQYw"
- + "HwYDVR0jBBgwFoAUnkjp1bkQUOrkRiLgxpxwAe2GQFYwHQYDVR0OBBYEFNG9ynZD"
- + "I100Zn6rtOMpKusdmrGYMA0GCSqGSIb3DQEBBQUAA4IBAQAPVSC4HEd+yCtSgL0j"
- + "NI19U2hJeP28lAD7OA37bcLP7eNrvfU/2tuqY7rEn1m44fUbifewdgR8x2DzhM0m"
- + "fJcA5Z12PYUb85L9z8ewGQdyHLNlMpKSTP+0lebSc/obFbteC4jjuvux60y5KVOp"
- + "osXbGw2qyrS6uhZJrTDP1B+bYg/XBttG+i7Qzx0S5Tq//VU9OfAQZWpvejadKAk9"
- + "WCcXq6zALiJcxsUwOHZRvvHDxkHuf5eZpPvm1gaqa+G9CtV+oysZMU1eTRasBHsB"
- + "NRWYfOSXggsyqRHfIAVieB4VSsB8WhZYm8UgYoLhAQfSJ5Xq5cwBOHkVj33MxAyP"
- + "c7Y5MIID/zCCAuegAwIBAgIRAOXEoBcV4gV3Z92gk5AuRgwwDQYJKoZIhvcNAQEF"
- + "BQAwZjEkMCIGA1UECgwbRmluYW5zaWVsbCBJRC1UZWtuaWsgQklEIEFCMR8wHQYD"
- + "VQQLDBZCYW5rSUQgTWVtYmVyIEJhbmtzIENBMR0wGwYDVQQDDBRCYW5rSUQgUm9v"
- + "dCBDQSBURVNUMjAeFw0wNzEwMDExMTQ1NDlaFw0yOTA4MDExMTU4MjVaMIGVMQsw"
- + "CQYDVQQGEwJTRTEzMDEGA1UECgwqTMOkbnNmw7Zyc8Oka3JpbmdhciBCYW5rIEFr"
- + "dGllYm9sYWcgKHB1YmwpMRUwEwYDVQQFEwwxMTExMTExMTExMTExOjA4BgNVBAMM"
- + "MUzDpG5zZsO2cnPDpGtyaW5nYXIgQmFuayBSb290IENBMSBmb3IgQmFua0lEIFRF"
- + "U1QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBzn7IXIpyOGCCTuzL"
- + "DKE/T+pFRTgFh3QgKtifZ4zxdvB2Sd5+90vUEGcGExUhzpgb9gOUrT1eE0XhdiUR"
- + "YuYYpJI/nzPQWTsRtEaql7NHBPKnEauoA9oAhCT4pE5gLlqpTfkB8nAsRTI2XqpI"
- + "hQ7vTvnTRx20xog21NIbz1GztV8H1kBH2eDvRX7cXGiugp6CXV/le9cB+/4TBNUN"
- + "Xqupt79dM49KCoDuYr72W7Hv4BSWw3IInEN2m8T2X6UBpBGkCiGwLQy/+KOmYRK7"
- + "1PSFC0rXDwOJ0HJ/8fHwx6vLMxHAQ6s/9vOW10MjgjSQlbVqH/4Pa+TlpWumSV4E"
- + "l0z9AgMBAAGjeDB2MA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0gBAwwCjAIBgYqhXA8"
- + "AQYwDgYDVR0PAQH/BAQDAgEGMB8GA1UdIwQYMBaAFJuTMPljHcYdrRO9sEi1amb4"
- + "tE3VMB0GA1UdDgQWBBSeSOnVuRBQ6uRGIuDGnHAB7YZAVjANBgkqhkiG9w0BAQUF"
- + "AAOCAQEArnW/9n+G+84JOgv1Wn4tsBBS7QgJp1rdCoiNrZPx2du/7Wz3wQVNKBjL"
- + "eMCyLjg0OVHuq4hpCv9MZpUqdcUW8gpp4dLDAAd1uE7xqVuG8g4Ir5qocxbZHQew"
- + "fnqSJJDlEZgDeZIzod92OO+htv0MWqKWbr3Mo2Hqhn+t0+UVWsW4k44e7rUw3xQq"
- + "r2VdMJv/C68BXUgqh3pplUDjWyXfreiACTT0q3HT6v6WaihKCa2WY9Kd1IkDcLHb"
- + "TZk8FqMmGn72SgJw3H5Dvu7AiZijjNAUulMnMpxBEKyFTU2xRBlZZVcp50VJ2F7+"
- + "siisxbcYOAX4GztLMlcyq921Ov/ipDCCA88wggK3oAMCAQICEQCmaX+5+m5bF5us"
- + "CtyMq41SMA0GCSqGSIb3DQEBBQUAMGYxJDAiBgNVBAoMG0ZpbmFuc2llbGwgSUQt"
- + "VGVrbmlrIEJJRCBBQjEfMB0GA1UECwwWQmFua0lEIE1lbWJlciBCYW5rcyBDQTEd"
- + "MBsGA1UEAwwUQmFua0lEIFJvb3QgQ0EgVEVTVDIwHhcNMDQwODEzMDcyMDEwWhcN"
- + "MjkwODEyMTIwMjQ2WjBmMSQwIgYDVQQKDBtGaW5hbnNpZWxsIElELVRla25payBC"
- + "SUQgQUIxHzAdBgNVBAsMFkJhbmtJRCBNZW1iZXIgQmFua3MgQ0ExHTAbBgNVBAMM"
- + "FEJhbmtJRCBSb290IENBIFRFU1QyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB"
- + "CgKCAQEA25D0f1gipbACk4Bg3t6ODUlCWOU0TWeTkzAHR7IRB5T++yvsVosedMMW"
- + "6KYYTbPONeJSt5kydX+wZi9nVNdlhkNULLbDKWfRY7x+B9MR1Q0Kq/e4VR0uRsak"
- + "Bv5iwEYZ7cSR63HfBaPTqQsGobq+wtGH5JeTBrmCt4A3kN1UWgX32Dv/I3m7v8bK"
- + "iwh4cnvAD9PIOtq6pOmAkSvLvp8jCy3qFLe9KAxm8M/ZAmnxYaRV8DVEg57FGoG6"
- + "oiG3Ixx8PSVVdzpFY4kuUFLi4ueMPwjnXFiBhhWJJeOtFG3Lc2aW3zvcDbD/MsDm"
- + "rSZNTmtbOOou8xuMKjlNY9PU5MHIaQIDAQABo3gwdjAPBgNVHRMBAf8EBTADAQH/"
- + "MBMGA1UdIAQMMAowCAYGKoVwPAEGMA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAW"
- + "gBSbkzD5Yx3GHa0TvbBItWpm+LRN1TAdBgNVHQ4EFgQUm5Mw+WMdxh2tE72wSLVq"
- + "Zvi0TdUwDQYJKoZIhvcNAQEFBQADggEBAIQ4ZBHWssA38pfNzH5A+H3SXpAlI8Jc"
- + "LuoMVOIwwbfd1Up0xopCs+Ay41v8FZtcTMFqCVTih2nzVusTgnFBPMPJ2cnTlRue"
- + "kAtVRNsiWn2/Ool/OXoYf5YnpgYu8t9jLCBCoDS5YJg714r9V9hCwfey8TCWBU80"
- + "vL7EIfjK13nUxf8d49GzZlFMNqGDMjfMp1FYrHBGLZBr8br/G/7em1Cprw7iR8cw"
- + "pddz+QXXFIrIz5Y9D/x1RrwoLibPw0kMrSwI2G4aCvoBySfbD6cpnJf6YHRctdSb"
- + "755zhdBW7XWTl6ReUVuEt0hTFms4F60kFAi5hIbDRSN1Slv5yP2b0EA=");
-
- private static byte[] invalidResp = Base64.decode(
- "MIIGggoAoIIGfDCCBngGCSsGAQUFBzABAQSCBmkwggZlMIHeoTQwMjELMAkG"
- + "A1UEBhMCVVMxDTALBgNVBAoMBGlXYXkxFDASBgNVBAMMC2lXYXkgT3BlbkNB"
- + "GA8yMDEyMDEyMzIxMjkxMVowbjBsMEQwCQYFKw4DAhoFAAQUPA5ymcOyHyZJ"
- + "d7DAidsEh79Uh6QEFMHnDLGSc/VElMBzr5f0+LQnpN2YAgsA5xIzv2Ln0dAa"
- + "94IAGA8yMDEyMDEyMzIxMjkxMVqgERgPMjAxMjAxMjMyMTM0MTFaoSUwIzAh"
- + "BgkrBgEFBQcwAQIEFCHEdgCz5w64KgppPIetaRzxewinMA0GCSqGSIb3DQEB"
- + "CwUAA4IBAQBsW8cXR4eOLgclY/uRodjso/5xkHIAiJy+DpgqELRrnzKe87HO"
- + "Km7DCicz1nwsPJskK14xtIw1rfQ8nzgztriComAUVc/pxJ9wQWGZI3d2dNbW"
- + "AmecKb/mG0QrJrt3U5D0+CFTUq5u7NOs1jZRe+df9TDLBr0vIA6a0I6K9M9F"
- + "ZOPWU/j5KVjoi0/kv4wnxRzQ2zc4Z3b5gm9T0MXMH5bST3z4yhOs/NRezNTA"
- + "fBQvimS60d4fybH0pXcVYUH81y5fm9rCpuwQ6rMt2vi0ZKrfyVom4OIAr/gh"
- + "Doj8Yh/LdtI1RvFkAL3pvzs06cfg3qM38b9Uh9w93w4/Hguw14eroIIEbDCC"
- + "BGgwggRkMIIDTKADAgECAgEBMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYT"
- + "AlVTMQ0wCwYDVQQKDARpV2F5MRQwEgYDVQQDDAtpV2F5IE9wZW5DQTAeFw0x"
- + "MjAxMjAxNTIyMjFaFw0zMjAxMTUxNTIyMjFaMDIxCzAJBgNVBAYTAlVTMQ0w"
- + "CwYDVQQKDARpV2F5MRQwEgYDVQQDDAtpV2F5IE9wZW5DQTCCASIwDQYJKoZI"
- + "hvcNAQEBBQADggEPADCCAQoCggEBALOnLWYPvGNLxodQQ16tqCKflpEQF2OA"
- + "0inZbIeUVxOgph5Qf562XV1Mtbv5Agv+z4/LSLbwuo28NTkhSlEEwf1k9vL9"
- + "/wFvpPZ4ecpqXOS6LJ6khmMh53IwK/QpG8CeF9UxTZskjQzD9XgnNGYd2BIj"
- + "qVbzU5qWhsPYPRrsAaE2jS6My5+xfiw46/Xj26VZQ/PR/rVURsc40fpCE30y"
- + "TyORQeeZfjb/LxXH3e/3wjya04MBACv+uX89n5YXG7OH6zTriMAOn/aiXPfE"
- + "E8g834RKvVS7ruELWG/IcZDC+Eoy2qtgG7y1rFlXd3H/6rny+Xd+BZrt0WP/"
- + "hfezklVw3asCAwEAAaOCAYMwggF/MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P"
- + "BAQDAgEGMB0GA1UdDgQWBBTB5wyxknP1RJTAc6+X9Pi0J6TdmDAfBgNVHSME"
- + "GDAWgBTB5wyxknP1RJTAc6+X9Pi0J6TdmDAjBgNVHREEHDAagRhzdXBwb3J0"
- + "QGl3YXlzb2Z0d2FyZS5jb20wIwYDVR0SBBwwGoEYc3VwcG9ydEBpd2F5c29m"
- + "dHdhcmUuY29tMIGYBggrBgEFBQcBAQSBizCBiDA5BggrBgEFBQcwAoYtaHR0"
- + "cDovL2l3NTRjZW50LXZtMi9wa2kvcHViL2NhY2VydC9jYWNlcnQuY3J0MCUG"
- + "CCsGAQUFBzABhhlodHRwOi8vaXc1NGNlbnQtdm0yOjI1NjAvMCQGCCsGAQUF"
- + "BzAMhhhodHRwOi8vaXc1NGNlbnQtdm0yOjgzMC8wOgYDVR0fBDMwMTAvoC2g"
- + "K4YpaHR0cDovL2l3NTRjZW50LXZtMi9wa2kvcHViL2NybC9jYWNybC5jcmww"
- + "DQYJKoZIhvcNAQELBQADggEBAE9wBjQ1c+HAO2gIzT+J5Gqgrcu/m7t4hnHN"
- + "m5eyIfwXD1T6wOhovFmzPTaO9BSNsi4G5R7yZxOHeLN4PIY2kwFIbSkg7mwe"
- + "5aGp2RPIuK/MtzMZT6pq8uMGhzyHGsqtdkz7p26/G0anU2u59eimcvISdwNE"
- + "QXOIp/KNUC+Vx+Pmfw8PuFYDNacZ6YXp5qKoEjyUoBhNicmVINTNfDu0CQhu"
- + "pDr2UmDMDT2cdmTSRC0rcTe3BNzWqtsXNmIBFL1oB7B0PZbmFm8Bgvk1azxa"
- + "ClrcOKZWKOWa14XJy/DJk6nlOiq5W2AglUt8JVOpa5oVdiNRIT2WoGnpqVV9"
- + "tUeoWog=");
-
- private static final String BC = "BC";
-
- public String getName()
- {
- return "OCSP";
- }
-
- private void testECDSA()
- throws Exception
- {
- String signDN = "O=Bouncy Castle, C=AU";
- KeyPair signKP = OCSPTestUtil.makeECKeyPair();
- X509CertificateHolder testCert = new JcaX509CertificateHolder(OCSPTestUtil.makeECDSACertificate(signKP, signDN, signKP, signDN));
- DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().setProvider(BC).build();
-
- String origDN = "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU";
- GeneralName origName = new GeneralName(new X509Name(origDN));
-
- //
- // general id value for our test issuer cert and a serial number.
- //
- CertificateID id = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), testCert, BigInteger.valueOf(1));
-
- //
- // basic request generation
- //
- OCSPReqBuilder gen = new OCSPReqBuilder();
- gen.addRequest(id);
-
- OCSPReq req = gen.build();
-
- if (req.isSigned())
- {
- fail("signed but shouldn't be");
- }
-
- X509CertificateHolder[] certs = req.getCerts();
-
- if (certs.length != 0)
- {
- fail("0 certs expected, but not found");
- }
-
- Req[] requests = req.getRequestList();
-
- if (!requests[0].getCertID().equals(id))
- {
- fail("Failed isFor test");
- }
-
- //
- // request generation with signing
- //
- X509CertificateHolder[] chain = new X509CertificateHolder[1];
-
- gen = new OCSPReqBuilder();
-
- gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred")));
-
- gen.addRequest(
- new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), testCert, BigInteger.valueOf(1)));
-
- chain[0] = testCert;
-
- req = gen.build(new JcaContentSignerBuilder("SHA1withECDSA").setProvider(BC).build( signKP.getPrivate()), chain);
-
- if (!req.isSigned())
- {
- fail("not signed but should be");
- }
-
- if (!req.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(signKP.getPublic())))
- {
- fail("signature failed to verify");
- }
-
- requests = req.getRequestList();
-
- if (!requests[0].getCertID().equals(id))
- {
- fail("Failed isFor test");
- }
-
- certs = req.getCerts();
-
- if (certs == null)
- {
- fail("null certs found");
- }
-
- if (certs.length != 1 || !certs[0].equals(testCert))
- {
- fail("incorrect certs found in request");
- }
-
- //
- // encoding test
- //
- byte[] reqEnc = req.getEncoded();
-
- OCSPReq newReq = new OCSPReq(reqEnc);
-
- if (!newReq.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(signKP.getPublic())))
- {
- fail("newReq signature failed to verify");
- }
-
- //
- // request generation with signing and nonce
- //
- chain = new X509CertificateHolder[1];
-
- gen = new OCSPReqBuilder();
-
- Vector oids = new Vector();
- Vector values = new Vector();
- byte[] sampleNonce = new byte[16];
- Random rand = new Random();
-
- rand.nextBytes(sampleNonce);
-
- gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred")));
-
- ExtensionsGenerator extGen = new ExtensionsGenerator();
-
- extGen.addExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(sampleNonce));
-
- gen.setRequestExtensions(extGen.generate());
-
- gen.addRequest(
- new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), testCert, BigInteger.valueOf(1)));
-
- chain[0] = testCert;
-
- req = gen.build(new JcaContentSignerBuilder("SHA1withECDSA").setProvider(BC).build(signKP.getPrivate()), chain);
-
- if (!req.isSigned())
- {
- fail("not signed but should be");
- }
-
- if (!req.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(signKP.getPublic())))
- {
- fail("signature failed to verify");
- }
-
- //
- // extension check.
- //
- Set extOids = req.getCriticalExtensionOIDs();
-
- if (extOids.size() != 0)
- {
- fail("wrong number of critical extensions in OCSP request.");
- }
-
- extOids = req.getNonCriticalExtensionOIDs();
-
- if (extOids.size() != 1)
- {
- fail("wrong number of non-critical extensions in OCSP request.");
- }
-
- Extension extValue = req.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
-
- ASN1Encodable extObj = extValue.getParsedValue();
-
- if (!(extObj instanceof ASN1OctetString))
- {
- fail("wrong extension type found.");
- }
-
- if (!areEqual(((ASN1OctetString)extObj).getOctets(), sampleNonce))
- {
- fail("wrong extension value found.");
- }
-
- //
- // request list check
- //
- requests = req.getRequestList();
-
- if (!requests[0].getCertID().equals(id))
- {
- fail("Failed isFor test");
- }
-
- //
- // response generation
- //
- BasicOCSPRespBuilder respGen = new JcaBasicOCSPRespBuilder(signKP.getPublic(), digCalcProv.get(RespID.HASH_SHA1));
-
- respGen.addResponse(id, CertificateStatus.GOOD);
-
- BasicOCSPResp resp = respGen.build(new JcaContentSignerBuilder("SHA1withECDSA").setProvider(BC).build(signKP.getPrivate()), chain, new Date());
- }
-
- private void testRSA()
- throws Exception
- {
- String signDN = "O=Bouncy Castle, C=AU";
- KeyPair signKP = OCSPTestUtil.makeKeyPair();
- X509CertificateHolder testCert = new JcaX509CertificateHolder(OCSPTestUtil.makeCertificate(signKP, signDN, signKP, signDN));
- DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().setProvider(BC).build();
-
- String origDN = "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU";
- GeneralName origName = new GeneralName(new X509Name(origDN));
-
- //
- // general id value for our test issuer cert and a serial number.
- //
- CertificateID id = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), testCert, BigInteger.valueOf(1));
-
- //
- // basic request generation
- //
- OCSPReqBuilder gen = new OCSPReqBuilder();
-
- gen.addRequest(
- new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), testCert, BigInteger.valueOf(1)));
-
- OCSPReq req = gen.build();
-
- if (req.isSigned())
- {
- fail("signed but shouldn't be");
- }
-
- X509CertificateHolder[] certs = req.getCerts();
-
- if (certs.length != 0)
- {
- fail("0 certs expected, but not found");
- }
-
- Req[] requests = req.getRequestList();
-
- if (!requests[0].getCertID().equals(id))
- {
- fail("Failed isFor test");
- }
-
- //
- // request generation with signing
- //
- X509CertificateHolder[] chain = new X509CertificateHolder[1];
-
- gen = new OCSPReqBuilder();
-
- gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred")));
-
- gen.addRequest(
- new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), testCert, BigInteger.valueOf(1)));
-
- chain[0] = testCert;
-
- req = gen.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(signKP.getPrivate()), chain);
-
- if (!req.isSigned())
- {
- fail("not signed but should be");
- }
-
- if (!req.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(signKP.getPublic())))
- {
- fail("signature failed to verify");
- }
-
- requests = req.getRequestList();
-
- if (!requests[0].getCertID().equals(id))
- {
- fail("Failed isFor test");
- }
-
- certs = req.getCerts();
-
- if (certs == null)
- {
- fail("null certs found");
- }
-
- if (certs.length != 1 || !certs[0].equals(testCert))
- {
- fail("incorrect certs found in request");
- }
-
- //
- // encoding test
- //
- byte[] reqEnc = req.getEncoded();
-
- OCSPReq newReq = new OCSPReq(reqEnc);
-
- if (!newReq.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(signKP.getPublic())))
- {
- fail("newReq signature failed to verify");
- }
-
- //
- // request generation with signing and nonce
- //
- chain = new X509CertificateHolder[1];
-
- gen = new OCSPReqBuilder();
-
- byte[] sampleNonce = new byte[16];
- Random rand = new Random();
-
- rand.nextBytes(sampleNonce);
-
- gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred")));
-
- ExtensionsGenerator extGen = new ExtensionsGenerator();
-
- extGen.addExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(sampleNonce));
-
- gen.setRequestExtensions(extGen.generate());
-
- gen.addRequest(
- new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), testCert, BigInteger.valueOf(1)));
-
- chain[0] = testCert;
-
- req = gen.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(signKP.getPrivate()), chain);
-
- if (!req.isSigned())
- {
- fail("not signed but should be");
- }
-
- if (!req.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(signKP.getPublic())))
- {
- fail("signature failed to verify");
- }
-
- //
- // extension check.
- //
- Set extOids = req.getCriticalExtensionOIDs();
-
- if (extOids.size() != 0)
- {
- fail("wrong number of critical extensions in OCSP request.");
- }
-
- extOids = req.getNonCriticalExtensionOIDs();
-
- if (extOids.size() != 1)
- {
- fail("wrong number of non-critical extensions in OCSP request.");
- }
-
- Extension ext = req.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
-
- ASN1Encodable extObj = ext.getParsedValue();
-
- if (!(extObj instanceof ASN1OctetString))
- {
- fail("wrong extension type found.");
- }
-
- if (!areEqual(((ASN1OctetString)extObj).getOctets(), sampleNonce))
- {
- fail("wrong extension value found.");
- }
-
- //
- // request list check
- //
- requests = req.getRequestList();
-
- if (!requests[0].getCertID().equals(id))
- {
- fail("Failed isFor test");
- }
-
- //
- // response generation
- //
- BasicOCSPRespBuilder respGen = new JcaBasicOCSPRespBuilder(signKP.getPublic(), digCalcProv.get(RespID.HASH_SHA1));
-
- respGen.addResponse(id, CertificateStatus.GOOD);
-
- BasicOCSPResp resp = respGen.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(signKP.getPrivate()), chain, new Date());
- OCSPRespBuilder rGen = new OCSPRespBuilder();
-
- byte[] enc = rGen.build(OCSPRespBuilder.SUCCESSFUL, resp).getEncoded();
- }
-
- private void testIrregularVersionReq()
- throws Exception
- {
- OCSPReq ocspRequest = new OCSPReq(irregReq);
- X509CertificateHolder cert = ocspRequest.getCerts()[0];
- if (!ocspRequest.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(cert)))
- {
- fail("extra version encoding test failed");
- }
- }
-
- public void testInvalidResp()
- throws Exception
- {
- try
- {
- OCSPResp response = new OCSPResp(invalidResp);
- }
- catch (CertIOException e)
- {
- if (e.getCause() instanceof ASN1Exception)
- {
- Throwable c = ((ASN1Exception)e.getCause()).getCause();
-
- if (!c.getMessage().equals("ENUMERATED has zero length"))
- {
- fail("parsing failed, but for wrong reason: " + c.getMessage());
- }
- }
- else
- {
- fail("parsing failed, but for wrong reason: " + e.getMessage());
- }
- }
-
-
- }
-
- public void performTest()
- throws Exception
- {
- String signDN = "O=Bouncy Castle, C=AU";
- KeyPair signKP = OCSPTestUtil.makeKeyPair();
- X509CertificateHolder testCert = new JcaX509CertificateHolder(OCSPTestUtil.makeCertificate(signKP, signDN, signKP, signDN));
-
- String origDN = "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU";
- GeneralName origName = new GeneralName(new X509Name(origDN));
- DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().setProvider(BC).build();
-
- //
- // general id value for our test issuer cert and a serial number.
- //
- CertificateID id = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), testCert, BigInteger.valueOf(1));
-
- //
- // basic request generation
- //
- OCSPReqBuilder gen = new OCSPReqBuilder();
-
- gen.addRequest(
- new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), testCert, BigInteger.valueOf(1)));
-
- OCSPReq req = gen.build();
-
- if (req.isSigned())
- {
- fail("signed but shouldn't be");
- }
-
- X509CertificateHolder[] certs = req.getCerts();
-
- if (certs.length != 0)
- {
- fail("0 certs expected, but not found");
- }
-
- Req[] requests = req.getRequestList();
-
- if (!requests[0].getCertID().equals(id))
- {
- fail("Failed isFor test");
- }
-
- //
- // request generation with signing
- //
- X509CertificateHolder[] chain = new X509CertificateHolder[1];
-
- gen = new OCSPReqBuilder();
-
- gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred")));
-
- gen.addRequest(
- new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), testCert, BigInteger.valueOf(1)));
-
- chain[0] = testCert;
-
- req = gen.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(signKP.getPrivate()), chain);
-
- if (!req.isSigned())
- {
- fail("not signed but should be");
- }
-
- if (!req.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(signKP.getPublic())))
- {
- fail("signature failed to verify");
- }
-
- requests = req.getRequestList();
-
- if (!requests[0].getCertID().equals(id))
- {
- fail("Failed isFor test");
- }
-
- certs = req.getCerts();
-
- if (certs == null)
- {
- fail("null certs found");
- }
-
- if (certs.length != 1 || !certs[0].equals(testCert))
- {
- fail("incorrect certs found in request");
- }
-
- //
- // encoding test
- //
- byte[] reqEnc = req.getEncoded();
-
- OCSPReq newReq = new OCSPReq(reqEnc);
-
- if (!newReq.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(signKP.getPublic())))
- {
- fail("newReq signature failed to verify");
- }
-
- //
- // request generation with signing and nonce
- //
- chain = new X509CertificateHolder[1];
-
- gen = new OCSPReqBuilder();
-
- Vector oids = new Vector();
- Vector values = new Vector();
- byte[] sampleNonce = new byte[16];
- Random rand = new Random();
-
- rand.nextBytes(sampleNonce);
-
- gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred")));
-
- ExtensionsGenerator extGen = new ExtensionsGenerator();
-
- extGen.addExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(sampleNonce));
-
- gen.setRequestExtensions(extGen.generate());
-
- gen.addRequest(
- new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1), testCert, BigInteger.valueOf(1)));
-
- chain[0] = testCert;
-
- req = gen.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(signKP.getPrivate()), chain);
-
- if (!req.isSigned())
- {
- fail("not signed but should be");
- }
-
- if (!req.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(signKP.getPublic())))
- {
- fail("signature failed to verify");
- }
-
- //
- // extension check.
- //
- Set extOids = req.getCriticalExtensionOIDs();
-
- if (extOids.size() != 0)
- {
- fail("wrong number of critical extensions in OCSP request.");
- }
-
- extOids = req.getNonCriticalExtensionOIDs();
-
- if (extOids.size() != 1)
- {
- fail("wrong number of non-critical extensions in OCSP request.");
- }
-
- Extension ext = req.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
-
- ASN1Encodable extObj = ext.getParsedValue();
-
- if (!(extObj instanceof ASN1OctetString))
- {
- fail("wrong extension type found.");
- }
-
- if (!areEqual(((ASN1OctetString)extObj).getOctets(), sampleNonce))
- {
- fail("wrong extension value found.");
- }
-
- //
- // request list check
- //
- requests = req.getRequestList();
-
- if (!requests[0].getCertID().equals(id))
- {
- fail("Failed isFor test");
- }
-
- //
- // response parsing - test 1
- //
- OCSPResp response = new OCSPResp(testResp1);
-
- if (response.getStatus() != 0)
- {
- fail("response status not zero.");
- }
-
- BasicOCSPResp brep = (BasicOCSPResp)response.getResponseObject();
- chain = brep.getCerts();
-
- if (!brep.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(chain[0])))
- {
- fail("response 1 failed to verify.");
- }
-
- //
- // test 2
- //
- SingleResp[] singleResp = brep.getResponses();
-
- response = new OCSPResp(testResp2);
-
- if (response.getStatus() != 0)
- {
- fail("response status not zero.");
- }
-
- brep = (BasicOCSPResp)response.getResponseObject();
- chain = brep.getCerts();
-
- if (!brep.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(chain[0])))
- {
- fail("response 2 failed to verify.");
- }
-
- singleResp = brep.getResponses();
-
- //
- // simple response generation
- //
- OCSPRespBuilder respGen = new OCSPRespBuilder();
- OCSPResp resp = respGen.build(OCSPRespBuilder.SUCCESSFUL, response.getResponseObject());
-
- if (!resp.getResponseObject().equals(response.getResponseObject()))
- {
- fail("response fails to match");
- }
-
- testECDSA();
- testRSA();
- testIrregularVersionReq();
- testInvalidResp();
-
- //
- // Empty data test
- //
- try
- {
- response = new OCSPResp(new byte[0]);
- fail("no exception thrown");
- }
- catch (IOException e)
- {
- if (!e.getMessage().equals("malformed response: no response data found"))
- {
- fail("wrong exception");
- }
- }
-
- try
- {
- req = new OCSPReq(new byte[0]);
- fail("no exception thrown");
- }
- catch (IOException e)
- {
- if (!e.getMessage().equals("malformed request: no request data found"))
- {
- fail("wrong exception");
- }
- }
- }
-
- public static void main(
- String[] args)
- {
- Security.addProvider(new BouncyCastleProvider());
-
- runTest(new OCSPTest());
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cert/ocsp/test/OCSPTestUtil.java b/pkix/src/test/java/org/bouncycastle/cert/ocsp/test/OCSPTestUtil.java
deleted file mode 100644
index cab31e76..00000000
--- a/pkix/src/test/java/org/bouncycastle/cert/ocsp/test/OCSPTestUtil.java
+++ /dev/null
@@ -1,177 +0,0 @@
-package org.bouncycastle.cert.ocsp.test;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-
-import javax.crypto.KeyGenerator;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
-import org.bouncycastle.asn1.x509.BasicConstraints;
-import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.asn1.x509.X509Name;
-import org.bouncycastle.cert.bc.BcX509ExtensionUtils;
-import org.bouncycastle.x509.X509V3CertificateGenerator;
-
-public class OCSPTestUtil
-{
-
- public static SecureRandom rand;
- public static KeyPairGenerator kpg, eckpg;
- public static KeyGenerator desede128kg;
- public static KeyGenerator desede192kg;
- public static KeyGenerator rc240kg;
- public static KeyGenerator rc264kg;
- public static KeyGenerator rc2128kg;
- public static BigInteger serialNumber;
-
- public static final boolean DEBUG = true;
-
- static
- {
- try
- {
- rand = new SecureRandom();
-
- kpg = KeyPairGenerator.getInstance("RSA", "BC");
- kpg.initialize(1024, rand);
-
- serialNumber = new BigInteger("1");
-
- eckpg = KeyPairGenerator.getInstance("ECDSA", "BC");
- eckpg.initialize(192, rand);
- }
- catch(Exception ex)
- {
- throw new RuntimeException(ex.toString());
- }
- }
-
- public static KeyPair makeKeyPair()
- {
- return kpg.generateKeyPair();
- }
-
- public static KeyPair makeECKeyPair()
- {
- return eckpg.generateKeyPair();
- }
-
- public static X509Certificate makeCertificate(KeyPair _subKP,
- String _subDN, KeyPair _issKP, String _issDN)
- throws Exception
- {
-
- return makeCertificate(_subKP, _subDN, _issKP, _issDN, false);
- }
-
- public static X509Certificate makeECDSACertificate(KeyPair _subKP,
- String _subDN, KeyPair _issKP, String _issDN)
- throws Exception
- {
-
- return makeECDSACertificate(_subKP, _subDN, _issKP, _issDN, false);
- }
-
- public static X509Certificate makeCACertificate(KeyPair _subKP,
- String _subDN, KeyPair _issKP, String _issDN)
- throws Exception
- {
-
- return makeCertificate(_subKP, _subDN, _issKP, _issDN, true);
- }
-
- public static X509Certificate makeCertificate(KeyPair _subKP,
- String _subDN, KeyPair _issKP, String _issDN, boolean _ca)
- throws Exception
- {
- return makeCertificate(_subKP,_subDN, _issKP, _issDN, "MD5withRSA", _ca);
- }
-
- public static X509Certificate makeECDSACertificate(KeyPair _subKP,
- String _subDN, KeyPair _issKP, String _issDN, boolean _ca)
- throws Exception
- {
- return makeCertificate(_subKP,_subDN, _issKP, _issDN, "SHA1WithECDSA", _ca);
- }
-
- public static X509Certificate makeCertificate(KeyPair _subKP,
- String _subDN, KeyPair _issKP, String _issDN, String algorithm, boolean _ca)
- throws Exception
- {
-
- PublicKey _subPub = _subKP.getPublic();
- PrivateKey _issPriv = _issKP.getPrivate();
- PublicKey _issPub = _issKP.getPublic();
-
- X509V3CertificateGenerator _v3CertGen = new X509V3CertificateGenerator();
-
- _v3CertGen.reset();
- _v3CertGen.setSerialNumber(allocateSerialNumber());
- _v3CertGen.setIssuerDN(new X509Name(_issDN));
- _v3CertGen.setNotBefore(new Date(System.currentTimeMillis()));
- _v3CertGen.setNotAfter(new Date(System.currentTimeMillis()
- + (1000L * 60 * 60 * 24 * 100)));
- _v3CertGen.setSubjectDN(new X509Name(_subDN));
- _v3CertGen.setPublicKey(_subPub);
- _v3CertGen.setSignatureAlgorithm(algorithm);
-
- _v3CertGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
- createSubjectKeyId(_subPub));
-
- _v3CertGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
- createAuthorityKeyId(_issPub));
-
- _v3CertGen.addExtension(X509Extensions.BasicConstraints, false,
- new BasicConstraints(_ca));
-
- X509Certificate _cert = _v3CertGen.generate(_issPriv);
-
- _cert.checkValidity(new Date());
- _cert.verify(_issPub);
-
- return _cert;
- }
-
- /*
- *
- * INTERNAL METHODS
- *
- */
-
- private static AuthorityKeyIdentifier createAuthorityKeyId(PublicKey _pubKey)
- throws IOException
- {
-
- ByteArrayInputStream _bais = new ByteArrayInputStream(_pubKey
- .getEncoded());
- SubjectPublicKeyInfo _info = new SubjectPublicKeyInfo(
- (ASN1Sequence)new ASN1InputStream(_bais).readObject());
-
- return new AuthorityKeyIdentifier(_info);
- }
-
- private static SubjectKeyIdentifier createSubjectKeyId(PublicKey _pubKey)
- throws IOException
- {
- return new BcX509ExtensionUtils().createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance(_pubKey.getEncoded()));
- }
-
- private static BigInteger allocateSerialNumber()
- {
- BigInteger _tmp = serialNumber;
- serialNumber = serialNumber.add(BigInteger.valueOf(1));
- return _tmp;
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cert/path/test/CertPathTest.java b/pkix/src/test/java/org/bouncycastle/cert/path/test/CertPathTest.java
deleted file mode 100644
index 3b8e23e0..00000000
--- a/pkix/src/test/java/org/bouncycastle/cert/path/test/CertPathTest.java
+++ /dev/null
@@ -1,369 +0,0 @@
-package org.bouncycastle.cert.path.test;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.ObjectOutputStream;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PublicKey;
-import java.security.Security;
-import java.security.SignatureException;
-import java.security.cert.CertPath;
-import java.security.cert.CertPathBuilder;
-import java.security.cert.CertPathBuilderException;
-import java.security.cert.CertPathBuilderResult;
-import java.security.cert.CertStore;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CollectionCertStoreParameters;
-import java.security.cert.PKIXBuilderParameters;
-import java.security.cert.TrustAnchor;
-import java.security.cert.X509CertSelector;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-import java.util.Vector;
-
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.test.SimpleTest;
-
-public class CertPathTest
- extends SimpleTest
-{
- public static byte[] rootCertBin = Base64.decode(
- "MIIBqzCCARQCAQEwDQYJKoZIhvcNAQEFBQAwHjEcMBoGA1UEAxMTVGVzdCBDQSBDZXJ0aWZpY2F0ZTAeFw0wODA5MDQwNDQ1MDhaFw0wODA5MTEwNDQ1MDhaMB4xHDAaBgNVBAMTE1Rlc3QgQ0EgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMRLUjhPe4YUdLo6EcjKcWUOG7CydFTH53Pr1lWjOkbmszYDpkhCTT9LOsI+disk18nkBxSl8DAHTqV+VxtuTPt64iyi10YxyDeep+DwZG/f8cVQv97U3hA9cLurZ2CofkMLGr6JpSGCMZ9FcstcTdHB4lbErIJ54YqfF4pNOs4/AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAgyrTEFY7ALpeY59jL6xFOLpuPqoBOWrUWv6O+zy5BCU0qiX71r3BpigtxRj+DYcfLIM9FNERDoHu3TthD3nwYWUBtFX8N0QUJIdJabxqAMhLjSC744koiFpCYse5Ye3ZvEdFwDzgAQsJTp5eFGgTZPkPzcdhkFJ2p9+OWs+cb24=");
-
-
- static byte[] interCertBin = Base64.decode(
- "MIICSzCCAbSgAwIBAgIBATANBgkqhkiG9w0BAQUFADAeMRwwGgYDVQQDExNUZXN0IENBIENlcnRpZmljYXRlMB4XDTA4MDkwNDA0NDUwOFoXDTA4MDkxMTA0NDUwOFowKDEmMCQGA1UEAxMdVGVzdCBJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAISS9OOZ2wxzdWny9aVvk4Joq+dwSJ+oqvHUxX3PflZyuiLiCBUOUE4q59dGKdtNX5fIfwyK3cpV0e73Y/0fwfM3m9rOWFrCKOhfeswNTes0w/2PqPVVDDsF/nj7NApuqXwioeQlgTL251RDF4sVoxXqAU7lRkcqwZt3mwqS4KTJAgMBAAGjgY4wgYswRgYDVR0jBD8wPYAUhv8BOT27EB9JaCccJD4YASPP5XWhIqQgMB4xHDAaBgNVBAMTE1Rlc3QgQ0EgQ2VydGlmaWNhdGWCAQEwHQYDVR0OBBYEFL/IwAGOkHzaQyPZegy79CwM5oTFMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4GBAE4TRgUz4sUvZyVdZxqV+XyNRnqXAeLOOqFGYv2D96tQrS+zjd0elVlT6lFrtchZdOmmX7R6/H/tjMWMcTBICZyRYrvK8cCAmDOI+EIdq5p6lj2Oq6Pbw/wruojAqNrpaR6IkwNpWtdOSSupv4IJL+YU9q2YFTh4R1j3tOkPoFGr");
-
- static byte[] finalCertBin = Base64.decode(
- "MIICRjCCAa+gAwIBAgIBATANBgkqhkiG9w0BAQUFADAoMSYwJAYDVQQDEx1UZXN0IEludGVybWVkaWF0ZSBDZXJ0aWZpY2F0ZTAeFw0wODA5MDQwNDQ1MDhaFw0wODA5MTEwNDQ1MDhaMB8xHTAbBgNVBAMTFFRlc3QgRW5kIENlcnRpZmljYXRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChpUeo0tPYywWKiLlbWKNJBcCpSaLSlaZ+4+yer1AxI5yJIVHP6SAlBghlbD5Qne5ImnN/15cz1xwYAiul6vGKJkVPlFEe2Mr+g/J/WJPQQPsjbZ1G+vxbAwXEDA4KaQrnpjRZFq+CdKHwOjuPLYS/MYQNgdIvDVEQcTbPQ8GaiQIDAQABo4GIMIGFMEYGA1UdIwQ/MD2AFL/IwAGOkHzaQyPZegy79CwM5oTFoSKkIDAeMRwwGgYDVQQDExNUZXN0IENBIENlcnRpZmljYXRlggEBMB0GA1UdDgQWBBSVkw+VpqBf3zsLc/9GdkK9TzHPwDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFoDANBgkqhkiG9w0BAQUFAAOBgQBLv/0bVDjzTs/y1vN3FUiZNknEbzupIZduTuXJjqv/vBX+LDPjUfu/+iOCXOSKoRn6nlOWhwB1z6taG2usQkFG8InMkRcPREi2uVgFdhJ/1C3dAWhsdlubjdL926bftXvxnx/koDzyrePW5U96RlOQM2qLvbaky2Giz6hrc3Wl+w==");
- public static byte[] rootCrlBin = Base64.decode(
- "MIIBYjCBzAIBATANBgkqhkiG9w0BAQsFADAeMRwwGgYDVQQDExNUZXN0IENBIENlcnRpZmljYXRlFw0wODA5MDQwNDQ1MDhaFw0wODA5MDQwNzMxNDhaMCIwIAIBAhcNMDgwOTA0MDQ0NTA4WjAMMAoGA1UdFQQDCgEJoFYwVDBGBgNVHSMEPzA9gBSG/wE5PbsQH0loJxwkPhgBI8/ldaEipCAwHjEcMBoGA1UEAxMTVGVzdCBDQSBDZXJ0aWZpY2F0ZYIBATAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQsFAAOBgQCAbaFCo0BNG4AktVf6jjBLeawP1u0ELYkOCEGvYZE0mBpQ+OvFg7subZ6r3lRIj030nUli28sPFtu5ZQMBNcpE4nS1ziF44RfT3Lp5UgHx9x17Krz781iEyV+7zU8YxYMY9wULD+DCuK294kGKIssVNbmTYXZatBNoXQN5CLIocA==");
- static byte[] interCrlBin = Base64.decode(
- "MIIBbDCB1gIBATANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDEx1UZXN0IEludGVybWVkaWF0ZSBDZXJ0aWZpY2F0ZRcNMDgwOTA0MDQ0NTA4WhcNMDgwOTA0MDczMTQ4WjAiMCACAQIXDTA4MDkwNDA0NDUwOFowDDAKBgNVHRUEAwoBCaBWMFQwRgYDVR0jBD8wPYAUv8jAAY6QfNpDI9l6DLv0LAzmhMWhIqQgMB4xHDAaBgNVBAMTE1Rlc3QgQ0EgQ2VydGlmaWNhdGWCAQEwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQELBQADgYEAEVCr5TKs5yguGgLH+dBzmSPoeSIWJFLsgWwJEit/iUDJH3dgYmaczOcGxIDtbYYHLWIHM+P2YRyQz3MEkCXEgm/cx4y7leAmux5l+xQWgmxFPz+197vaphPeCZo+B7V1CWtm518gcq4mrs9ovfgNqgyFj7KGjcBpWdJE32KMt50=");
-
- /*
- * certpath with a circular reference
- */
- static byte[] certA = Base64.decode(
- "MIIC6jCCAlOgAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBjTEPMA0GA1UEAxMGSW50"
- + "ZXIzMQswCQYDVQQGEwJDSDEPMA0GA1UEBxMGWnVyaWNoMQswCQYDVQQIEwJaSDEX"
- + "MBUGA1UEChMOUHJpdmFzcGhlcmUgQUcxEDAOBgNVBAsTB1Rlc3RpbmcxJDAiBgkq"
- + "hkiG9w0BCQEWFWFybWluQHByaXZhc3BoZXJlLmNvbTAeFw0wNzA0MDIwODQ2NTda"
- + "Fw0xNzAzMzAwODQ0MDBaMIGlMScwJQYDVQQDHh4AQQByAG0AaQBuACAASADkAGIA"
- + "ZQByAGwAaQBuAGcxCzAJBgNVBAYTAkNIMQ8wDQYDVQQHEwZadXJpY2gxCzAJBgNV"
- + "BAgTAlpIMRcwFQYDVQQKEw5Qcml2YXNwaGVyZSBBRzEQMA4GA1UECxMHVGVzdGlu"
- + "ZzEkMCIGCSqGSIb3DQEJARYVYXJtaW5AcHJpdmFzcGhlcmUuY29tMIGfMA0GCSqG"
- + "SIb3DQEBAQUAA4GNADCBiQKBgQCfHfyVs5dbxG35H/Thd29qR4NZU88taCu/OWA1"
- + "GdACI02lXWYpmLWiDgnU0ULP+GG8OnVp1IES9fz2zcrXKQ19xZzsen/To3h5sNte"
- + "cJpS00XMM24q/jDwy5NvkBP9YIfFKQ1E/0hFHXcqwlw+b/y/v6YGsZCU2h6QDzc4"
- + "5m0+BwIDAQABo0AwPjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIE8DAeBglg"
- + "hkgBhvhCAQ0EERYPeGNhIGNlcnRpZmljYXRlMA0GCSqGSIb3DQEBBQUAA4GBAJEu"
- + "KiSfIwsY7SfobMLrv2v/BtLhGLi4RnmjiwzBhuv5rn4rRfBpq1ppmqQMJ2pmA67v"
- + "UWCY+mNwuyjHyivpCCyJGsZ9d5H09g2vqxzkDBMz7X9VNMZYFH8j/R3/Cfvqks31"
- + "z0OFslJkeKLa1I0P/dfVHsRKNkLRT3Ws5LKksErQ");
-
- static byte[] certB = Base64.decode(
- "MIICtTCCAh6gAwIBAgIBBDANBgkqhkiG9w0BAQQFADCBjTEPMA0GA1UEAxMGSW50"
- + "ZXIyMQswCQYDVQQGEwJDSDEPMA0GA1UEBxMGWnVyaWNoMQswCQYDVQQIEwJaSDEX"
- + "MBUGA1UEChMOUHJpdmFzcGhlcmUgQUcxEDAOBgNVBAsTB1Rlc3RpbmcxJDAiBgkq"
- + "hkiG9w0BCQEWFWFybWluQHByaXZhc3BoZXJlLmNvbTAeFw0wNzA0MDIwODQ2Mzha"
- + "Fw0xNzAzMzAwODQ0MDBaMIGNMQ8wDQYDVQQDEwZJbnRlcjMxCzAJBgNVBAYTAkNI"
- + "MQ8wDQYDVQQHEwZadXJpY2gxCzAJBgNVBAgTAlpIMRcwFQYDVQQKEw5Qcml2YXNw"
- + "aGVyZSBBRzEQMA4GA1UECxMHVGVzdGluZzEkMCIGCSqGSIb3DQEJARYVYXJtaW5A"
- + "cHJpdmFzcGhlcmUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxCXIB"
- + "QRnmVvl2h7Q+0SsRxDLnyM1dJG9jMa+UCCmHy0k/ZHs5VirSbjEJSjkQ9BGeh9SC"
- + "7JwbMpXO7UE+gcVc2RnWUY+MA+fWIeTV4KtkYA8WPu8wVGCXbN8wwh/StOocszxb"
- + "g+iLvGeh8CYSRqg6QN3S/02etH3o8H4e7Z0PZwIDAQABoyMwITAPBgNVHRMBAf8E"
- + "BTADAQH/MA4GA1UdDwEB/wQEAwIB9jANBgkqhkiG9w0BAQQFAAOBgQCtWdirSsmt"
- + "+CBBCNn6ZnbU3QqQfiiQIomjenNEHESJgaS/+PvPE5i3xWFXsunTHLW321/Km16I"
- + "7+ZvT8Su1cqHg79NAT8QB0yke1saKSy2C0Pic4HwrNqVBWFNSxMU0hQzpx/ZXDbZ"
- + "DqIXAp5EfyRYBy2ul+jm6Rot6aFgzuopKg==");
-
- static byte[] certC = Base64.decode(
- "MIICtTCCAh6gAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBjTEPMA0GA1UEAxMGSW50"
- + "ZXIxMQswCQYDVQQGEwJDSDEPMA0GA1UEBxMGWnVyaWNoMQswCQYDVQQIEwJaSDEX"
- + "MBUGA1UEChMOUHJpdmFzcGhlcmUgQUcxEDAOBgNVBAsTB1Rlc3RpbmcxJDAiBgkq"
- + "hkiG9w0BCQEWFWFybWluQHByaXZhc3BoZXJlLmNvbTAeFw0wNzA0MDIwODQ0Mzla"
- + "Fw0xNzAzMzAwODQ0MDBaMIGNMQ8wDQYDVQQDEwZJbnRlcjIxCzAJBgNVBAYTAkNI"
- + "MQ8wDQYDVQQHEwZadXJpY2gxCzAJBgNVBAgTAlpIMRcwFQYDVQQKEw5Qcml2YXNw"
- + "aGVyZSBBRzEQMA4GA1UECxMHVGVzdGluZzEkMCIGCSqGSIb3DQEJARYVYXJtaW5A"
- + "cHJpdmFzcGhlcmUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0rLr6"
- + "f2/ONeJzTb0q9M/NNX+MnAFMSqiQGVBkT76u5nOH4KLkpHXkzI82JI7GuQMzoT3a"
- + "+RP1hO6FneO92ms2soC6xiOFb4EC69Dfhh87Nww5O35JxVF0bzmbmIAWd6P/7zGh"
- + "nd2S4tKkaZcubps+C0j9Fgi0hipVicAOUVVoDQIDAQABoyMwITAPBgNVHRMBAf8E"
- + "BTADAQH/MA4GA1UdDwEB/wQEAwIB9jANBgkqhkiG9w0BAQQFAAOBgQCLPvc1IMA4"
- + "YP+PmnEldyUoRWRnvPWjBGeu0WheBP7fdcnGBf93Nmc5j68ZN+eTZ5VMuZ99YdvH"
- + "CXGNX6oodONLU//LlFKdLl5xjLAS5X9p1RbOEGytnalqeiEpjk4+C/7rIBG1kllO"
- + "dItmI6LlEMV09Hkpg6ZRAUmRkb8KrM4X7A==");
-
- static byte[] certD = Base64.decode(
- "MIICtTCCAh6gAwIBAgIBBjANBgkqhkiG9w0BAQQFADCBjTEPMA0GA1UEAxMGSW50"
- + "ZXIzMQswCQYDVQQGEwJDSDEPMA0GA1UEBxMGWnVyaWNoMQswCQYDVQQIEwJaSDEX"
- + "MBUGA1UEChMOUHJpdmFzcGhlcmUgQUcxEDAOBgNVBAsTB1Rlc3RpbmcxJDAiBgkq"
- + "hkiG9w0BCQEWFWFybWluQHByaXZhc3BoZXJlLmNvbTAeFw0wNzA0MDIwODQ5NTNa"
- + "Fw0xNzAzMzAwODQ0MDBaMIGNMQ8wDQYDVQQDEwZJbnRlcjExCzAJBgNVBAYTAkNI"
- + "MQ8wDQYDVQQHEwZadXJpY2gxCzAJBgNVBAgTAlpIMRcwFQYDVQQKEw5Qcml2YXNw"
- + "aGVyZSBBRzEQMA4GA1UECxMHVGVzdGluZzEkMCIGCSqGSIb3DQEJARYVYXJtaW5A"
- + "cHJpdmFzcGhlcmUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCae3TP"
- + "jIVKeASqvNabaiUHAMGUgFxB7L0yUsIj39azLcLtUj4S7XkDf7SMGtYV0JY1XNaQ"
- + "sHJAsnJivDZc50oiYvqDYfgFZx5+AsN5l5X5rjRzs/OX+Jo+k1OgsIyu6+mf9Kfb"
- + "5IdWOVB2EcOg4f9tPjLM8CIj9Pp7RbKLyqUUgwIDAQABoyMwITAPBgNVHRMBAf8E"
- + "BTADAQH/MA4GA1UdDwEB/wQEAwIB9jANBgkqhkiG9w0BAQQFAAOBgQCgr9kUdWUT"
- + "Lt9UcztSzR3pnHRsyvS0E/z850OKQKS5/VxLEalpFvhj+3EcZ7Y6mFxaaS2B7vXg"
- + "2YWyqV1PRb6iF7/u9EXkpSTKGrJahwANirCa3V/HTUuPdCE2GITlnWI8h3eVA+xQ"
- + "D4LF0PXHOkXbwmhXRSb10lW1bSGkUxE9jg==");
-
- private void testExceptions()
- throws Exception
- {
- byte[] enc = { (byte)0, (byte)2, (byte)3, (byte)4, (byte)5 };
- MyCertPath mc = new MyCertPath(enc);
- ByteArrayOutputStream os = new ByteArrayOutputStream();
- ByteArrayInputStream is;
- byte[] arr;
-
- ObjectOutputStream oOut = new ObjectOutputStream(os);
- oOut.writeObject(mc);
- oOut.flush();
- oOut.close();
-
- try
- {
- CertificateFactory cFac = CertificateFactory.getInstance("X.509",
- "BC");
- arr = os.toByteArray();
- is = new ByteArrayInputStream(arr);
- cFac.generateCertPath(is);
- }
- catch (CertificateException e)
- {
- // ignore okay
- }
-
- CertificateFactory cf = CertificateFactory.getInstance("X.509");
- List certCol = new ArrayList();
-
- certCol.add(cf.generateCertificate(new ByteArrayInputStream(certA)));
- certCol.add(cf.generateCertificate(new ByteArrayInputStream(certB)));
- certCol.add(cf.generateCertificate(new ByteArrayInputStream(certC)));
- certCol.add(cf.generateCertificate(new ByteArrayInputStream(certD)));
-
- CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX", "BC");
- X509CertSelector select = new X509CertSelector();
- select.setSubject(((X509Certificate)certCol.get(0)).getSubjectX500Principal().getEncoded());
-
- Set trustanchors = new HashSet();
- trustanchors.add(new TrustAnchor((X509Certificate)cf.generateCertificate(new ByteArrayInputStream(rootCertBin)), null));
-
- CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certCol));
-
- PKIXBuilderParameters params = new PKIXBuilderParameters(trustanchors, select);
- params.addCertStore(certStore);
-
- try
- {
- CertPathBuilderResult result = pathBuilder.build(params);
- CertPath path = result.getCertPath();
- fail("found cert path in circular set");
- }
- catch (CertPathBuilderException e)
- {
- // expected
- }
- }
-
- public void performTest()
- throws Exception
- {
- CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
-
- X509Certificate rootCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(rootCertBin));
- X509Certificate interCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(interCertBin));
- X509Certificate finalCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(finalCertBin));
-
- //Testing CertPath generation from List
- List list = new ArrayList();
- list.add(interCert);
- CertPath certPath1 = cf.generateCertPath(list);
-
- //Testing CertPath encoding as PkiPath
- byte[] encoded = certPath1.getEncoded("PkiPath");
-
- //Testing CertPath generation from InputStream
- ByteArrayInputStream inStream = new ByteArrayInputStream(encoded);
- CertPath certPath2 = cf.generateCertPath(inStream, "PkiPath");
-
- //Comparing both CertPathes
- if (!certPath2.equals(certPath1))
- {
- fail("CertPath differ after encoding and decoding.");
- }
-
- encoded = certPath1.getEncoded("PKCS7");
-
- //Testing CertPath generation from InputStream
- inStream = new ByteArrayInputStream(encoded);
- certPath2 = cf.generateCertPath(inStream, "PKCS7");
-
- //Comparing both CertPathes
- if (!certPath2.equals(certPath1))
- {
- fail("CertPath differ after encoding and decoding.");
- }
-
- encoded = certPath1.getEncoded("PEM");
-
- //Testing CertPath generation from InputStream
- inStream = new ByteArrayInputStream(encoded);
- certPath2 = cf.generateCertPath(inStream, "PEM");
-
- //Comparing both CertPathes
- if (!certPath2.equals(certPath1))
- {
- fail("CertPath differ after encoding and decoding.");
- }
-
- //
- // empty list test
- //
- list = new ArrayList();
-
- CertPath certPath = CertificateFactory.getInstance("X.509","BC").generateCertPath(list);
- if (certPath.getCertificates().size() != 0)
- {
- fail("list wrong size.");
- }
-
- //
- // exception tests
- //
- testExceptions();
- }
-
- public String getName()
- {
- return "CertPath";
- }
-
- public static void main(
- String[] args)
- {
- Security.addProvider(new BouncyCastleProvider());
-
- runTest(new CertPathTest());
- }
-
- private static class MyCertificate extends Certificate
- {
- private final byte[] encoding;
-
- public MyCertificate(String type, byte[] encoding)
- {
- super(type);
- // don't copy to allow null parameter in test
- this.encoding = encoding;
- }
-
- public byte[] getEncoded() throws CertificateEncodingException
- {
- // do copy to force NPE in test
- return (byte[])encoding.clone();
- }
-
- public void verify(PublicKey key) throws CertificateException,
- NoSuchAlgorithmException, InvalidKeyException,
- NoSuchProviderException, SignatureException
- {
- }
-
- public void verify(PublicKey key, String sigProvider)
- throws CertificateException, NoSuchAlgorithmException,
- InvalidKeyException, NoSuchProviderException,
- SignatureException
- {
- }
-
- public String toString()
- {
- return "[My test Certificate, type: " + getType() + "]";
- }
-
- public PublicKey getPublicKey()
- {
- return new PublicKey()
- {
- public String getAlgorithm()
- {
- return "TEST";
- }
-
- public byte[] getEncoded()
- {
- return new byte[] { (byte)1, (byte)2, (byte)3 };
- }
-
- public String getFormat()
- {
- return "TEST_FORMAT";
- }
- };
- }
- }
-
- private static class MyCertPath extends CertPath
- {
- private final Vector certificates;
-
- private final Vector encodingNames;
-
- private final byte[] encoding;
-
- public MyCertPath(byte[] encoding)
- {
- super("MyEncoding");
- this.encoding = encoding;
- certificates = new Vector();
- certificates.add(new MyCertificate("MyEncoding", encoding));
- encodingNames = new Vector();
- encodingNames.add("MyEncoding");
- }
-
- public List getCertificates()
- {
- return Collections.unmodifiableList(certificates);
- }
-
- public byte[] getEncoded() throws CertificateEncodingException
- {
- return (byte[])encoding.clone();
- }
-
- public byte[] getEncoded(String encoding)
- throws CertificateEncodingException
- {
- if (getType().equals(encoding))
- {
- return (byte[])this.encoding.clone();
- }
- throw new CertificateEncodingException("Encoding not supported: "
- + encoding);
- }
-
- public Iterator getEncodings()
- {
- return Collections.unmodifiableCollection(encodingNames).iterator();
- }
- }
-}
-
diff --git a/pkix/src/test/java/org/bouncycastle/cert/path/test/CertPathValidationTest.java b/pkix/src/test/java/org/bouncycastle/cert/path/test/CertPathValidationTest.java
deleted file mode 100644
index a99cb1c4..00000000
--- a/pkix/src/test/java/org/bouncycastle/cert/path/test/CertPathValidationTest.java
+++ /dev/null
@@ -1,403 +0,0 @@
-package org.bouncycastle.cert.path.test;
-
-import java.security.Security;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.bouncycastle.asn1.x509.Extension;
-import org.bouncycastle.cert.X509CRLHolder;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.X509ContentVerifierProviderBuilder;
-import org.bouncycastle.cert.jcajce.JcaX509ContentVerifierProviderBuilder;
-import org.bouncycastle.cert.path.CertPath;
-import org.bouncycastle.cert.path.CertPathValidation;
-import org.bouncycastle.cert.path.CertPathValidationResult;
-import org.bouncycastle.cert.path.validations.BasicConstraintsValidation;
-import org.bouncycastle.cert.path.validations.CRLValidation;
-import org.bouncycastle.cert.path.validations.KeyUsageValidation;
-import org.bouncycastle.cert.path.validations.ParentCertIssuedValidation;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.util.CollectionStore;
-import org.bouncycastle.util.Store;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.test.SimpleTest;
-
-public class CertPathValidationTest
- extends SimpleTest
-{
- private byte[] AC_PR = Base64.decode(
- "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlFU1RDQ0F6R2dBd0lC"
- + "QWdJQkJUQU5CZ2txaGtpRzl3MEJBUVVGQURDQnRERUxNQWtHQTFVRUJoTUNR"
- + "bEl4DQpFekFSQmdOVkJBb1RDa2xEVUMxQ2NtRnphV3d4UFRBN0JnTlZCQXNU"
- + "TkVsdWMzUnBkSFYwYnlCT1lXTnBiMjVoDQpiQ0JrWlNCVVpXTnViMnh2WjJs"
- + "aElHUmhJRWx1Wm05eWJXRmpZVzhnTFNCSlZFa3hFVEFQQmdOVkJBY1RDRUp5"
- + "DQpZWE5wYkdsaE1Rc3dDUVlEVlFRSUV3SkVSakV4TUM4R0ExVUVBeE1vUVhW"
- + "MGIzSnBaR0ZrWlNCRFpYSjBhV1pwDQpZMkZrYjNKaElGSmhhWG9nUW5KaGMy"
- + "bHNaV2x5WVRBZUZ3MHdNakEwTURReE9UTTVNREJhRncwd05UQTBNRFF5DQpN"
- + "elU1TURCYU1HRXhDekFKQmdOVkJBWVRBa0pTTVJNd0VRWURWUVFLRXdwSlEx"
- + "QXRRbkpoYzJsc01UMHdPd1lEDQpWUVFERXpSQmRYUnZjbWxrWVdSbElFTmxj"
- + "blJwWm1sallXUnZjbUVnWkdFZ1VISmxjMmxrWlc1amFXRWdaR0VnDQpVbVZ3"
- + "ZFdKc2FXTmhNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJD"
- + "Z0tDQVFFQXMwc0t5NGsrDQp6b016aldyMTQxeTVYQ045UGJMZERFQXN2cjZ4"
- + "Z0NCN1l5bEhIQ1NBYmpGR3dOQ0R5NlVxN1h0VjZ6UHdIMXpGDQpFWENlS3Jm"
- + "UUl5YXBXSEZ4V1VKajBMblFrY1RZM1FOR1huK0JuVk9EVTZDV3M1c3NoZktH"
- + "RXZyVlQ1Z214V1NmDQp4OFlsdDgzY1dwUE1QZzg3VDlCaHVIbHQzazh2M2Ev"
- + "NmRPbmF2dytOYTAyZExBaDBlNzZqcCtQUS9LK0pHZlBuDQphQjVVWURrZkd0"
- + "em5uTTNBV01tY3VJK0o0ek5OMDZaa3ZnbDFsdEo2UU1qcnZEUFlSak9ndDlT"
- + "cklpY1NmbEo4DQptVDdHWGRRaXJnQUNXc3g1QURBSklRK253TU1vNHlyTUtx"
- + "SlFhNFFDMHhhT0QvdkdVcG9SaDQzT0FTZFp3c3YvDQpPWFlybmVJeVAwVCs4"
- + "UUlEQVFBQm80RzNNSUcwTUQwR0ExVWRId1EyTURRd01xQXdvQzZHTEdoMGRI"
- + "QTZMeTloDQpZM0poYVhvdWFXTndZbkpoYzJsc0xtZHZkaTVpY2k5TVExSmhZ"
- + "M0poYVhvdVkzSnNNQklHQTFVZElBUUxNQWt3DQpCd1lGWUV3QkFRRXdIUVlE"
- + "VlIwT0JCWUVGREpUVFlKNE9TWVB5T09KZkVMZXhDaHppK2hiTUI4R0ExVWRJ"
- + "d1FZDQpNQmFBRklyNjhWZUVFUk0xa0VMNlYwbFVhUTJreFBBM01BNEdBMVVk"
- + "RHdFQi93UUVBd0lCQmpBUEJnTlZIUk1CDQpBZjhFQlRBREFRSC9NQTBHQ1Nx"
- + "R1NJYjNEUUVCQlFVQUE0SUJBUUJRUFNoZ1lidnFjaWV2SDVVb3ZMeXhkbkYr"
- + "DQpFcjlOeXF1SWNkMnZ3Y0N1SnpKMkQ3WDBUcWhHQ0JmUEpVVkdBVWorS0NP"
- + "SDFCVkgva1l1OUhsVHB1MGtKWFBwDQpBQlZkb2hJUERqRHhkbjhXcFFSL0Yr"
- + "ejFDaWtVcldIMDR4eTd1N1p6UUpLSlBuR0loY1FpOElyRm1PYkllMEc3DQpY"
- + "WTZPTjdPRUZxY21KTFFHWWdtRzFXMklXcytQd1JwWTdENGhLVEFoVjFSNkVv"
- + "amE1L3BPcmVDL09kZXlQWmVxDQo1SUZTOUZZZk02U0Npd2hrK3l2Q1FHbVo0"
- + "YzE5SjM0ZjVFYkRrK1NQR2tEK25EQ0E3L3VMUWNUMlJURE14SzBaDQpuZlo2"
- + "Nm1Sc0ZjcXRGaWdScjVFcmtKZDdoUVV6eHNOV0VrNzJEVUFIcVgvNlNjeWtt"
- + "SkR2V0plSUpqZlcNCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0NCg==");
-
- private byte[] AC_RAIZ_ICPBRASIL = Base64.decode(
- "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlFdURDQ0E2Q2dBd0lC"
- + "QWdJQkJEQU5CZ2txaGtpRzl3MEJBUVVGQURDQnRERUxNQWtHQTFVRUJoTUNR"
- + "bEl4DQpFekFSQmdOVkJBb1RDa2xEVUMxQ2NtRnphV3d4UFRBN0JnTlZCQXNU"
- + "TkVsdWMzUnBkSFYwYnlCT1lXTnBiMjVoDQpiQ0JrWlNCVVpXTnViMnh2WjJs"
- + "aElHUmhJRWx1Wm05eWJXRmpZVzhnTFNCSlZFa3hFVEFQQmdOVkJBY1RDRUp5"
- + "DQpZWE5wYkdsaE1Rc3dDUVlEVlFRSUV3SkVSakV4TUM4R0ExVUVBeE1vUVhW"
- + "MGIzSnBaR0ZrWlNCRFpYSjBhV1pwDQpZMkZrYjNKaElGSmhhWG9nUW5KaGMy"
- + "bHNaV2x5WVRBZUZ3MHdNVEV4TXpBeE1qVTRNREJhRncweE1URXhNekF5DQpN"
- + "elU1TURCYU1JRzBNUXN3Q1FZRFZRUUdFd0pDVWpFVE1CRUdBMVVFQ2hNS1NV"
- + "TlFMVUp5WVhOcGJERTlNRHNHDQpBMVVFQ3hNMFNXNXpkR2wwZFhSdklFNWhZ"
- + "Mmx2Ym1Gc0lHUmxJRlJsWTI1dmJHOW5hV0VnWkdFZ1NXNW1iM0p0DQpZV05o"
- + "YnlBdElFbFVTVEVSTUE4R0ExVUVCeE1JUW5KaGMybHNhV0V4Q3pBSkJnTlZC"
- + "QWdUQWtSR01URXdMd1lEDQpWUVFERXloQmRYUnZjbWxrWVdSbElFTmxjblJw"
- + "Wm1sallXUnZjbUVnVW1GcGVpQkNjbUZ6YVd4bGFYSmhNSUlCDQpJakFOQmdr"
- + "cWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBd1BNdWR3WC9odm0r"
- + "VWgyYi9sUUFjSFZBDQppc2FtYUxrV2Rrd1A5L1MvdE9LSWdSckw2T3krWklH"
- + "bE9VZGQ2dVl0azlNYS8zcFVwZ2NmTkFqMHZZbTVnc3lqDQpRbzllbXNjK3g2"
- + "bTRWV3drOWlxTVpTQ0s1RVFrQXEvVXQ0bjdLdUxFMStnZGZ0d2RJZ3hmVXNQ"
- + "dDRDeU5yWTUwDQpRVjU3S00yVVQ4eDVycm16RWpyN1RJQ0dwU1VBbDJnVnFl"
- + "NnhhaWkrYm1ZUjFRcm1XYUJTQUc1OUxya3Jqcll0DQpiUmhGYm9VRGUxREsr"
- + "NlQ4czVMNms4Yzhva3BiSHBhOXZlTXp0RFZDOXNQSjYwTVdYaDZhblZLbzFV"
- + "Y0xjYlVSDQp5RWVOdlpuZVZSS0FBVTZvdXdkakR2d2xzYUt5ZEZLd2VkMFRv"
- + "UTQ3Ym1VS2djbSt3VjNlVFJrMzZVT25Ud0lEDQpBUUFCbzRIU01JSFBNRTRH"
- + "QTFVZElBUkhNRVV3UXdZRllFd0JBUUF3T2pBNEJnZ3JCZ0VGQlFjQ0FSWXNh"
- + "SFIwDQpjRG92TDJGamNtRnBlaTVwWTNCaWNtRnphV3d1WjI5MkxtSnlMMFJR"
- + "UTJGamNtRnBlaTV3WkdZd1BRWURWUjBmDQpCRFl3TkRBeW9EQ2dMb1lzYUhS"
- + "MGNEb3ZMMkZqY21GcGVpNXBZM0JpY21GemFXd3VaMjkyTG1KeUwweERVbUZq"
- + "DQpjbUZwZWk1amNtd3dIUVlEVlIwT0JCWUVGSXI2OFZlRUVSTTFrRUw2VjBs"
- + "VWFRMmt4UEEzTUE4R0ExVWRFd0VCDQovd1FGTUFNQkFmOHdEZ1lEVlIwUEFR"
- + "SC9CQVFEQWdFR01BMEdDU3FHU0liM0RRRUJCUVVBQTRJQkFRQVpBNWMxDQpV"
- + "L2hnSWg2T2NnTEFmaUpnRldwdm1EWldxbFYzMC9iSEZwajhpQm9iSlNtNXVE"
- + "cHQ3VGlyWWgxVXhlM2ZRYUdsDQpZakplKzl6ZCtpelBSYkJxWFBWUUEzNEVY"
- + "Y3drNHFwV3VmMWhIcmlXZmRyeDhBY3FTcXI2Q3VRRndTcjc1Rm9zDQpTemx3"
- + "REFEYTcwbVQ3d1pqQW1RaG5aeDJ4SjZ3ZldsVDlWUWZTLy9KWWVJYzdGdWUy"
- + "Sk5MZDAwVU9TTU1haUsvDQp0NzllbktOSEVBMmZ1cEgzdkVpZ2Y1RWg0YlZB"
- + "TjVWb2hyVG02TVk1M3g3WFFaWnIxTUU3YTU1bEZFblNlVDB1DQptbE9BalIy"
- + "bUFidlNNNVg1b1NaTnJtZXRkenlUajJmbENNOENDN01MYWIwa2tkbmdSSWxV"
- + "QkdIRjEvUzVubVBiDQpLKzlBNDZzZDMzb3FLOG44DQotLS0tLUVORCBDRVJU"
- + "SUZJQ0FURS0tLS0tDQo=");
-
- private byte[] schefer = Base64.decode(
- "MIIEnDCCBAWgAwIBAgICIPAwDQYJKoZIhvcNAQEEBQAwgcAxCzAJBgNVBAYT"
- + "AkRFMQ8wDQYDVQQIEwZIRVNTRU4xGDAWBgNVBAcTDzY1MDA4IFdpZXNiYWRl"
- + "bjEaMBgGA1UEChMRU0NIVUZBIEhPTERJTkcgQUcxGjAYBgNVBAsTEVNDSFVG"
- + "QSBIT0xESU5HIEFHMSIwIAYDVQQDExlJbnRlcm5ldCBCZW51dHplciBTZXJ2"
- + "aWNlMSowKAYJKoZIhvcNAQkBFht6ZXJ0aWZpa2F0QHNjaHVmYS1vbmxpbmUu"
- + "ZGUwHhcNMDQwMzMwMTEwODAzWhcNMDUwMzMwMTEwODAzWjCBnTELMAkGA1UE"
- + "BhMCREUxCjAIBgNVBAcTASAxIzAhBgNVBAoTGlNIUyBJbmZvcm1hdGlvbnNz"
- + "eXN0ZW1lIEFHMRwwGgYDVQQLExM2MDAvMDU5NDktNjAwLzA1OTQ5MRgwFgYD"
- + "VQQDEw9TY2hldHRlciBTdGVmYW4xJTAjBgkqhkiG9w0BCQEWFlN0ZWZhbi5T"
- + "Y2hldHRlckBzaHMuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJD0"
- + "95Bi76fkAMjJNTGPDiLPHmZXNsmakngDeS0juzKMeJA+TjXFouhYh6QyE4Bl"
- + "Nf18fT4mInlgLefwf4t6meIWbiseeTo7VQdM+YrbXERMx2uHsRcgZMsiMYHM"
- + "kVfYMK3SMJ4nhCmZxrBkoTRed4gXzVA1AA8YjjTqMyyjvt4TAgMBAAGjggHE"
- + "MIIBwDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIEsDALBgNVHQ8EBAMC"
- + "BNAwOQYJYIZIAYb4QgENBCwWKlplcnRpZmlrYXQgbnVyIGZ1ZXIgU0NIVUZB"
- + "LU9ubGluZSBndWVsdGlnLjAdBgNVHQ4EFgQUXReirhBfg0Yhf6MsBWoo/nPa"
- + "hGwwge0GA1UdIwSB5TCB4oAUf2UyCaBV9JUeG9lS1Yo6OFBUdEKhgcakgcMw"
- + "gcAxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZIRVNTRU4xGDAWBgNVBAcTDzY1"
- + "MDA4IFdpZXNiYWRlbjEaMBgGA1UEChMRU0NIVUZBIEhPTERJTkcgQUcxGjAY"
- + "BgNVBAsTEVNDSFVGQSBIT0xESU5HIEFHMSIwIAYDVQQDExlJbnRlcm5ldCBC"
- + "ZW51dHplciBTZXJ2aWNlMSowKAYJKoZIhvcNAQkBFht6ZXJ0aWZpa2F0QHNj"
- + "aHVmYS1vbmxpbmUuZGWCAQAwIQYDVR0RBBowGIEWU3RlZmFuLlNjaGV0dGVy"
- + "QHNocy5kZTAmBgNVHRIEHzAdgRt6ZXJ0aWZpa2F0QHNjaHVmYS1vbmxpbmUu"
- + "ZGUwDQYJKoZIhvcNAQEEBQADgYEAWzZtN9XQ9uyrFXqSy3hViYwV751+XZr0"
- + "YH5IFhIS+9ixNAu8orP3bxqTaMhpwoU7T/oSsyGGSkb3fhzclgUADbA2lrOI"
- + "GkeB/m+FArTwRbwpqhCNTwZywOp0eDosgPjCX1t53BB/m/2EYkRiYdDGsot0"
- + "kQPOVGSjQSQ4+/D+TM8=");
-
- // circular dependency certificates
- private static final byte[] circCA = Base64.decode(
- "MIIDTzCCAjegAwIBAgIDARAAMA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNVBAYT"
- + "AkZSMRAwDgYDVQQKEwdHSVAtQ1BTMRgwFgYDVQQLEw9HSVAtQ1BTIEFOT05Z"
- + "TUUwHhcNMDQxMDExMDAwMDAxWhcNMTQxMjMxMjM1OTU5WjA5MQswCQYDVQQG"
- + "EwJGUjEQMA4GA1UEChMHR0lQLUNQUzEYMBYGA1UECxMPR0lQLUNQUyBBTk9O"
- + "WU1FMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WyWDwcM58aU"
- + "hPX4ueI1mwETt3WdQtMfIdRiCXeBrjCkYCc7nIgCmGbnfTzXSplHRgKColWh"
- + "q/Z+1rHYayje1gjAEU2+4/r1P2pnBmPgquDuguktCIbDtCcGZu0ylyKeHh37"
- + "aeIKzkcmRSLRzvGf/eO3RdFksrvaPaSjqCVfGRXVDKK2uftE8rIFJE+bCqow"
- + "6+WiaAaDDiJaSJPuu5hC1NA5jw0/BFodlCuAvl1GJ8A+TICkYWcSpKS9bkSC"
- + "0i8xdGbSSk94shA1PdDvRdFMfFys8g4aupBXV8yqqEAUkBYmOtZSJckc3W4y"
- + "2Gx53y7vY07Xh63mcgtJs2T82WJICwIDAQABo2AwXjAdBgNVHQ4EFgQU8c/P"
- + "NNJaL0srd9SwHwgtvwPB/3cwDgYDVR0PAQH/BAQDAgIEMBkGA1UdIAQSMBAw"
- + "DgYMKoF6AUcDBwgAAAABMBIGA1UdEwEB/wQIMAYBAf8CAQEwDQYJKoZIhvcN"
- + "AQEFBQADggEBAHRjYDPJKlfUzID0YzajZpgR/i2ngJrJqYeaWCmwzBgNUPad"
- + "uBKSGHmPVg21sfULMSnirnR+e90i/D0EVzLwQzcbjPDD/85rp9QDCeMxqqPe"
- + "9ZCHGs2BpE/HOQMP0QfQ3/Kpk7SvOH/ZcpIf6+uE6lLBQYAGs5cxvtTGOzZk"
- + "jCVFG+TrAnF4V5sNkn3maCWiYLmyqcnxtKEFSONy2bYqqudx/dBBlRrDbRfZ"
- + "9XsCBdiXAHY1hFHldbfDs8rslmkXJi3fJC028HZYB6oiBX/JE7BbMk7bRnUf"
- + "HSpP7Sjxeso2SY7Yit+hQDVAlqTDGmh6kLt/hQMpsOMry4vgBL6XHKw=");
-
- private static final byte[] circCRLCA = Base64.decode(
- "MIIDXDCCAkSgAwIBAgIDASAAMA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNVBAYT"
- + "AkZSMRAwDgYDVQQKEwdHSVAtQ1BTMRgwFgYDVQQLEw9HSVAtQ1BTIEFOT05Z"
- + "TUUwHhcNMDQxMDExMDAwMDAxWhcNMTQxMjMxMjM1OTU5WjA5MQswCQYDVQQG"
- + "EwJGUjEQMA4GA1UEChMHR0lQLUNQUzEYMBYGA1UECxMPR0lQLUNQUyBBTk9O"
- + "WU1FMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfEcFK0g7Kfo"
- + "o5f2IBF7VEd/AG+RVGSds0Yg+u2kNYu4k04HR/+tOdBQtJvyr4W5jrQKsC5X"
- + "skeFWMyWaFKzAjZDWB52HWp/kiMivGcxnYDuYf5piukSC+d2+vL8YaAphDzV"
- + "HPnxEKqoM/J66uUussDTqfcL3JC/Bc7kBwn4srrsZOsamMWTQQtEqVQxNN7A"
- + "ROSRsdiTt3hMOKditc9/NBNmjZWxgc7Twr/SaZ8CfN5wf2wuOl23knWL0QsJ"
- + "0lSMBSBTzTcfAke4/jIT7d4nVMp3t7dsna8rt56pFK4wpRFGuCt+1P5gi51x"
- + "xVSdI+JoNXv6zGO4o8YVaRpC5rQeGQIDAQABo20wazAfBgNVHSMEGDAWgBTx"
- + "z8800lovSyt31LAfCC2/A8H/dzAdBgNVHQ4EFgQUGa3SbBrJx/wa2MQwhWPl"
- + "dwLw1+IwDgYDVR0PAQH/BAQDAgECMBkGA1UdIAQSMBAwDgYMKoF6AUcDBwgA"
- + "AAABMA0GCSqGSIb3DQEBBQUAA4IBAQAPDpYe2WPYnXTLsXSIUREBNMLmg+/7"
- + "4Yhq9uOm5Hb5LVkDuHoEHGfmpXXEvucx5Ehu69hw+F4YSrd9wPjOiG8G6GXi"
- + "RcrK8nE8XDvvV+E1HpJ7NKN4fSAoSb+0gliiq3aF15bvXP8nfespdd/x1xWQ"
- + "mpYCx/mJeuqONQv2/D/7hfRKYoDBaAkWGodenPFPVs6FxwnEuH2R+KWCUdA9"
- + "L04v8JBeL3kZiALkU7+DCCm7A0imUAgeeArbAbfIPu6eDygm+XndZ9qi7o4O"
- + "AntPxrqbeXFIbDrQ4GV1kpxnW+XpSGDd96SWKe715gxkkDBppR5IKYJwRb6O"
- + "1TRQIf2F+muQ");
-
- private static final byte[] circCRL = Base64.decode(
- "MIIB1DCBvQIBATANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGUjEQMA4G"
- + "A1UEChMHR0lQLUNQUzEYMBYGA1UECxMPR0lQLUNQUyBBTk9OWU1FFw0xMDAx"
- + "MDcwMzAwMTVaFw0xMDAxMTMwMzAwMTVaMACgTjBMMB8GA1UdIwQYMBaAFBmt"
- + "0mwaycf8GtjEMIVj5XcC8NfiMAsGA1UdFAQEAgILgzAcBgNVHRIEFTATgRFh"
- + "Yy1naXBAZ2lwLWNwcy5mcjANBgkqhkiG9w0BAQUFAAOCAQEAtF1DdFl1MQvf"
- + "vNkbrCPuppNYcHen4+za/ZDepKuwHsH/OpKuaDJc4LndRgd5IwzfpCHkQGzt"
- + "shK50bakN8oaYJgthKIOIJzR+fn6NMjftfR2a27Hdk2o3eQXRHQ360qMbpSy"
- + "qPb3WfuBhxO2/DlLChJP+OxZIHtT/rNYgE0tlIv7swYi81Gq+DafzaZ9+A5t"
- + "I0L2Gp/NUDsp5dF6PllAGiXQzl27qkcu+r50w+u0gul3nobXgbwPcMSYuWUz"
- + "1lhA+uDn/EUWV4RSiJciCGSS10WCkFh1/YPo++mV15KDB0m+8chscrSu/bAl"
- + "B19LxL/pCX3qr5iLE9ss3olVImyFZg==");
-
-// private void checkCircProcessing()
-// throws Exception
-// {
-// CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
-//
-// X509Certificate caCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(circCA));
-// X509Certificate crlCaCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(circCRLCA));
-// X509CRL crl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(circCRL));
-//
-// List list = new ArrayList();
-//
-// list.add(caCert);
-// list.add(crlCaCert);
-// list.add(crl);
-//
-// CertStoreParameters ccsp = new CollectionCertStoreParameters(list);
-// CertStore store = CertStore.getInstance("Collection", ccsp);
-//
-// Calendar validDate = Calendar.getInstance();
-// validDate.set(2010,0,8,2,21,10);
-//
-// //validating path
-// List certchain = new ArrayList();
-//
-// certchain.add(crlCaCert);
-// CertPath cp = CertificateFactory.getInstance("X.509","BC").generateCertPath(certchain);
-//
-// Set trust = new HashSet();
-// trust.add(new TrustAnchor(caCert, null));
-//
-// CertPathValidator cpv = CertPathValidator.getInstance("PKIX","BC");
-// //PKIXParameters param = new PKIXParameters(trust);
-//
-// PKIXBuilderParameters param = new PKIXBuilderParameters(trust, null);
-// X509CertSelector certSelector = new X509CertSelector();
-// certSelector.setCertificate(crlCaCert);
-// param.setTargetCertConstraints(certSelector);
-// param.addCertStore(store);
-// param.setRevocationEnabled(true);
-// param.setDate(validDate.getTime());
-//
-// PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult)cpv.validate(cp, param);
-// }
-
- public void performTest()
- throws Exception
- {
- // initialise CertStore
- X509CertificateHolder rootCert = new X509CertificateHolder(CertPathTest.rootCertBin);
- X509CertificateHolder interCert = new X509CertificateHolder(CertPathTest.interCertBin);
- X509CertificateHolder finalCert = new X509CertificateHolder(CertPathTest.finalCertBin);
- X509CRLHolder rootCrl = new X509CRLHolder(CertPathTest.rootCrlBin);
- X509CRLHolder interCrl = new X509CRLHolder(CertPathTest.interCrlBin);
-
- CertPath path = new CertPath(new X509CertificateHolder[] { finalCert, interCert });
- X509ContentVerifierProviderBuilder verifier = new JcaX509ContentVerifierProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME);
-
- CertPathValidationResult result = path.validate(new CertPathValidation[]{new ParentCertIssuedValidation(verifier), new BasicConstraintsValidation(), new KeyUsageValidation()});
-
- if (!result.isValid())
- {
- fail("basic validation (1) not working");
- }
-
- List crlList = new ArrayList();
-
- crlList.add(rootCrl);
- crlList.add(interCrl);
-
- Store crls = new CollectionStore(crlList);
-
- result = path.validate(new CertPathValidation[]{new ParentCertIssuedValidation(verifier), new BasicConstraintsValidation(), new KeyUsageValidation(), new CRLValidation(rootCert.getSubject(), crls)});
-
- if (!result.isValid())
- {
- fail("basic validation (2) not working");
- }
-
- result = path.validate(new CertPathValidation[]{new ParentCertIssuedValidation(verifier), new KeyUsageValidation(), new CRLValidation(rootCert.getSubject(), crls)});
-
- if (result.isValid() || result.getUnhandledCriticalExtensionOIDs().size() != 1
- || !result.getUnhandledCriticalExtensionOIDs().contains(Extension.basicConstraints))
- {
- fail("basic validation (3) not working");
- }
-
- result = path.validate(new CertPathValidation[]{new ParentCertIssuedValidation(verifier), new CRLValidation(rootCert.getSubject(), crls)});
-
- if (result.isValid() || result.getUnhandledCriticalExtensionOIDs().size() != 2
- || !result.getUnhandledCriticalExtensionOIDs().contains(Extension.basicConstraints)
- || !result.getUnhandledCriticalExtensionOIDs().contains(Extension.keyUsage))
- {
- fail("basic validation (4) not working");
- }
-
- path = new CertPath(new X509CertificateHolder[] { interCert, finalCert });
-
- result = path.validate(new CertPathValidation[]{new ParentCertIssuedValidation(verifier)});
-
- if (result.isValid())
- {
- fail("incorrect path validated!!");
- }
-
-
-
-// List list = new ArrayList();
-// list.add(rootCert);
-// list.add(interCert);
-// list.add(finalCert);
-// list.add(rootCrl);
-// list.add(interCrl);
-// CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list);
-// CertStore store = CertStore.getInstance("Collection", ccsp, "BC");
-// Calendar validDate = Calendar.getInstance();
-// validDate.set(2008,8,4,14,49,10);
-// //validating path
-// List certchain = new ArrayList();
-// certchain.add(finalCert);
-// certchain.add(interCert);
-// CertPath cp = CertificateFactory.getInstance("X.509","BC").generateCertPath(certchain);
-// Set trust = new HashSet();
-// trust.add(new TrustAnchor(rootCert, null));
-//
-// CertPathValidator cpv = CertPathValidator.getInstance("PKIX","BC");
-// PKIXParameters param = new PKIXParameters(trust);
-// param.addCertStore(store);
-// param.setDate(validDate.getTime());
-// MyChecker checker = new MyChecker();
-// param.addCertPathChecker(checker);
-//
-// PKIXCertPathValidatorResult result =
-// (PKIXCertPathValidatorResult) cpv.validate(cp, param);
-// PolicyNode policyTree = result.getPolicyTree();
-// PublicKey subjectPublicKey = result.getPublicKey();
-//
-// if (checker.getCount() != 2)
-// {
-// fail("checker not evaluated for each certificate");
-// }
-//
-// if (!subjectPublicKey.equals(finalCert.getPublicKey()))
-// {
-// fail("wrong public key returned");
-// }
-//
-// //
-// // invalid path containing a valid one test
-// //
-// try
-// {
-// // initialise CertStore
-// rootCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(AC_RAIZ_ICPBRASIL));
-// interCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(AC_PR));
-// finalCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(schefer));
-//
-// list = new ArrayList();
-// list.add(rootCert);
-// list.add(interCert);
-// list.add(finalCert);
-//
-// ccsp = new CollectionCertStoreParameters(list);
-// store = CertStore.getInstance("Collection", ccsp);
-// validDate = Calendar.getInstance();
-// validDate.set(2004,2,21,2,21,10);
-//
-// //validating path
-// certchain = new ArrayList();
-// certchain.add(finalCert);
-// certchain.add(interCert);
-// cp = CertificateFactory.getInstance("X.509","BC").generateCertPath(certchain);
-// trust = new HashSet();
-// trust.add(new TrustAnchor(rootCert, null));
-//
-// cpv = CertPathValidator.getInstance("PKIX","BC");
-// param = new PKIXParameters(trust);
-// param.addCertStore(store);
-// param.setRevocationEnabled(false);
-// param.setDate(validDate.getTime());
-//
-// result =(PKIXCertPathValidatorResult) cpv.validate(cp, param);
-// policyTree = result.getPolicyTree();
-// subjectPublicKey = result.getPublicKey();
-//
-// fail("Invalid path validated");
-// }
-// catch (Exception e)
-// {
-// if (!(e instanceof CertPathValidatorException
-// && e.getMessage().startsWith("Could not validate certificate signature.")))
-// {
-// fail("unexpected exception", e);
-// }
-// }
-//
-// checkCircProcessing();
- }
-
- public String getName()
- {
- return "CertPathValidator";
- }
-
- public static void main(
- String[] args)
- {
- Security.addProvider(new BouncyCastleProvider());
-
- runTest(new CertPathValidationTest());
- }
-}
-
diff --git a/pkix/src/test/java/org/bouncycastle/cert/test/AllTests.java b/pkix/src/test/java/org/bouncycastle/cert/test/AllTests.java
deleted file mode 100644
index ed0f6253..00000000
--- a/pkix/src/test/java/org/bouncycastle/cert/test/AllTests.java
+++ /dev/null
@@ -1,57 +0,0 @@
-package org.bouncycastle.cert.test;
-
-import java.security.Security;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.util.test.SimpleTestResult;
-
-public class AllTests
- extends TestCase
-{
- public void testSimpleTests()
- {
- org.bouncycastle.util.test.Test[] tests = new org.bouncycastle.util.test.Test[] { new CertTest(), new PKCS10Test(), new AttrCertSelectorTest(), new AttrCertTest(), new X509ExtensionUtilsTest() };
-
- for (int i = 0; i != tests.length; i++)
- {
- SimpleTestResult result = (SimpleTestResult)tests[i].perform();
-
- if (!result.isSuccessful())
- {
- if (result.getException() != null)
- {
- result.getException().printStackTrace();
- }
- fail(result.toString());
- }
- }
- }
-
- public static void main (String[] args)
- {
- junit.textui.TestRunner.run(suite());
- }
-
- public static Test suite()
- {
- TestSuite suite = new TestSuite("Cert Tests");
-
- if (Security.getProvider("BC") == null)
- {
- Security.addProvider(new BouncyCastleProvider());
- }
-
- suite.addTestSuite(AllTests.class);
- suite.addTestSuite(BcAttrCertSelectorTest.class);
- suite.addTestSuite(BcAttrCertSelectorTest.class);
- suite.addTestSuite(BcAttrCertTest.class);
- suite.addTestSuite(BcCertTest.class);
- suite.addTestSuite(BcPKCS10Test.class);
- suite.addTest(ConverterTest.suite());
-
- return suite;
- }
-} \ No newline at end of file
diff --git a/pkix/src/test/java/org/bouncycastle/cert/test/AttrCertSelectorTest.java b/pkix/src/test/java/org/bouncycastle/cert/test/AttrCertSelectorTest.java
deleted file mode 100644
index 3fe3694d..00000000
--- a/pkix/src/test/java/org/bouncycastle/cert/test/AttrCertSelectorTest.java
+++ /dev/null
@@ -1,243 +0,0 @@
-package org.bouncycastle.cert.test;
-
-import java.io.ByteArrayInputStream;
-import java.math.BigInteger;
-import java.security.KeyFactory;
-import java.security.PrivateKey;
-import java.security.Security;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.security.spec.RSAPrivateCrtKeySpec;
-import java.util.Date;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.Target;
-import org.bouncycastle.asn1.x509.TargetInformation;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.cert.AttributeCertificateHolder;
-import org.bouncycastle.cert.AttributeCertificateIssuer;
-import org.bouncycastle.cert.X509AttributeCertificateHolder;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.X509v2AttributeCertificateBuilder;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
-import org.bouncycastle.cert.selector.X509AttributeCertificateHolderSelectorBuilder;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.test.SimpleTest;
-import org.bouncycastle.util.test.Test;
-import org.bouncycastle.util.test.TestResult;
-
-public class AttrCertSelectorTest
- extends SimpleTest
-{
- private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
-
- static final RSAPrivateCrtKeySpec RSA_PRIVATE_KEY_SPEC = new RSAPrivateCrtKeySpec(
- new BigInteger(
- "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
- 16),
- new BigInteger("11", 16),
- new BigInteger(
- "9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89",
- 16), new BigInteger(
- "c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb",
- 16), new BigInteger(
- "f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5",
- 16), new BigInteger(
- "b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391",
- 16), new BigInteger(
- "d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd",
- 16), new BigInteger(
- "b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19",
- 16));
-
- static final byte[] holderCert = Base64
- .decode("MIIGjTCCBXWgAwIBAgICAPswDQYJKoZIhvcNAQEEBQAwaTEdMBsGCSqGSIb3DQEJ"
- + "ARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZpcmdpbmlhIFRlY2ggQ2VydGlm"
- + "aWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0MQswCQYDVQQGEwJVUzAeFw0w"
- + "MzAxMzExMzUyMTRaFw0wNDAxMzExMzUyMTRaMIGDMRswGQYJKoZIhvcNAQkBFgxz"
- + "c2hhaEB2dC5lZHUxGzAZBgNVBAMTElN1bWl0IFNoYWggKHNzaGFoKTEbMBkGA1UE"
- + "CxMSVmlyZ2luaWEgVGVjaCBVc2VyMRAwDgYDVQQLEwdDbGFzcyAxMQswCQYDVQQK"
- + "EwJ2dDELMAkGA1UEBhMCVVMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPDc"
- + "scgSKmsEp0VegFkuitD5j5PUkDuzLjlfaYONt2SN8WeqU4j2qtlCnsipa128cyKS"
- + "JzYe9duUdNxquh5BPIkMkHBw4jHoQA33tk0J/sydWdN74/AHPpPieK5GHwhU7GTG"
- + "rCCS1PJRxjXqse79ExAlul+gjQwHeldAC+d4A6oZAgMBAAGjggOmMIIDojAMBgNV"
- + "HRMBAf8EAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAOBgNVHQ8BAf8EBAMCA/gwHQYD"
- + "VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBRUIoWAzlXbzBYE"
- + "yVTjQFWyMMKo1jCBkwYDVR0jBIGLMIGIgBTgc3Fm+TGqKDhen+oKfbl+xVbj2KFt"
- + "pGswaTEdMBsGCSqGSIb3DQEJARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZp"
- + "cmdpbmlhIFRlY2ggQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0"
- + "MQswCQYDVQQGEwJVU4IBADCBiwYJYIZIAYb4QgENBH4WfFZpcmdpbmlhIFRlY2gg"
- + "Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgZGlnaXRhbCBjZXJ0aWZpY2F0ZXMgYXJl"
- + "IHN1YmplY3QgdG8gcG9saWNpZXMgbG9jYXRlZCBhdCBodHRwOi8vd3d3LnBraS52"
- + "dC5lZHUvY2EvY3BzLy4wFwYDVR0RBBAwDoEMc3NoYWhAdnQuZWR1MBkGA1UdEgQS"
- + "MBCBDmlybWhlbHBAdnQuZWR1MEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcwAoYn"
- + "aHR0cDovL2JveDE3Ny5jYy52dC5lZHUvY2EvaXNzdWVycy5odG1sMEQGA1UdHwQ9"
- + "MDswOaA3oDWGM2h0dHA6Ly9ib3gxNzcuY2MudnQuZWR1L2h0ZG9jcy1wdWJsaWMv"
- + "Y3JsL2NhY3JsLmNybDBUBgNVHSAETTBLMA0GCysGAQQBtGgFAQEBMDoGCysGAQQB"
- + "tGgFAQEBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cucGtpLnZ0LmVkdS9jYS9j"
- + "cHMvMD8GCWCGSAGG+EIBBAQyFjBodHRwOi8vYm94MTc3LmNjLnZ0LmVkdS9jZ2kt"
- + "cHVibGljL2NoZWNrX3Jldl9jYT8wPAYJYIZIAYb4QgEDBC8WLWh0dHA6Ly9ib3gx"
- + "NzcuY2MudnQuZWR1L2NnaS1wdWJsaWMvY2hlY2tfcmV2PzBLBglghkgBhvhCAQcE"
- + "PhY8aHR0cHM6Ly9ib3gxNzcuY2MudnQuZWR1L35PcGVuQ0E4LjAxMDYzMC9jZ2kt"
- + "cHVibGljL3JlbmV3YWw/MCwGCWCGSAGG+EIBCAQfFh1odHRwOi8vd3d3LnBraS52"
- + "dC5lZHUvY2EvY3BzLzANBgkqhkiG9w0BAQQFAAOCAQEAHJ2ls9yjpZVcu5DqiE67"
- + "r7BfkdMnm7IOj2v8cd4EAlPp6OPBmjwDMwvKRBb/P733kLBqFNWXWKTpT008R0KB"
- + "8kehbx4h0UPz9vp31zhGv169+5iReQUUQSIwTGNWGLzrT8kPdvxiSAvdAJxcbRBm"
- + "KzDic5I8PoGe48kSCkPpT1oNmnivmcu5j1SMvlx0IS2BkFMksr0OHiAW1elSnE/N"
- + "RuX2k73b3FucwVxB3NRo3vgoHPCTnh9r4qItAHdxFlF+pPtbw2oHESKRfMRfOIHz"
- + "CLQWSIa6Tvg4NIV3RRJ0sbCObesyg08lymalQMdkXwtRn5eGE00SHWwEUjSXP2gR"
- + "3g==");
-
- public String getName()
- {
- return "AttrCertSelector";
- }
-
- private X509AttributeCertificateHolder createAttrCert() throws Exception
- {
- CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC");
- X509Certificate iCert = (X509Certificate) fact
- .generateCertificate(new ByteArrayInputStream(holderCert));
- X509CertificateHolder iCertHolder = new JcaX509CertificateHolder(iCert);
- //
- // a sample key pair.
- //
- // RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
- // new BigInteger(
- // "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
- // 16), new BigInteger("11", 16));
-
- //
- // set up the keys
- //
- PrivateKey privKey;
-
- KeyFactory kFact = KeyFactory.getInstance("RSA", "BC");
-
- privKey = kFact.generatePrivate(RSA_PRIVATE_KEY_SPEC);
-
- X509v2AttributeCertificateBuilder gen = new X509v2AttributeCertificateBuilder(
- new AttributeCertificateHolder(iCertHolder.getSubject()),
- new AttributeCertificateIssuer(new X500Name("cn=test")),
- BigInteger.valueOf(1),
- new Date(System.currentTimeMillis() - 50000),
- new Date(System.currentTimeMillis() + 50000));
-
- // the actual attributes
- GeneralName roleName = new GeneralName(GeneralName.rfc822Name,
- "DAU123456789@test.com");
- ASN1EncodableVector roleSyntax = new ASN1EncodableVector();
- roleSyntax.add(roleName);
-
- // roleSyntax OID: 2.5.24.72
- gen.addAttribute(new ASN1ObjectIdentifier("2.5.24.72"), new DERSequence(roleSyntax));
-
-
- ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider(BC).build(privKey);
-
- Target targetName = new Target(Target.targetName, new GeneralName(GeneralName.dNSName,
- "www.test.com"));
-
- Target targetGroup = new Target(Target.targetGroup, new GeneralName(
- GeneralName.directoryName, "o=Test, ou=Test"));
- Target[] targets = new Target[2];
- targets[0] = targetName;
- targets[1] = targetGroup;
- TargetInformation targetInformation = new TargetInformation(targets);
-
- gen.addExtension(X509Extension.targetInformation, true, targetInformation);
-
- return gen.build(sigGen);
- }
-
- public void testSelector() throws Exception
- {
- X509AttributeCertificateHolder aCert = createAttrCert();
- X509AttributeCertificateHolderSelectorBuilder sel = new X509AttributeCertificateHolderSelectorBuilder();
- sel.setAttributeCert(aCert);
- boolean match = sel.build().match(aCert);
- if (!match)
- {
- fail("Selector does not match attribute certificate.");
- }
- sel.setAttributeCert(null);
- match = sel.build().match(aCert);
- if (!match)
- {
- fail("Selector does not match attribute certificate.");
- }
- sel.setHolder(aCert.getHolder());
- match = sel.build().match(aCert);
- if (!match)
- {
- fail("Selector does not match attribute certificate holder.");
- }
- sel.setHolder(null);
- sel.setIssuer(aCert.getIssuer());
- match = sel.build().match(aCert);
- if (!match)
- {
- fail("Selector does not match attribute certificate issuer.");
- }
- sel.setIssuer(null);
-
- CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC");
- X509CertificateHolder iCert = new JcaX509CertificateHolder((X509Certificate) fact
- .generateCertificate(new ByteArrayInputStream(holderCert)));
- match = aCert.getHolder().match(iCert);
- if (!match)
- {
- fail("Issuer holder does not match signing certificate of attribute certificate.");
- }
-
- sel.setSerialNumber(aCert.getSerialNumber());
- match = sel.build().match(aCert);
- if (!match)
- {
- fail("Selector does not match attribute certificate serial number.");
- }
-
- sel.setAttributeCertificateValid(new Date());
- match = sel.build().match(aCert);
- if (!match)
- {
- fail("Selector does not match attribute certificate time.");
- }
-
- sel.addTargetName(new GeneralName(2, "www.test.com"));
- match = sel.build().match(aCert);
- if (!match)
- {
- fail("Selector does not match attribute certificate target name.");
- }
- sel.setTargetNames(null);
- sel.addTargetGroup(new GeneralName(4, "o=Test, ou=Test"));
- match = sel.build().match(aCert);
- if (!match)
- {
- fail("Selector does not match attribute certificate target group.");
- }
- sel.setTargetGroups(null);
- }
-
- public void performTest() throws Exception
- {
- Security.addProvider(new BouncyCastleProvider());
- testSelector();
- }
-
- public static void main(String[] args)
- {
- Test test = new AttrCertSelectorTest();
- TestResult result = test.perform();
- System.out.println(result);
- }
-}
-
diff --git a/pkix/src/test/java/org/bouncycastle/cert/test/AttrCertTest.java b/pkix/src/test/java/org/bouncycastle/cert/test/AttrCertTest.java
deleted file mode 100644
index 4c32dedf..00000000
--- a/pkix/src/test/java/org/bouncycastle/cert/test/AttrCertTest.java
+++ /dev/null
@@ -1,667 +0,0 @@
-package org.bouncycastle.cert.test;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.KeyFactory;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.Security;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.security.spec.RSAPrivateCrtKeySpec;
-import java.security.spec.RSAPublicKeySpec;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Date;
-import java.util.List;
-import java.util.Set;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1String;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.Attribute;
-import org.bouncycastle.asn1.x509.Extension;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
-import org.bouncycastle.cert.AttributeCertificateHolder;
-import org.bouncycastle.cert.AttributeCertificateIssuer;
-import org.bouncycastle.cert.X509AttributeCertificateHolder;
-import org.bouncycastle.cert.X509v2AttributeCertificateBuilder;
-import org.bouncycastle.cert.jcajce.JcaCertStore;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
-import org.bouncycastle.util.Store;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.test.SimpleTest;
-
-public class AttrCertTest
- extends SimpleTest
-{
- private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
-
- private static final RSAPrivateCrtKeySpec RSA_PRIVATE_KEY_SPEC = new RSAPrivateCrtKeySpec(
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16),
- new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
- new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
- new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
- new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
- new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
- new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
-
- public static byte[] attrCert = Base64.decode(
- "MIIHQDCCBqkCAQEwgZChgY2kgYowgYcxHDAaBgkqhkiG9w0BCQEWDW1sb3JjaEB2"
- + "dC5lZHUxHjAcBgNVBAMTFU1hcmt1cyBMb3JjaCAobWxvcmNoKTEbMBkGA1UECxMS"
- + "VmlyZ2luaWEgVGVjaCBVc2VyMRAwDgYDVQQLEwdDbGFzcyAyMQswCQYDVQQKEwJ2"
- + "dDELMAkGA1UEBhMCVVMwgYmkgYYwgYMxGzAZBgkqhkiG9w0BCQEWDHNzaGFoQHZ0"
- + "LmVkdTEbMBkGA1UEAxMSU3VtaXQgU2hhaCAoc3NoYWgpMRswGQYDVQQLExJWaXJn"
- + "aW5pYSBUZWNoIFVzZXIxEDAOBgNVBAsTB0NsYXNzIDExCzAJBgNVBAoTAnZ0MQsw"
- + "CQYDVQQGEwJVUzANBgkqhkiG9w0BAQQFAAIBBTAiGA8yMDAzMDcxODE2MDgwMloY"
- + "DzIwMDMwNzI1MTYwODAyWjCCBU0wggVJBgorBgEEAbRoCAEBMYIFORaCBTU8UnVs"
- + "ZSBSdWxlSWQ9IkZpbGUtUHJpdmlsZWdlLVJ1bGUiIEVmZmVjdD0iUGVybWl0Ij4K"
- + "IDxUYXJnZXQ+CiAgPFN1YmplY3RzPgogICA8U3ViamVjdD4KICAgIDxTdWJqZWN0"
- + "TWF0Y2ggTWF0Y2hJZD0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjEuMDpmdW5j"
- + "dGlvbjpzdHJpbmctZXF1YWwiPgogICAgIDxBdHRyaWJ1dGVWYWx1ZSBEYXRhVHlw"
- + "ZT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjc3RyaW5nIj4KICAg"
- + "ICAgIENOPU1hcmt1cyBMb3JjaDwvQXR0cmlidXRlVmFsdWU+CiAgICAgPFN1Ympl"
- + "Y3RBdHRyaWJ1dGVEZXNpZ25hdG9yIEF0dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFt"
- + "ZXM6dGM6eGFjbWw6MS4wOnN1YmplY3Q6c3ViamVjdC1pZCIgRGF0YVR5cGU9Imh0"
- + "dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hI3N0cmluZyIgLz4gCiAgICA8"
- + "L1N1YmplY3RNYXRjaD4KICAgPC9TdWJqZWN0PgogIDwvU3ViamVjdHM+CiAgPFJl"
- + "c291cmNlcz4KICAgPFJlc291cmNlPgogICAgPFJlc291cmNlTWF0Y2ggTWF0Y2hJ"
- + "ZD0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjEuMDpmdW5jdGlvbjpzdHJpbmct"
- + "ZXF1YWwiPgogICAgIDxBdHRyaWJ1dGVWYWx1ZSBEYXRhVHlwZT0iaHR0cDovL3d3"
- + "dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjYW55VVJJIj4KICAgICAgaHR0cDovL3p1"
- + "bmkuY3MudnQuZWR1PC9BdHRyaWJ1dGVWYWx1ZT4KICAgICA8UmVzb3VyY2VBdHRy"
- + "aWJ1dGVEZXNpZ25hdG9yIEF0dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFtZXM6dGM6"
- + "eGFjbWw6MS4wOnJlc291cmNlOnJlc291cmNlLWlkIiBEYXRhVHlwZT0iaHR0cDov"
- + "L3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjYW55VVJJIiAvPiAKICAgIDwvUmVz"
- + "b3VyY2VNYXRjaD4KICAgPC9SZXNvdXJjZT4KICA8L1Jlc291cmNlcz4KICA8QWN0"
- + "aW9ucz4KICAgPEFjdGlvbj4KICAgIDxBY3Rpb25NYXRjaCBNYXRjaElkPSJ1cm46"
- + "b2FzaXM6bmFtZXM6dGM6eGFjbWw6MS4wOmZ1bmN0aW9uOnN0cmluZy1lcXVhbCI+"
- + "CiAgICAgPEF0dHJpYnV0ZVZhbHVlIERhdGFUeXBlPSJodHRwOi8vd3d3LnczLm9y"
- + "Zy8yMDAxL1hNTFNjaGVtYSNzdHJpbmciPgpEZWxlZ2F0ZSBBY2Nlc3MgICAgIDwv"
- + "QXR0cmlidXRlVmFsdWU+CgkgIDxBY3Rpb25BdHRyaWJ1dGVEZXNpZ25hdG9yIEF0"
- + "dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFtZXM6dGM6eGFjbWw6MS4wOmFjdGlvbjph"
- + "Y3Rpb24taWQiIERhdGFUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNj"
- + "aGVtYSNzdHJpbmciIC8+IAogICAgPC9BY3Rpb25NYXRjaD4KICAgPC9BY3Rpb24+"
- + "CiAgPC9BY3Rpb25zPgogPC9UYXJnZXQ+CjwvUnVsZT4KMA0GCSqGSIb3DQEBBAUA"
- + "A4GBAGiJSM48XsY90HlYxGmGVSmNR6ZW2As+bot3KAfiCIkUIOAqhcphBS23egTr"
- + "6asYwy151HshbPNYz+Cgeqs45KkVzh7bL/0e1r8sDVIaaGIkjHK3CqBABnfSayr3"
- + "Rd1yBoDdEv8Qb+3eEPH6ab9021AsLEnJ6LWTmybbOpMNZ3tv");
-
- byte[] signCert = Base64.decode(
- "MIIGjTCCBXWgAwIBAgICAPswDQYJKoZIhvcNAQEEBQAwaTEdMBsGCSqGSIb3DQEJ"
- + "ARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZpcmdpbmlhIFRlY2ggQ2VydGlm"
- + "aWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0MQswCQYDVQQGEwJVUzAeFw0w"
- + "MzAxMzExMzUyMTRaFw0wNDAxMzExMzUyMTRaMIGDMRswGQYJKoZIhvcNAQkBFgxz"
- + "c2hhaEB2dC5lZHUxGzAZBgNVBAMTElN1bWl0IFNoYWggKHNzaGFoKTEbMBkGA1UE"
- + "CxMSVmlyZ2luaWEgVGVjaCBVc2VyMRAwDgYDVQQLEwdDbGFzcyAxMQswCQYDVQQK"
- + "EwJ2dDELMAkGA1UEBhMCVVMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPDc"
- + "scgSKmsEp0VegFkuitD5j5PUkDuzLjlfaYONt2SN8WeqU4j2qtlCnsipa128cyKS"
- + "JzYe9duUdNxquh5BPIkMkHBw4jHoQA33tk0J/sydWdN74/AHPpPieK5GHwhU7GTG"
- + "rCCS1PJRxjXqse79ExAlul+gjQwHeldAC+d4A6oZAgMBAAGjggOmMIIDojAMBgNV"
- + "HRMBAf8EAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAOBgNVHQ8BAf8EBAMCA/gwHQYD"
- + "VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBRUIoWAzlXbzBYE"
- + "yVTjQFWyMMKo1jCBkwYDVR0jBIGLMIGIgBTgc3Fm+TGqKDhen+oKfbl+xVbj2KFt"
- + "pGswaTEdMBsGCSqGSIb3DQEJARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZp"
- + "cmdpbmlhIFRlY2ggQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0"
- + "MQswCQYDVQQGEwJVU4IBADCBiwYJYIZIAYb4QgENBH4WfFZpcmdpbmlhIFRlY2gg"
- + "Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgZGlnaXRhbCBjZXJ0aWZpY2F0ZXMgYXJl"
- + "IHN1YmplY3QgdG8gcG9saWNpZXMgbG9jYXRlZCBhdCBodHRwOi8vd3d3LnBraS52"
- + "dC5lZHUvY2EvY3BzLy4wFwYDVR0RBBAwDoEMc3NoYWhAdnQuZWR1MBkGA1UdEgQS"
- + "MBCBDmlybWhlbHBAdnQuZWR1MEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcwAoYn"
- + "aHR0cDovL2JveDE3Ny5jYy52dC5lZHUvY2EvaXNzdWVycy5odG1sMEQGA1UdHwQ9"
- + "MDswOaA3oDWGM2h0dHA6Ly9ib3gxNzcuY2MudnQuZWR1L2h0ZG9jcy1wdWJsaWMv"
- + "Y3JsL2NhY3JsLmNybDBUBgNVHSAETTBLMA0GCysGAQQBtGgFAQEBMDoGCysGAQQB"
- + "tGgFAQEBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cucGtpLnZ0LmVkdS9jYS9j"
- + "cHMvMD8GCWCGSAGG+EIBBAQyFjBodHRwOi8vYm94MTc3LmNjLnZ0LmVkdS9jZ2kt"
- + "cHVibGljL2NoZWNrX3Jldl9jYT8wPAYJYIZIAYb4QgEDBC8WLWh0dHA6Ly9ib3gx"
- + "NzcuY2MudnQuZWR1L2NnaS1wdWJsaWMvY2hlY2tfcmV2PzBLBglghkgBhvhCAQcE"
- + "PhY8aHR0cHM6Ly9ib3gxNzcuY2MudnQuZWR1L35PcGVuQ0E4LjAxMDYzMC9jZ2kt"
- + "cHVibGljL3JlbmV3YWw/MCwGCWCGSAGG+EIBCAQfFh1odHRwOi8vd3d3LnBraS52"
- + "dC5lZHUvY2EvY3BzLzANBgkqhkiG9w0BAQQFAAOCAQEAHJ2ls9yjpZVcu5DqiE67"
- + "r7BfkdMnm7IOj2v8cd4EAlPp6OPBmjwDMwvKRBb/P733kLBqFNWXWKTpT008R0KB"
- + "8kehbx4h0UPz9vp31zhGv169+5iReQUUQSIwTGNWGLzrT8kPdvxiSAvdAJxcbRBm"
- + "KzDic5I8PoGe48kSCkPpT1oNmnivmcu5j1SMvlx0IS2BkFMksr0OHiAW1elSnE/N"
- + "RuX2k73b3FucwVxB3NRo3vgoHPCTnh9r4qItAHdxFlF+pPtbw2oHESKRfMRfOIHz"
- + "CLQWSIa6Tvg4NIV3RRJ0sbCObesyg08lymalQMdkXwtRn5eGE00SHWwEUjSXP2gR"
- + "3g==");
-
- static byte[] certWithBaseCertificateID = Base64.decode(
- "MIIBqzCCARQCAQEwSKBGMD6kPDA6MQswCQYDVQQGEwJJVDEOMAwGA1UEChMFVU5JVE4xDDAKBgNV"
- + "BAsTA0RJVDENMAsGA1UEAxMEcm9vdAIEAVMVjqB6MHikdjB0MQswCQYDVQQGEwJBVTEoMCYGA1UE"
- + "ChMfVGhlIExlZ2lvbiBvZiB0aGUgQm91bmN5IENhc3RsZTEjMCEGA1UECxMaQm91bmN5IFByaW1h"
- + "cnkgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUJvdW5jeSBDYXN0bGUwDQYJKoZIhvcNAQEFBQACBQKW"
- + "RhnHMCIYDzIwMDUxMjEyMTIwMDQyWhgPMjAwNTEyMTkxMjAxMzJaMA8wDQYDVRhIMQaBBGVWSVAw"
- + "DQYJKoZIhvcNAQEFBQADgYEAUAVin9StDaA+InxtXq/av6rUQLI9p1X6louBcj4kYJnxRvTrHpsr"
- + "N3+i9Uq/uk5lRdAqmPFvcmSbuE3TRAsjrXON5uFiBBKZ1AouLqcr8nHbwcdwjJ9TyUNO9I4hfpSH"
- + "UHHXMtBKgp4MOkhhX8xTGyWg3hp23d3GaUeg/IYlXBI=");
-
- byte[] holderCertWithBaseCertificateID = Base64.decode(
- "MIIBwDCCASmgAwIBAgIEAVMVjjANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJJVDEOMAwGA1UE"
- + "ChMFVU5JVE4xDDAKBgNVBAsTA0RJVDENMAsGA1UEAxMEcm9vdDAeFw0wNTExMTExMjAxMzJaFw0w"
- + "NjA2MTYxMjAxMzJaMD4xCzAJBgNVBAYTAklUMQ4wDAYDVQQKEwVVTklUTjEMMAoGA1UECxMDRElU"
- + "MREwDwYDVQQDEwhMdWNhQm9yejBaMA0GCSqGSIb3DQEBAQUAA0kAMEYCQQC0p+RhcFdPFqlwgrIr"
- + "5YtqKmKXmEGb4ShypL26Ymz66ZAPdqv7EhOdzl3lZWT6srZUMWWgQMYGiHQg4z2R7X7XAgERoxUw"
- + "EzARBglghkgBhvhCAQEEBAMCBDAwDQYJKoZIhvcNAQEFBQADgYEAsX50VPQQCWmHvPq9y9DeCpmS"
- + "4szcpFAhpZyn6gYRwY9CRZVtmZKH8713XhkGDWcIEMcG0u3oTz3tdKgPU5uyIPrDEWr6w8ClUj4x"
- + "5aVz5c2223+dVY7KES//JSB2bE/KCIchN3kAioQ4K8O3e0OL6oDVjsqKGw5bfahgKuSIk/Q=");
-
-
- public String getName()
- {
- return "AttrCertTest";
- }
-
- private void testCertWithBaseCertificateID()
- throws Exception
- {
- X509AttributeCertificateHolder attrCert = new X509AttributeCertificateHolder(certWithBaseCertificateID);
- CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC");
- X509Certificate cert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(holderCertWithBaseCertificateID));
-
- AttributeCertificateHolder holder = attrCert.getHolder();
-
- if (holder.getEntityNames() != null)
- {
- fail("entity names set when none expected");
- }
-
- if (!holder.getSerialNumber().equals(cert.getSerialNumber()))
- {
- fail("holder serial number doesn't match");
- }
-
- if (!holder.getIssuer()[0].equals(X500Name.getInstance(cert.getIssuerX500Principal().getEncoded())))
- {
- fail("holder issuer doesn't match");
- }
-
- if (!holder.match(new JcaX509CertificateHolder(cert)))
- {
- fail("holder not matching holder certificate");
- }
-
- if (!holder.equals(holder.clone()))
- {
- fail("holder clone test failed");
- }
-
- if (!attrCert.getIssuer().equals(attrCert.getIssuer().clone()))
- {
- fail("issuer clone test failed");
- }
-
- //equalityAndHashCodeTest(attrCert, certWithBaseCertificateID);
- }
-
- private void equalityAndHashCodeTest(X509AttributeCertificateHolder attrCert, byte[] encoding)
- throws IOException
- {
- if (!attrCert.equals(attrCert))
- {
- fail("same certificate not equal");
- }
-
- if (!attrCert.getHolder().equals(attrCert.getHolder()))
- {
- fail("same holder not equal");
- }
-
- if (!attrCert.getIssuer().equals(attrCert.getIssuer()))
- {
- fail("same issuer not equal");
- }
-
- if (attrCert.getHolder().equals(attrCert.getIssuer()))
- {
- fail("wrong holder equal");
- }
-
- if (attrCert.getIssuer().equals(attrCert.getHolder()))
- {
- fail("wrong issuer equal");
- }
-
- X509AttributeCertificateHolder attrCert2 = new X509AttributeCertificateHolder(encoding);
-
- if (attrCert2.getHolder().hashCode() != attrCert.getHolder().hashCode())
- {
- fail("holder hashCode test failed");
- }
-
- if (!attrCert2.getHolder().equals(attrCert.getHolder()))
- {
- fail("holder equals test failed");
- }
-
- if (attrCert2.getIssuer().hashCode() != attrCert.getIssuer().hashCode())
- {
- fail("issuer hashCode test failed");
- }
-
- if (!attrCert2.getIssuer().equals(attrCert.getIssuer()))
- {
- fail("issuer equals test failed");
- }
- }
-
- private void testGenerateWithCert()
- throws Exception
- {
- CertificateFactory fact = CertificateFactory.getInstance("X.509","BC");
- X509Certificate iCert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(signCert));
-
- //
- // a sample key pair.
- //
- RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16));
-
- //
- // set up the keys
- //
- PrivateKey privKey;
- PublicKey pubKey;
-
- KeyFactory kFact = KeyFactory.getInstance("RSA", "BC");
-
- privKey = kFact.generatePrivate(RSA_PRIVATE_KEY_SPEC);
- pubKey = kFact.generatePublic(pubKeySpec);
-
- X509v2AttributeCertificateBuilder gen = new X509v2AttributeCertificateBuilder(
- new AttributeCertificateHolder(new JcaX509CertificateHolder(iCert)),
- new AttributeCertificateIssuer(new X500Name("cn=test")),
- BigInteger.ONE,
- new Date(System.currentTimeMillis() - 50000),
- new Date(System.currentTimeMillis() + 50000));
-
- // the actual attributes
- GeneralName roleName = new GeneralName(GeneralName.rfc822Name, "DAU123456789");
- ASN1EncodableVector roleSyntax = new ASN1EncodableVector();
- roleSyntax.add(roleName);
-
- // roleSyntax OID: 2.5.24.72;
-
- gen.addAttribute(new ASN1ObjectIdentifier("2.5.24.72"), new DERSequence(roleSyntax));
-
- ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider(BC).build(privKey);
-
- X509AttributeCertificateHolder aCert = gen.build(sigGen);
-
- if (!aCert.isValidOn(new Date()))
- {
- fail("certificate invalid");
- }
-
- if (!aCert.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(pubKey)))
- {
- fail("certificate signature not valid");
- }
-
- AttributeCertificateHolder holder = aCert.getHolder();
-
- if (holder.getEntityNames() != null)
- {
- fail("entity names set when none expected");
- }
-
- if (!holder.getSerialNumber().equals(iCert.getSerialNumber()))
- {
- fail("holder serial number doesn't match");
- }
-
- if (!holder.getIssuer()[0].equals(X500Name.getInstance(iCert.getIssuerX500Principal().getEncoded())))
- {
- fail("holder issuer doesn't match");
- }
-
- if (!holder.match(new JcaX509CertificateHolder(iCert)))
- {
- fail("generated holder not matching holder certificate");
- }
-
- Attribute[] attrs = aCert.getAttributes(new ASN1ObjectIdentifier("2.5.24.72"));
-
- if (attrs == null)
- {
- fail("attributes related to 2.5.24.72 not found");
- }
-
- Attribute attr = attrs[0];
-
- if (!attr.getAttrType().getId().equals("2.5.24.72"))
- {
- fail("attribute oid mismatch");
- }
-
- ASN1Encodable[] values = attr.getAttrValues().toArray();
-
- GeneralName role = GeneralNames.getInstance(values[0]).getNames()[0];
-
- if (role.getTagNo() != GeneralName.rfc822Name)
- {
- fail("wrong general name type found in role");
- }
-
- if (!((ASN1String)role.getName()).getString().equals("DAU123456789"))
- {
- fail("wrong general name value found in role");
- }
-
- X509Certificate sCert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(holderCertWithBaseCertificateID));
-
- if (holder.match(new JcaX509CertificateHolder(sCert)))
- {
- fail("generated holder matching wrong certificate");
- }
-
- equalityAndHashCodeTest(aCert, aCert.getEncoded());
- }
-
- private void testGenerateWithPrincipal()
- throws Exception
- {
- CertificateFactory fact = CertificateFactory.getInstance("X.509","BC");
- X509Certificate iCert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(signCert));
-
- //
- // a sample key pair.
- //
- RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16));
-
- //
- // set up the keys
- //
- PrivateKey privKey;
- PublicKey pubKey;
-
- KeyFactory kFact = KeyFactory.getInstance("RSA", "BC");
-
- privKey = kFact.generatePrivate(RSA_PRIVATE_KEY_SPEC);
- pubKey = kFact.generatePublic(pubKeySpec);
-
- X509v2AttributeCertificateBuilder gen = new X509v2AttributeCertificateBuilder(
- new AttributeCertificateHolder(new JcaX509CertificateHolder(iCert).getSubject()),
- new AttributeCertificateIssuer(new X500Name("cn=test")),
- BigInteger.ONE,
- new Date(System.currentTimeMillis() - 50000),
- new Date(System.currentTimeMillis() + 50000));
-
- // the actual attributes
- GeneralName roleName = new GeneralName(GeneralName.rfc822Name, "DAU123456789");
- ASN1EncodableVector roleSyntax = new ASN1EncodableVector();
- roleSyntax.add(roleName);
-
- // roleSyntax OID: 2.5.24.72
-
- gen.addAttribute(new ASN1ObjectIdentifier("2.5.24.72"), new DERSequence(roleSyntax));
-
- ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider(BC).build(privKey);
-
- X509AttributeCertificateHolder aCert = gen.build(sigGen);
-
- if (!aCert.isValidOn(new Date()))
- {
- fail("certificate invalid");
- }
-
- if (!aCert.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(pubKey)))
- {
- fail("certificate signature not valid");
- }
-
- AttributeCertificateHolder holder = aCert.getHolder();
-
- if (holder.getEntityNames() == null)
- {
- fail("entity names not set when expected");
- }
-
- if (holder.getSerialNumber() != null)
- {
- fail("holder serial number found when none expected");
- }
-
- if (holder.getIssuer() != null)
- {
- fail("holder issuer found when none expected");
- }
-
- if (!holder.match(new JcaX509CertificateHolder(iCert)))
- {
- fail("generated holder not matching holder certificate");
- }
-
- X509Certificate sCert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(holderCertWithBaseCertificateID));
-
- if (holder.match(sCert))
- {
- fail("principal generated holder matching wrong certificate");
- }
-
- equalityAndHashCodeTest(aCert, aCert.getEncoded());
- }
-
- public void performTest()
- throws Exception
- {
- X509AttributeCertificateHolder aCert = new X509AttributeCertificateHolder(attrCert);
- CertificateFactory fact = CertificateFactory.getInstance("X.509","BC");
- X509Certificate sCert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(signCert));
-
- if (!aCert.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(sCert)))
- {
- fail("certificate signature not valid");
- }
-
- //
- // search test
- //
-
- List list = new ArrayList();
-
- list.add(sCert);
-
- Store store = new JcaCertStore(list);
-
- Collection certs = store.getMatches(aCert.getIssuer());
- if (certs.size() != 1 || !certs.contains(new JcaX509CertificateHolder(sCert)))
- {
- fail("sCert not found by issuer");
- }
-
- Attribute[] attrs = aCert.getAttributes(new ASN1ObjectIdentifier("1.3.6.1.4.1.6760.8.1.1"));
- if (attrs == null || attrs.length != 1)
- {
- fail("attribute not found");
- }
-
- //
- // reencode test
- //
- aCert = new X509AttributeCertificateHolder(aCert.getEncoded());
-
- if (!aCert.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(sCert)))
- {
- fail("certificate signature not valid");
- }
-
- X509AttributeCertificateHolder saCert = new X509AttributeCertificateHolder(aCert.getEncoded());
-
- if (!aCert.getNotAfter().equals(saCert.getNotAfter()))
- {
- fail("failed date comparison");
- }
-
- // base generator test
-
- //
- // a sample key pair.
- //
- RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16));
-
- RSAPrivateCrtKeySpec privKeySpec = RSA_PRIVATE_KEY_SPEC;
-
- //
- // set up the keys
- //
- PrivateKey privKey;
- PublicKey pubKey;
-
- KeyFactory kFact = KeyFactory.getInstance("RSA", "BC");
-
- privKey = kFact.generatePrivate(privKeySpec);
- pubKey = kFact.generatePublic(pubKeySpec);
-
- X509v2AttributeCertificateBuilder gen = new X509v2AttributeCertificateBuilder(
- aCert.getHolder(),
- aCert.getIssuer(),
- aCert.getSerialNumber(),
- new Date(System.currentTimeMillis() - 50000),
- new Date(System.currentTimeMillis() + 50000));
-
- gen.addAttribute(attrs[0].getAttrType(), attrs[0].getAttributeValues());
-
- ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider(BC).build(privKey);
-
- aCert = gen.build(sigGen);
-
- if (!aCert.isValidOn(new Date()))
- {
- fail("certificate not valid");
- }
-
- if (!aCert.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(pubKey)))
- {
- fail("signature not valid");
- }
-
- // as the issuer is the same this should still work (even though it is not
- // technically correct
-
- certs = store.getMatches(aCert.getIssuer());
- if (certs.size() != 1 || !certs.contains(new JcaX509CertificateHolder(sCert)))
- {
- fail("sCert not found by issuer");
- }
-
- attrs = aCert.getAttributes(new ASN1ObjectIdentifier("1.3.6.1.4.1.6760.8.1.1"));
- if (attrs == null || attrs.length != 1)
- {
- fail("attribute not found");
- }
-
- //
- // reencode test
- //
- aCert = new X509AttributeCertificateHolder(aCert.getEncoded());
-
- if (!aCert.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(pubKey)))
- {
- fail("signature not valid");
- }
-
- AttributeCertificateIssuer issuer = aCert.getIssuer();
-
- X500Name[] principals = issuer.getNames();
-
- //
- // test holder
- //
- AttributeCertificateHolder holder = aCert.getHolder();
-
- if (holder.getEntityNames() == null)
- {
- fail("entity names not set");
- }
-
- if (holder.getSerialNumber() != null)
- {
- fail("holder serial number set when none expected");
- }
-
- if (holder.getIssuer() != null)
- {
- fail("holder issuer set when none expected");
- }
-
- principals = holder.getEntityNames();
-
- X500Principal principal0 = new X500Principal(principals[0].getEncoded());
- if (!principal0.toString().equals("C=US, O=vt, OU=Class 2, OU=Virginia Tech User, CN=Markus Lorch (mlorch), EMAILADDRESS=mlorch@vt.edu"))
- {
- fail("principal[0] for entity names don't match");
- }
-
- //
- // extension test
- //
-
- if (aCert.hasExtensions())
- {
- fail("hasExtensions true with no extensions");
- }
-
- gen.addExtension(new ASN1ObjectIdentifier("1.1"), true, new DEROctetString(new byte[10]));
-
- gen.addExtension(new ASN1ObjectIdentifier("2.2"), false, new DEROctetString(new byte[20]));
-
- aCert = gen.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(privKey));
-
- Set exts = aCert.getCriticalExtensionOIDs();
-
- if (exts.size() != 1 || !exts.contains(new ASN1ObjectIdentifier("1.1")))
- { System.err.println(exts);
- fail("critical extension test failed");
- }
-
- exts = aCert.getNonCriticalExtensionOIDs();
-
- if (exts.size() != 1 || !exts.contains(new ASN1ObjectIdentifier("2.2")))
- {
- fail("non-critical extension test failed");
- }
-
- if (aCert.getCriticalExtensionOIDs().isEmpty())
- {
- fail("critical extensions not found");
- }
-
- Extension ext = aCert.getExtension(new ASN1ObjectIdentifier("1.1"));
- ASN1Encodable extValue = ext.getParsedValue();
-
- if (!extValue.equals(new DEROctetString(new byte[10])))
- {
- fail("wrong extension value found for 1.1");
- }
-
- testCertWithBaseCertificateID();
- testGenerateWithCert();
- testGenerateWithPrincipal();
- }
-
- public static void main(
- String[] args)
- {
- Security.addProvider(new BouncyCastleProvider());
-
- runTest(new AttrCertTest());
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cert/test/BcAttrCertSelectorTest.java b/pkix/src/test/java/org/bouncycastle/cert/test/BcAttrCertSelectorTest.java
deleted file mode 100644
index 8be11c56..00000000
--- a/pkix/src/test/java/org/bouncycastle/cert/test/BcAttrCertSelectorTest.java
+++ /dev/null
@@ -1,212 +0,0 @@
-package org.bouncycastle.cert.test;
-
-import java.math.BigInteger;
-import java.util.Date;
-
-import junit.framework.TestCase;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.Extension;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.Target;
-import org.bouncycastle.asn1.x509.TargetInformation;
-import org.bouncycastle.cert.AttributeCertificateHolder;
-import org.bouncycastle.cert.AttributeCertificateIssuer;
-import org.bouncycastle.cert.X509AttributeCertificateHolder;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.X509v2AttributeCertificateBuilder;
-import org.bouncycastle.cert.selector.X509AttributeCertificateHolderSelectorBuilder;
-import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
-import org.bouncycastle.util.encoders.Base64;
-
-public class BcAttrCertSelectorTest
- extends TestCase
-{
- DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder();
- DefaultDigestAlgorithmIdentifierFinder digAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
-
- static final RSAPrivateCrtKeyParameters RSA_PRIVATE_KEY_SPEC = new RSAPrivateCrtKeyParameters(
- new BigInteger(
- "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
- 16),
- new BigInteger("11", 16),
- new BigInteger(
- "9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89",
- 16), new BigInteger(
- "c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb",
- 16), new BigInteger(
- "f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5",
- 16), new BigInteger(
- "b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391",
- 16), new BigInteger(
- "d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd",
- 16), new BigInteger(
- "b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19",
- 16));
-
- static final byte[] holderCert = Base64
- .decode("MIIGjTCCBXWgAwIBAgICAPswDQYJKoZIhvcNAQEEBQAwaTEdMBsGCSqGSIb3DQEJ"
- + "ARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZpcmdpbmlhIFRlY2ggQ2VydGlm"
- + "aWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0MQswCQYDVQQGEwJVUzAeFw0w"
- + "MzAxMzExMzUyMTRaFw0wNDAxMzExMzUyMTRaMIGDMRswGQYJKoZIhvcNAQkBFgxz"
- + "c2hhaEB2dC5lZHUxGzAZBgNVBAMTElN1bWl0IFNoYWggKHNzaGFoKTEbMBkGA1UE"
- + "CxMSVmlyZ2luaWEgVGVjaCBVc2VyMRAwDgYDVQQLEwdDbGFzcyAxMQswCQYDVQQK"
- + "EwJ2dDELMAkGA1UEBhMCVVMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPDc"
- + "scgSKmsEp0VegFkuitD5j5PUkDuzLjlfaYONt2SN8WeqU4j2qtlCnsipa128cyKS"
- + "JzYe9duUdNxquh5BPIkMkHBw4jHoQA33tk0J/sydWdN74/AHPpPieK5GHwhU7GTG"
- + "rCCS1PJRxjXqse79ExAlul+gjQwHeldAC+d4A6oZAgMBAAGjggOmMIIDojAMBgNV"
- + "HRMBAf8EAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAOBgNVHQ8BAf8EBAMCA/gwHQYD"
- + "VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBRUIoWAzlXbzBYE"
- + "yVTjQFWyMMKo1jCBkwYDVR0jBIGLMIGIgBTgc3Fm+TGqKDhen+oKfbl+xVbj2KFt"
- + "pGswaTEdMBsGCSqGSIb3DQEJARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZp"
- + "cmdpbmlhIFRlY2ggQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0"
- + "MQswCQYDVQQGEwJVU4IBADCBiwYJYIZIAYb4QgENBH4WfFZpcmdpbmlhIFRlY2gg"
- + "Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgZGlnaXRhbCBjZXJ0aWZpY2F0ZXMgYXJl"
- + "IHN1YmplY3QgdG8gcG9saWNpZXMgbG9jYXRlZCBhdCBodHRwOi8vd3d3LnBraS52"
- + "dC5lZHUvY2EvY3BzLy4wFwYDVR0RBBAwDoEMc3NoYWhAdnQuZWR1MBkGA1UdEgQS"
- + "MBCBDmlybWhlbHBAdnQuZWR1MEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcwAoYn"
- + "aHR0cDovL2JveDE3Ny5jYy52dC5lZHUvY2EvaXNzdWVycy5odG1sMEQGA1UdHwQ9"
- + "MDswOaA3oDWGM2h0dHA6Ly9ib3gxNzcuY2MudnQuZWR1L2h0ZG9jcy1wdWJsaWMv"
- + "Y3JsL2NhY3JsLmNybDBUBgNVHSAETTBLMA0GCysGAQQBtGgFAQEBMDoGCysGAQQB"
- + "tGgFAQEBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cucGtpLnZ0LmVkdS9jYS9j"
- + "cHMvMD8GCWCGSAGG+EIBBAQyFjBodHRwOi8vYm94MTc3LmNjLnZ0LmVkdS9jZ2kt"
- + "cHVibGljL2NoZWNrX3Jldl9jYT8wPAYJYIZIAYb4QgEDBC8WLWh0dHA6Ly9ib3gx"
- + "NzcuY2MudnQuZWR1L2NnaS1wdWJsaWMvY2hlY2tfcmV2PzBLBglghkgBhvhCAQcE"
- + "PhY8aHR0cHM6Ly9ib3gxNzcuY2MudnQuZWR1L35PcGVuQ0E4LjAxMDYzMC9jZ2kt"
- + "cHVibGljL3JlbmV3YWw/MCwGCWCGSAGG+EIBCAQfFh1odHRwOi8vd3d3LnBraS52"
- + "dC5lZHUvY2EvY3BzLzANBgkqhkiG9w0BAQQFAAOCAQEAHJ2ls9yjpZVcu5DqiE67"
- + "r7BfkdMnm7IOj2v8cd4EAlPp6OPBmjwDMwvKRBb/P733kLBqFNWXWKTpT008R0KB"
- + "8kehbx4h0UPz9vp31zhGv169+5iReQUUQSIwTGNWGLzrT8kPdvxiSAvdAJxcbRBm"
- + "KzDic5I8PoGe48kSCkPpT1oNmnivmcu5j1SMvlx0IS2BkFMksr0OHiAW1elSnE/N"
- + "RuX2k73b3FucwVxB3NRo3vgoHPCTnh9r4qItAHdxFlF+pPtbw2oHESKRfMRfOIHz"
- + "CLQWSIa6Tvg4NIV3RRJ0sbCObesyg08lymalQMdkXwtRn5eGE00SHWwEUjSXP2gR"
- + "3g==");
-
- public String getName()
- {
- return "AttrCertSelector";
- }
-
- private X509AttributeCertificateHolder createAttrCert() throws Exception
- {
- X509CertificateHolder iCertHolder = new X509CertificateHolder(holderCert);
- //
- // a sample key pair.
- //
- // RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
- // new BigInteger(
- // "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
- // 16), new BigInteger("11", 16));
-
- X509v2AttributeCertificateBuilder gen = new X509v2AttributeCertificateBuilder(
- new AttributeCertificateHolder(iCertHolder.getSubject()),
- new AttributeCertificateIssuer(new X500Name("cn=test")),
- BigInteger.ONE,
- new Date(System.currentTimeMillis() - 50000),
- new Date(System.currentTimeMillis() + 50000));
-
- // the actual attributes
- GeneralName roleName = new GeneralName(GeneralName.rfc822Name,
- "DAU123456789@test.com");
- ASN1EncodableVector roleSyntax = new ASN1EncodableVector();
- roleSyntax.add(roleName);
-
- // roleSyntax OID: 2.5.24.72
- gen.addAttribute(new ASN1ObjectIdentifier("2.5.24.72"), new DERSequence(roleSyntax));
-
-
- AlgorithmIdentifier sigAlg = sigAlgFinder.find("SHA1withRSA");
- AlgorithmIdentifier digAlg = digAlgFinder.find(sigAlg);
-
- ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlg, digAlg).build(RSA_PRIVATE_KEY_SPEC);
- Target targetName = new Target(Target.targetName, new GeneralName(GeneralName.dNSName,
- "www.test.com"));
-
- Target targetGroup = new Target(Target.targetGroup, new GeneralName(
- GeneralName.directoryName, "o=Test, ou=Test"));
- Target[] targets = new Target[2];
- targets[0] = targetName;
- targets[1] = targetGroup;
- TargetInformation targetInformation = new TargetInformation(targets);
-
- gen.addExtension(Extension.targetInformation, true, targetInformation);
-
- return gen.build(sigGen);
- }
-
- public void testSelector() throws Exception
- {
- X509AttributeCertificateHolder aCert = createAttrCert();
- X509AttributeCertificateHolderSelectorBuilder sel = new X509AttributeCertificateHolderSelectorBuilder();
- sel.setAttributeCert(aCert);
- boolean match = sel.build().match(aCert);
- if (!match)
- {
- fail("Selector does not match attribute certificate.");
- }
- sel.setAttributeCert(null);
- match = sel.build().match(aCert);
- if (!match)
- {
- fail("Selector does not match attribute certificate.");
- }
- sel.setHolder(aCert.getHolder());
- match = sel.build().match(aCert);
- if (!match)
- {
- fail("Selector does not match attribute certificate holder.");
- }
- sel.setHolder(null);
- sel.setIssuer(aCert.getIssuer());
- match = sel.build().match(aCert);
- if (!match)
- {
- fail("Selector does not match attribute certificate issuer.");
- }
- sel.setIssuer(null);
-
- X509CertificateHolder iCert = new X509CertificateHolder(holderCert);
- match = aCert.getHolder().match(iCert);
- if (!match)
- {
- fail("Issuer holder does not match signing certificate of attribute certificate.");
- }
-
- sel.setSerialNumber(aCert.getSerialNumber());
- match = sel.build().match(aCert);
- if (!match)
- {
- fail("Selector does not match attribute certificate serial number.");
- }
-
- sel.setAttributeCertificateValid(new Date());
- match = sel.build().match(aCert);
- if (!match)
- {
- fail("Selector does not match attribute certificate time.");
- }
-
- sel.addTargetName(new GeneralName(2, "www.test.com"));
- match = sel.build().match(aCert);
- if (!match)
- {
- fail("Selector does not match attribute certificate target name.");
- }
- sel.setTargetNames(null);
- sel.addTargetGroup(new GeneralName(4, "o=Test, ou=Test"));
- match = sel.build().match(aCert);
- if (!match)
- {
- fail("Selector does not match attribute certificate target group.");
- }
- sel.setTargetGroups(null);
- }
-}
-
diff --git a/pkix/src/test/java/org/bouncycastle/cert/test/BcAttrCertTest.java b/pkix/src/test/java/org/bouncycastle/cert/test/BcAttrCertTest.java
deleted file mode 100644
index 520920ad..00000000
--- a/pkix/src/test/java/org/bouncycastle/cert/test/BcAttrCertTest.java
+++ /dev/null
@@ -1,636 +0,0 @@
-package org.bouncycastle.cert.test;
-
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Date;
-import java.util.List;
-import java.util.Set;
-
-import junit.framework.TestCase;
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1String;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x500.style.RFC4519Style;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.Attribute;
-import org.bouncycastle.asn1.x509.Extension;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
-import org.bouncycastle.cert.AttributeCertificateHolder;
-import org.bouncycastle.cert.AttributeCertificateIssuer;
-import org.bouncycastle.cert.X509AttributeCertificateHolder;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.X509v2AttributeCertificateBuilder;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.RSAKeyParameters;
-import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
-import org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder;
-import org.bouncycastle.util.CollectionStore;
-import org.bouncycastle.util.Store;
-import org.bouncycastle.util.encoders.Base64;
-
-public class BcAttrCertTest
- extends TestCase
-{
- DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder();
- DefaultDigestAlgorithmIdentifierFinder digAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
-
- private static final AsymmetricKeyParameter RSA_PRIVATE_KEY_SPEC = new RSAPrivateCrtKeyParameters(
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16),
- new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
- new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
- new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
- new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
- new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
- new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
-
- public static byte[] attrCert = Base64.decode(
- "MIIHQDCCBqkCAQEwgZChgY2kgYowgYcxHDAaBgkqhkiG9w0BCQEWDW1sb3JjaEB2"
- + "dC5lZHUxHjAcBgNVBAMTFU1hcmt1cyBMb3JjaCAobWxvcmNoKTEbMBkGA1UECxMS"
- + "VmlyZ2luaWEgVGVjaCBVc2VyMRAwDgYDVQQLEwdDbGFzcyAyMQswCQYDVQQKEwJ2"
- + "dDELMAkGA1UEBhMCVVMwgYmkgYYwgYMxGzAZBgkqhkiG9w0BCQEWDHNzaGFoQHZ0"
- + "LmVkdTEbMBkGA1UEAxMSU3VtaXQgU2hhaCAoc3NoYWgpMRswGQYDVQQLExJWaXJn"
- + "aW5pYSBUZWNoIFVzZXIxEDAOBgNVBAsTB0NsYXNzIDExCzAJBgNVBAoTAnZ0MQsw"
- + "CQYDVQQGEwJVUzANBgkqhkiG9w0BAQQFAAIBBTAiGA8yMDAzMDcxODE2MDgwMloY"
- + "DzIwMDMwNzI1MTYwODAyWjCCBU0wggVJBgorBgEEAbRoCAEBMYIFORaCBTU8UnVs"
- + "ZSBSdWxlSWQ9IkZpbGUtUHJpdmlsZWdlLVJ1bGUiIEVmZmVjdD0iUGVybWl0Ij4K"
- + "IDxUYXJnZXQ+CiAgPFN1YmplY3RzPgogICA8U3ViamVjdD4KICAgIDxTdWJqZWN0"
- + "TWF0Y2ggTWF0Y2hJZD0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjEuMDpmdW5j"
- + "dGlvbjpzdHJpbmctZXF1YWwiPgogICAgIDxBdHRyaWJ1dGVWYWx1ZSBEYXRhVHlw"
- + "ZT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjc3RyaW5nIj4KICAg"
- + "ICAgIENOPU1hcmt1cyBMb3JjaDwvQXR0cmlidXRlVmFsdWU+CiAgICAgPFN1Ympl"
- + "Y3RBdHRyaWJ1dGVEZXNpZ25hdG9yIEF0dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFt"
- + "ZXM6dGM6eGFjbWw6MS4wOnN1YmplY3Q6c3ViamVjdC1pZCIgRGF0YVR5cGU9Imh0"
- + "dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hI3N0cmluZyIgLz4gCiAgICA8"
- + "L1N1YmplY3RNYXRjaD4KICAgPC9TdWJqZWN0PgogIDwvU3ViamVjdHM+CiAgPFJl"
- + "c291cmNlcz4KICAgPFJlc291cmNlPgogICAgPFJlc291cmNlTWF0Y2ggTWF0Y2hJ"
- + "ZD0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjEuMDpmdW5jdGlvbjpzdHJpbmct"
- + "ZXF1YWwiPgogICAgIDxBdHRyaWJ1dGVWYWx1ZSBEYXRhVHlwZT0iaHR0cDovL3d3"
- + "dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjYW55VVJJIj4KICAgICAgaHR0cDovL3p1"
- + "bmkuY3MudnQuZWR1PC9BdHRyaWJ1dGVWYWx1ZT4KICAgICA8UmVzb3VyY2VBdHRy"
- + "aWJ1dGVEZXNpZ25hdG9yIEF0dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFtZXM6dGM6"
- + "eGFjbWw6MS4wOnJlc291cmNlOnJlc291cmNlLWlkIiBEYXRhVHlwZT0iaHR0cDov"
- + "L3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjYW55VVJJIiAvPiAKICAgIDwvUmVz"
- + "b3VyY2VNYXRjaD4KICAgPC9SZXNvdXJjZT4KICA8L1Jlc291cmNlcz4KICA8QWN0"
- + "aW9ucz4KICAgPEFjdGlvbj4KICAgIDxBY3Rpb25NYXRjaCBNYXRjaElkPSJ1cm46"
- + "b2FzaXM6bmFtZXM6dGM6eGFjbWw6MS4wOmZ1bmN0aW9uOnN0cmluZy1lcXVhbCI+"
- + "CiAgICAgPEF0dHJpYnV0ZVZhbHVlIERhdGFUeXBlPSJodHRwOi8vd3d3LnczLm9y"
- + "Zy8yMDAxL1hNTFNjaGVtYSNzdHJpbmciPgpEZWxlZ2F0ZSBBY2Nlc3MgICAgIDwv"
- + "QXR0cmlidXRlVmFsdWU+CgkgIDxBY3Rpb25BdHRyaWJ1dGVEZXNpZ25hdG9yIEF0"
- + "dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFtZXM6dGM6eGFjbWw6MS4wOmFjdGlvbjph"
- + "Y3Rpb24taWQiIERhdGFUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNj"
- + "aGVtYSNzdHJpbmciIC8+IAogICAgPC9BY3Rpb25NYXRjaD4KICAgPC9BY3Rpb24+"
- + "CiAgPC9BY3Rpb25zPgogPC9UYXJnZXQ+CjwvUnVsZT4KMA0GCSqGSIb3DQEBBAUA"
- + "A4GBAGiJSM48XsY90HlYxGmGVSmNR6ZW2As+bot3KAfiCIkUIOAqhcphBS23egTr"
- + "6asYwy151HshbPNYz+Cgeqs45KkVzh7bL/0e1r8sDVIaaGIkjHK3CqBABnfSayr3"
- + "Rd1yBoDdEv8Qb+3eEPH6ab9021AsLEnJ6LWTmybbOpMNZ3tv");
-
- byte[] signCert = Base64.decode(
- "MIIGjTCCBXWgAwIBAgICAPswDQYJKoZIhvcNAQEEBQAwaTEdMBsGCSqGSIb3DQEJ"
- + "ARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZpcmdpbmlhIFRlY2ggQ2VydGlm"
- + "aWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0MQswCQYDVQQGEwJVUzAeFw0w"
- + "MzAxMzExMzUyMTRaFw0wNDAxMzExMzUyMTRaMIGDMRswGQYJKoZIhvcNAQkBFgxz"
- + "c2hhaEB2dC5lZHUxGzAZBgNVBAMTElN1bWl0IFNoYWggKHNzaGFoKTEbMBkGA1UE"
- + "CxMSVmlyZ2luaWEgVGVjaCBVc2VyMRAwDgYDVQQLEwdDbGFzcyAxMQswCQYDVQQK"
- + "EwJ2dDELMAkGA1UEBhMCVVMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPDc"
- + "scgSKmsEp0VegFkuitD5j5PUkDuzLjlfaYONt2SN8WeqU4j2qtlCnsipa128cyKS"
- + "JzYe9duUdNxquh5BPIkMkHBw4jHoQA33tk0J/sydWdN74/AHPpPieK5GHwhU7GTG"
- + "rCCS1PJRxjXqse79ExAlul+gjQwHeldAC+d4A6oZAgMBAAGjggOmMIIDojAMBgNV"
- + "HRMBAf8EAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAOBgNVHQ8BAf8EBAMCA/gwHQYD"
- + "VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBRUIoWAzlXbzBYE"
- + "yVTjQFWyMMKo1jCBkwYDVR0jBIGLMIGIgBTgc3Fm+TGqKDhen+oKfbl+xVbj2KFt"
- + "pGswaTEdMBsGCSqGSIb3DQEJARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZp"
- + "cmdpbmlhIFRlY2ggQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0"
- + "MQswCQYDVQQGEwJVU4IBADCBiwYJYIZIAYb4QgENBH4WfFZpcmdpbmlhIFRlY2gg"
- + "Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgZGlnaXRhbCBjZXJ0aWZpY2F0ZXMgYXJl"
- + "IHN1YmplY3QgdG8gcG9saWNpZXMgbG9jYXRlZCBhdCBodHRwOi8vd3d3LnBraS52"
- + "dC5lZHUvY2EvY3BzLy4wFwYDVR0RBBAwDoEMc3NoYWhAdnQuZWR1MBkGA1UdEgQS"
- + "MBCBDmlybWhlbHBAdnQuZWR1MEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcwAoYn"
- + "aHR0cDovL2JveDE3Ny5jYy52dC5lZHUvY2EvaXNzdWVycy5odG1sMEQGA1UdHwQ9"
- + "MDswOaA3oDWGM2h0dHA6Ly9ib3gxNzcuY2MudnQuZWR1L2h0ZG9jcy1wdWJsaWMv"
- + "Y3JsL2NhY3JsLmNybDBUBgNVHSAETTBLMA0GCysGAQQBtGgFAQEBMDoGCysGAQQB"
- + "tGgFAQEBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cucGtpLnZ0LmVkdS9jYS9j"
- + "cHMvMD8GCWCGSAGG+EIBBAQyFjBodHRwOi8vYm94MTc3LmNjLnZ0LmVkdS9jZ2kt"
- + "cHVibGljL2NoZWNrX3Jldl9jYT8wPAYJYIZIAYb4QgEDBC8WLWh0dHA6Ly9ib3gx"
- + "NzcuY2MudnQuZWR1L2NnaS1wdWJsaWMvY2hlY2tfcmV2PzBLBglghkgBhvhCAQcE"
- + "PhY8aHR0cHM6Ly9ib3gxNzcuY2MudnQuZWR1L35PcGVuQ0E4LjAxMDYzMC9jZ2kt"
- + "cHVibGljL3JlbmV3YWw/MCwGCWCGSAGG+EIBCAQfFh1odHRwOi8vd3d3LnBraS52"
- + "dC5lZHUvY2EvY3BzLzANBgkqhkiG9w0BAQQFAAOCAQEAHJ2ls9yjpZVcu5DqiE67"
- + "r7BfkdMnm7IOj2v8cd4EAlPp6OPBmjwDMwvKRBb/P733kLBqFNWXWKTpT008R0KB"
- + "8kehbx4h0UPz9vp31zhGv169+5iReQUUQSIwTGNWGLzrT8kPdvxiSAvdAJxcbRBm"
- + "KzDic5I8PoGe48kSCkPpT1oNmnivmcu5j1SMvlx0IS2BkFMksr0OHiAW1elSnE/N"
- + "RuX2k73b3FucwVxB3NRo3vgoHPCTnh9r4qItAHdxFlF+pPtbw2oHESKRfMRfOIHz"
- + "CLQWSIa6Tvg4NIV3RRJ0sbCObesyg08lymalQMdkXwtRn5eGE00SHWwEUjSXP2gR"
- + "3g==");
-
- static byte[] certWithBaseCertificateID = Base64.decode(
- "MIIBqzCCARQCAQEwSKBGMD6kPDA6MQswCQYDVQQGEwJJVDEOMAwGA1UEChMFVU5JVE4xDDAKBgNV"
- + "BAsTA0RJVDENMAsGA1UEAxMEcm9vdAIEAVMVjqB6MHikdjB0MQswCQYDVQQGEwJBVTEoMCYGA1UE"
- + "ChMfVGhlIExlZ2lvbiBvZiB0aGUgQm91bmN5IENhc3RsZTEjMCEGA1UECxMaQm91bmN5IFByaW1h"
- + "cnkgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUJvdW5jeSBDYXN0bGUwDQYJKoZIhvcNAQEFBQACBQKW"
- + "RhnHMCIYDzIwMDUxMjEyMTIwMDQyWhgPMjAwNTEyMTkxMjAxMzJaMA8wDQYDVRhIMQaBBGVWSVAw"
- + "DQYJKoZIhvcNAQEFBQADgYEAUAVin9StDaA+InxtXq/av6rUQLI9p1X6louBcj4kYJnxRvTrHpsr"
- + "N3+i9Uq/uk5lRdAqmPFvcmSbuE3TRAsjrXON5uFiBBKZ1AouLqcr8nHbwcdwjJ9TyUNO9I4hfpSH"
- + "UHHXMtBKgp4MOkhhX8xTGyWg3hp23d3GaUeg/IYlXBI=");
-
- byte[] holderCertWithBaseCertificateID = Base64.decode(
- "MIIBwDCCASmgAwIBAgIEAVMVjjANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJJVDEOMAwGA1UE"
- + "ChMFVU5JVE4xDDAKBgNVBAsTA0RJVDENMAsGA1UEAxMEcm9vdDAeFw0wNTExMTExMjAxMzJaFw0w"
- + "NjA2MTYxMjAxMzJaMD4xCzAJBgNVBAYTAklUMQ4wDAYDVQQKEwVVTklUTjEMMAoGA1UECxMDRElU"
- + "MREwDwYDVQQDEwhMdWNhQm9yejBaMA0GCSqGSIb3DQEBAQUAA0kAMEYCQQC0p+RhcFdPFqlwgrIr"
- + "5YtqKmKXmEGb4ShypL26Ymz66ZAPdqv7EhOdzl3lZWT6srZUMWWgQMYGiHQg4z2R7X7XAgERoxUw"
- + "EzARBglghkgBhvhCAQEEBAMCBDAwDQYJKoZIhvcNAQEFBQADgYEAsX50VPQQCWmHvPq9y9DeCpmS"
- + "4szcpFAhpZyn6gYRwY9CRZVtmZKH8713XhkGDWcIEMcG0u3oTz3tdKgPU5uyIPrDEWr6w8ClUj4x"
- + "5aVz5c2223+dVY7KES//JSB2bE/KCIchN3kAioQ4K8O3e0OL6oDVjsqKGw5bfahgKuSIk/Q=");
-
-
- public String getName()
- {
- return "AttrCertTest";
- }
-
- public void testCertWithBaseCertificateID()
- throws Exception
- {
- X509AttributeCertificateHolder attrCert = new X509AttributeCertificateHolder(certWithBaseCertificateID);
- X509CertificateHolder cert = new X509CertificateHolder(holderCertWithBaseCertificateID);
-
- AttributeCertificateHolder holder = attrCert.getHolder();
-
- if (holder.getEntityNames() != null)
- {
- fail("entity names set when none expected");
- }
-
- if (!holder.getSerialNumber().equals(cert.getSerialNumber()))
- {
- fail("holder serial number doesn't match");
- }
-
- if (!holder.getIssuer()[0].equals(cert.getIssuer()))
- {
- fail("holder issuer doesn't match");
- }
-
- if (!holder.match(cert))
- {
- fail("holder not matching holder certificate");
- }
-
- if (!holder.equals(holder.clone()))
- {
- fail("holder clone test failed");
- }
-
- if (!attrCert.getIssuer().equals(attrCert.getIssuer().clone()))
- {
- fail("issuer clone test failed");
- }
-
- //equalityAndHashCodeTest(attrCert, certWithBaseCertificateID);
- }
-
- private void equalityAndHashCodeTest(X509AttributeCertificateHolder attrCert, byte[] encoding)
- throws IOException
- {
- if (!attrCert.equals(attrCert))
- {
- fail("same certificate not equal");
- }
-
- if (!attrCert.getHolder().equals(attrCert.getHolder()))
- {
- fail("same holder not equal");
- }
-
- if (!attrCert.getIssuer().equals(attrCert.getIssuer()))
- {
- fail("same issuer not equal");
- }
-
- if (attrCert.getHolder().equals(attrCert.getIssuer()))
- {
- fail("wrong holder equal");
- }
-
- if (attrCert.getIssuer().equals(attrCert.getHolder()))
- {
- fail("wrong issuer equal");
- }
-
- X509AttributeCertificateHolder attrCert2 = new X509AttributeCertificateHolder(encoding);
-
- if (attrCert2.getHolder().hashCode() != attrCert.getHolder().hashCode())
- {
- fail("holder hashCode test failed");
- }
-
- if (!attrCert2.getHolder().equals(attrCert.getHolder()))
- {
- fail("holder equals test failed");
- }
-
- if (attrCert2.getIssuer().hashCode() != attrCert.getIssuer().hashCode())
- {
- fail("issuer hashCode test failed");
- }
-
- if (!attrCert2.getIssuer().equals(attrCert.getIssuer()))
- {
- fail("issuer equals test failed");
- }
- }
-
- public void testGenerateWithCert()
- throws Exception
- {
- X509CertificateHolder iCert = new X509CertificateHolder(signCert);
-
- //
- // a sample key pair.
- //
- AsymmetricKeyParameter pubKey = new RSAKeyParameters(
- false,
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16));
-
- //
- // set up the keys
- //
- AsymmetricKeyParameter privKey = RSA_PRIVATE_KEY_SPEC;
-
- X509v2AttributeCertificateBuilder gen = new X509v2AttributeCertificateBuilder(
- new AttributeCertificateHolder(iCert),
- new AttributeCertificateIssuer(new X500Name("cn=test")),
- BigInteger.ONE,
- new Date(System.currentTimeMillis() - 50000),
- new Date(System.currentTimeMillis() + 50000));
-
- // the actual attributes
- GeneralName roleName = new GeneralName(GeneralName.rfc822Name, "DAU123456789");
- ASN1EncodableVector roleSyntax = new ASN1EncodableVector();
- roleSyntax.add(roleName);
-
- // roleSyntax OID: 2.5.24.72;
-
- gen.addAttribute(new ASN1ObjectIdentifier("2.5.24.72"), new DERSequence(roleSyntax));
-
- AlgorithmIdentifier sigAlg = sigAlgFinder.find("SHA1withRSA");
- AlgorithmIdentifier digAlg = digAlgFinder.find(sigAlg);
-
- ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlg, digAlg).build(privKey);
-
- X509AttributeCertificateHolder aCert = gen.build(sigGen);
-
- if (!aCert.isValidOn(new Date()))
- {
- fail("certificate invalid");
- }
-
- if (!aCert.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey)))
- {
- fail("certificate signature not valid");
- }
-
- AttributeCertificateHolder holder = aCert.getHolder();
-
- if (holder.getEntityNames() != null)
- {
- fail("entity names set when none expected");
- }
-
- if (!holder.getSerialNumber().equals(iCert.getSerialNumber()))
- {
- fail("holder serial number doesn't match");
- }
-
- if (!holder.getIssuer()[0].equals(iCert.getIssuer()))
- {
- fail("holder issuer doesn't match");
- }
-
- if (!holder.match(iCert))
- {
- fail("generated holder not matching holder certificate");
- }
-
- Attribute[] attrs = aCert.getAttributes(new ASN1ObjectIdentifier("2.5.24.72"));
-
- if (attrs == null)
- {
- fail("attributes related to 2.5.24.72 not found");
- }
-
- Attribute attr = attrs[0];
-
- if (!attr.getAttrType().getId().equals("2.5.24.72"))
- {
- fail("attribute oid mismatch");
- }
-
- ASN1Encodable[] values = attr.getAttrValues().toArray();
-
- GeneralName role = GeneralNames.getInstance(values[0]).getNames()[0];
-
- if (role.getTagNo() != GeneralName.rfc822Name)
- {
- fail("wrong general name type found in role");
- }
-
- if (!((ASN1String)role.getName()).getString().equals("DAU123456789"))
- {
- fail("wrong general name value found in role");
- }
-
- X509CertificateHolder sCert = new X509CertificateHolder(holderCertWithBaseCertificateID);
-
- if (holder.match(sCert))
- {
- fail("generated holder matching wrong certificate");
- }
-
- equalityAndHashCodeTest(aCert, aCert.getEncoded());
- }
-
- public void testGenerateWithPrincipal()
- throws Exception
- {
- X509CertificateHolder iCert = new X509CertificateHolder(signCert);
-
- //
- // a sample key pair.
- //
- RSAKeyParameters pubKey = new RSAKeyParameters(
- false,
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16));
-
- //
- // set up the keys
- //
- AsymmetricKeyParameter privKey = RSA_PRIVATE_KEY_SPEC;
-
- X509v2AttributeCertificateBuilder gen = new X509v2AttributeCertificateBuilder(
- new AttributeCertificateHolder(iCert.getSubject()),
- new AttributeCertificateIssuer(new X500Name("cn=test")),
- BigInteger.ONE,
- new Date(System.currentTimeMillis() - 50000),
- new Date(System.currentTimeMillis() + 50000));
-
- // the actual attributes
- GeneralName roleName = new GeneralName(GeneralName.rfc822Name, "DAU123456789");
- ASN1EncodableVector roleSyntax = new ASN1EncodableVector();
- roleSyntax.add(roleName);
-
- // roleSyntax OID: 2.5.24.72
-
- gen.addAttribute(new ASN1ObjectIdentifier("2.5.24.72"), new DERSequence(roleSyntax));
-
- AlgorithmIdentifier sigAlg = sigAlgFinder.find("SHA1withRSA");
- AlgorithmIdentifier digAlg = digAlgFinder.find(sigAlg);
-
- ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlg, digAlg).build(privKey);
- X509AttributeCertificateHolder aCert = gen.build(sigGen);
-
- if (!aCert.isValidOn(new Date()))
- {
- fail("certificate invalid");
- }
-
- if (!aCert.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey)))
- {
- fail("certificate signature not valid");
- }
-
- AttributeCertificateHolder holder = aCert.getHolder();
-
- if (holder.getEntityNames() == null)
- {
- fail("entity names not set when expected");
- }
-
- if (holder.getSerialNumber() != null)
- {
- fail("holder serial number found when none expected");
- }
-
- if (holder.getIssuer() != null)
- {
- fail("holder issuer found when none expected");
- }
-
- if (!holder.match(iCert))
- {
- fail("generated holder not matching holder certificate");
- }
-
- X509CertificateHolder sCert = new X509CertificateHolder(holderCertWithBaseCertificateID);
-
- if (holder.match(sCert))
- {
- fail("principal generated holder matching wrong certificate");
- }
-
- equalityAndHashCodeTest(aCert, aCert.getEncoded());
- }
-
- public void testFully()
- throws Exception
- {
- X509AttributeCertificateHolder aCert = new X509AttributeCertificateHolder(attrCert);
- X509CertificateHolder sCert = new X509CertificateHolder(signCert);
-
- if (!aCert.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(sCert)))
- {
- fail("certificate signature not valid");
- }
-
- //
- // search test
- //
-
- List list = new ArrayList();
-
- list.add(sCert);
-
- Store store = new CollectionStore(list);
-
- Collection certs = store.getMatches(aCert.getIssuer());
- if (certs.size() != 1 || !certs.contains(sCert))
- {
- fail("sCert not found by issuer");
- }
-
- Attribute[] attrs = aCert.getAttributes(new ASN1ObjectIdentifier("1.3.6.1.4.1.6760.8.1.1"));
- if (attrs == null || attrs.length != 1)
- {
- fail("attribute not found");
- }
-
- //
- // reencode test
- //
- aCert = new X509AttributeCertificateHolder(aCert.getEncoded());
-
- if (!aCert.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(sCert)))
- {
- fail("certificate signature not valid");
- }
-
- X509AttributeCertificateHolder saCert = new X509AttributeCertificateHolder(aCert.getEncoded());
-
- if (!aCert.getNotAfter().equals(saCert.getNotAfter()))
- {
- fail("failed date comparison");
- }
-
- // base generator test
-
- //
- // a sample key pair.
- //
- AsymmetricKeyParameter pubKey = new RSAKeyParameters(
- false,
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16));
-
- AsymmetricKeyParameter privKey = RSA_PRIVATE_KEY_SPEC;
-
- X509v2AttributeCertificateBuilder gen = new X509v2AttributeCertificateBuilder(
- aCert.getHolder(),
- aCert.getIssuer(),
- aCert.getSerialNumber(),
- new Date(System.currentTimeMillis() - 50000),
- new Date(System.currentTimeMillis() + 50000));
-
- gen.addAttribute(attrs[0].getAttrType(), attrs[0].getAttributeValues());
-
- AlgorithmIdentifier sigAlg = sigAlgFinder.find("SHA1withRSA");
- AlgorithmIdentifier digAlg = digAlgFinder.find(sigAlg);
-
- ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlg, digAlg).build(privKey);
- aCert = gen.build(sigGen);
-
- if (!aCert.isValidOn(new Date()))
- {
- fail("certificate not valid");
- }
-
- if (!aCert.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey)))
- {
- fail("signature not valid");
- }
-
- // as the issuer is the same this should still work (even though it is not
- // technically correct
-
- certs = store.getMatches(aCert.getIssuer());
- if (certs.size() != 1 || !certs.contains(sCert))
- {
- fail("sCert not found by issuer");
- }
-
- attrs = aCert.getAttributes(new ASN1ObjectIdentifier("1.3.6.1.4.1.6760.8.1.1"));
- if (attrs == null || attrs.length != 1)
- {
- fail("attribute not found");
- }
-
- //
- // reencode test
- //
- aCert = new X509AttributeCertificateHolder(aCert.getEncoded());
-
- if (!aCert.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey)))
- {
- fail("signature not valid");
- }
-
- AttributeCertificateIssuer issuer = aCert.getIssuer();
-
- X500Name[] principals = issuer.getNames();
-
- //
- // test holder
- //
- AttributeCertificateHolder holder = aCert.getHolder();
-
- if (holder.getEntityNames() == null)
- {
- fail("entity names not set");
- }
-
- if (holder.getSerialNumber() != null)
- {
- fail("holder serial number set when none expected");
- }
-
- if (holder.getIssuer() != null)
- {
- fail("holder issuer set when none expected");
- }
-
- principals = holder.getEntityNames();
-
- X500Name principal0 = new X500Name(RFC4519Style.INSTANCE, principals[0]);
- if (!principal0.toString().equals("c=US,o=vt,ou=Class 2,ou=Virginia Tech User,cn=Markus Lorch (mlorch),1.2.840.113549.1.9.1=mlorch@vt.edu"))
- {
- System.err.println(principal0.toString());
- fail("principal[0] for entity names don't match");
- }
-
- //
- // extension test
- //
-
- if (aCert.hasExtensions())
- {
- fail("hasExtensions true with no extensions");
- }
-
- gen.addExtension(new ASN1ObjectIdentifier("1.1"), true, new DEROctetString(new byte[10]));
-
- gen.addExtension(new ASN1ObjectIdentifier("2.2"), false, new DEROctetString(new byte[20]));
-
- aCert = gen.build(sigGen);
-
- Set exts = aCert.getCriticalExtensionOIDs();
-
- if (exts.size() != 1 || !exts.contains(new ASN1ObjectIdentifier("1.1")))
- {
- fail("critical extension test failed");
- }
-
- exts = aCert.getNonCriticalExtensionOIDs();
-
- if (exts.size() != 1 || !exts.contains(new ASN1ObjectIdentifier("2.2")))
- {
- fail("non-critical extension test failed");
- }
-
- if (aCert.getCriticalExtensionOIDs().isEmpty())
- {
- fail("critical extensions not found");
- }
-
- Extension ext = aCert.getExtension(new ASN1ObjectIdentifier("1.1"));
- ASN1Encodable extValue = ext.getParsedValue();
-
- if (!extValue.equals(new DEROctetString(new byte[10])))
- {
- fail("wrong extension value found for 1.1");
- }
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cert/test/BcCertTest.java b/pkix/src/test/java/org/bouncycastle/cert/test/BcCertTest.java
deleted file mode 100644
index fd551381..00000000
--- a/pkix/src/test/java/org/bouncycastle/cert/test/BcCertTest.java
+++ /dev/null
@@ -1,1434 +0,0 @@
-package org.bouncycastle.cert.test;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.math.BigInteger;
-import java.security.SecureRandom;
-import java.security.cert.CRL;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.util.Collection;
-import java.util.Date;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-
-import junit.framework.TestCase;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1Enumerated;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x500.X500NameBuilder;
-import org.bouncycastle.asn1.x500.style.RFC4519Style;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
-import org.bouncycastle.asn1.x509.CRLReason;
-import org.bouncycastle.asn1.x509.Certificate;
-import org.bouncycastle.asn1.x509.Extension;
-import org.bouncycastle.asn1.x509.Extensions;
-import org.bouncycastle.asn1.x509.ExtensionsGenerator;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
-import org.bouncycastle.asn1.x509.KeyPurposeId;
-import org.bouncycastle.asn1.x509.KeyUsage;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.cert.CertException;
-import org.bouncycastle.cert.X509CRLEntryHolder;
-import org.bouncycastle.cert.X509CRLHolder;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.X509v1CertificateBuilder;
-import org.bouncycastle.cert.X509v2CRLBuilder;
-import org.bouncycastle.cert.X509v3CertificateBuilder;
-import org.bouncycastle.cert.bc.BcX509ExtensionUtils;
-import org.bouncycastle.cert.bc.BcX509v1CertificateBuilder;
-import org.bouncycastle.cert.bc.BcX509v3CertificateBuilder;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
-import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
-import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator;
-import org.bouncycastle.crypto.generators.DSAKeyPairGenerator;
-import org.bouncycastle.crypto.generators.DSAParametersGenerator;
-import org.bouncycastle.crypto.generators.RSAKeyPairGenerator;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.DSAKeyGenerationParameters;
-import org.bouncycastle.crypto.params.DSAParameters;
-import org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
-import org.bouncycastle.crypto.params.RSAKeyParameters;
-import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
-import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.ContentVerifierProvider;
-import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.bc.BcDSAContentSignerBuilder;
-import org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder;
-import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
-import org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder;
-import org.bouncycastle.util.encoders.Base64;
-
-public class BcCertTest
- extends TestCase
-{
- DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder();
- DefaultDigestAlgorithmIdentifierFinder digAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
-
- //
- // server.crt
- //
- byte[] cert1 = Base64.decode(
- "MIIDXjCCAsegAwIBAgIBBzANBgkqhkiG9w0BAQQFADCBtzELMAkGA1UEBhMCQVUx"
- + "ETAPBgNVBAgTCFZpY3RvcmlhMRgwFgYDVQQHEw9Tb3V0aCBNZWxib3VybmUxGjAY"
- + "BgNVBAoTEUNvbm5lY3QgNCBQdHkgTHRkMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBB"
- + "dXRob3JpdHkxFTATBgNVBAMTDENvbm5lY3QgNCBDQTEoMCYGCSqGSIb3DQEJARYZ"
- + "d2VibWFzdGVyQGNvbm5lY3Q0LmNvbS5hdTAeFw0wMDA2MDIwNzU2MjFaFw0wMTA2"
- + "MDIwNzU2MjFaMIG4MQswCQYDVQQGEwJBVTERMA8GA1UECBMIVmljdG9yaWExGDAW"
- + "BgNVBAcTD1NvdXRoIE1lbGJvdXJuZTEaMBgGA1UEChMRQ29ubmVjdCA0IFB0eSBM"
- + "dGQxFzAVBgNVBAsTDldlYnNlcnZlciBUZWFtMR0wGwYDVQQDExR3d3cyLmNvbm5l"
- + "Y3Q0LmNvbS5hdTEoMCYGCSqGSIb3DQEJARYZd2VibWFzdGVyQGNvbm5lY3Q0LmNv"
- + "bS5hdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArvDxclKAhyv7Q/Wmr2re"
- + "Gw4XL9Cnh9e+6VgWy2AWNy/MVeXdlxzd7QAuc1eOWQkGQEiLPy5XQtTY+sBUJ3AO"
- + "Rvd2fEVJIcjf29ey7bYua9J/vz5MG2KYo9/WCHIwqD9mmG9g0xLcfwq/s8ZJBswE"
- + "7sb85VU+h94PTvsWOsWuKaECAwEAAaN3MHUwJAYDVR0RBB0wG4EZd2VibWFzdGVy"
- + "QGNvbm5lY3Q0LmNvbS5hdTA6BglghkgBhvhCAQ0ELRYrbW9kX3NzbCBnZW5lcmF0"
- + "ZWQgY3VzdG9tIHNlcnZlciBjZXJ0aWZpY2F0ZTARBglghkgBhvhCAQEEBAMCBkAw"
- + "DQYJKoZIhvcNAQEEBQADgYEAotccfKpwSsIxM1Hae8DR7M/Rw8dg/RqOWx45HNVL"
- + "iBS4/3N/TO195yeQKbfmzbAA2jbPVvIvGgTxPgO1MP4ZgvgRhasaa0qCJCkWvpM4"
- + "yQf33vOiYQbpv4rTwzU8AmRlBG45WdjyNIigGV+oRc61aKCTnLq7zB8N3z1TF/bF"
- + "5/8=");
-
- //
- // ca.crt
- //
- byte[] cert2 = Base64.decode(
- "MIIDbDCCAtWgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBtzELMAkGA1UEBhMCQVUx"
- + "ETAPBgNVBAgTCFZpY3RvcmlhMRgwFgYDVQQHEw9Tb3V0aCBNZWxib3VybmUxGjAY"
- + "BgNVBAoTEUNvbm5lY3QgNCBQdHkgTHRkMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBB"
- + "dXRob3JpdHkxFTATBgNVBAMTDENvbm5lY3QgNCBDQTEoMCYGCSqGSIb3DQEJARYZ"
- + "d2VibWFzdGVyQGNvbm5lY3Q0LmNvbS5hdTAeFw0wMDA2MDIwNzU1MzNaFw0wMTA2"
- + "MDIwNzU1MzNaMIG3MQswCQYDVQQGEwJBVTERMA8GA1UECBMIVmljdG9yaWExGDAW"
- + "BgNVBAcTD1NvdXRoIE1lbGJvdXJuZTEaMBgGA1UEChMRQ29ubmVjdCA0IFB0eSBM"
- + "dGQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEVMBMGA1UEAxMMQ29u"
- + "bmVjdCA0IENBMSgwJgYJKoZIhvcNAQkBFhl3ZWJtYXN0ZXJAY29ubmVjdDQuY29t"
- + "LmF1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgs5ptNG6Qv1ZpCDuUNGmv"
- + "rhjqMDPd3ri8JzZNRiiFlBA4e6/ReaO1U8ASewDeQMH6i9R6degFdQRLngbuJP0s"
- + "xcEE+SksEWNvygfzLwV9J/q+TQDyJYK52utb++lS0b48A1KPLwEsyL6kOAgelbur"
- + "ukwxowprKUIV7Knf1ajetQIDAQABo4GFMIGCMCQGA1UdEQQdMBuBGXdlYm1hc3Rl"
- + "ckBjb25uZWN0NC5jb20uYXUwDwYDVR0TBAgwBgEB/wIBADA2BglghkgBhvhCAQ0E"
- + "KRYnbW9kX3NzbCBnZW5lcmF0ZWQgY3VzdG9tIENBIGNlcnRpZmljYXRlMBEGCWCG"
- + "SAGG+EIBAQQEAwICBDANBgkqhkiG9w0BAQQFAAOBgQCsGvfdghH8pPhlwm1r3pQk"
- + "msnLAVIBb01EhbXm2861iXZfWqGQjrGAaA0ZpXNk9oo110yxoqEoSJSzniZa7Xtz"
- + "soTwNUpE0SLHvWf/SlKdFWlzXA+vOZbzEv4UmjeelekTm7lc01EEa5QRVzOxHFtQ"
- + "DhkaJ8VqOMajkQFma2r9iA==");
-
- //
- // testx509.pem
- //
- byte[] cert3 = Base64.decode(
- "MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV"
- + "BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz"
- + "MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM"
- + "RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF"
- + "AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO"
- + "/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE"
- + "Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ"
- + "zl9HYIMxATFyqSiD9jsx");
-
- //
- // v3-cert1.pem
- //
- byte[] cert4 = Base64.decode(
- "MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx"
- + "NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz"
- + "dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw"
- + "ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu"
- + "ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2"
- + "ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp"
- + "miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C"
- + "AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK"
- + "Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x"
- + "DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR"
- + "MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB"
- + "AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21"
- + "X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3"
- + "WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO");
-
- //
- // v3-cert2.pem
- //
- byte[] cert5 = Base64.decode(
- "MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD"
- + "YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0"
- + "ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu"
- + "dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1"
- + "WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV"
- + "BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx"
- + "FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA"
- + "6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT"
- + "G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ"
- + "YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm"
- + "b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc"
- + "F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz"
- + "lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap"
- + "jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU=");
-
- //
- // pem encoded pkcs7
- //
- byte[] cert6 = Base64.decode(
- "MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJbzCCAj0w"
- + "ggGmAhEAzbp/VvDf5LxU/iKss3KqVTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUG"
- + "A1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2Vy"
- + "dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMjgwODAxMjM1OTU5WjBfMQsw"
- + "CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVi"
- + "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0A"
- + "MIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiH"
- + "mgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNePNGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF"
- + "4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEwDQYJKoZIhvcNAQECBQADgYEATD+4i8Zo3+5DMw5d"
- + "6abLB4RNejP/khv0Nq3YlSI2aBFsfELM85wuxAc/FLAPT/+Qknb54rxK6Y/NoIAK98Up8YIiXbix"
- + "3YEjo3slFUYweRb46gVLlH8dwhzI47f0EEA8E8NfH1PoSOSGtHuhNbB7Jbq4046rPzidADQAmPPR"
- + "cZQwggMuMIICl6ADAgECAhEA0nYujRQMPX2yqCVdr+4NdTANBgkqhkiG9w0BAQIFADBfMQswCQYD"
- + "VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGlj"
- + "IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTgwNTEyMDAwMDAwWhcNMDgwNTEy"
- + "MjM1OTU5WjCBzDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy"
- + "dXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5j"
- + "b3JwLiBCeSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDEgQ0Eg"
- + "SW5kaXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEgTm90IFZhbGlkYXRlZDCBnzANBgkqhkiG9w0B"
- + "AQEFAAOBjQAwgYkCgYEAu1pEigQWu1X9A3qKLZRPFXg2uA1Ksm+cVL+86HcqnbnwaLuV2TFBcHqB"
- + "S7lIE1YtxwjhhEKrwKKSq0RcqkLwgg4C6S/7wju7vsknCl22sDZCM7VuVIhPh0q/Gdr5FegPh7Yc"
- + "48zGmo5/aiSS4/zgZbqnsX7vyds3ashKyAkG5JkCAwEAAaN8MHowEQYJYIZIAYb4QgEBBAQDAgEG"
- + "MEcGA1UdIARAMD4wPAYLYIZIAYb4RQEHAQEwLTArBggrBgEFBQcCARYfd3d3LnZlcmlzaWduLmNv"
- + "bS9yZXBvc2l0b3J5L1JQQTAPBgNVHRMECDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B"
- + "AQIFAAOBgQCIuDc73dqUNwCtqp/hgQFxHpJqbS/28Z3TymQ43BuYDAeGW4UVag+5SYWklfEXfWe0"
- + "fy0s3ZpCnsM+tI6q5QsG3vJWKvozx74Z11NMw73I4xe1pElCY+zCphcPXVgaSTyQXFWjZSAA/Rgg"
- + "5V+CprGoksVYasGNAzzrw80FopCubjCCA/gwggNhoAMCAQICEBbbn/1G1zppD6KsP01bwywwDQYJ"
- + "KoZIhvcNAQEEBQAwgcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln"
- + "biBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvUlBB"
- + "IEluY29ycC4gQnkgUmVmLixMSUFCLkxURChjKTk4MUgwRgYDVQQDEz9WZXJpU2lnbiBDbGFzcyAx"
- + "IENBIEluZGl2aWR1YWwgU3Vic2NyaWJlci1QZXJzb25hIE5vdCBWYWxpZGF0ZWQwHhcNMDAxMDAy"
- + "MDAwMDAwWhcNMDAxMjAxMjM1OTU5WjCCAQcxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYD"
- + "VQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3Jl"
- + "cG9zaXRvcnkvUlBBIEluY29ycC4gYnkgUmVmLixMSUFCLkxURChjKTk4MR4wHAYDVQQLExVQZXJz"
- + "b25hIE5vdCBWYWxpZGF0ZWQxJzAlBgNVBAsTHkRpZ2l0YWwgSUQgQ2xhc3MgMSAtIE1pY3Jvc29m"
- + "dDETMBEGA1UEAxQKRGF2aWQgUnlhbjElMCMGCSqGSIb3DQEJARYWZGF2aWRAbGl2ZW1lZGlhLmNv"
- + "bS5hdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqxBsdeNmSvFqhMNwhQgNzM8mdjX9eSXb"
- + "DawpHtQHjmh0AKJSa3IwUY0VIsyZHuXWktO/CgaMBVPt6OVf/n0R2sQigMP6Y+PhEiS0vCJBL9aK"
- + "0+pOo2qXrjVBmq+XuCyPTnc+BOSrU26tJsX0P9BYorwySiEGxGanBNATdVL4NdUCAwEAAaOBnDCB"
- + "mTAJBgNVHRMEAjAAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHAQgwKjAoBggrBgEFBQcCARYcaHR0"
- + "cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTARBglghkgBhvhCAQEEBAMCB4AwMwYDVR0fBCwwKjAo"
- + "oCagJIYiaHR0cDovL2NybC52ZXJpc2lnbi5jb20vY2xhc3MxLmNybDANBgkqhkiG9w0BAQQFAAOB"
- + "gQBC8yIIdVGpFTf8/YiL14cMzcmL0nIRm4kGR3U59z7UtcXlfNXXJ8MyaeI/BnXwG/gD5OKYqW6R"
- + "yca9vZOxf1uoTBl82gInk865ED3Tej6msCqFzZffnSUQvOIeqLxxDlqYRQ6PmW2nAnZeyjcnbI5Y"
- + "syQSM2fmo7n6qJFP+GbFezGCAkUwggJBAgEBMIHhMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5j"
- + "LjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWdu"
- + "LmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UE"
- + "AxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJbmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3Qg"
- + "VmFsaWRhdGVkAhAW25/9Rtc6aQ+irD9NW8MsMAkGBSsOAwIaBQCggbowGAYJKoZIhvcNAQkDMQsG"
- + "CSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDAxMDAyMTczNTE4WjAjBgkqhkiG9w0BCQQxFgQU"
- + "gZjSaBEY2oxGvlQUIMnxSXhivK8wWwYJKoZIhvcNAQkPMU4wTDAKBggqhkiG9w0DBzAOBggqhkiG"
- + "9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwBwYFKw4DAh0w"
- + "DQYJKoZIhvcNAQEBBQAEgYAzk+PU91/ZFfoiuKOECjxEh9fDYE2jfDCheBIgh5gdcCo+sS1WQs8O"
- + "HreQ9Nop/JdJv1DQMBK6weNBBDoP0EEkRm1XCC144XhXZC82jBZohYmi2WvDbbC//YN58kRMYMyy"
- + "srrfn4Z9I+6kTriGXkrpGk9Q0LSGjmG2BIsqiF0dvwAAAAAAAA==");
-
- //
- // dsaWithSHA1 cert
- //
- byte[] cert7 = Base64.decode(
- "MIIEXAYJKoZIhvcNAQcCoIIETTCCBEkCAQExCzAJBgUrDgMCGgUAMAsGCSqG"
- + "SIb3DQEHAaCCAsMwggK/MIIB4AIBADCBpwYFKw4DAhswgZ0CQQEkJRHP+mN7"
- + "d8miwTMN55CUSmo3TO8WGCxgY61TX5k+7NU4XPf1TULjw3GobwaJX13kquPh"
- + "fVXk+gVy46n4Iw3hAhUBSe/QF4BUj+pJOF9ROBM4u+FEWA8CQQD4mSJbrABj"
- + "TUWrlnAte8pS22Tq4/FPO7jHSqjijUHfXKTrHL1OEqV3SVWcFy5j/cqBgX/z"
- + "m8Q12PFp/PjOhh+nMA4xDDAKBgNVBAMTA0lEMzAeFw05NzEwMDEwMDAwMDBa"
- + "Fw0zODAxMDEwMDAwMDBaMA4xDDAKBgNVBAMTA0lEMzCB8DCBpwYFKw4DAhsw"
- + "gZ0CQQEkJRHP+mN7d8miwTMN55CUSmo3TO8WGCxgY61TX5k+7NU4XPf1TULj"
- + "w3GobwaJX13kquPhfVXk+gVy46n4Iw3hAhUBSe/QF4BUj+pJOF9ROBM4u+FE"
- + "WA8CQQD4mSJbrABjTUWrlnAte8pS22Tq4/FPO7jHSqjijUHfXKTrHL1OEqV3"
- + "SVWcFy5j/cqBgX/zm8Q12PFp/PjOhh+nA0QAAkEAkYkXLYMtGVGWj9OnzjPn"
- + "sB9sefSRPrVegZJCZbpW+Iv0/1RP1u04pHG9vtRpIQLjzUiWvLMU9EKQTThc"
- + "eNMmWDCBpwYFKw4DAhswgZ0CQQEkJRHP+mN7d8miwTMN55CUSmo3TO8WGCxg"
- + "Y61TX5k+7NU4XPf1TULjw3GobwaJX13kquPhfVXk+gVy46n4Iw3hAhUBSe/Q"
- + "F4BUj+pJOF9ROBM4u+FEWA8CQQD4mSJbrABjTUWrlnAte8pS22Tq4/FPO7jH"
- + "SqjijUHfXKTrHL1OEqV3SVWcFy5j/cqBgX/zm8Q12PFp/PjOhh+nAy8AMCwC"
- + "FBY3dBSdeprGcqpr6wr3xbG+6WW+AhRMm/facKJNxkT3iKgJbp7R8Xd3QTGC"
- + "AWEwggFdAgEBMBMwDjEMMAoGA1UEAxMDSUQzAgEAMAkGBSsOAwIaBQCgXTAY"
- + "BgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wMjA1"
- + "MjQyMzEzMDdaMCMGCSqGSIb3DQEJBDEWBBS4WMsoJhf7CVbZYCFcjoTRzPkJ"
- + "xjCBpwYFKw4DAhswgZ0CQQEkJRHP+mN7d8miwTMN55CUSmo3TO8WGCxgY61T"
- + "X5k+7NU4XPf1TULjw3GobwaJX13kquPhfVXk+gVy46n4Iw3hAhUBSe/QF4BU"
- + "j+pJOF9ROBM4u+FEWA8CQQD4mSJbrABjTUWrlnAte8pS22Tq4/FPO7jHSqji"
- + "jUHfXKTrHL1OEqV3SVWcFy5j/cqBgX/zm8Q12PFp/PjOhh+nBC8wLQIVALID"
- + "dt+MHwawrDrwsO1Z6sXBaaJsAhRaKssrpevmLkbygKPV07XiAKBG02Zvb2Jh"
- + "cg==");
-
- //
- // testcrl.pem
- //
- byte[] crl1 = Base64.decode(
- "MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT"
- + "F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy"
- + "IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw"
- + "MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw"
- + "MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw"
- + "MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw"
- + "MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw"
- + "MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw"
- + "MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw"
- + "NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw"
- + "NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF"
- + "AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ"
- + "wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt"
- + "JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v");
-
- //
- // ecdsa cert with extra octet string.
- //
- byte[] oldEcdsa = Base64.decode(
- "MIICljCCAkCgAwIBAgIBATALBgcqhkjOPQQBBQAwgY8xCzAJBgNVBAYTAkFVMSgwJ"
- + "gYDVQQKEx9UaGUgTGVnaW9uIG9mIHRoZSBCb3VuY3kgQ2FzdGxlMRIwEAYDVQQHEw"
- + "lNZWxib3VybmUxETAPBgNVBAgTCFZpY3RvcmlhMS8wLQYJKoZIhvcNAQkBFiBmZWV"
- + "kYmFjay1jcnlwdG9AYm91bmN5Y2FzdGxlLm9yZzAeFw0wMTEyMDcwMTAwMDRaFw0w"
- + "MTEyMDcwMTAxNDRaMIGPMQswCQYDVQQGEwJBVTEoMCYGA1UEChMfVGhlIExlZ2lvb"
- + "iBvZiB0aGUgQm91bmN5IENhc3RsZTESMBAGA1UEBxMJTWVsYm91cm5lMREwDwYDVQ"
- + "QIEwhWaWN0b3JpYTEvMC0GCSqGSIb3DQEJARYgZmVlZGJhY2stY3J5cHRvQGJvdW5"
- + "jeWNhc3RsZS5vcmcwgeQwgb0GByqGSM49AgEwgbECAQEwKQYHKoZIzj0BAQIef///"
- + "////////////f///////gAAAAAAAf///////MEAEHn///////////////3///////"
- + "4AAAAAAAH///////AQeawFsO9zxiUHQ1lSSFHXKcanbL7J9HTd5YYXClCwKBB8CD/"
- + "qWPNyogWzMM7hkK+35BcPTWFc9Pyf7vTs8uaqvAh5///////////////9///+eXpq"
- + "fXZBx+9FSJoiQnQsDIgAEHwJbbcU7xholSP+w9nFHLebJUhqdLSU05lq/y9X+DHAw"
- + "CwYHKoZIzj0EAQUAA0MAMEACHnz6t4UNoVROp74ma4XNDjjGcjaqiIWPZLK8Bdw3G"
- + "QIeLZ4j3a6ividZl344UH+UPUE7xJxlYGuy7ejTsqRR");
-
- byte[] keyUsage = Base64.decode(
- "MIIE7TCCBFagAwIBAgIEOAOR7jANBgkqhkiG9w0BAQQFADCByTELMAkGA1UE"
- + "BhMCVVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MUgwRgYDVQQLFD93d3cuZW50"
- + "cnVzdC5uZXQvQ2xpZW50X0NBX0luZm8vQ1BTIGluY29ycC4gYnkgcmVmLiBs"
- + "aW1pdHMgbGlhYi4xJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExp"
- + "bWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENsaWVudCBDZXJ0aWZpY2F0"
- + "aW9uIEF1dGhvcml0eTAeFw05OTEwMTIxOTI0MzBaFw0xOTEwMTIxOTU0MzBa"
- + "MIHJMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxSDBGBgNV"
- + "BAsUP3d3dy5lbnRydXN0Lm5ldC9DbGllbnRfQ0FfSW5mby9DUFMgaW5jb3Jw"
- + "LiBieSByZWYuIGxpbWl0cyBsaWFiLjElMCMGA1UECxMcKGMpIDE5OTkgRW50"
- + "cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQgQ2xpZW50"
- + "IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUAA4GL"
- + "ADCBhwKBgQDIOpleMRffrCdvkHvkGf9FozTC28GoT/Bo6oT9n3V5z8GKUZSv"
- + "x1cDR2SerYIbWtp/N3hHuzeYEpbOxhN979IMMFGpOZ5V+Pux5zDeg7K6PvHV"
- + "iTs7hbqqdCz+PzFur5GVbgbUB01LLFZHGARS2g4Qk79jkJvh34zmAqTmT173"
- + "iwIBA6OCAeAwggHcMBEGCWCGSAGG+EIBAQQEAwIABzCCASIGA1UdHwSCARkw"
- + "ggEVMIHkoIHhoIHepIHbMIHYMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50"
- + "cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9DbGllbnRfQ0Ff"
- + "SW5mby9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjElMCMGA1UE"
- + "CxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50"
- + "cnVzdC5uZXQgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MQ0wCwYD"
- + "VQQDEwRDUkwxMCygKqAohiZodHRwOi8vd3d3LmVudHJ1c3QubmV0L0NSTC9D"
- + "bGllbnQxLmNybDArBgNVHRAEJDAigA8xOTk5MTAxMjE5MjQzMFqBDzIwMTkx"
- + "MDEyMTkyNDMwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUxPucKXuXzUyW"
- + "/O5bs8qZdIuV6kwwHQYDVR0OBBYEFMT7nCl7l81MlvzuW7PKmXSLlepMMAwG"
- + "A1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI"
- + "hvcNAQEEBQADgYEAP66K8ddmAwWePvrqHEa7pFuPeJoSSJn59DXeDDYHAmsQ"
- + "OokUgZwxpnyyQbJq5wcBoUv5nyU7lsqZwz6hURzzwy5E97BnRqqS5TvaHBkU"
- + "ODDV4qIxJS7x7EU47fgGWANzYrAQMY9Av2TgXD7FTx/aEkP/TOYGJqibGapE"
- + "PHayXOw=");
-
- byte[] nameCert = Base64.decode(
- "MIIEFjCCA3+gAwIBAgIEdS8BozANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJE"+
- "RTERMA8GA1UEChQIREFURVYgZUcxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRQ0Eg"+
- "REFURVYgRDAzIDE6UE4wIhgPMjAwMTA1MTAxMDIyNDhaGA8yMDA0MDUwOTEwMjI0"+
- "OFowgYQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIFAZCYXllcm4xEjAQBgNVBAcUCU7I"+
- "dXJuYmVyZzERMA8GA1UEChQIREFURVYgZUcxHTAbBgNVBAUTFDAwMDAwMDAwMDA4"+
- "OTU3NDM2MDAxMR4wHAYDVQQDFBVEaWV0bWFyIFNlbmdlbmxlaXRuZXIwgaEwDQYJ"+
- "KoZIhvcNAQEBBQADgY8AMIGLAoGBAJLI/LJLKaHoMk8fBECW/od8u5erZi6jI8Ug"+
- "C0a/LZyQUO/R20vWJs6GrClQtXB+AtfiBSnyZOSYzOdfDI8yEKPEv8qSuUPpOHps"+
- "uNCFdLZF1vavVYGEEWs2+y+uuPmg8q1oPRyRmUZ+x9HrDvCXJraaDfTEd9olmB/Z"+
- "AuC/PqpjAgUAwAAAAaOCAcYwggHCMAwGA1UdEwEB/wQCMAAwDwYDVR0PAQH/BAUD"+
- "AwdAADAxBgNVHSAEKjAoMCYGBSskCAEBMB0wGwYIKwYBBQUHAgEWD3d3dy56cy5k"+
- "YXRldi5kZTApBgNVHREEIjAggR5kaWV0bWFyLnNlbmdlbmxlaXRuZXJAZGF0ZXYu"+
- "ZGUwgYQGA1UdIwR9MHuhc6RxMG8xCzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1"+
- "bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0"+
- "MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjVSLUNBIDE6UE6CBACm8LkwDgYHAoIG"+
- "AQoMAAQDAQEAMEcGA1UdHwRAMD4wPKAUoBKGEHd3dy5jcmwuZGF0ZXYuZGWiJKQi"+
- "MCAxCzAJBgNVBAYTAkRFMREwDwYDVQQKFAhEQVRFViBlRzAWBgUrJAgDBAQNMAsT"+
- "A0VVUgIBBQIBATAdBgNVHQ4EFgQUfv6xFP0xk7027folhy+ziZvBJiwwLAYIKwYB"+
- "BQUHAQEEIDAeMBwGCCsGAQUFBzABhhB3d3cuZGlyLmRhdGV2LmRlMA0GCSqGSIb3"+
- "DQEBBQUAA4GBAEOVX6uQxbgtKzdgbTi6YLffMftFr2mmNwch7qzpM5gxcynzgVkg"+
- "pnQcDNlm5AIbS6pO8jTCLfCd5TZ5biQksBErqmesIl3QD+VqtB+RNghxectZ3VEs"+
- "nCUtcE7tJ8O14qwCb3TxS9dvIUFiVi4DjbxX46TdcTbTaK8/qr6AIf+l");
-
- byte[] probSelfSignedCert = Base64.decode(
- "MIICxTCCAi6gAwIBAgIQAQAAAAAAAAAAAAAAAAAAATANBgkqhkiG9w0BAQUFADBF"
- + "MScwJQYDVQQKEx4gRElSRUNUSU9OIEdFTkVSQUxFIERFUyBJTVBPVFMxGjAYBgNV"
- + "BAMTESBBQyBNSU5FRkkgQiBURVNUMB4XDTA0MDUwNzEyMDAwMFoXDTE0MDUwNzEy"
- + "MDAwMFowRTEnMCUGA1UEChMeIERJUkVDVElPTiBHRU5FUkFMRSBERVMgSU1QT1RT"
- + "MRowGAYDVQQDExEgQUMgTUlORUZJIEIgVEVTVDCBnzANBgkqhkiG9w0BAQEFAAOB"
- + "jQAwgYkCgYEAveoCUOAukZdcFCs2qJk76vSqEX0ZFzHqQ6faBPZWjwkgUNwZ6m6m"
- + "qWvvyq1cuxhoDvpfC6NXILETawYc6MNwwxsOtVVIjuXlcF17NMejljJafbPximEt"
- + "DQ4LcQeSp4K7FyFlIAMLyt3BQ77emGzU5fjFTvHSUNb3jblx0sV28c0CAwEAAaOB"
- + "tTCBsjAfBgNVHSMEGDAWgBSEJ4bLbvEQY8cYMAFKPFD1/fFXlzAdBgNVHQ4EFgQU"
- + "hCeGy27xEGPHGDABSjxQ9f3xV5cwDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIB"
- + "AQQEAwIBBjA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vYWRvbmlzLnBrNy5jZXJ0"
- + "cGx1cy5uZXQvZGdpLXRlc3QuY3JsMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN"
- + "AQEFBQADgYEAmToHJWjd3+4zknfsP09H6uMbolHNGG0zTS2lrLKpzcmkQfjhQpT9"
- + "LUTBvfs1jdjo9fGmQLvOG+Sm51Rbjglb8bcikVI5gLbclOlvqLkm77otjl4U4Z2/"
- + "Y0vP14Aov3Sn3k+17EfReYUZI4liuB95ncobC4e8ZM++LjQcIM0s+Vs=");
-
-
- byte[] gost34102001base = Base64.decode(
- "MIIB1DCCAYECEEjpVKXP6Wn1yVz3VeeDQa8wCgYGKoUDAgIDBQAwbTEfMB0G"
- + "A1UEAwwWR29zdFIzNDEwLTIwMDEgZXhhbXBsZTESMBAGA1UECgwJQ3J5cHRv"
- + "UHJvMQswCQYDVQQGEwJSVTEpMCcGCSqGSIb3DQEJARYaR29zdFIzNDEwLTIw"
- + "MDFAZXhhbXBsZS5jb20wHhcNMDUwMjAzMTUxNjQ2WhcNMTUwMjAzMTUxNjQ2"
- + "WjBtMR8wHQYDVQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQK"
- + "DAlDcnlwdG9Qcm8xCzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0"
- + "UjM0MTAtMjAwMUBleGFtcGxlLmNvbTBjMBwGBiqFAwICEzASBgcqhQMCAiQA"
- + "BgcqhQMCAh4BA0MABECElWh1YAIaQHUIzROMMYks/eUFA3pDXPRtKw/nTzJ+"
- + "V4/rzBa5lYgD0Jp8ha4P5I3qprt+VsfLsN8PZrzK6hpgMAoGBiqFAwICAwUA"
- + "A0EAHw5dw/aw/OiNvHyOE65kvyo4Hp0sfz3csM6UUkp10VO247ofNJK3tsLb"
- + "HOLjUaqzefrlGb11WpHYrvWFg+FcLA==");
-
- private final byte[] emptyDNCert = Base64.decode(
- "MIICfTCCAeagAwIBAgIBajANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJVUzEMMAoGA1UEChMD"
- + "Q0RXMQkwBwYDVQQLEwAxCTAHBgNVBAcTADEJMAcGA1UECBMAMRowGAYDVQQDExFUZW1wbGFyIFRl"
- + "c3QgMTAyNDEiMCAGCSqGSIb3DQEJARYTdGVtcGxhcnRlc3RAY2R3LmNvbTAeFw0wNjA1MjIwNTAw"
- + "MDBaFw0xMDA1MjIwNTAwMDBaMHwxCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNDRFcxCTAHBgNVBAsT"
- + "ADEJMAcGA1UEBxMAMQkwBwYDVQQIEwAxGjAYBgNVBAMTEVRlbXBsYXIgVGVzdCAxMDI0MSIwIAYJ"
- + "KoZIhvcNAQkBFhN0ZW1wbGFydGVzdEBjZHcuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB"
- + "gQDH3aJpJBfM+A3d84j5YcU6zEQaQ76u5xO9NSBmHjZykKS2kCcUqPpvVOPDA5WgV22dtKPh+lYV"
- + "iUp7wyCVwAKibq8HIbihHceFqMKzjwC639rMoDJ7bi/yzQWz1Zg+075a4FGPlUKn7Yfu89wKkjdW"
- + "wDpRPXc/agqBnrx5pJTXzQIDAQABow8wDTALBgNVHQ8EBAMCALEwDQYJKoZIhvcNAQEEBQADgYEA"
- + "RRsRsjse3i2/KClFVd6YLZ+7K1BE0WxFyY2bbytkwQJSxvv3vLSuweFUbhNxutb68wl/yW4GLy4b"
- + "1QdyswNxrNDXTuu5ILKhRDDuWeocz83aG2KGtr3JlFyr3biWGEyn5WUOE6tbONoQDJ0oPYgI6CAc"
- + "EHdUp0lioOCt6UOw7Cs=");
-
- private AsymmetricKeyParameter dudPublicKey = new AsymmetricKeyParameter(true)
- {
- public String getAlgorithm()
- {
- return null;
- }
-
- public String getFormat()
- {
- return null;
- }
-
- public byte[] getEncoded()
- {
- return null;
- }
-
- };
-
- public String getName()
- {
- return "CertTest";
- }
-
- public void checkCertificate(
- int id,
- byte[] bytes)
- {
- try
- {
- X509CertificateHolder certHldr = new X509CertificateHolder(bytes);
-
- SubjectPublicKeyInfo k = certHldr.getSubjectPublicKeyInfo();
- // System.out.println(cert);
- }
- catch (Exception e)
- {
- fail(e.toString());
- }
- }
- /*
- public void checkNameCertificate(
- int id,
- byte[] bytes)
- {
- ByteArrayInputStream bIn;
- String dump = "";
-
- try
- {
- bIn = new ByteArrayInputStream(bytes);
-
- CertificateFactory fact = CertificateFactory.getInstance("X.509", "LKBX-BC");
-
- X509Certificate cert = (X509Certificate)fact.generateCertificate(bIn);
-
- AsymmetricKeyParameter k = cert.getAsymmetricKeyParameter();
- if (!cert.getIssuerDN().toString().equals("C=DE,O=DATEV eG,0.2.262.1.10.7.20=1+CN=CA DATEV D03 1:PN"))
- {
- fail(id + " failed - name test.");
- }
- // System.out.println(cert);
- }
- catch (Exception e)
- {
- fail(dump + System.getProperty("line.separator") + getName() + ": "+ id + " failed - exception " + e.toString(), e);
- }
-
- }
- */
- public void checkKeyUsage(
- int id,
- byte[] bytes)
- throws IOException
- {
-
- X509CertificateHolder certHld = new X509CertificateHolder(bytes);
-
- if ((DERBitString.getInstance(certHld.getExtension(Extension.keyUsage).getParsedValue()).getBytes()[0] & 0x01) != 0)
- {
- fail("error generating cert - key usage wrong.");
- }
-
-
- }
-
-
- public void checkSelfSignedCertificate(
- int id,
- byte[] bytes)
- throws OperatorCreationException, IOException, CertException
- {
-
- X509CertificateHolder certHolder = new X509CertificateHolder(bytes);
-
- assertTrue(certHolder.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(certHolder)));
-
-
- }
-
- /**
- * we generate a self signed certificate for the sake of testing - RSA
- */
- public void checkCreation1()
- throws Exception
- {
- //
- // a sample key pair.
- //
- AsymmetricKeyParameter pubKey = new RSAKeyParameters(
- false,
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16));
-
- AsymmetricKeyParameter privKey = new RSAPrivateCrtKeyParameters(
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16),
- new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
- new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
- new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
- new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
- new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
- new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
-
- //
- // distinguished name table.
- //
- X500NameBuilder builder = new X500NameBuilder(RFC4519Style.INSTANCE);
-
- builder.addRDN(RFC4519Style.c, "AU");
- builder.addRDN(RFC4519Style.o, "The Legion of the Bouncy Castle");
- builder.addRDN(RFC4519Style.l, "Melbourne");
- builder.addRDN(RFC4519Style.st, "Victoria");
- builder.addRDN(PKCSObjectIdentifiers.pkcs_9_at_emailAddress, "feedback-crypto@bouncycastle.org");
-
- //
- // extensions
- //
-
- //
- // create the certificate - version 3 - without extensions
- //
- AlgorithmIdentifier sigAlg = sigAlgFinder.find("SHA256WithRSAEncryption");
- ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlg, digAlgFinder.find(sigAlg)).build(privKey);
- X509v3CertificateBuilder certGen = new BcX509v3CertificateBuilder(builder.build(), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - 50000), new Date(System.currentTimeMillis() + 50000),builder.build(), pubKey);
-
- X509CertificateHolder certH = certGen.build(sigGen);
-
- assertTrue(certH.isValidOn(new Date()));
-
- ContentVerifierProvider contentVerifierProvider = new BcRSAContentVerifierProviderBuilder(new DefaultDigestAlgorithmIdentifierFinder()).build(pubKey);
-
- assertTrue(certH.isSignatureValid(contentVerifierProvider));
-
- X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certH);
- Set dummySet = cert.getNonCriticalExtensionOIDs();
- if (dummySet != null)
- {
- fail("non-critical oid set should be null");
- }
- dummySet = cert.getCriticalExtensionOIDs();
- if (dummySet != null)
- {
- fail("critical oid set should be null");
- }
-
- //
- // create the certificate - version 3 - with extensions
- //
- sigGen = new BcRSAContentSignerBuilder(sigAlgFinder.find("MD5WithRSA"), digAlgFinder.find(sigAlgFinder.find("MD5withRSA"))).build(privKey);
- certGen = new BcX509v3CertificateBuilder(builder.build(), BigInteger.valueOf(1)
- , new Date(System.currentTimeMillis() - 50000)
- , new Date(System.currentTimeMillis() + 50000)
- , builder.build()
- , pubKey)
- .addExtension(new ASN1ObjectIdentifier("2.5.29.15"), true,
- new KeyUsage(KeyUsage.encipherOnly))
- .addExtension(new ASN1ObjectIdentifier("2.5.29.37"), true,
- new DERSequence(KeyPurposeId.anyExtendedKeyUsage))
- .addExtension(new ASN1ObjectIdentifier("2.5.29.17"), true,
- new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test")));
-
- X509CertificateHolder certHolder = certGen.build(sigGen);
-
- assertTrue(certHolder.isValidOn(new Date()));
-
- contentVerifierProvider = new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey);
- if (!certHolder.isSignatureValid(contentVerifierProvider))
- {
- fail("signature test failed");
- }
-
- ByteArrayInputStream bIn = new ByteArrayInputStream(certHolder.getEncoded());
- CertificateFactory certFact = CertificateFactory.getInstance("X.509");
-
- cert = (X509Certificate)certFact.generateCertificate(bIn);
-
- if (!cert.getKeyUsage()[7])
- {
- fail("error generating cert - key usage wrong.");
- }
-
- List l = cert.getExtendedKeyUsage();
- if (!l.get(0).equals(KeyPurposeId.anyExtendedKeyUsage.getId()))
- {
- fail("failed extended key usage test");
- }
-
- Collection c = cert.getSubjectAlternativeNames();
- Iterator it = c.iterator();
- while (it.hasNext())
- {
- List gn = (List)it.next();
- if (!gn.get(1).equals("test@test.test"))
- {
- fail("failed subject alternative names test");
- }
- }
-
- // System.out.println(cert);
-
- //
- // create the certificate - version 1
- //
- sigGen = new BcRSAContentSignerBuilder(sigAlgFinder.find("MD5WithRSA"), digAlgFinder.find(sigAlgFinder.find("MD5withRSA"))).build(privKey);
- X509v1CertificateBuilder certGen1 = new BcX509v1CertificateBuilder(builder.build(), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey);
-
- cert = new JcaX509CertificateConverter().getCertificate(certGen1.build(sigGen));
-
- assertTrue(certHolder.isValidOn(new Date()));
-
- contentVerifierProvider = new BcRSAContentVerifierProviderBuilder(new DefaultDigestAlgorithmIdentifierFinder()).build(pubKey);
-
- assertTrue(certHolder.isSignatureValid(contentVerifierProvider));
-
- bIn = new ByteArrayInputStream(cert.getEncoded());
- certFact = CertificateFactory.getInstance("X.509");
-
- cert = (X509Certificate)certFact.generateCertificate(bIn);
-
- // System.out.println(cert);
- if (!cert.getIssuerDN().equals(cert.getSubjectDN()))
- {
- fail("name comparison fails");
- }
-
-//
- // a lightweight key pair.
- //
- RSAKeyParameters lwPubKey = new RSAKeyParameters(
- false,
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16));
-
- RSAPrivateCrtKeyParameters lwPrivKey = new RSAPrivateCrtKeyParameters(
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16),
- new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
- new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
- new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
- new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
- new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
- new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
-
- //
- // distinguished name table.
- //
- builder = new X500NameBuilder(RFC4519Style.INSTANCE);
-
- builder.addRDN(RFC4519Style.c, "AU");
- builder.addRDN(RFC4519Style.o, "The Legion of the Bouncy Castle");
- builder.addRDN(RFC4519Style.l, "Melbourne");
- builder.addRDN(RFC4519Style.st, "Victoria");
- builder.addRDN(PKCSObjectIdentifiers.pkcs_9_at_emailAddress, "feedback-crypto@bouncycastle.org");
-
- //
- // extensions
- //
-
- //
- // create the certificate - version 3 - without extensions
- //
- AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption");
- AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
-
- sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(lwPrivKey);
- SubjectPublicKeyInfo pubInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(lwPubKey);
- certGen = new X509v3CertificateBuilder(builder.build(), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - 50000), new Date(System.currentTimeMillis() + 50000), builder.build(), pubInfo);
-
- certHolder = certGen.build(sigGen);
-
- assertTrue(certHolder.isValidOn(new Date()));
-
- contentVerifierProvider = new BcRSAContentVerifierProviderBuilder(new DefaultDigestAlgorithmIdentifierFinder()).build(lwPubKey);
-
- assertTrue(certHolder.isSignatureValid(contentVerifierProvider));
-
- if (!certHolder.isSignatureValid(contentVerifierProvider))
- {
- fail("lw sig verification failed");
- }
- }
-
- /**
- * we generate a self signed certificate for the sake of testing - DSA
- */
- public void checkCreation2()
- throws Exception
- {
- //
- // set up the keys
- //
- AsymmetricKeyParameter privKey;
- AsymmetricKeyParameter pubKey;
-
- AsymmetricCipherKeyPairGenerator kpg = new DSAKeyPairGenerator();
- BigInteger r = new BigInteger("68076202252361894315274692543577577550894681403");
- BigInteger s = new BigInteger("1089214853334067536215539335472893651470583479365");
- DSAParametersGenerator pGen = new DSAParametersGenerator();
-
- pGen.init(512, 80, new SecureRandom());
-
- DSAParameters params = pGen.generateParameters();
- DSAKeyGenerationParameters genParam = new DSAKeyGenerationParameters(new SecureRandom(), params);
-
- kpg.init(genParam);
-
- AsymmetricCipherKeyPair pair = kpg.generateKeyPair();
-
- privKey = (AsymmetricKeyParameter)pair.getPrivate();
- pubKey = (AsymmetricKeyParameter)pair.getPublic();
-
- //
- // distinguished name table.
- //
- X500NameBuilder builder = createStdBuilder();
-
- //
- // extensions
- //
-
- //
- // create the certificate - version 3
- //
- AlgorithmIdentifier sigAlgId = sigAlgFinder.find("SHA1withDSA");
- AlgorithmIdentifier digAlgId = digAlgFinder.find(sigAlgId);
-
- ContentSigner sigGen = new BcDSAContentSignerBuilder(sigAlgId, digAlgId).build(privKey);
- X509v3CertificateBuilder certGen = new BcX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey);
-
-
- X509CertificateHolder cert = certGen.build(sigGen);
-
- assertTrue(cert.isValidOn(new Date()));
-
- assertTrue(cert.isSignatureValid(new BcDSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey)));
-
-
- //
- // create the certificate - version 1
- //
- sigAlgId = sigAlgFinder.find("SHA1withDSA");
- digAlgId = digAlgFinder.find(sigAlgId);
-
- sigGen = new BcDSAContentSignerBuilder(sigAlgId, digAlgId).build(privKey);
- X509v1CertificateBuilder certGen1 = new BcX509v1CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey);
-
- cert = certGen1.build(sigGen);
-
- assertTrue(cert.isValidOn(new Date()));
-
- assertTrue(cert.isSignatureValid(new BcDSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey)));
-
- ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded());
- CertificateFactory fact = CertificateFactory.getInstance("X.509");
-
- X509Certificate x509cert = (X509Certificate)fact.generateCertificate(bIn);
-
- //System.out.println(cert);
- }
-
- private X500NameBuilder createStdBuilder()
- {
- X500NameBuilder builder = new X500NameBuilder(RFC4519Style.INSTANCE);
-
- builder.addRDN(RFC4519Style.c, "AU");
- builder.addRDN(RFC4519Style.o, "The Legion of the Bouncy Castle");
- builder.addRDN(RFC4519Style.l, "Melbourne");
- builder.addRDN(RFC4519Style.st, "Victoria");
- builder.addRDN(PKCSObjectIdentifiers.pkcs_9_at_emailAddress, "feedback-crypto@bouncycastle.org");
-
- return builder;
- }
-
- private void checkCRL(
- int id,
- byte[] bytes)
- {
- String dump = "";
-
- try
- {
- X509CRLHolder crlHolder = new X509CRLHolder(bytes);
-
- }
- catch (Exception e)
- {
- fail(dump + System.getProperty("line.separator") + getName() + ": "+ id + " failed - exception " + e.toString());
- }
-
- }
-
- public void checkCRLCreation1()
- throws Exception
- {
- AsymmetricCipherKeyPairGenerator kpg = new RSAKeyPairGenerator();
- RSAKeyGenerationParameters genParam = new RSAKeyGenerationParameters(
- BigInteger.valueOf(0x1001), new SecureRandom(), 1024, 25);
-
- kpg.init(genParam);
-
- AsymmetricCipherKeyPair pair = kpg.generateKeyPair();
- Date now = new Date();
-
- X509v2CRLBuilder crlGen = new X509v2CRLBuilder(new X500Name("CN=Test CA"), now);
-
- BcX509ExtensionUtils extFact = new BcX509ExtensionUtils(new SHA1DigestCalculator());
-
- crlGen.setNextUpdate(new Date(now.getTime() + 100000));
-
- crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn);
-
- crlGen.addExtension(Extension.authorityKeyIdentifier, false, extFact.createAuthorityKeyIdentifier(pair.getPublic()));
-
- AlgorithmIdentifier sigAlg = sigAlgFinder.find("SHA256withRSAEncryption");
- AlgorithmIdentifier digAlg = digAlgFinder.find(sigAlg);
-
- X509CRLHolder crl = crlGen.build(new BcRSAContentSignerBuilder(sigAlg, digAlg).build(pair.getPrivate()));
-
- if (!crl.getIssuer().equals(new X500Name("CN=Test CA")))
- {
- fail("failed CRL issuer test");
- }
-
- Extension authExt = crl.getExtension(Extension.authorityKeyIdentifier);
-
- if (authExt == null)
- {
- fail("failed to find CRL extension");
- }
-
- AuthorityKeyIdentifier authId = AuthorityKeyIdentifier.getInstance(authExt.getParsedValue());
-
- X509CRLEntryHolder entry = crl.getRevokedCertificate(BigInteger.ONE);
-
- if (entry == null)
- {
- fail("failed to find CRL entry");
- }
-
- if (!entry.getSerialNumber().equals(BigInteger.ONE))
- {
- fail("CRL cert serial number does not match");
- }
-
- if (!entry.hasExtensions())
- {
- fail("CRL entry extension not found");
- }
-
- Extension ext = entry.getExtension(Extension.reasonCode);
-
- if (ext != null)
- {
- ASN1Enumerated reasonCode = ASN1Enumerated.getInstance(ext.getParsedValue());
-
- if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
- {
- fail("CRL entry reasonCode wrong");
- }
- }
- else
- {
- fail("CRL entry reasonCode not found");
- }
- }
-
- public void checkCRLCreation2()
- throws Exception
- {
- AsymmetricCipherKeyPairGenerator kpg = new RSAKeyPairGenerator();
- RSAKeyGenerationParameters genParam = new RSAKeyGenerationParameters(
- BigInteger.valueOf(0x1001), new SecureRandom(), 1024, 25);
-
- kpg.init(genParam);
-
- AsymmetricCipherKeyPair pair = kpg.generateKeyPair();
- Date now = new Date();
-
- X509v2CRLBuilder crlGen = new X509v2CRLBuilder(new X500Name("CN=Test CA"), now);
-
- crlGen.setNextUpdate(new Date(now.getTime() + 100000));
-
- ExtensionsGenerator extGen = new ExtensionsGenerator();
-
- CRLReason crlReason = CRLReason.lookup(CRLReason.privilegeWithdrawn);
-
- extGen.addExtension(Extension.reasonCode, false, crlReason);
-
- BcX509ExtensionUtils extFact = new BcX509ExtensionUtils(new SHA1DigestCalculator());
-
- crlGen.addCRLEntry(BigInteger.ONE, now, extGen.generate());
-
- crlGen.addExtension(Extension.authorityKeyIdentifier, false, extFact.createAuthorityKeyIdentifier((AsymmetricKeyParameter)pair.getPublic()));
-
- AlgorithmIdentifier sigAlg = sigAlgFinder.find("SHA256withRSAEncryption");
- AlgorithmIdentifier digAlg = digAlgFinder.find(sigAlg);
-
- X509CRLHolder crlHolder = crlGen.build(new BcRSAContentSignerBuilder(sigAlg, digAlg).build((AsymmetricKeyParameter)pair.getPrivate()));
-
- if (!crlHolder.getIssuer().equals(new X500Name("CN=Test CA")))
- {
- fail("failed CRL issuer test");
- }
-
- Extension authExt = crlHolder.getExtension(Extension.authorityKeyIdentifier);
-
- if (authExt == null)
- {
- fail("failed to find CRL extension");
- }
-
- AuthorityKeyIdentifier authId = AuthorityKeyIdentifier.getInstance(authExt.getParsedValue());
-
- X509CRLEntryHolder entry = crlHolder.getRevokedCertificate(BigInteger.ONE);
-
- if (entry == null)
- {
- fail("failed to find CRL entry");
- }
-
- if (!entry.getSerialNumber().equals(BigInteger.ONE))
- {
- fail("CRL cert serial number does not match");
- }
-
- if (!entry.hasExtensions())
- {
- fail("CRL entry extension not found");
- }
-
- Extension ext = entry.getExtension(Extension.reasonCode);
-
- if (ext != null)
- {
- ASN1Enumerated reasonCode = ASN1Enumerated.getInstance(ext.getParsedValue());
-
- if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
- {
- fail("CRL entry reasonCode wrong");
- }
- }
- else
- {
- fail("CRL entry reasonCode not found");
- }
- }
-
- public void checkCRLCreation3()
- throws Exception
- {
- AsymmetricCipherKeyPairGenerator kpg = new RSAKeyPairGenerator();
- RSAKeyGenerationParameters genParam = new RSAKeyGenerationParameters(
- BigInteger.valueOf(0x1001), new SecureRandom(), 1024, 25);
-
- kpg.init(genParam);
-
- AsymmetricCipherKeyPair pair = kpg.generateKeyPair();
- Date now = new Date();
- X509v2CRLBuilder crlGen = new X509v2CRLBuilder(new X500Name("CN=Test CA"), now);
-
- crlGen.setNextUpdate(new Date(now.getTime() + 100000));
-
- ExtensionsGenerator extGen = new ExtensionsGenerator();
-
- CRLReason crlReason = CRLReason.lookup(CRLReason.privilegeWithdrawn);
-
- extGen.addExtension(Extension.reasonCode, false, crlReason);
-
- BcX509ExtensionUtils extFact = new BcX509ExtensionUtils(new SHA1DigestCalculator());
-
- Extensions entryExtensions = extGen.generate();
-
- crlGen.addCRLEntry(BigInteger.ONE, now, entryExtensions);
-
- crlGen.addExtension(Extension.authorityKeyIdentifier, false, extFact.createAuthorityKeyIdentifier((AsymmetricKeyParameter)pair.getPublic()));
-
- AlgorithmIdentifier sigAlg = sigAlgFinder.find("SHA256withRSAEncryption");
- AlgorithmIdentifier digAlg = digAlgFinder.find(sigAlg);
-
- X509CRLHolder crlHolder = crlGen.build(new BcRSAContentSignerBuilder(sigAlg, digAlg).build((AsymmetricKeyParameter)pair.getPrivate()));
-
- if (!crlHolder.getIssuer().equals(new X500Name("CN=Test CA")))
- {
- fail("failed CRL issuer test");
- }
-
- Extension authExt = crlHolder.getExtension(Extension.authorityKeyIdentifier);
-
- if (authExt == null)
- {
- fail("failed to find CRL extension");
- }
-
- AuthorityKeyIdentifier authId = AuthorityKeyIdentifier.getInstance(authExt.getParsedValue());
-
- X509CRLEntryHolder entry = crlHolder.getRevokedCertificate(BigInteger.ONE);
-
- if (entry == null)
- {
- fail("failed to find CRL entry");
- }
-
- if (!entry.getSerialNumber().equals(BigInteger.ONE))
- {
- fail("CRL cert serial number does not match");
- }
-
- if (!entry.hasExtensions())
- {
- fail("CRL entry extension not found");
- }
-
- Extension ext = entry.getExtension(Extension.reasonCode);
-
- if (ext != null)
- {
- ASN1Enumerated reasonCode = ASN1Enumerated.getInstance(ext.getParsedValue());
-
- if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
- {
- fail("CRL entry reasonCode wrong");
- }
- }
- else
- {
- fail("CRL entry reasonCode not found");
- }
-
- //
- // check loading of existing CRL
- //
- now = new Date();
- crlGen = new X509v2CRLBuilder(new X500Name("CN=Test CA"), now);
-
- crlGen.setNextUpdate(new Date(now.getTime() + 100000));
-
- crlGen.addCRL(crlHolder);
-
- crlGen.addCRLEntry(BigInteger.valueOf(2), now, entryExtensions);
-
- crlGen.addExtension(Extension.authorityKeyIdentifier, false, extFact.createAuthorityKeyIdentifier(pair.getPublic()));
-
- crlHolder = crlGen.build(new BcRSAContentSignerBuilder(sigAlg, digAlg).build(pair.getPrivate()));
-
- int count = 0;
- boolean oneFound = false;
- boolean twoFound = false;
-
- Iterator it = crlHolder.getRevokedCertificates().iterator();
- while (it.hasNext())
- {
- X509CRLEntryHolder crlEnt = (X509CRLEntryHolder)it.next();
-
- if (crlEnt.getSerialNumber().intValue() == 1)
- {
- oneFound = true;
- Extension extn = crlEnt.getExtension(Extension.reasonCode);
-
- if (extn != null)
- {
- ASN1Enumerated reasonCode = ASN1Enumerated.getInstance(extn.getParsedValue());
-
- if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
- {
- fail("CRL entry reasonCode wrong on recheck");
- }
- }
- else
- {
- fail("CRL entry reasonCode not found on recheck");
- }
- }
- else if (crlEnt.getSerialNumber().intValue() == 2)
- {
- twoFound = true;
- }
-
- count++;
- }
-
- if (count != 2)
- {
- fail("wrong number of CRLs found, got: " + count);
- }
-
- if (!oneFound || !twoFound)
- {
- fail("wrong CRLs found in copied list");
- }
-
- //
- // check factory read back
- //
- CertificateFactory cFact = CertificateFactory.getInstance("X.509");
-
- X509CRL readCrl = (X509CRL)cFact.generateCRL(new ByteArrayInputStream(crlHolder.getEncoded()));
-
- if (readCrl == null)
- {
- fail("crl not returned!");
- }
-
- Collection col = cFact.generateCRLs(new ByteArrayInputStream(crlHolder.getEncoded()));
-
- if (col.size() != 1)
- {
- fail("wrong number of CRLs found in collection");
- }
- }
-
- public void checkCreation5()
- throws Exception
- {
- //
- // a sample key pair.
- //
- AsymmetricKeyParameter pubKey = new RSAKeyParameters(
- false,
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16));
-
- AsymmetricKeyParameter privKey = new RSAPrivateCrtKeyParameters(
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16),
- new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
- new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
- new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
- new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
- new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
- new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
-
- //
- // set up the keys
- //
- SecureRandom rand = new SecureRandom();
-
- //
- // distinguished name table.
- //
- X500NameBuilder builder = createStdBuilder();
-
- //
- // create base certificate - version 3
- //
- AlgorithmIdentifier sigAlg = sigAlgFinder.find("MD5WithRSA");
- AlgorithmIdentifier digAlg = digAlgFinder.find(sigAlg);
-
- ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlg, digAlg).build(privKey);
- ASN1ObjectIdentifier extOid = new ASN1ObjectIdentifier("2.5.29.37");
- X509v3CertificateBuilder certGen = new BcX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey)
- .addExtension(new ASN1ObjectIdentifier("2.5.29.15"), true,
- new KeyUsage(KeyUsage.encipherOnly))
- .addExtension(extOid, true,
- new DERSequence(KeyPurposeId.anyExtendedKeyUsage))
- .addExtension(new ASN1ObjectIdentifier("2.5.29.17"), true,
- new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test")));
-
- X509CertificateHolder baseCert = certGen.build(sigGen);
-
- //
- // copy certificate
- //
-
- certGen = new BcX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey)
- .copyAndAddExtension(new ASN1ObjectIdentifier("2.5.29.15"), true, baseCert)
- .copyAndAddExtension(extOid, false, baseCert);
-
- X509CertificateHolder cert = certGen.build(sigGen);
-
- assertTrue(cert.isValidOn(new Date()));
-
- assertTrue(cert.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey)));
-
- if (!baseCert.getExtension(new ASN1ObjectIdentifier("2.5.29.15")).equals(cert.getExtension(new ASN1ObjectIdentifier("2.5.29.15"))))
- {
- fail("2.5.29.15 differs");
- }
-
- assertTrue(baseCert.getExtension(extOid).getExtnId().equals(cert.getExtension(extOid).getExtnId()));
- assertFalse(baseCert.getExtension(extOid).isCritical() == cert.getExtension(extOid).isCritical());
- if (!baseCert.getExtension(extOid).getParsedValue().equals(cert.getExtension(extOid).getParsedValue()))
- {
- fail("2.5.29.37 differs");
- }
-
- //
- // exception test
- //
-
- try
- {
- certGen.copyAndAddExtension(new ASN1ObjectIdentifier("2.5.99.99"), true, baseCert);
-
- fail("exception not thrown on dud extension copy");
- }
- catch (NullPointerException e)
- {
- // expected
- }
-
-// try
-// {
-// certGen.setPublicKey(dudPublicKey);
-//
-// certGen.generate(privKey, BC);
-//
-// fail("key without encoding not detected in v3");
-// }
-// catch (IllegalArgumentException e)
-// {
-// // expected
-// }
-
- }
-
- public void testForgedSignature()
- throws Exception
- {
- String cert = "MIIBsDCCAVoCAQYwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV"
- + "BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD"
- + "VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw0wNjA5MTEyMzU4NTVa"
- + "Fw0wNjEwMTEyMzU4NTVaMGMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNs"
- + "YW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEjMCEGA1UEAxMaU2VydmVy"
- + "IHRlc3QgY2VydCAoNTEyIGJpdCkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PD"
- + "hCeV/xIxUg8V70YRxK2A5jZbD92A12GN4PxyRQk0/lVmRUNMaJdq/qigpd9feP/u"
- + "12S4PwTLb/8q/v657QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAbynCRIlUQgaqyNgU"
- + "DF6P14yRKUtX8akOP2TwStaSiVf/akYqfLFm3UGka5XbPj4rifrZ0/sOoZEEBvHQ"
- + "e20sRA==";
-
- X509CertificateHolder hldr = new X509CertificateHolder(Base64.decode(cert));
-
- assertFalse(hldr.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(hldr)));
- }
-
- private void pemTest()
- throws Exception
- {
- CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
-
- X509Certificate cert = readPEMCert(cf, PEMData.CERTIFICATE_1);
- if (cert == null)
- {
- fail("PEM cert not read");
- }
- cert = readPEMCert(cf, "-----BEGIN CERTIFICATE-----" + PEMData.CERTIFICATE_2);
- if (cert == null)
- {
- fail("PEM cert with extraneous header not read");
- }
- CRL crl = cf.generateCRL(new ByteArrayInputStream(PEMData.CRL_1.getBytes("US-ASCII")));
- if (crl == null)
- {
- fail("PEM crl not read");
- }
- Collection col = cf.generateCertificates(new ByteArrayInputStream(PEMData.CERTIFICATE_2.getBytes("US-ASCII")));
- if (col.size() != 1 || !col.contains(cert))
- {
- fail("PEM cert collection not right");
- }
- col = cf.generateCRLs(new ByteArrayInputStream(PEMData.CRL_2.getBytes("US-ASCII")));
- if (col.size() != 1 || !col.contains(crl))
- {
- fail("PEM crl collection not right");
- }
- }
-
- private static X509Certificate readPEMCert(CertificateFactory cf, String pemData)
- throws CertificateException, UnsupportedEncodingException
- {
- return (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(pemData.getBytes("US-ASCII")));
- }
-
- private void createPSSCert(String algorithm)
- throws Exception
- {
- AsymmetricCipherKeyPair pair = generateLongFixedKeys();
-
- AsymmetricKeyParameter privKey = (AsymmetricKeyParameter)pair.getPrivate();
- AsymmetricKeyParameter pubKey = (AsymmetricKeyParameter)pair.getPublic();
-
- //
- // distinguished name table.
- //
-
- X500NameBuilder builder = createStdBuilder();
-
- //
- // create base certificate - version 3
- //
- BcX509ExtensionUtils extFact = new BcX509ExtensionUtils(new SHA1DigestCalculator());
-
- AlgorithmIdentifier sigAlgId = sigAlgFinder.find(algorithm);
- AlgorithmIdentifier digAlgId = digAlgFinder.find(sigAlgId);
-
- ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privKey);
- BcX509v3CertificateBuilder certGen = new BcX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1),
- new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey);
-
- certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.15"), true,
- new KeyUsage(KeyUsage.encipherOnly));
- certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.37"), true,
- new DERSequence(KeyPurposeId.anyExtendedKeyUsage));
- certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.17"), true,
- new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test")));
-
- certGen.addExtension(Extension.authorityKeyIdentifier, true, extFact.createAuthorityKeyIdentifier(pubKey));
-
- X509CertificateHolder baseCert = certGen.build(sigGen);
-
- assertTrue(baseCert.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey)));
- }
-
- private AsymmetricCipherKeyPair generateLongFixedKeys()
- {
- RSAKeyParameters pubKeySpec = new RSAKeyParameters(
- false,
- new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16),
- new BigInteger("010001",16));
-
- RSAKeyParameters privKeySpec = new RSAPrivateCrtKeyParameters(
- new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16),
- new BigInteger("010001",16),
- new BigInteger("33a5042a90b27d4f5451ca9bbbd0b44771a101af884340aef9885f2a4bbe92e894a724ac3c568c8f97853ad07c0266c8c6a3ca0929f1e8f11231884429fc4d9ae55fee896a10ce707c3ed7e734e44727a39574501a532683109c2abacaba283c31b4bd2f53c3ee37e352cee34f9e503bd80c0622ad79c6dcee883547c6a3b325",16),
- new BigInteger("e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443",16),
- new BigInteger("b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd",16),
- new BigInteger("28fa13938655be1f8a159cbaca5a72ea190c30089e19cd274a556f36c4f6e19f554b34c077790427bbdd8dd3ede2448328f385d81b30e8e43b2fffa027861979",16),
- new BigInteger("1a8b38f398fa712049898d7fb79ee0a77668791299cdfa09efc0e507acb21ed74301ef5bfd48be455eaeb6e1678255827580a8e4e8e14151d1510a82a3f2e729",16),
- new BigInteger("27156aba4126d24a81f3a528cbfb27f56886f840a9f6e86e17a44b94fe9319584b8e22fdde1e5a2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24a79f4d",16));
-
- return new AsymmetricCipherKeyPair(pubKeySpec, privKeySpec);
- }
-
- public void testNullDerNullCert()
- throws Exception
- {
- AsymmetricCipherKeyPair pair = generateLongFixedKeys();
- AsymmetricKeyParameter pubKey = (AsymmetricKeyParameter)pair.getPublic();
- AsymmetricKeyParameter privKey = (AsymmetricKeyParameter)pair.getPrivate();
-
- DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder();
- DefaultDigestAlgorithmIdentifierFinder digAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
-
- AlgorithmIdentifier sigAlgId = sigAlgFinder.find("MD5withRSA");
- AlgorithmIdentifier digAlgId = digAlgFinder.find(sigAlgId);
-
- ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privKey);
- BcX509v3CertificateBuilder certGen = new BcX509v3CertificateBuilder(new X500Name("CN=Test"),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),new X500Name("CN=Test"),pubKey);
- X509CertificateHolder cert = certGen.build(sigGen);
-
- Certificate struct = Certificate.getInstance(cert.getEncoded());
-
- ASN1Object tbsCertificate = struct.getTBSCertificate();
- AlgorithmIdentifier sig = struct.getSignatureAlgorithm();
-
- ASN1EncodableVector v = new ASN1EncodableVector();
-
- v.add(tbsCertificate);
- v.add(new AlgorithmIdentifier(sig.getAlgorithm()));
- v.add(struct.getSignature());
-
- // verify
- ByteArrayInputStream bIn;
- String dump = "";
-
- bIn = new ByteArrayInputStream(new DERSequence(v).getEncoded());
-
- cert = new X509CertificateHolder(new DERSequence(v).getEncoded());
-
- assertTrue(cert.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey)));
- }
-
- public void testCertificates()
- throws Exception
- {
- checkCertificate(1, cert1);
- checkCertificate(2, cert2);
- checkCertificate(3, cert3);
- checkCertificate(4, cert4);
- checkCertificate(5, cert5);
- //checkCertificate(7, cert7);
-
- checkKeyUsage(8, keyUsage);
-
- checkSelfSignedCertificate(11, probSelfSignedCert);
-
- checkCRL(1, crl1);
-
- checkCreation1();
- checkCreation2();
- checkCreation5();
-
- createPSSCert("SHA1withRSAandMGF1");
- createPSSCert("SHA224withRSAandMGF1");
- createPSSCert("SHA256withRSAandMGF1");
- createPSSCert("SHA384withRSAandMGF1");
-
- checkCRLCreation1();
- checkCRLCreation2();
- checkCRLCreation3();
-
- pemTest();
-
- checkCertificate(18, emptyDNCert);
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cert/test/BcPKCS10Test.java b/pkix/src/test/java/org/bouncycastle/cert/test/BcPKCS10Test.java
deleted file mode 100644
index 01a8dd5f..00000000
--- a/pkix/src/test/java/org/bouncycastle/cert/test/BcPKCS10Test.java
+++ /dev/null
@@ -1,230 +0,0 @@
-package org.bouncycastle.cert.test;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-import junit.framework.TestCase;
-import org.bouncycastle.asn1.pkcs.Attribute;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x500.X500NameBuilder;
-import org.bouncycastle.asn1.x500.style.RFC4519Style;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.BasicConstraints;
-import org.bouncycastle.asn1.x509.Extension;
-import org.bouncycastle.asn1.x509.ExtensionsGenerator;
-import org.bouncycastle.asn1.x509.KeyUsage;
-import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
-import org.bouncycastle.cert.bc.BcX509ExtensionUtils;
-import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
-import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator;
-import org.bouncycastle.crypto.generators.RSAKeyPairGenerator;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
-import org.bouncycastle.crypto.params.RSAKeyParameters;
-import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
-import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.bc.BcContentSignerBuilder;
-import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
-import org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder;
-import org.bouncycastle.pkcs.PKCS10CertificationRequest;
-import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
-import org.bouncycastle.pkcs.bc.BcPKCS10CertificationRequest;
-import org.bouncycastle.pkcs.bc.BcPKCS10CertificationRequestBuilder;
-import org.bouncycastle.util.Arrays;
-
-public class BcPKCS10Test
- extends TestCase
-{
- public String getName()
- {
- return "PKCS10CertRequest";
- }
-
- private void generationTest(int keySize, String keyName, String sigName)
- throws Exception
- {
- AsymmetricCipherKeyPairGenerator kpg = new RSAKeyPairGenerator();
- RSAKeyGenerationParameters genParam = new RSAKeyGenerationParameters(
- BigInteger.valueOf(0x1001), new SecureRandom(), keySize, 25);
-
- kpg.init(genParam);
-
- AsymmetricCipherKeyPair kp = kpg.generateKeyPair();
-
-
- X500NameBuilder x500NameBld = new X500NameBuilder(RFC4519Style.INSTANCE);
-
- x500NameBld.addRDN(RFC4519Style.c, "AU");
- x500NameBld.addRDN(RFC4519Style.o, "The Legion of the Bouncy Castle");
- x500NameBld.addRDN(RFC4519Style.l, "Melbourne");
- x500NameBld.addRDN(RFC4519Style.st, "Victoria");
- x500NameBld.addRDN(PKCSObjectIdentifiers.pkcs_9_at_emailAddress, "feedback-crypto@bouncycastle.org");
-
- X500Name subject = x500NameBld.build();
-
- PKCS10CertificationRequestBuilder requestBuilder = new BcPKCS10CertificationRequestBuilder(subject, kp.getPublic());
-
- DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder();
- DefaultDigestAlgorithmIdentifierFinder digAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
-
- AlgorithmIdentifier sigAlgId = sigAlgFinder.find("SHA1withRSA");
-
- AlgorithmIdentifier digAlgId = digAlgFinder.find(sigAlgId);
-
- BcContentSignerBuilder contentSignerBuilder = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);
-
- PKCS10CertificationRequest req1 = requestBuilder.build(contentSignerBuilder.build(kp.getPrivate()));
-
- BcPKCS10CertificationRequest req2 = new BcPKCS10CertificationRequest(req1.getEncoded());
-
- if (!req2.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(kp.getPublic())))
- {
- fail(sigName + ": Failed verify check.");
- }
-
- if (!Arrays.areEqual(req2.getSubjectPublicKeyInfo().getEncoded(), req1.getSubjectPublicKeyInfo().getEncoded()))
- {
- fail(keyName + ": Failed public key check.");
- }
- }
-
- private void createPSSTest(String algorithm)
- throws Exception
- {
- AsymmetricKeyParameter pubKey = new RSAKeyParameters(
- false,
- new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16),
- new BigInteger("010001",16));
-
- AsymmetricKeyParameter privKey = new RSAPrivateCrtKeyParameters(
- new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16),
- new BigInteger("010001",16),
- new BigInteger("33a5042a90b27d4f5451ca9bbbd0b44771a101af884340aef9885f2a4bbe92e894a724ac3c568c8f97853ad07c0266c8c6a3ca0929f1e8f11231884429fc4d9ae55fee896a10ce707c3ed7e734e44727a39574501a532683109c2abacaba283c31b4bd2f53c3ee37e352cee34f9e503bd80c0622ad79c6dcee883547c6a3b325",16),
- new BigInteger("e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443",16),
- new BigInteger("b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd",16),
- new BigInteger("28fa13938655be1f8a159cbaca5a72ea190c30089e19cd274a556f36c4f6e19f554b34c077790427bbdd8dd3ede2448328f385d81b30e8e43b2fffa027861979",16),
- new BigInteger("1a8b38f398fa712049898d7fb79ee0a77668791299cdfa09efc0e507acb21ed74301ef5bfd48be455eaeb6e1678255827580a8e4e8e14151d1510a82a3f2e729",16),
- new BigInteger("27156aba4126d24a81f3a528cbfb27f56886f840a9f6e86e17a44b94fe9319584b8e22fdde1e5a2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24a79f4d",16));
-
- DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder();
- DefaultDigestAlgorithmIdentifierFinder digAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
-
- AlgorithmIdentifier sigAlgId = sigAlgFinder.find(algorithm);
- AlgorithmIdentifier digAlgId = digAlgFinder.find(sigAlgId);
- BcContentSignerBuilder contentSignerBuilder = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);
-
- PKCS10CertificationRequest req = new BcPKCS10CertificationRequestBuilder(new X500Name("CN=XXX"), pubKey).build(contentSignerBuilder.build(privKey));
- if (!req.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey)))
- {
- fail("Failed verify check PSS.");
- }
-
- BcPKCS10CertificationRequest bcReq = new BcPKCS10CertificationRequest(req.getEncoded());
- if (!bcReq.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(bcReq.getPublicKey())))
- {
- fail("Failed verify check PSS encoded.");
- }
-
- if (!bcReq.getSignatureAlgorithm().getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
- {
- fail("PSS oid incorrect.");
- }
-
- if (bcReq.getSignatureAlgorithm().getParameters() == null)
- {
- fail("PSS parameters incorrect.");
- }
- }
-
- // previous code found to cause a NullPointerException
- private void nullPointerTest()
- throws Exception
- {
- AsymmetricCipherKeyPairGenerator kpg = new RSAKeyPairGenerator();
- RSAKeyGenerationParameters genParam = new RSAKeyGenerationParameters(
- BigInteger.valueOf(0x1001), new SecureRandom(), 1024, 25);
-
- kpg.init(genParam);
-
- AsymmetricCipherKeyPair kp = kpg.generateKeyPair();
- ExtensionsGenerator extGen = new ExtensionsGenerator();
-
- extGen.addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
- extGen.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign));
-
- BcX509ExtensionUtils extUtils = new BcX509ExtensionUtils(new SHA1DigestCalculator());
-
- SubjectKeyIdentifier subjectKeyIdentifier = extUtils.createSubjectKeyIdentifier(kp.getPublic());
-
- extGen.addExtension(Extension.subjectKeyIdentifier, false, subjectKeyIdentifier);
-
- DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder();
- DefaultDigestAlgorithmIdentifierFinder digAlgFinder = new DefaultDigestAlgorithmIdentifierFinder();
-
- AlgorithmIdentifier sigAlgId = sigAlgFinder.find("SHA1withRSA");
-
- AlgorithmIdentifier digAlgId = digAlgFinder.find(sigAlgId);
-
- BcContentSignerBuilder contentSignerBuilder = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);
-
- PKCS10CertificationRequest p1 = new BcPKCS10CertificationRequestBuilder(
- new X500Name("cn=csr"), kp.getPublic())
- .addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate())
- .build(contentSignerBuilder.build(kp.getPrivate()));
- PKCS10CertificationRequest p2 = new BcPKCS10CertificationRequestBuilder(
- new X500Name("cn=csr"), kp.getPublic())
- .addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate())
- .build(contentSignerBuilder.build(kp.getPrivate()));
-
- if (!p1.equals(p2))
- {
- fail("cert request comparison failed");
- }
-
- Attribute[] attr1 = p1.getAttributes();
- Attribute[] attr2 = p1.getAttributes();
-
- checkAttrs(1, attr1, attr2);
-
- attr1 = p1.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
- attr2 = p1.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
-
- checkAttrs(1, attr1, attr2);
- }
-
- private void checkAttrs(int expectedLength, Attribute[] attr1, Attribute[] attr2)
- {
- if (expectedLength != attr1.length)
- {
- fail("expected length mismatch");
- }
-
- if (attr1.length != attr2.length)
- {
- fail("atrribute length mismatch");
- }
-
- for (int i = 0; i != attr1.length; i++)
- {
- if (!attr1[i].equals(attr2[i]))
- {
- fail("atrribute mismatch");
- }
- }
- }
-
- public void testPKCS10()
- throws Exception
- {
- generationTest(512, "RSA", "SHA1withRSA");
-
- createPSSTest("SHA1withRSAandMGF1");
- createPSSTest("SHA224withRSAandMGF1");
- createPSSTest("SHA256withRSAandMGF1");
- createPSSTest("SHA384withRSAandMGF1");
-
- nullPointerTest();
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cert/test/CertTest.java b/pkix/src/test/java/org/bouncycastle/cert/test/CertTest.java
deleted file mode 100644
index 30dec302..00000000
--- a/pkix/src/test/java/org/bouncycastle/cert/test/CertTest.java
+++ /dev/null
@@ -1,2995 +0,0 @@
-package org.bouncycastle.cert.test;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.math.BigInteger;
-import java.security.KeyFactory;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.KeyStore;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.Security;
-import java.security.Signature;
-import java.security.cert.CRL;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509CRL;
-import java.security.cert.X509CRLEntry;
-import java.security.cert.X509Certificate;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.RSAPrivateCrtKeySpec;
-import java.security.spec.RSAPublicKeySpec;
-import java.util.Collection;
-import java.util.Date;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-import java.util.Vector;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1Enumerated;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1Primitive;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.RSAPublicKey;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x500.X500NameBuilder;
-import org.bouncycastle.asn1.x500.style.BCStyle;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
-import org.bouncycastle.asn1.x509.CRLReason;
-import org.bouncycastle.asn1.x509.Extension;
-import org.bouncycastle.asn1.x509.ExtensionsGenerator;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
-import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
-import org.bouncycastle.asn1.x509.KeyPurposeId;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.cert.X509CRLEntryHolder;
-import org.bouncycastle.cert.X509CRLHolder;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.X509v1CertificateBuilder;
-import org.bouncycastle.cert.X509v2CRLBuilder;
-import org.bouncycastle.cert.X509v3CertificateBuilder;
-import org.bouncycastle.cert.jcajce.JcaX509CRLConverter;
-import org.bouncycastle.cert.jcajce.JcaX509CRLHolder;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
-import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder;
-import org.bouncycastle.cert.jcajce.JcaX509v2CRLBuilder;
-import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
-import org.bouncycastle.crypto.params.RSAKeyParameters;
-import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
-import org.bouncycastle.jce.X509KeyUsage;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.interfaces.ECPointEncoder;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.jce.spec.ECParameterSpec;
-import org.bouncycastle.jce.spec.ECPrivateKeySpec;
-import org.bouncycastle.jce.spec.ECPublicKeySpec;
-import org.bouncycastle.jce.spec.GOST3410ParameterSpec;
-import org.bouncycastle.math.ec.ECCurve;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.ContentVerifierProvider;
-import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
-import org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.encoders.Hex;
-import org.bouncycastle.util.test.SimpleTest;
-import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
-import org.bouncycastle.x509.extension.X509ExtensionUtil;
-
-public class CertTest
- extends SimpleTest
-{
- private static final String BC = org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME;
-
- // test CA
- byte[] testCAp12 = Base64.decode(
- "MIACAQMwgAYJKoZIhvcNAQcBoIAkgASCA+gwgDCABgkqhkiG9w0BBwGggCSA"
- + "BIID6DCCCFIwggL/BgsqhkiG9w0BDAoBAqCCArIwggKuMCgGCiqGSIb3DQEM"
- + "AQMwGgQUjWJR94N+oDQ1XlXO/kUSwu3UOL0CAgQABIICgFjzMa65mpNKYQRA"
- + "+avbnOjYZ7JkTA5XY7CBcOVwNySY6/ye5Ms6VYl7mCgqzzdDQhT02Th8wXMr"
- + "fibaC5E/tJRfdWt1zYr9NTLxLG6iCNPXJGGV6aXznv+UFTnzbzGGIAf0zpYf"
- + "DOOUMusnBeJO2GVETk6DyjtVqx0sLAJKDZQadpao4K5mr5t4bz7zGoykoKNN"
- + "TRH1tcrb6FYIPy5cf9vAHbyEB6pBdRjFQMYt50fpQGdQ8az9vvf6fLgQe20x"
- + "e9PtDeqVU+5xNHeWauyVWIjp5penVkptAMYBr5qqNHfg1WuP2V1BO4SI/VWQ"
- + "+EBKzlOjbH84KDVPDtOQGtmGYmZElxvfpz+S5rHajfzgIKQDT6Y4PTKPtMuF"
- + "3OYcrVb7EKhTv1lXEQcNrR2+Apa4r2SZnTBq+1JeAGMNzwsMbAEcolljNiVs"
- + "Lbvxng/WYTBb7+v8EjhthVdyMIY9KoKLXWMtfadEchRPqHGcEJDJ0BlwaVcn"
- + "UQrexG/UILyVCaKc8yZOI9plAquDx2bGHi6FI4LdToAllX6gX2GncTeuCSuo"
- + "o0//DBO3Hj7Pj5sGPZsSqzVQ1kH90/jResUN3vm09WtXKo8TELmmjA1yMqXe"
- + "1r0mP6uN+yvjF1djC9SjovIh/jOG2RiqRy7bGtPRRchgIJCJlC1UoWygJpD6"
- + "5dlzKMnQLikJ5BhsCIx2F96rmQXXKd7pIwCH7tiKHefQrszHpYO7QvBhwLsk"
- + "y1bUnakLrgF3wdgwGGxbmuE9mNRVh3piVLGtVw6pH/9jOjmJ6JPbZ8idOpl5"
- + "fEXOc81CFHTwv/U4oTfjKej4PTCZr58tYO6DdhA5XoEGNmjv4rgZJH1m6iUx"
- + "OjATBgkqhkiG9w0BCRQxBh4EAGMAYTAjBgkqhkiG9w0BCRUxFgQUKBwy0CF7"
- + "51A+BhNFCrsws2AG0nYwggVLBgsqhkiG9w0BDAoBAqCCBPowggT2MCgGCiqG"
- + "SIb3DQEMAQMwGgQUf9t4IA/TP6OsH4GCiDg1BsRCqTwCAgQABIIEyHjGPJZg"
- + "zhkF93/jM4WTnQUgWOR3PlTmhUSKjyMCLUBSrICocLVsz316NHPT3lqr0Lu2"
- + "eKXlE5GRDp/c8RToTzMvEDdwi2PHP8sStrGJa1ruNRpOMnVAj8gnyd5KcyYJ"
- + "3j+Iv/56hzPFXsZMg8gtbPphRxb3xHEZj/xYXYfUhfdElezrBIID6LcWRZS2"
- + "MuuVddZToLOIdVWSTDZLscR6BIID6Ok+m+VC82JjvLNK4pZqO7Re9s/KAxV9"
- + "f3wfJ7C7kmr8ar4Mlp9jYfO11lCcBEL86sM93JypgayWp53NN2nYQjnQDafR"
- + "NrtlthQuR36ir2DEuSp4ySqsSXX/nD3AVOvrpbN88RUIK8Yx36tRaBOBL8tv"
- + "9aKDfgpWKK4NHxA7V3QkHCAVqLpUZlIvVqEcvjNpzn6ydDQLGk7x5itNlWdn"
- + "Kq/LfgMlXrTY/kKC4k7xogFS/FRIR10NP3lU+vAEa5T299QZv7c7n2OSVg6K"
- + "xEXwjYNhfsLP3PlaCppouc2xsq/zSvymZPWsVztuoMwEfVeTtoSEUU8cqOiw"
- + "Q1NpGtvrO1R28uRdelAVcrIu0qBAbdB5xb+xMfMhVhk7iuSZsYzKJVjK1CNK"
- + "4w+zNqfkZQQOdh1Qj1t5u/22HDTSzZKTot4brIywo6lxboFE0IDJwU8y62vF"
- + "4PEBPJDeXBuzbqurQhMS19J8h9wjw2quPAJ0E8dPR5B/1qPAuWYs1i2z2AtL"
- + "FwNU2B+u53EpI4kM/+Wh3wPZ7lxlXcooUc3+5tZdBqcN+s1A2JU5fkMu05/J"
- + "FSMG89+L5cwygPZssQ0uQFMqIpbbJp2IF76DYvVOdMnnWMgmw4n9sTcLb7Tf"
- + "GZAQEr3OLtXHxTAX6WnQ1rdDMiMGTvx4Kj1JrtENPI8Y7m6bhIfSuwUk4v3j"
- + "/DlPmCzGKsZHfjUvaqiZ/Kg+V4gdOMiIlhUwrR3jbxrX1xXNJ+RjwQzC0wX8"
- + "C8kGF4hK/DUil20EVZNmrTgqsBBqKLMKDNM7rGhyadlG1eg55rJL07ROmXfY"
- + "PbMtgPQBVVGcvM58jsW8NlCF5XUBNVSOfNSePUOOccPMTCt4VqRZobciIn7i"
- + "G6lGby6sS8KMRxmnviLWNVWqWyxjFhuv3S8zVplFmzJR7oXk8bcGW9QV93yN"
- + "fceR9ZVQdEITPTqVE3r2sgrzgFYZAJ+tMzDfkL4NcSBnivfCS1APRttG1RHJ"
- + "6nxjpf1Ya6CGkM17BdAeEtdXqBb/0B9n0hgPA8EIe5hfL+cGRx4aO8HldCMb"
- + "YQUFIOFmuj4xn83eFSlh2zllSVaVj0epIqtcXWWefVpjZKlOgoivrTy9JSGp"
- + "fbsDw/xZMPGYHehbtm60alZK/t4yrfyGLkeWq7FjK31WfIgx9KAEQM4G1cPx"
- + "dX6Jj0YdoWKrJh7GdqoCSdrwtR5NkG8ecuYPm9P+UUFg+nbcqR7zWVv0MulQ"
- + "X4LQoKN8iOXZYZDmKbgLYdh4BY8bqVELaHFZ3rU33EUoATO+43IQXHq5qyB5"
- + "xJVvT6AEggPo0DNHyUyRNMHoT3feYuDiQszN/4N5qVLZL6UeBIGGwmAQq7CK"
- + "2A2P67/7bjze+LZcvXgoBmkKPn9hVembyEPwow6wGVhrGDWiEvdNE/Tp3n6D"
- + "NqLIOhnWfTnsinWNXIlqxa6V/jE+MBcGCSqGSIb3DQEJFDEKHggAcgBvAG8A"
- + "dDAjBgkqhkiG9w0BCRUxFgQUioImRvGskdQCWPVdgD2wKGBiE/0AAAAAAAAw"
- + "gAYJKoZIhvcNAQcGoIAwgAIBADCABgkqhkiG9w0BBwEwKAYKKoZIhvcNAQwB"
- + "BjAaBBTOsaVE8IK7OpXHzfobYSfBfnKvTwICBACggASCCLirl2JOsxIiKwDT"
- + "/iW4D7qRq4W2mdXiLuH8RTJzfARcWtfWRrszakA6Fi0WAsslor3EYMgBpNtJ"
- + "yctpSfAO2ToEWNlzqRNffiy1UvxC7Pxo9coaDBfsD9hi253dxsCS+fkGlywA"
- + "eSlHJ2JEhDz7Y7CO6i95LzvZTzz7075UZvSP5FcVjNlKyfDMVVN3tPXl5/Ej"
- + "4l/rakdyg72d/ajx/VaG5S81Oy2sjTdG+j6G7aMgpAx7dkgiNr65f9rLU7M9"
- + "sm24II3RZzfUcjHHSZUvwtXIJSBnHkYft7GqzCFHnikLapFh9ObMdc4qTQQA"
- + "H7Upo0WD/rxgdKN0Bdj9BLZHm1Ixca6rBVOecg80t/kFXipwBihMUmPbHlWB"
- + "UGjX1kDRyfvqlcDDWr7elGenqNX1qTYCGi41ChLC9igaQRP48NI3aqgx0bu4"
- + "P2G19T+/E7UZrCc8VIlKUEGRNKSqVtC7IlqyoLdPms9TXzrYJkklB0m23VXI"
- + "PyJ5MmmRFXOAtLXwqnLGNLYcafbS2F4MPOjkclWgEtOHKmJctBRI14eMlpN2"
- + "gBMTYxVkOG7ehUtMbWnjTvivqRxsYPmRCC+m7wiHQodtm2fgJtfwhpRSmLu1"
- + "/KHohc6ESh62ACsn8nfBthsbzuDxV0fsCgbUDomjWpGs+nBgZFYGAkE1z2Ao"
- + "Xd7CvA3PZJ5HFtyJrEu8VAbCtU5ZLjXzbALiJ7BqJdzigqsxeieabsR+GCKz"
- + "Drwk1RltTIZnP3EeQbD+mGPa2BjchseaaLNMVDngkc91Zdg2j18dfIabG4AS"
- + "CvfM4DfwPdwD2UT48V8608u5OWc7O2sIcxVWv1IrbEFLSKchTPPnfKmdDji3"
- + "LEoD6t1VPYfn0Ch/NEANOLdncsOUDzQCWscA3+6pkfH8ZaCxfyUU/SHGYKkW"
- + "7twRpR9ka3Wr7rjMjmT0c24YNIUx9ZDt7iquCAdyRHHc13JQ+IWaoqo1z3b8"
- + "tz6AIfm1dWgcMlzEAc80Jg/SdASCA+g2sROpkVxAyhOY/EIp1Fm+PSIPQ5dE"
- + "r5wV7ne2gr40Zuxs5Mrra9Jm79hrErhe4nepA6/DkcHqVDW5sqDwSgLuwVui"
- + "I2yjBt4xBShc6jUxKTRN43cMlZa4rKaEF636gBMUZHDD+zTRE5rtHKFggvwc"
- + "LiitHXI+Fg9mH/h0cQRDYebc02bQikxKagfeUxm0DbEFH172VV+4L69MP6SY"
- + "eyMyRyBXNvLBKDVI5klORE7ZMJGCf2pi3vQr+tSM3W51QmK3HuL+tcish4QW"
- + "WOxVimmczo7tT/JPwSWcklTV4uvnAVLEfptl66Bu9I2/Kn3yPWElAoQvHjMD"
- + "O47+CVcuhgX5OXt0Sy8OX09j733FG4XFImnBneae6FrxNoi3tMRyHaIwBjIo"
- + "8VvqhWjPIJKytMT2/42TpsuD4Pj64m77sIx0rAjmU7s0kG4YdkgeSi+1R4X7"
- + "hkEFVJe3fId7/sItU2BMHkQGBDELAP7gJFzqTLDuSoiVNJ6kB6vkC+VQ7nmn"
- + "0xyzrOTNcrSBGc2dCXEI6eYi8/2K9y7ZS9dOEUi8SHfc4WNT4EJ8Qsvn61EW"
- + "jM8Ye5av/t3iE8NGtiMbbsIorEweL8y88vEMkgqZ7MpLbb2iiAv8Zm16GWAv"
- + "GRD7rUJfi/3dcXiskUCOg5rIRcn2ImVehqKAPArLbLAx7NJ6UZmB+99N3DpH"
- + "Jk81BkWPwQF8UlPdwjQh7qJUHTjEYAQI2wmL2jttToq59g3xbrLVUM/5X2Xy"
- + "Fy619lDydw0TZiGq8zA39lwT92WpziDeV5/vuj2gpcFs3f0cUSJlPsw7Y0mE"
- + "D/uPk7Arn/iP1oZboM9my/H3tm3rOP5xYxkXI/kVsNucTMLwd4WWdtKk3DLg"
- + "Ms1tcEdAUQ/ZJ938OJf1uzSixDhlMVedweIJMw72V9VpWUf+QC+SHOvGpdSz"
- + "2a7mU340J0rsQp7HnS71XWPjtxVCN0Mva+gnF+VTEnamQFEETrEydaqFYQEh"
- + "im5qr32YOiQiwdrIXJ+p9bNxAbaDBmBI/1bdDU9ffr+AGrxxgjvYGiUQk0d/"
- + "SDvxlE+S9EZlTWirRatglklVndYdkzJDte7ZJSgjlXkbTgy++QW/xRQ0Ya3o"
- + "ouQepoTkJ2b48ELe4KCKKTOfR0fTzd0578hSdpYuOCylYBZeuLIo6JH3VeoV"
- + "dggXMYHtYPuj+ABN3utwP/5s5LZ553sMkI/0bJq8ytE/+BFh1rTbRksAuT6B"
- + "d98lpDAXjyM1HcKD78YiXotdSISU+pYkIbyn4UG8SKzV9mCxAed1cgjE1BWW"
- + "DUB+xwlFMQTFpj8fhhYYMcwUF8tmv22Snemkaq3pjJKPBIIB7/jK7pfLMSSS"
- + "5ojMvWzu9mTegbl9v2K73XqZ/N4LZ5BqxnMdCBM4cCbA2LMwX8WAVlKper6X"
- + "zdTxRf4SWuzzlOXIyhWaH1g9Yp3PkaWh/BpPne/DXZmfyrTCPWGlbu1oqdKq"
- + "CgORN9B0+biTWiqgozvtbnCkK+LXqRYbghsWNlOhpm5NykUl7T2xRswYK8gz"
- + "5vq/xCY5hq+TvgZOT0Fzx426nbNqyGmdjbCpPf2t4s5o3C48WhNSg3vSSJes"
- + "RVJ4dV1TfXkytIKk/gzLafJfS+AcLeE48MyCOohhLFHdYC9f+lrk51xEANTc"
- + "xpn26JO1sO7iha8iccRmMYwi6tgDRVKFp6X5VVHXy8hXzxEbWWFL/GkUIjyD"
- + "hm0KXaarhP9Iah+/j6CI6eVLIhyMsA5itsYX+bJ0I8KmVkXelbwX7tcwSUAs"
- + "0Wq8oiV8Mi+DawkhTWE2etz07uMseR71jHEr7KE6WXo+SO995Xyop74fLtje"
- + "GLZroH91GWF4rDZvTJg9l8319oqF0DJ7bTukl3CJqVS3sVNrRIF33vRsmqWL"
- + "BaaZ1Q8Bt04L19Ka2HsEYLMfTLPGO7HSb9baHezRCQTnVoABm+8iZEXj3Od9"
- + "ga9TnxFa5KhXerqUscjdXPauElDwmqGhCgAAAAAAAAAAAAAAAAAAAAAAADA9"
- + "MCEwCQYFKw4DAhoFAAQUWT4N9h+ObRftdP8+GldXCQRf9JoEFDjO/tjAH7We"
- + "HLhcYQcQ1R+RucctAgIEAAAA");
-
- //
- // server.crt
- //
- byte[] cert1 = Base64.decode(
- "MIIDXjCCAsegAwIBAgIBBzANBgkqhkiG9w0BAQQFADCBtzELMAkGA1UEBhMCQVUx"
- + "ETAPBgNVBAgTCFZpY3RvcmlhMRgwFgYDVQQHEw9Tb3V0aCBNZWxib3VybmUxGjAY"
- + "BgNVBAoTEUNvbm5lY3QgNCBQdHkgTHRkMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBB"
- + "dXRob3JpdHkxFTATBgNVBAMTDENvbm5lY3QgNCBDQTEoMCYGCSqGSIb3DQEJARYZ"
- + "d2VibWFzdGVyQGNvbm5lY3Q0LmNvbS5hdTAeFw0wMDA2MDIwNzU2MjFaFw0wMTA2"
- + "MDIwNzU2MjFaMIG4MQswCQYDVQQGEwJBVTERMA8GA1UECBMIVmljdG9yaWExGDAW"
- + "BgNVBAcTD1NvdXRoIE1lbGJvdXJuZTEaMBgGA1UEChMRQ29ubmVjdCA0IFB0eSBM"
- + "dGQxFzAVBgNVBAsTDldlYnNlcnZlciBUZWFtMR0wGwYDVQQDExR3d3cyLmNvbm5l"
- + "Y3Q0LmNvbS5hdTEoMCYGCSqGSIb3DQEJARYZd2VibWFzdGVyQGNvbm5lY3Q0LmNv"
- + "bS5hdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArvDxclKAhyv7Q/Wmr2re"
- + "Gw4XL9Cnh9e+6VgWy2AWNy/MVeXdlxzd7QAuc1eOWQkGQEiLPy5XQtTY+sBUJ3AO"
- + "Rvd2fEVJIcjf29ey7bYua9J/vz5MG2KYo9/WCHIwqD9mmG9g0xLcfwq/s8ZJBswE"
- + "7sb85VU+h94PTvsWOsWuKaECAwEAAaN3MHUwJAYDVR0RBB0wG4EZd2VibWFzdGVy"
- + "QGNvbm5lY3Q0LmNvbS5hdTA6BglghkgBhvhCAQ0ELRYrbW9kX3NzbCBnZW5lcmF0"
- + "ZWQgY3VzdG9tIHNlcnZlciBjZXJ0aWZpY2F0ZTARBglghkgBhvhCAQEEBAMCBkAw"
- + "DQYJKoZIhvcNAQEEBQADgYEAotccfKpwSsIxM1Hae8DR7M/Rw8dg/RqOWx45HNVL"
- + "iBS4/3N/TO195yeQKbfmzbAA2jbPVvIvGgTxPgO1MP4ZgvgRhasaa0qCJCkWvpM4"
- + "yQf33vOiYQbpv4rTwzU8AmRlBG45WdjyNIigGV+oRc61aKCTnLq7zB8N3z1TF/bF"
- + "5/8=");
-
- //
- // ca.crt
- //
- byte[] cert2 = Base64.decode(
- "MIIDbDCCAtWgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBtzELMAkGA1UEBhMCQVUx"
- + "ETAPBgNVBAgTCFZpY3RvcmlhMRgwFgYDVQQHEw9Tb3V0aCBNZWxib3VybmUxGjAY"
- + "BgNVBAoTEUNvbm5lY3QgNCBQdHkgTHRkMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBB"
- + "dXRob3JpdHkxFTATBgNVBAMTDENvbm5lY3QgNCBDQTEoMCYGCSqGSIb3DQEJARYZ"
- + "d2VibWFzdGVyQGNvbm5lY3Q0LmNvbS5hdTAeFw0wMDA2MDIwNzU1MzNaFw0wMTA2"
- + "MDIwNzU1MzNaMIG3MQswCQYDVQQGEwJBVTERMA8GA1UECBMIVmljdG9yaWExGDAW"
- + "BgNVBAcTD1NvdXRoIE1lbGJvdXJuZTEaMBgGA1UEChMRQ29ubmVjdCA0IFB0eSBM"
- + "dGQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEVMBMGA1UEAxMMQ29u"
- + "bmVjdCA0IENBMSgwJgYJKoZIhvcNAQkBFhl3ZWJtYXN0ZXJAY29ubmVjdDQuY29t"
- + "LmF1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgs5ptNG6Qv1ZpCDuUNGmv"
- + "rhjqMDPd3ri8JzZNRiiFlBA4e6/ReaO1U8ASewDeQMH6i9R6degFdQRLngbuJP0s"
- + "xcEE+SksEWNvygfzLwV9J/q+TQDyJYK52utb++lS0b48A1KPLwEsyL6kOAgelbur"
- + "ukwxowprKUIV7Knf1ajetQIDAQABo4GFMIGCMCQGA1UdEQQdMBuBGXdlYm1hc3Rl"
- + "ckBjb25uZWN0NC5jb20uYXUwDwYDVR0TBAgwBgEB/wIBADA2BglghkgBhvhCAQ0E"
- + "KRYnbW9kX3NzbCBnZW5lcmF0ZWQgY3VzdG9tIENBIGNlcnRpZmljYXRlMBEGCWCG"
- + "SAGG+EIBAQQEAwICBDANBgkqhkiG9w0BAQQFAAOBgQCsGvfdghH8pPhlwm1r3pQk"
- + "msnLAVIBb01EhbXm2861iXZfWqGQjrGAaA0ZpXNk9oo110yxoqEoSJSzniZa7Xtz"
- + "soTwNUpE0SLHvWf/SlKdFWlzXA+vOZbzEv4UmjeelekTm7lc01EEa5QRVzOxHFtQ"
- + "DhkaJ8VqOMajkQFma2r9iA==");
-
- //
- // testx509.pem
- //
- byte[] cert3 = Base64.decode(
- "MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV"
- + "BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz"
- + "MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM"
- + "RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF"
- + "AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO"
- + "/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE"
- + "Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ"
- + "zl9HYIMxATFyqSiD9jsx");
-
- //
- // v3-cert1.pem
- //
- byte[] cert4 = Base64.decode(
- "MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx"
- + "NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz"
- + "dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw"
- + "ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu"
- + "ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2"
- + "ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp"
- + "miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C"
- + "AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK"
- + "Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x"
- + "DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR"
- + "MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB"
- + "AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21"
- + "X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3"
- + "WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO");
-
- //
- // v3-cert2.pem
- //
- byte[] cert5 = Base64.decode(
- "MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD"
- + "YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0"
- + "ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu"
- + "dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1"
- + "WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV"
- + "BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx"
- + "FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA"
- + "6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT"
- + "G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ"
- + "YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm"
- + "b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc"
- + "F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz"
- + "lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap"
- + "jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU=");
-
- //
- // pem encoded pkcs7
- //
- byte[] cert6 = Base64.decode(
- "MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJbzCCAj0w"
- + "ggGmAhEAzbp/VvDf5LxU/iKss3KqVTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUG"
- + "A1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2Vy"
- + "dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMjgwODAxMjM1OTU5WjBfMQsw"
- + "CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVi"
- + "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0A"
- + "MIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiH"
- + "mgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNePNGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF"
- + "4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEwDQYJKoZIhvcNAQECBQADgYEATD+4i8Zo3+5DMw5d"
- + "6abLB4RNejP/khv0Nq3YlSI2aBFsfELM85wuxAc/FLAPT/+Qknb54rxK6Y/NoIAK98Up8YIiXbix"
- + "3YEjo3slFUYweRb46gVLlH8dwhzI47f0EEA8E8NfH1PoSOSGtHuhNbB7Jbq4046rPzidADQAmPPR"
- + "cZQwggMuMIICl6ADAgECAhEA0nYujRQMPX2yqCVdr+4NdTANBgkqhkiG9w0BAQIFADBfMQswCQYD"
- + "VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGlj"
- + "IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTgwNTEyMDAwMDAwWhcNMDgwNTEy"
- + "MjM1OTU5WjCBzDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy"
- + "dXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5j"
- + "b3JwLiBCeSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDEgQ0Eg"
- + "SW5kaXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEgTm90IFZhbGlkYXRlZDCBnzANBgkqhkiG9w0B"
- + "AQEFAAOBjQAwgYkCgYEAu1pEigQWu1X9A3qKLZRPFXg2uA1Ksm+cVL+86HcqnbnwaLuV2TFBcHqB"
- + "S7lIE1YtxwjhhEKrwKKSq0RcqkLwgg4C6S/7wju7vsknCl22sDZCM7VuVIhPh0q/Gdr5FegPh7Yc"
- + "48zGmo5/aiSS4/zgZbqnsX7vyds3ashKyAkG5JkCAwEAAaN8MHowEQYJYIZIAYb4QgEBBAQDAgEG"
- + "MEcGA1UdIARAMD4wPAYLYIZIAYb4RQEHAQEwLTArBggrBgEFBQcCARYfd3d3LnZlcmlzaWduLmNv"
- + "bS9yZXBvc2l0b3J5L1JQQTAPBgNVHRMECDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B"
- + "AQIFAAOBgQCIuDc73dqUNwCtqp/hgQFxHpJqbS/28Z3TymQ43BuYDAeGW4UVag+5SYWklfEXfWe0"
- + "fy0s3ZpCnsM+tI6q5QsG3vJWKvozx74Z11NMw73I4xe1pElCY+zCphcPXVgaSTyQXFWjZSAA/Rgg"
- + "5V+CprGoksVYasGNAzzrw80FopCubjCCA/gwggNhoAMCAQICEBbbn/1G1zppD6KsP01bwywwDQYJ"
- + "KoZIhvcNAQEEBQAwgcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln"
- + "biBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvUlBB"
- + "IEluY29ycC4gQnkgUmVmLixMSUFCLkxURChjKTk4MUgwRgYDVQQDEz9WZXJpU2lnbiBDbGFzcyAx"
- + "IENBIEluZGl2aWR1YWwgU3Vic2NyaWJlci1QZXJzb25hIE5vdCBWYWxpZGF0ZWQwHhcNMDAxMDAy"
- + "MDAwMDAwWhcNMDAxMjAxMjM1OTU5WjCCAQcxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYD"
- + "VQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3Jl"
- + "cG9zaXRvcnkvUlBBIEluY29ycC4gYnkgUmVmLixMSUFCLkxURChjKTk4MR4wHAYDVQQLExVQZXJz"
- + "b25hIE5vdCBWYWxpZGF0ZWQxJzAlBgNVBAsTHkRpZ2l0YWwgSUQgQ2xhc3MgMSAtIE1pY3Jvc29m"
- + "dDETMBEGA1UEAxQKRGF2aWQgUnlhbjElMCMGCSqGSIb3DQEJARYWZGF2aWRAbGl2ZW1lZGlhLmNv"
- + "bS5hdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqxBsdeNmSvFqhMNwhQgNzM8mdjX9eSXb"
- + "DawpHtQHjmh0AKJSa3IwUY0VIsyZHuXWktO/CgaMBVPt6OVf/n0R2sQigMP6Y+PhEiS0vCJBL9aK"
- + "0+pOo2qXrjVBmq+XuCyPTnc+BOSrU26tJsX0P9BYorwySiEGxGanBNATdVL4NdUCAwEAAaOBnDCB"
- + "mTAJBgNVHRMEAjAAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHAQgwKjAoBggrBgEFBQcCARYcaHR0"
- + "cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTARBglghkgBhvhCAQEEBAMCB4AwMwYDVR0fBCwwKjAo"
- + "oCagJIYiaHR0cDovL2NybC52ZXJpc2lnbi5jb20vY2xhc3MxLmNybDANBgkqhkiG9w0BAQQFAAOB"
- + "gQBC8yIIdVGpFTf8/YiL14cMzcmL0nIRm4kGR3U59z7UtcXlfNXXJ8MyaeI/BnXwG/gD5OKYqW6R"
- + "yca9vZOxf1uoTBl82gInk865ED3Tej6msCqFzZffnSUQvOIeqLxxDlqYRQ6PmW2nAnZeyjcnbI5Y"
- + "syQSM2fmo7n6qJFP+GbFezGCAkUwggJBAgEBMIHhMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5j"
- + "LjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWdu"
- + "LmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UE"
- + "AxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJbmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3Qg"
- + "VmFsaWRhdGVkAhAW25/9Rtc6aQ+irD9NW8MsMAkGBSsOAwIaBQCggbowGAYJKoZIhvcNAQkDMQsG"
- + "CSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDAxMDAyMTczNTE4WjAjBgkqhkiG9w0BCQQxFgQU"
- + "gZjSaBEY2oxGvlQUIMnxSXhivK8wWwYJKoZIhvcNAQkPMU4wTDAKBggqhkiG9w0DBzAOBggqhkiG"
- + "9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwBwYFKw4DAh0w"
- + "DQYJKoZIhvcNAQEBBQAEgYAzk+PU91/ZFfoiuKOECjxEh9fDYE2jfDCheBIgh5gdcCo+sS1WQs8O"
- + "HreQ9Nop/JdJv1DQMBK6weNBBDoP0EEkRm1XCC144XhXZC82jBZohYmi2WvDbbC//YN58kRMYMyy"
- + "srrfn4Z9I+6kTriGXkrpGk9Q0LSGjmG2BIsqiF0dvwAAAAAAAA==");
-
- //
- // dsaWithSHA1 cert
- //
- byte[] cert7 = Base64.decode(
- "MIIEXAYJKoZIhvcNAQcCoIIETTCCBEkCAQExCzAJBgUrDgMCGgUAMAsGCSqG"
- + "SIb3DQEHAaCCAsMwggK/MIIB4AIBADCBpwYFKw4DAhswgZ0CQQEkJRHP+mN7"
- + "d8miwTMN55CUSmo3TO8WGCxgY61TX5k+7NU4XPf1TULjw3GobwaJX13kquPh"
- + "fVXk+gVy46n4Iw3hAhUBSe/QF4BUj+pJOF9ROBM4u+FEWA8CQQD4mSJbrABj"
- + "TUWrlnAte8pS22Tq4/FPO7jHSqjijUHfXKTrHL1OEqV3SVWcFy5j/cqBgX/z"
- + "m8Q12PFp/PjOhh+nMA4xDDAKBgNVBAMTA0lEMzAeFw05NzEwMDEwMDAwMDBa"
- + "Fw0zODAxMDEwMDAwMDBaMA4xDDAKBgNVBAMTA0lEMzCB8DCBpwYFKw4DAhsw"
- + "gZ0CQQEkJRHP+mN7d8miwTMN55CUSmo3TO8WGCxgY61TX5k+7NU4XPf1TULj"
- + "w3GobwaJX13kquPhfVXk+gVy46n4Iw3hAhUBSe/QF4BUj+pJOF9ROBM4u+FE"
- + "WA8CQQD4mSJbrABjTUWrlnAte8pS22Tq4/FPO7jHSqjijUHfXKTrHL1OEqV3"
- + "SVWcFy5j/cqBgX/zm8Q12PFp/PjOhh+nA0QAAkEAkYkXLYMtGVGWj9OnzjPn"
- + "sB9sefSRPrVegZJCZbpW+Iv0/1RP1u04pHG9vtRpIQLjzUiWvLMU9EKQTThc"
- + "eNMmWDCBpwYFKw4DAhswgZ0CQQEkJRHP+mN7d8miwTMN55CUSmo3TO8WGCxg"
- + "Y61TX5k+7NU4XPf1TULjw3GobwaJX13kquPhfVXk+gVy46n4Iw3hAhUBSe/Q"
- + "F4BUj+pJOF9ROBM4u+FEWA8CQQD4mSJbrABjTUWrlnAte8pS22Tq4/FPO7jH"
- + "SqjijUHfXKTrHL1OEqV3SVWcFy5j/cqBgX/zm8Q12PFp/PjOhh+nAy8AMCwC"
- + "FBY3dBSdeprGcqpr6wr3xbG+6WW+AhRMm/facKJNxkT3iKgJbp7R8Xd3QTGC"
- + "AWEwggFdAgEBMBMwDjEMMAoGA1UEAxMDSUQzAgEAMAkGBSsOAwIaBQCgXTAY"
- + "BgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wMjA1"
- + "MjQyMzEzMDdaMCMGCSqGSIb3DQEJBDEWBBS4WMsoJhf7CVbZYCFcjoTRzPkJ"
- + "xjCBpwYFKw4DAhswgZ0CQQEkJRHP+mN7d8miwTMN55CUSmo3TO8WGCxgY61T"
- + "X5k+7NU4XPf1TULjw3GobwaJX13kquPhfVXk+gVy46n4Iw3hAhUBSe/QF4BU"
- + "j+pJOF9ROBM4u+FEWA8CQQD4mSJbrABjTUWrlnAte8pS22Tq4/FPO7jHSqji"
- + "jUHfXKTrHL1OEqV3SVWcFy5j/cqBgX/zm8Q12PFp/PjOhh+nBC8wLQIVALID"
- + "dt+MHwawrDrwsO1Z6sXBaaJsAhRaKssrpevmLkbygKPV07XiAKBG02Zvb2Jh"
- + "cg==");
-
- //
- // testcrl.pem
- //
- byte[] crl1 = Base64.decode(
- "MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT"
- + "F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy"
- + "IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw"
- + "MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw"
- + "MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw"
- + "MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw"
- + "MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw"
- + "MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw"
- + "MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw"
- + "NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw"
- + "NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF"
- + "AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ"
- + "wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt"
- + "JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v");
-
- //
- // ecdsa cert with extra octet string.
- //
- byte[] oldEcdsa = Base64.decode(
- "MIICljCCAkCgAwIBAgIBATALBgcqhkjOPQQBBQAwgY8xCzAJBgNVBAYTAkFVMSgwJ"
- + "gYDVQQKEx9UaGUgTGVnaW9uIG9mIHRoZSBCb3VuY3kgQ2FzdGxlMRIwEAYDVQQHEw"
- + "lNZWxib3VybmUxETAPBgNVBAgTCFZpY3RvcmlhMS8wLQYJKoZIhvcNAQkBFiBmZWV"
- + "kYmFjay1jcnlwdG9AYm91bmN5Y2FzdGxlLm9yZzAeFw0wMTEyMDcwMTAwMDRaFw0w"
- + "MTEyMDcwMTAxNDRaMIGPMQswCQYDVQQGEwJBVTEoMCYGA1UEChMfVGhlIExlZ2lvb"
- + "iBvZiB0aGUgQm91bmN5IENhc3RsZTESMBAGA1UEBxMJTWVsYm91cm5lMREwDwYDVQ"
- + "QIEwhWaWN0b3JpYTEvMC0GCSqGSIb3DQEJARYgZmVlZGJhY2stY3J5cHRvQGJvdW5"
- + "jeWNhc3RsZS5vcmcwgeQwgb0GByqGSM49AgEwgbECAQEwKQYHKoZIzj0BAQIef///"
- + "////////////f///////gAAAAAAAf///////MEAEHn///////////////3///////"
- + "4AAAAAAAH///////AQeawFsO9zxiUHQ1lSSFHXKcanbL7J9HTd5YYXClCwKBB8CD/"
- + "qWPNyogWzMM7hkK+35BcPTWFc9Pyf7vTs8uaqvAh5///////////////9///+eXpq"
- + "fXZBx+9FSJoiQnQsDIgAEHwJbbcU7xholSP+w9nFHLebJUhqdLSU05lq/y9X+DHAw"
- + "CwYHKoZIzj0EAQUAA0MAMEACHnz6t4UNoVROp74ma4XNDjjGcjaqiIWPZLK8Bdw3G"
- + "QIeLZ4j3a6ividZl344UH+UPUE7xJxlYGuy7ejTsqRR");
-
- byte[] uncompressedPtEC = Base64.decode(
- "MIIDKzCCAsGgAwIBAgICA+kwCwYHKoZIzj0EAQUAMGYxCzAJBgNVBAYTAkpQ"
- + "MRUwEwYDVQQKEwxuaXRlY2guYWMuanAxDjAMBgNVBAsTBWFpbGFiMQ8wDQYD"
- + "VQQDEwZ0ZXN0Y2ExHzAdBgkqhkiG9w0BCQEWEHRlc3RjYUBsb2NhbGhvc3Qw"
- + "HhcNMDExMDEzMTE1MzE3WhcNMjAxMjEyMTE1MzE3WjBmMQswCQYDVQQGEwJK"
- + "UDEVMBMGA1UEChMMbml0ZWNoLmFjLmpwMQ4wDAYDVQQLEwVhaWxhYjEPMA0G"
- + "A1UEAxMGdGVzdGNhMR8wHQYJKoZIhvcNAQkBFhB0ZXN0Y2FAbG9jYWxob3N0"
- + "MIIBczCCARsGByqGSM49AgEwggEOAgEBMDMGByqGSM49AQECKEdYWnajFmnZ"
- + "tzrukK2XWdle2v+GsD9l1ZiR6g7ozQDbhFH/bBiMDQcwVAQoJ5EQKrI54/CT"
- + "xOQ2pMsd/fsXD+EX8YREd8bKHWiLz8lIVdD5cBNeVwQoMKSc6HfI7vKZp8Q2"
- + "zWgIFOarx1GQoWJbMcSt188xsl30ncJuJT2OoARRBAqJ4fD+q6hbqgNSjTQ7"
- + "htle1KO3eiaZgcJ8rrnyN8P+5A8+5K+H9aQ/NbBR4Gs7yto5PXIUZEUgodHA"
- + "TZMSAcSq5ZYt4KbnSYaLY0TtH9CqAigEwZ+hglbT21B7ZTzYX2xj0x+qooJD"
- + "hVTLtIPaYJK2HrMPxTw6/zfrAgEPA1IABAnvfFcFDgD/JicwBGn6vR3N8MIn"
- + "mptZf/mnJ1y649uCF60zOgdwIyI7pVSxBFsJ7ohqXEHW0x7LrGVkdSEiipiH"
- + "LYslqh3xrqbAgPbl93GUo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB"
- + "/wQEAwIBxjAdBgNVHQ4EFgQUAEo62Xm9H6DcsE0zUDTza4BRG90wCwYHKoZI"
- + "zj0EAQUAA1cAMFQCKAQsCHHSNOqfJXLgt3bg5+k49hIBGVr/bfG0B9JU3rNt"
- + "Ycl9Y2zfRPUCKAK2ccOQXByAWfsasDu8zKHxkZv7LVDTFjAIffz3HaCQeVhD"
- + "z+fauEg=");
-
- byte[] keyUsage = Base64.decode(
- "MIIE7TCCBFagAwIBAgIEOAOR7jANBgkqhkiG9w0BAQQFADCByTELMAkGA1UE"
- + "BhMCVVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MUgwRgYDVQQLFD93d3cuZW50"
- + "cnVzdC5uZXQvQ2xpZW50X0NBX0luZm8vQ1BTIGluY29ycC4gYnkgcmVmLiBs"
- + "aW1pdHMgbGlhYi4xJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExp"
- + "bWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENsaWVudCBDZXJ0aWZpY2F0"
- + "aW9uIEF1dGhvcml0eTAeFw05OTEwMTIxOTI0MzBaFw0xOTEwMTIxOTU0MzBa"
- + "MIHJMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxSDBGBgNV"
- + "BAsUP3d3dy5lbnRydXN0Lm5ldC9DbGllbnRfQ0FfSW5mby9DUFMgaW5jb3Jw"
- + "LiBieSByZWYuIGxpbWl0cyBsaWFiLjElMCMGA1UECxMcKGMpIDE5OTkgRW50"
- + "cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQgQ2xpZW50"
- + "IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUAA4GL"
- + "ADCBhwKBgQDIOpleMRffrCdvkHvkGf9FozTC28GoT/Bo6oT9n3V5z8GKUZSv"
- + "x1cDR2SerYIbWtp/N3hHuzeYEpbOxhN979IMMFGpOZ5V+Pux5zDeg7K6PvHV"
- + "iTs7hbqqdCz+PzFur5GVbgbUB01LLFZHGARS2g4Qk79jkJvh34zmAqTmT173"
- + "iwIBA6OCAeAwggHcMBEGCWCGSAGG+EIBAQQEAwIABzCCASIGA1UdHwSCARkw"
- + "ggEVMIHkoIHhoIHepIHbMIHYMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50"
- + "cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9DbGllbnRfQ0Ff"
- + "SW5mby9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjElMCMGA1UE"
- + "CxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50"
- + "cnVzdC5uZXQgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MQ0wCwYD"
- + "VQQDEwRDUkwxMCygKqAohiZodHRwOi8vd3d3LmVudHJ1c3QubmV0L0NSTC9D"
- + "bGllbnQxLmNybDArBgNVHRAEJDAigA8xOTk5MTAxMjE5MjQzMFqBDzIwMTkx"
- + "MDEyMTkyNDMwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUxPucKXuXzUyW"
- + "/O5bs8qZdIuV6kwwHQYDVR0OBBYEFMT7nCl7l81MlvzuW7PKmXSLlepMMAwG"
- + "A1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI"
- + "hvcNAQEEBQADgYEAP66K8ddmAwWePvrqHEa7pFuPeJoSSJn59DXeDDYHAmsQ"
- + "OokUgZwxpnyyQbJq5wcBoUv5nyU7lsqZwz6hURzzwy5E97BnRqqS5TvaHBkU"
- + "ODDV4qIxJS7x7EU47fgGWANzYrAQMY9Av2TgXD7FTx/aEkP/TOYGJqibGapE"
- + "PHayXOw=");
-
- byte[] nameCert = Base64.decode(
- "MIIEFjCCA3+gAwIBAgIEdS8BozANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJE"+
- "RTERMA8GA1UEChQIREFURVYgZUcxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRQ0Eg"+
- "REFURVYgRDAzIDE6UE4wIhgPMjAwMTA1MTAxMDIyNDhaGA8yMDA0MDUwOTEwMjI0"+
- "OFowgYQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIFAZCYXllcm4xEjAQBgNVBAcUCU7I"+
- "dXJuYmVyZzERMA8GA1UEChQIREFURVYgZUcxHTAbBgNVBAUTFDAwMDAwMDAwMDA4"+
- "OTU3NDM2MDAxMR4wHAYDVQQDFBVEaWV0bWFyIFNlbmdlbmxlaXRuZXIwgaEwDQYJ"+
- "KoZIhvcNAQEBBQADgY8AMIGLAoGBAJLI/LJLKaHoMk8fBECW/od8u5erZi6jI8Ug"+
- "C0a/LZyQUO/R20vWJs6GrClQtXB+AtfiBSnyZOSYzOdfDI8yEKPEv8qSuUPpOHps"+
- "uNCFdLZF1vavVYGEEWs2+y+uuPmg8q1oPRyRmUZ+x9HrDvCXJraaDfTEd9olmB/Z"+
- "AuC/PqpjAgUAwAAAAaOCAcYwggHCMAwGA1UdEwEB/wQCMAAwDwYDVR0PAQH/BAUD"+
- "AwdAADAxBgNVHSAEKjAoMCYGBSskCAEBMB0wGwYIKwYBBQUHAgEWD3d3dy56cy5k"+
- "YXRldi5kZTApBgNVHREEIjAggR5kaWV0bWFyLnNlbmdlbmxlaXRuZXJAZGF0ZXYu"+
- "ZGUwgYQGA1UdIwR9MHuhc6RxMG8xCzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1"+
- "bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0"+
- "MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjVSLUNBIDE6UE6CBACm8LkwDgYHAoIG"+
- "AQoMAAQDAQEAMEcGA1UdHwRAMD4wPKAUoBKGEHd3dy5jcmwuZGF0ZXYuZGWiJKQi"+
- "MCAxCzAJBgNVBAYTAkRFMREwDwYDVQQKFAhEQVRFViBlRzAWBgUrJAgDBAQNMAsT"+
- "A0VVUgIBBQIBATAdBgNVHQ4EFgQUfv6xFP0xk7027folhy+ziZvBJiwwLAYIKwYB"+
- "BQUHAQEEIDAeMBwGCCsGAQUFBzABhhB3d3cuZGlyLmRhdGV2LmRlMA0GCSqGSIb3"+
- "DQEBBQUAA4GBAEOVX6uQxbgtKzdgbTi6YLffMftFr2mmNwch7qzpM5gxcynzgVkg"+
- "pnQcDNlm5AIbS6pO8jTCLfCd5TZ5biQksBErqmesIl3QD+VqtB+RNghxectZ3VEs"+
- "nCUtcE7tJ8O14qwCb3TxS9dvIUFiVi4DjbxX46TdcTbTaK8/qr6AIf+l");
-
- byte[] probSelfSignedCert = Base64.decode(
- "MIICxTCCAi6gAwIBAgIQAQAAAAAAAAAAAAAAAAAAATANBgkqhkiG9w0BAQUFADBF"
- + "MScwJQYDVQQKEx4gRElSRUNUSU9OIEdFTkVSQUxFIERFUyBJTVBPVFMxGjAYBgNV"
- + "BAMTESBBQyBNSU5FRkkgQiBURVNUMB4XDTA0MDUwNzEyMDAwMFoXDTE0MDUwNzEy"
- + "MDAwMFowRTEnMCUGA1UEChMeIERJUkVDVElPTiBHRU5FUkFMRSBERVMgSU1QT1RT"
- + "MRowGAYDVQQDExEgQUMgTUlORUZJIEIgVEVTVDCBnzANBgkqhkiG9w0BAQEFAAOB"
- + "jQAwgYkCgYEAveoCUOAukZdcFCs2qJk76vSqEX0ZFzHqQ6faBPZWjwkgUNwZ6m6m"
- + "qWvvyq1cuxhoDvpfC6NXILETawYc6MNwwxsOtVVIjuXlcF17NMejljJafbPximEt"
- + "DQ4LcQeSp4K7FyFlIAMLyt3BQ77emGzU5fjFTvHSUNb3jblx0sV28c0CAwEAAaOB"
- + "tTCBsjAfBgNVHSMEGDAWgBSEJ4bLbvEQY8cYMAFKPFD1/fFXlzAdBgNVHQ4EFgQU"
- + "hCeGy27xEGPHGDABSjxQ9f3xV5cwDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIB"
- + "AQQEAwIBBjA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vYWRvbmlzLnBrNy5jZXJ0"
- + "cGx1cy5uZXQvZGdpLXRlc3QuY3JsMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN"
- + "AQEFBQADgYEAmToHJWjd3+4zknfsP09H6uMbolHNGG0zTS2lrLKpzcmkQfjhQpT9"
- + "LUTBvfs1jdjo9fGmQLvOG+Sm51Rbjglb8bcikVI5gLbclOlvqLkm77otjl4U4Z2/"
- + "Y0vP14Aov3Sn3k+17EfReYUZI4liuB95ncobC4e8ZM++LjQcIM0s+Vs=");
-
-
- byte[] gost34102001base = Base64.decode(
- "MIIB1DCCAYECEEjpVKXP6Wn1yVz3VeeDQa8wCgYGKoUDAgIDBQAwbTEfMB0G"
- + "A1UEAwwWR29zdFIzNDEwLTIwMDEgZXhhbXBsZTESMBAGA1UECgwJQ3J5cHRv"
- + "UHJvMQswCQYDVQQGEwJSVTEpMCcGCSqGSIb3DQEJARYaR29zdFIzNDEwLTIw"
- + "MDFAZXhhbXBsZS5jb20wHhcNMDUwMjAzMTUxNjQ2WhcNMTUwMjAzMTUxNjQ2"
- + "WjBtMR8wHQYDVQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQK"
- + "DAlDcnlwdG9Qcm8xCzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0"
- + "UjM0MTAtMjAwMUBleGFtcGxlLmNvbTBjMBwGBiqFAwICEzASBgcqhQMCAiQA"
- + "BgcqhQMCAh4BA0MABECElWh1YAIaQHUIzROMMYks/eUFA3pDXPRtKw/nTzJ+"
- + "V4/rzBa5lYgD0Jp8ha4P5I3qprt+VsfLsN8PZrzK6hpgMAoGBiqFAwICAwUA"
- + "A0EAHw5dw/aw/OiNvHyOE65kvyo4Hp0sfz3csM6UUkp10VO247ofNJK3tsLb"
- + "HOLjUaqzefrlGb11WpHYrvWFg+FcLA==");
-
- byte[] gost341094base = Base64.decode(
- "MIICDzCCAbwCEBcxKsIb0ghYvAQeUjfQdFAwCgYGKoUDAgIEBQAwaTEdMBsG"
- + "A1UEAwwUR29zdFIzNDEwLTk0IGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1By"
- + "bzELMAkGA1UEBhMCUlUxJzAlBgkqhkiG9w0BCQEWGEdvc3RSMzQxMC05NEBl"
- + "eGFtcGxlLmNvbTAeFw0wNTAyMDMxNTE2NTFaFw0xNTAyMDMxNTE2NTFaMGkx"
- + "HTAbBgNVBAMMFEdvc3RSMzQxMC05NCBleGFtcGxlMRIwEAYDVQQKDAlDcnlw"
- + "dG9Qcm8xCzAJBgNVBAYTAlJVMScwJQYJKoZIhvcNAQkBFhhHb3N0UjM0MTAt"
- + "OTRAZXhhbXBsZS5jb20wgaUwHAYGKoUDAgIUMBIGByqFAwICIAIGByqFAwIC"
- + "HgEDgYQABIGAu4Rm4XmeWzTYLIB/E6gZZnFX/oxUJSFHbzALJ3dGmMb7R1W+"
- + "t7Lzk2w5tUI3JoTiDRCKJA4fDEJNKzsRK6i/ZjkyXJSLwaj+G2MS9gklh8x1"
- + "G/TliYoJgmjTXHemD7aQEBON4z58nJHWrA0ILD54wbXCtrcaqCqLRYGTMjJ2"
- + "+nswCgYGKoUDAgIEBQADQQBxKNhOmjgz/i5CEgLOyKyz9pFGkDcaymsWYQWV"
- + "v7CZ0pTM8IzMzkUBW3GHsUjCFpanFZDfg2zuN+3kT+694n9B");
-
- byte[] gost341094A = Base64.decode(
- "MIICSDCCAfWgAwIBAgIBATAKBgYqhQMCAgQFADCBgTEXMBUGA1UEAxMOZGVmYXVsdDM0MTAtOTQx"
- + "DTALBgNVBAoTBERpZ3QxDzANBgNVBAsTBkNyeXB0bzEOMAwGA1UEBxMFWS1vbGExDDAKBgNVBAgT"
- + "A01FTDELMAkGA1UEBhMCcnUxGzAZBgkqhkiG9w0BCQEWDHRlc3RAdGVzdC5ydTAeFw0wNTAzMjkx"
- + "MzExNTdaFw0wNjAzMjkxMzExNTdaMIGBMRcwFQYDVQQDEw5kZWZhdWx0MzQxMC05NDENMAsGA1UE"
- + "ChMERGlndDEPMA0GA1UECxMGQ3J5cHRvMQ4wDAYDVQQHEwVZLW9sYTEMMAoGA1UECBMDTUVMMQsw"
- + "CQYDVQQGEwJydTEbMBkGCSqGSIb3DQEJARYMdGVzdEB0ZXN0LnJ1MIGlMBwGBiqFAwICFDASBgcq"
- + "hQMCAiACBgcqhQMCAh4BA4GEAASBgIQACDLEuxSdRDGgdZxHmy30g/DUYkRxO9Mi/uSHX5NjvZ31"
- + "b7JMEMFqBtyhql1HC5xZfUwZ0aT3UnEFDfFjLP+Bf54gA+LPkQXw4SNNGOj+klnqgKlPvoqMGlwa"
- + "+hLPKbS561WpvB2XSTgbV+pqqXR3j6j30STmybelEV3RdS2Now8wDTALBgNVHQ8EBAMCB4AwCgYG"
- + "KoUDAgIEBQADQQBCFy7xWRXtNVXflKvDs0pBdBuPzjCMeZAXVxK8vUxsxxKu76d9CsvhgIFknFRi"
- + "wWTPiZenvNoJ4R1uzeX+vREm");
-
- byte[] gost341094B = Base64.decode(
- "MIICSDCCAfWgAwIBAgIBATAKBgYqhQMCAgQFADCBgTEXMBUGA1UEAxMOcGFyYW0xLTM0MTAtOTQx"
- + "DTALBgNVBAoTBERpZ3QxDzANBgNVBAsTBkNyeXB0bzEOMAwGA1UEBxMFWS1PbGExDDAKBgNVBAgT"
- + "A01lbDELMAkGA1UEBhMCcnUxGzAZBgkqhkiG9w0BCQEWDHRlc3RAdGVzdC5ydTAeFw0wNTAzMjkx"
- + "MzEzNTZaFw0wNjAzMjkxMzEzNTZaMIGBMRcwFQYDVQQDEw5wYXJhbTEtMzQxMC05NDENMAsGA1UE"
- + "ChMERGlndDEPMA0GA1UECxMGQ3J5cHRvMQ4wDAYDVQQHEwVZLU9sYTEMMAoGA1UECBMDTWVsMQsw"
- + "CQYDVQQGEwJydTEbMBkGCSqGSIb3DQEJARYMdGVzdEB0ZXN0LnJ1MIGlMBwGBiqFAwICFDASBgcq"
- + "hQMCAiADBgcqhQMCAh4BA4GEAASBgEa+AAcZmijWs1M9x5Pn9efE8D9ztG1NMoIt0/hNZNqln3+j"
- + "lMZjyqPt+kTLIjtmvz9BRDmIDk6FZz+4LhG2OTL7yGpWfrMxMRr56nxomTN9aLWRqbyWmn3brz9Y"
- + "AUD3ifnwjjIuW7UM84JNlDTOdxx0XRUfLQIPMCXe9cO02Xskow8wDTALBgNVHQ8EBAMCB4AwCgYG"
- + "KoUDAgIEBQADQQBzFcnuYc/639OTW+L5Ecjw9KxGr+dwex7lsS9S1BUgKa3m1d5c+cqI0B2XUFi5"
- + "4iaHHJG0dCyjtQYLJr0OZjRw");
-
- byte[] gost34102001A = Base64.decode(
- "MIICCzCCAbigAwIBAgIBATAKBgYqhQMCAgMFADCBhDEaMBgGA1UEAxMRZGVmYXVsdC0zNDEwLTIw"
- + "MDExDTALBgNVBAoTBERpZ3QxDzANBgNVBAsTBkNyeXB0bzEOMAwGA1UEBxMFWS1PbGExDDAKBgNV"
- + "BAgTA01lbDELMAkGA1UEBhMCcnUxGzAZBgkqhkiG9w0BCQEWDHRlc3RAdGVzdC5ydTAeFw0wNTAz"
- + "MjkxMzE4MzFaFw0wNjAzMjkxMzE4MzFaMIGEMRowGAYDVQQDExFkZWZhdWx0LTM0MTAtMjAwMTEN"
- + "MAsGA1UEChMERGlndDEPMA0GA1UECxMGQ3J5cHRvMQ4wDAYDVQQHEwVZLU9sYTEMMAoGA1UECBMD"
- + "TWVsMQswCQYDVQQGEwJydTEbMBkGCSqGSIb3DQEJARYMdGVzdEB0ZXN0LnJ1MGMwHAYGKoUDAgIT"
- + "MBIGByqFAwICIwEGByqFAwICHgEDQwAEQG/4c+ZWb10IpeHfmR+vKcbpmSOClJioYmCVgnojw0Xn"
- + "ned0KTg7TJreRUc+VX7vca4hLQaZ1o/TxVtfEApK/O6jDzANMAsGA1UdDwQEAwIHgDAKBgYqhQMC"
- + "AgMFAANBAN8y2b6HuIdkD3aWujpfQbS1VIA/7hro4vLgDhjgVmev/PLzFB8oTh3gKhExpDo82IEs"
- + "ZftGNsbbyp1NFg7zda0=");
-
- byte[] gostCA1 = Base64.decode(
- "MIIDNDCCAuGgAwIBAgIQZLcKDcWcQopF+jp4p9jylDAKBgYqhQMCAgQFADBm"
- + "MQswCQYDVQQGEwJSVTEPMA0GA1UEBxMGTW9zY293MRcwFQYDVQQKEw5PT08g"
- + "Q3J5cHRvLVBybzEUMBIGA1UECxMLRGV2ZWxvcG1lbnQxFzAVBgNVBAMTDkNQ"
- + "IENTUCBUZXN0IENBMB4XDTAyMDYwOTE1NTIyM1oXDTA5MDYwOTE1NTkyOVow"
- + "ZjELMAkGA1UEBhMCUlUxDzANBgNVBAcTBk1vc2NvdzEXMBUGA1UEChMOT09P"
- + "IENyeXB0by1Qcm8xFDASBgNVBAsTC0RldmVsb3BtZW50MRcwFQYDVQQDEw5D"
- + "UCBDU1AgVGVzdCBDQTCBpTAcBgYqhQMCAhQwEgYHKoUDAgIgAgYHKoUDAgIe"
- + "AQOBhAAEgYAYglywKuz1nMc9UiBYOaulKy53jXnrqxZKbCCBSVaJ+aCKbsQm"
- + "glhRFrw6Mwu8Cdeabo/ojmea7UDMZd0U2xhZFRti5EQ7OP6YpqD0alllo7za"
- + "4dZNXdX+/ag6fOORSLFdMpVx5ganU0wHMPk67j+audnCPUj/plbeyccgcdcd"
- + "WaOCASIwggEeMAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud"
- + "DgQWBBTe840gTo4zt2twHilw3PD9wJaX0TCBygYDVR0fBIHCMIG/MDygOqA4"
- + "hjYtaHR0cDovL2ZpZXdhbGwvQ2VydEVucm9sbC9DUCUyMENTUCUyMFRlc3Ql"
- + "MjBDQSgzKS5jcmwwRKBCoECGPmh0dHA6Ly93d3cuY3J5cHRvcHJvLnJ1L0Nl"
- + "cnRFbnJvbGwvQ1AlMjBDU1AlMjBUZXN0JTIwQ0EoMykuY3JsMDmgN6A1hjMt"
- + "ZmlsZTovL1xcZmlld2FsbFxDZXJ0RW5yb2xsXENQIENTUCBUZXN0IENBKDMp"
- + "LmNybC8wEgYJKwYBBAGCNxUBBAUCAwMAAzAKBgYqhQMCAgQFAANBAIJi7ni7"
- + "9rwMR5rRGTFftt2k70GbqyUEfkZYOzrgdOoKiB4IIsIstyBX0/ne6GsL9Xan"
- + "G2IN96RB7KrowEHeW+k=");
-
- byte[] gostCA2 = Base64.decode(
- "MIIC2DCCAoWgAwIBAgIQe9ZCugm42pRKNcHD8466zTAKBgYqhQMCAgMFADB+"
- + "MRowGAYJKoZIhvcNAQkBFgtzYmFAZGlndC5ydTELMAkGA1UEBhMCUlUxDDAK"
- + "BgNVBAgTA01FTDEUMBIGA1UEBxMLWW9zaGthci1PbGExDTALBgNVBAoTBERp"
- + "Z3QxDzANBgNVBAsTBkNyeXB0bzEPMA0GA1UEAxMGc2JhLUNBMB4XDTA0MDgw"
- + "MzEzMzE1OVoXDTE0MDgwMzEzNDAxMVowfjEaMBgGCSqGSIb3DQEJARYLc2Jh"
- + "QGRpZ3QucnUxCzAJBgNVBAYTAlJVMQwwCgYDVQQIEwNNRUwxFDASBgNVBAcT"
- + "C1lvc2hrYXItT2xhMQ0wCwYDVQQKEwREaWd0MQ8wDQYDVQQLEwZDcnlwdG8x"
- + "DzANBgNVBAMTBnNiYS1DQTBjMBwGBiqFAwICEzASBgcqhQMCAiMBBgcqhQMC"
- + "Ah4BA0MABEDMSy10CuOH+i8QKG2UWA4XmCt6+BFrNTZQtS6bOalyDY8Lz+G7"
- + "HybyipE3PqdTB4OIKAAPsEEeZOCZd2UXGQm5o4HaMIHXMBMGCSsGAQQBgjcU"
- + "AgQGHgQAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud"
- + "DgQWBBRJJl3LcNMxkZI818STfoi3ng1xoDBxBgNVHR8EajBoMDGgL6Athito"
- + "dHRwOi8vc2JhLmRpZ3QubG9jYWwvQ2VydEVucm9sbC9zYmEtQ0EuY3JsMDOg"
- + "MaAvhi1maWxlOi8vXFxzYmEuZGlndC5sb2NhbFxDZXJ0RW5yb2xsXHNiYS1D"
- + "QS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwCgYGKoUDAgIDBQADQQA+BRJHbc/p"
- + "q8EYl6iJqXCuR+ozRmH7hPAP3c4KqYSC38TClCgBloLapx/3/WdatctFJW/L"
- + "mcTovpq088927shE");
-
- byte[] inDirectCrl = Base64.decode(
- "MIIdXjCCHMcCAQEwDQYJKoZIhvcNAQEFBQAwdDELMAkGA1UEBhMCREUxHDAaBgNV"
- +"BAoUE0RldXRzY2hlIFRlbGVrb20gQUcxFzAVBgNVBAsUDlQtVGVsZVNlYyBUZXN0"
- +"MS4wDAYHAoIGAQoHFBMBMTAeBgNVBAMUF1QtVGVsZVNlYyBUZXN0IERJUiA4OlBO"
- +"Fw0wNjA4MDQwODQ1MTRaFw0wNjA4MDQxNDQ1MTRaMIIbfzB+AgQvrj/pFw0wMzA3"
- +"MjIwNTQxMjhaMGcwZQYDVR0dAQH/BFswWaRXMFUxCzAJBgNVBAYTAkRFMRwwGgYD"
- +"VQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMU"
- +"EVNpZ0cgVGVzdCBDQSA0OlBOMH4CBC+uP+oXDTAzMDcyMjA1NDEyOFowZzBlBgNV"
- +"HR0BAf8EWzBZpFcwVTELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRl"
- +"bGVrb20gQUcxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBUZXN0IENBIDQ6"
- +"UE4wfgIEL64/5xcNMDQwNDA1MTMxODE3WjBnMGUGA1UdHQEB/wRbMFmkVzBVMQsw"
- +"CQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzEoMAwGBwKC"
- +"BgEKBxQTATEwGAYDVQQDFBFTaWdHIFRlc3QgQ0EgNDpQTjB+AgQvrj/oFw0wNDA0"
- +"MDUxMzE4MTdaMGcwZQYDVR0dAQH/BFswWaRXMFUxCzAJBgNVBAYTAkRFMRwwGgYD"
- +"VQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMU"
- +"EVNpZ0cgVGVzdCBDQSA0OlBOMH4CBC+uP+UXDTAzMDExMzExMTgxMVowZzBlBgNV"
- +"HR0BAf8EWzBZpFcwVTELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRl"
- +"bGVrb20gQUcxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBUZXN0IENBIDQ6"
- +"UE4wfgIEL64/5hcNMDMwMTEzMTExODExWjBnMGUGA1UdHQEB/wRbMFmkVzBVMQsw"
- +"CQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzEoMAwGBwKC"
- +"BgEKBxQTATEwGAYDVQQDFBFTaWdHIFRlc3QgQ0EgNDpQTjB+AgQvrj/jFw0wMzAx"
- +"MTMxMTI2NTZaMGcwZQYDVR0dAQH/BFswWaRXMFUxCzAJBgNVBAYTAkRFMRwwGgYD"
- +"VQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMU"
- +"EVNpZ0cgVGVzdCBDQSA0OlBOMH4CBC+uP+QXDTAzMDExMzExMjY1NlowZzBlBgNV"
- +"HR0BAf8EWzBZpFcwVTELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRl"
- +"bGVrb20gQUcxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBUZXN0IENBIDQ6"
- +"UE4wfgIEL64/4hcNMDQwNzEzMDc1ODM4WjBnMGUGA1UdHQEB/wRbMFmkVzBVMQsw"
- +"CQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzEoMAwGBwKC"
- +"BgEKBxQTATEwGAYDVQQDFBFTaWdHIFRlc3QgQ0EgNDpQTjB+AgQvrj/eFw0wMzAy"
- +"MTcwNjMzMjVaMGcwZQYDVR0dAQH/BFswWaRXMFUxCzAJBgNVBAYTAkRFMRwwGgYD"
- +"VQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMU"
- +"EVNpZ0cgVGVzdCBDQSA0OlBOMH4CBC+uP98XDTAzMDIxNzA2MzMyNVowZzBlBgNV"
- +"HR0BAf8EWzBZpFcwVTELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRl"
- +"bGVrb20gQUcxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBUZXN0IENBIDQ6"
- +"UE4wfgIEL64/0xcNMDMwMjE3MDYzMzI1WjBnMGUGA1UdHQEB/wRbMFmkVzBVMQsw"
- +"CQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzEoMAwGBwKC"
- +"BgEKBxQTATEwGAYDVQQDFBFTaWdHIFRlc3QgQ0EgNDpQTjB+AgQvrj/dFw0wMzAx"
- +"MTMxMTI4MTRaMGcwZQYDVR0dAQH/BFswWaRXMFUxCzAJBgNVBAYTAkRFMRwwGgYD"
- +"VQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMU"
- +"EVNpZ0cgVGVzdCBDQSA0OlBOMH4CBC+uP9cXDTAzMDExMzExMjcwN1owZzBlBgNV"
- +"HR0BAf8EWzBZpFcwVTELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRl"
- +"bGVrb20gQUcxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBUZXN0IENBIDQ6"
- +"UE4wfgIEL64/2BcNMDMwMTEzMTEyNzA3WjBnMGUGA1UdHQEB/wRbMFmkVzBVMQsw"
- +"CQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzEoMAwGBwKC"
- +"BgEKBxQTATEwGAYDVQQDFBFTaWdHIFRlc3QgQ0EgNDpQTjB+AgQvrj/VFw0wMzA0"
- +"MzAxMjI3NTNaMGcwZQYDVR0dAQH/BFswWaRXMFUxCzAJBgNVBAYTAkRFMRwwGgYD"
- +"VQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMU"
- +"EVNpZ0cgVGVzdCBDQSA0OlBOMH4CBC+uP9YXDTAzMDQzMDEyMjc1M1owZzBlBgNV"
- +"HR0BAf8EWzBZpFcwVTELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRl"
- +"bGVrb20gQUcxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBUZXN0IENBIDQ6"
- +"UE4wfgIEL64/xhcNMDMwMjEyMTM0NTQwWjBnMGUGA1UdHQEB/wRbMFmkVzBVMQsw"
- +"CQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzEoMAwGBwKC"
- +"BgEKBxQTATEwGAYDVQQDFBFUVEMgVGVzdCBDQSAxMTpQTjCBkAIEL64/xRcNMDMw"
- +"MjEyMTM0NTQwWjB5MHcGA1UdHQEB/wRtMGukaTBnMQswCQYDVQQGEwJERTEcMBoG"
- +"A1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzEQMA4GA1UECxQHVGVsZVNlYzEoMAwG"
- +"BwKCBgEKBxQTATEwGAYDVQQDFBFTaWdHIFRlc3QgQ0EgNTpQTjB+AgQvrj/CFw0w"
- +"MzAyMTIxMzA5MTZaMGcwZQYDVR0dAQH/BFswWaRXMFUxCzAJBgNVBAYTAkRFMRww"
- +"GgYDVQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMSgwDAYHAoIGAQoHFBMBMTAYBgNV"
- +"BAMUEVRUQyBUZXN0IENBIDExOlBOMIGQAgQvrj/BFw0wMzAyMTIxMzA4NDBaMHkw"
- +"dwYDVR0dAQH/BG0wa6RpMGcxCzAJBgNVBAYTAkRFMRwwGgYDVQQKFBNEZXV0c2No"
- +"ZSBUZWxla29tIEFHMRAwDgYDVQQLFAdUZWxlU2VjMSgwDAYHAoIGAQoHFBMBMTAY"
- +"BgNVBAMUEVNpZ0cgVGVzdCBDQSA1OlBOMH4CBC+uP74XDTAzMDIxNzA2MzcyNVow"
- +"ZzBlBgNVHR0BAf8EWzBZpFcwVTELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRz"
- +"Y2hlIFRlbGVrb20gQUcxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRVFRDIFRlc3Qg"
- +"Q0EgMTE6UE4wgZACBC+uP70XDTAzMDIxNzA2MzcyNVoweTB3BgNVHR0BAf8EbTBr"
- +"pGkwZzELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVrb20gQUcx"
- +"EDAOBgNVBAsUB1RlbGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBU"
- +"ZXN0IENBIDU6UE4wgZACBC+uP7AXDTAzMDIxMjEzMDg1OVoweTB3BgNVHR0BAf8E"
- +"bTBrpGkwZzELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVrb20g"
- +"QUcxEDAOBgNVBAsUB1RlbGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2ln"
- +"RyBUZXN0IENBIDU6UE4wgZACBC+uP68XDTAzMDIxNzA2MzcyNVoweTB3BgNVHR0B"
- +"Af8EbTBrpGkwZzELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVr"
- +"b20gQUcxEDAOBgNVBAsUB1RlbGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQR"
- +"U2lnRyBUZXN0IENBIDU6UE4wfgIEL64/kxcNMDMwNDEwMDUyNjI4WjBnMGUGA1Ud"
- +"HQEB/wRbMFmkVzBVMQswCQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVs"
- +"ZWtvbSBBRzEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFUVEMgVGVzdCBDQSAxMTpQ"
- +"TjCBkAIEL64/khcNMDMwNDEwMDUyNjI4WjB5MHcGA1UdHQEB/wRtMGukaTBnMQsw"
- +"CQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzEQMA4GA1UE"
- +"CxQHVGVsZVNlYzEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFTaWdHIFRlc3QgQ0Eg"
- +"NTpQTjB+AgQvrj8/Fw0wMzAyMjYxMTA0NDRaMGcwZQYDVR0dAQH/BFswWaRXMFUx"
- +"CzAJBgNVBAYTAkRFMRwwGgYDVQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMSgwDAYH"
- +"AoIGAQoHFBMBMTAYBgNVBAMUEVRUQyBUZXN0IENBIDExOlBOMIGQAgQvrj8+Fw0w"
- +"MzAyMjYxMTA0NDRaMHkwdwYDVR0dAQH/BG0wa6RpMGcxCzAJBgNVBAYTAkRFMRww"
- +"GgYDVQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMRAwDgYDVQQLFAdUZWxlU2VjMSgw"
- +"DAYHAoIGAQoHFBMBMTAYBgNVBAMUEVNpZ0cgVGVzdCBDQSA1OlBOMH4CBC+uPs0X"
- +"DTAzMDUyMDA1MjczNlowZzBlBgNVHR0BAf8EWzBZpFcwVTELMAkGA1UEBhMCREUx"
- +"HDAaBgNVBAoUE0RldXRzY2hlIFRlbGVrb20gQUcxKDAMBgcCggYBCgcUEwExMBgG"
- +"A1UEAxQRVFRDIFRlc3QgQ0EgMTE6UE4wgZACBC+uPswXDTAzMDUyMDA1MjczNlow"
- +"eTB3BgNVHR0BAf8EbTBrpGkwZzELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRz"
- +"Y2hlIFRlbGVrb20gQUcxEDAOBgNVBAsUB1RlbGVTZWMxKDAMBgcCggYBCgcUEwEx"
- +"MBgGA1UEAxQRU2lnRyBUZXN0IENBIDY6UE4wfgIEL64+PBcNMDMwNjE3MTAzNDE2"
- +"WjBnMGUGA1UdHQEB/wRbMFmkVzBVMQswCQYDVQQGEwJERTEcMBoGA1UEChQTRGV1"
- +"dHNjaGUgVGVsZWtvbSBBRzEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFUVEMgVGVz"
- +"dCBDQSAxMTpQTjCBkAIEL64+OxcNMDMwNjE3MTAzNDE2WjB5MHcGA1UdHQEB/wRt"
- +"MGukaTBnMQswCQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBB"
- +"RzEQMA4GA1UECxQHVGVsZVNlYzEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFTaWdH"
- +"IFRlc3QgQ0EgNjpQTjCBkAIEL64+OhcNMDMwNjE3MTAzNDE2WjB5MHcGA1UdHQEB"
- +"/wRtMGukaTBnMQswCQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtv"
- +"bSBBRzEQMA4GA1UECxQHVGVsZVNlYzEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFT"
- +"aWdHIFRlc3QgQ0EgNjpQTjB+AgQvrj45Fw0wMzA2MTcxMzAxMDBaMGcwZQYDVR0d"
- +"AQH/BFswWaRXMFUxCzAJBgNVBAYTAkRFMRwwGgYDVQQKFBNEZXV0c2NoZSBUZWxl"
- +"a29tIEFHMSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMUEVRUQyBUZXN0IENBIDExOlBO"
- +"MIGQAgQvrj44Fw0wMzA2MTcxMzAxMDBaMHkwdwYDVR0dAQH/BG0wa6RpMGcxCzAJ"
- +"BgNVBAYTAkRFMRwwGgYDVQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMRAwDgYDVQQL"
- +"FAdUZWxlU2VjMSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMUEVNpZ0cgVGVzdCBDQSA2"
- +"OlBOMIGQAgQvrj43Fw0wMzA2MTcxMzAxMDBaMHkwdwYDVR0dAQH/BG0wa6RpMGcx"
- +"CzAJBgNVBAYTAkRFMRwwGgYDVQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMRAwDgYD"
- +"VQQLFAdUZWxlU2VjMSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMUEVNpZ0cgVGVzdCBD"
- +"QSA2OlBOMIGQAgQvrj42Fw0wMzA2MTcxMzAxMDBaMHkwdwYDVR0dAQH/BG0wa6Rp"
- +"MGcxCzAJBgNVBAYTAkRFMRwwGgYDVQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMRAw"
- +"DgYDVQQLFAdUZWxlU2VjMSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMUEVNpZ0cgVGVz"
- +"dCBDQSA2OlBOMIGQAgQvrj4zFw0wMzA2MTcxMDM3NDlaMHkwdwYDVR0dAQH/BG0w"
- +"a6RpMGcxCzAJBgNVBAYTAkRFMRwwGgYDVQQKFBNEZXV0c2NoZSBUZWxla29tIEFH"
- +"MRAwDgYDVQQLFAdUZWxlU2VjMSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMUEVNpZ0cg"
- +"VGVzdCBDQSA2OlBOMH4CBC+uPjEXDTAzMDYxNzEwNDI1OFowZzBlBgNVHR0BAf8E"
- +"WzBZpFcwVTELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVrb20g"
- +"QUcxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRVFRDIFRlc3QgQ0EgMTE6UE4wgZAC"
- +"BC+uPjAXDTAzMDYxNzEwNDI1OFoweTB3BgNVHR0BAf8EbTBrpGkwZzELMAkGA1UE"
- +"BhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVrb20gQUcxEDAOBgNVBAsUB1Rl"
- +"bGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBUZXN0IENBIDY6UE4w"
- +"gZACBC+uPakXDTAzMTAyMjExMzIyNFoweTB3BgNVHR0BAf8EbTBrpGkwZzELMAkG"
- +"A1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVrb20gQUcxEDAOBgNVBAsU"
- +"B1RlbGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBUZXN0IENBIDY6"
- +"UE4wgZACBC+uPLIXDTA1MDMxMTA2NDQyNFoweTB3BgNVHR0BAf8EbTBrpGkwZzEL"
- +"MAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVrb20gQUcxEDAOBgNV"
- +"BAsUB1RlbGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBUZXN0IENB"
- +"IDY6UE4wgZACBC+uPKsXDTA0MDQwMjA3NTQ1M1oweTB3BgNVHR0BAf8EbTBrpGkw"
- +"ZzELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVrb20gQUcxEDAO"
- +"BgNVBAsUB1RlbGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBUZXN0"
- +"IENBIDY6UE4wgZACBC+uOugXDTA1MDEyNzEyMDMyNFoweTB3BgNVHR0BAf8EbTBr"
- +"pGkwZzELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVrb20gQUcx"
- +"EDAOBgNVBAsUB1RlbGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2lnRyBU"
- +"ZXN0IENBIDY6UE4wgZACBC+uOr4XDTA1MDIxNjA3NTcxNloweTB3BgNVHR0BAf8E"
- +"bTBrpGkwZzELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVrb20g"
- +"QUcxEDAOBgNVBAsUB1RlbGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRU2ln"
- +"RyBUZXN0IENBIDY6UE4wgZACBC+uOqcXDTA1MDMxMDA1NTkzNVoweTB3BgNVHR0B"
- +"Af8EbTBrpGkwZzELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRlbGVr"
- +"b20gQUcxEDAOBgNVBAsUB1RlbGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQR"
- +"U2lnRyBUZXN0IENBIDY6UE4wgZACBC+uOjwXDTA1MDUxMTEwNDk0NloweTB3BgNV"
- +"HR0BAf8EbTBrpGkwZzELMAkGA1UEBhMCREUxHDAaBgNVBAoUE0RldXRzY2hlIFRl"
- +"bGVrb20gQUcxEDAOBgNVBAsUB1RlbGVTZWMxKDAMBgcCggYBCgcUEwExMBgGA1UE"
- +"AxQRU2lnRyBUZXN0IENBIDY6UE4wgaoCBC+sbdUXDTA1MTExMTEwMDMyMVowgZIw"
- +"gY8GA1UdHQEB/wSBhDCBgaR/MH0xCzAJBgNVBAYTAkRFMRwwGgYDVQQKFBNEZXV0"
- +"c2NoZSBUZWxla29tIEFHMR8wHQYDVQQLFBZQcm9kdWt0emVudHJ1bSBUZWxlU2Vj"
- +"MS8wDAYHAoIGAQoHFBMBMTAfBgNVBAMUGFRlbGVTZWMgUEtTIFNpZ0cgQ0EgMTpQ"
- +"TjCBlQIEL64uaBcNMDYwMTIzMTAyNTU1WjB+MHwGA1UdHQEB/wRyMHCkbjBsMQsw"
- +"CQYDVQQGEwJERTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzEWMBQGA1UE"
- +"CxQNWmVudHJhbGUgQm9ubjEnMAwGBwKCBgEKBxQTATEwFwYDVQQDFBBUVEMgVGVz"
- +"dCBDQSA5OlBOMIGVAgQvribHFw0wNjA4MDEwOTQ4NDRaMH4wfAYDVR0dAQH/BHIw"
- +"cKRuMGwxCzAJBgNVBAYTAkRFMRwwGgYDVQQKFBNEZXV0c2NoZSBUZWxla29tIEFH"
- +"MRYwFAYDVQQLFA1aZW50cmFsZSBCb25uMScwDAYHAoIGAQoHFBMBMTAXBgNVBAMU"
- +"EFRUQyBUZXN0IENBIDk6UE6ggZswgZgwCwYDVR0UBAQCAhEMMB8GA1UdIwQYMBaA"
- +"FANbyNumDI9545HwlCF26NuOJC45MA8GA1UdHAEB/wQFMAOEAf8wVwYDVR0SBFAw"
- +"ToZMbGRhcDovL3Brc2xkYXAudHR0Yy5kZS9vdT1ULVRlbGVTZWMgVGVzdCBESVIg"
- +"ODpQTixvPURldXRzY2hlIFRlbGVrb20gQUcsYz1kZTANBgkqhkiG9w0BAQUFAAOB"
- +"gQBewL5gLFHpeOWO07Vk3Gg7pRDuAlvaovBH4coCyCWpk5jEhUfFSYEDuaQB7do4"
- +"IlJmeTHvkI0PIZWJ7bwQ2PVdipPWDx0NVwS/Cz5jUKiS3BbAmZQZOueiKLFpQq3A"
- +"b8aOHA7WHU4078/1lM+bgeu33Ln1CGykEbmSjA/oKPi/JA==");
-
- byte[] directCRL = Base64.decode(
- "MIIGXTCCBckCAQEwCgYGKyQDAwECBQAwdDELMAkGA1UEBhMCREUxHDAaBgNVBAoU"
- +"E0RldXRzY2hlIFRlbGVrb20gQUcxFzAVBgNVBAsUDlQtVGVsZVNlYyBUZXN0MS4w"
- +"DAYHAoIGAQoHFBMBMTAeBgNVBAMUF1QtVGVsZVNlYyBUZXN0IERJUiA4OlBOFw0w"
- +"NjA4MDQwODQ1MTRaFw0wNjA4MDQxNDQ1MTRaMIIElTAVAgQvrj/pFw0wMzA3MjIw"
- +"NTQxMjhaMBUCBC+uP+oXDTAzMDcyMjA1NDEyOFowFQIEL64/5xcNMDQwNDA1MTMx"
- +"ODE3WjAVAgQvrj/oFw0wNDA0MDUxMzE4MTdaMBUCBC+uP+UXDTAzMDExMzExMTgx"
- +"MVowFQIEL64/5hcNMDMwMTEzMTExODExWjAVAgQvrj/jFw0wMzAxMTMxMTI2NTZa"
- +"MBUCBC+uP+QXDTAzMDExMzExMjY1NlowFQIEL64/4hcNMDQwNzEzMDc1ODM4WjAV"
- +"AgQvrj/eFw0wMzAyMTcwNjMzMjVaMBUCBC+uP98XDTAzMDIxNzA2MzMyNVowFQIE"
- +"L64/0xcNMDMwMjE3MDYzMzI1WjAVAgQvrj/dFw0wMzAxMTMxMTI4MTRaMBUCBC+u"
- +"P9cXDTAzMDExMzExMjcwN1owFQIEL64/2BcNMDMwMTEzMTEyNzA3WjAVAgQvrj/V"
- +"Fw0wMzA0MzAxMjI3NTNaMBUCBC+uP9YXDTAzMDQzMDEyMjc1M1owFQIEL64/xhcN"
- +"MDMwMjEyMTM0NTQwWjAVAgQvrj/FFw0wMzAyMTIxMzQ1NDBaMBUCBC+uP8IXDTAz"
- +"MDIxMjEzMDkxNlowFQIEL64/wRcNMDMwMjEyMTMwODQwWjAVAgQvrj++Fw0wMzAy"
- +"MTcwNjM3MjVaMBUCBC+uP70XDTAzMDIxNzA2MzcyNVowFQIEL64/sBcNMDMwMjEy"
- +"MTMwODU5WjAVAgQvrj+vFw0wMzAyMTcwNjM3MjVaMBUCBC+uP5MXDTAzMDQxMDA1"
- +"MjYyOFowFQIEL64/khcNMDMwNDEwMDUyNjI4WjAVAgQvrj8/Fw0wMzAyMjYxMTA0"
- +"NDRaMBUCBC+uPz4XDTAzMDIyNjExMDQ0NFowFQIEL64+zRcNMDMwNTIwMDUyNzM2"
- +"WjAVAgQvrj7MFw0wMzA1MjAwNTI3MzZaMBUCBC+uPjwXDTAzMDYxNzEwMzQxNlow"
- +"FQIEL64+OxcNMDMwNjE3MTAzNDE2WjAVAgQvrj46Fw0wMzA2MTcxMDM0MTZaMBUC"
- +"BC+uPjkXDTAzMDYxNzEzMDEwMFowFQIEL64+OBcNMDMwNjE3MTMwMTAwWjAVAgQv"
- +"rj43Fw0wMzA2MTcxMzAxMDBaMBUCBC+uPjYXDTAzMDYxNzEzMDEwMFowFQIEL64+"
- +"MxcNMDMwNjE3MTAzNzQ5WjAVAgQvrj4xFw0wMzA2MTcxMDQyNThaMBUCBC+uPjAX"
- +"DTAzMDYxNzEwNDI1OFowFQIEL649qRcNMDMxMDIyMTEzMjI0WjAVAgQvrjyyFw0w"
- +"NTAzMTEwNjQ0MjRaMBUCBC+uPKsXDTA0MDQwMjA3NTQ1M1owFQIEL6466BcNMDUw"
- +"MTI3MTIwMzI0WjAVAgQvrjq+Fw0wNTAyMTYwNzU3MTZaMBUCBC+uOqcXDTA1MDMx"
- +"MDA1NTkzNVowFQIEL646PBcNMDUwNTExMTA0OTQ2WjAVAgQvrG3VFw0wNTExMTEx"
- +"MDAzMjFaMBUCBC+uLmgXDTA2MDEyMzEwMjU1NVowFQIEL64mxxcNMDYwODAxMDk0"
- +"ODQ0WqCBijCBhzALBgNVHRQEBAICEQwwHwYDVR0jBBgwFoAUA1vI26YMj3njkfCU"
- +"IXbo244kLjkwVwYDVR0SBFAwToZMbGRhcDovL3Brc2xkYXAudHR0Yy5kZS9vdT1U"
- +"LVRlbGVTZWMgVGVzdCBESVIgODpQTixvPURldXRzY2hlIFRlbGVrb20gQUcsYz1k"
- +"ZTAKBgYrJAMDAQIFAAOBgQArj4eMlbAwuA2aS5O4UUUHQMKKdK/dtZi60+LJMiMY"
- +"ojrMIf4+ZCkgm1Ca0Cd5T15MJxVHhh167Ehn/Hd48pdnAP6Dfz/6LeqkIHGWMHR+"
- +"z6TXpwWB+P4BdUec1ztz04LypsznrHcLRa91ixg9TZCb1MrOG+InNhleRs1ImXk8"
- +"MQ==");
-
- private final byte[] pkcs7CrlProblem = Base64.decode(
- "MIIwSAYJKoZIhvcNAQcCoIIwOTCCMDUCAQExCzAJBgUrDgMCGgUAMAsGCSqG"
- + "SIb3DQEHAaCCEsAwggP4MIIC4KADAgECAgF1MA0GCSqGSIb3DQEBBQUAMEUx"
- + "CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR4wHAYDVQQD"
- + "ExVHZW9UcnVzdCBDQSBmb3IgQWRvYmUwHhcNMDQxMjAyMjEyNTM5WhcNMDYx"
- + "MjMwMjEyNTM5WjBMMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMR2VvVHJ1c3Qg"
- + "SW5jMSYwJAYDVQQDEx1HZW9UcnVzdCBBZG9iZSBPQ1NQIFJlc3BvbmRlcjCB"
- + "nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4gnNYhtw7U6QeVXZODnGhHMj"
- + "+OgZ0DB393rEk6a2q9kq129IA2e03yKBTfJfQR9aWKc2Qj90dsSqPjvTDHFG"
- + "Qsagm2FQuhnA3fb1UWhPzeEIdm6bxDsnQ8nWqKqxnWZzELZbdp3I9bBLizIq"
- + "obZovzt60LNMghn/unvvuhpeVSsCAwEAAaOCAW4wggFqMA4GA1UdDwEB/wQE"
- + "AwIE8DCB5QYDVR0gAQH/BIHaMIHXMIHUBgkqhkiG9y8BAgEwgcYwgZAGCCsG"
- + "AQUFBwICMIGDGoGAVGhpcyBjZXJ0aWZpY2F0ZSBoYXMgYmVlbiBpc3N1ZWQg"
- + "aW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBBY3JvYmF0IENyZWRlbnRpYWxzIENQ"
- + "UyBsb2NhdGVkIGF0IGh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNl"
- + "cy9jcHMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jl"
- + "c291cmNlcy9jcHMwEwYDVR0lBAwwCgYIKwYBBQUHAwkwOgYDVR0fBDMwMTAv"
- + "oC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9hZG9iZWNhMS5j"
- + "cmwwHwYDVR0jBBgwFoAUq4BZw2WDbR19E70Zw+wajw1HaqMwDQYJKoZIhvcN"
- + "AQEFBQADggEBAENJf1BD7PX5ivuaawt90q1OGzXpIQL/ClzEeFVmOIxqPc1E"
- + "TFRq92YuxG5b6+R+k+tGkmCwPLcY8ipg6ZcbJ/AirQhohzjlFuT6YAXsTfEj"
- + "CqEZfWM2sS7crK2EYxCMmKE3xDfPclYtrAoz7qZvxfQj0TuxHSstHZv39wu2"
- + "ZiG1BWiEcyDQyTgqTOXBoZmfJtshuAcXmTpgkrYSrS37zNlPTGh+pMYQ0yWD"
- + "c8OQRJR4OY5ZXfdna01mjtJTOmj6/6XPoLPYTq2gQrc2BCeNJ4bEhLb7sFVB"
- + "PbwPrpzTE/HRbQHDrzj0YimDxeOUV/UXctgvYwHNtEkcBLsOm/uytMYwggSh"
- + "MIIDiaADAgECAgQ+HL0oMA0GCSqGSIb3DQEBBQUAMGkxCzAJBgNVBAYTAlVT"
- + "MSMwIQYDVQQKExpBZG9iZSBTeXN0ZW1zIEluY29ycG9yYXRlZDEdMBsGA1UE"
- + "CxMUQWRvYmUgVHJ1c3QgU2VydmljZXMxFjAUBgNVBAMTDUFkb2JlIFJvb3Qg"
- + "Q0EwHhcNMDMwMTA4MjMzNzIzWhcNMjMwMTA5MDAwNzIzWjBpMQswCQYDVQQG"
- + "EwJVUzEjMCEGA1UEChMaQWRvYmUgU3lzdGVtcyBJbmNvcnBvcmF0ZWQxHTAb"
- + "BgNVBAsTFEFkb2JlIFRydXN0IFNlcnZpY2VzMRYwFAYDVQQDEw1BZG9iZSBS"
- + "b290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzE9UhPen"
- + "ouczU38/nBKIayyZR2d+Dx65rRSI+cMQ2B3w8NWfaQovWTWwzGypTJwVoJ/O"
- + "IL+gz1Ti4CBmRT85hjh+nMSOByLGJPYBErA131XqaZCw24U3HuJOB7JCoWoT"
- + "aaBm6oCREVkqmwh5WiBELcm9cziLPC/gQxtdswvwrzUaKf7vppLdgUydPVmO"
- + "rTE8QH6bkTYG/OJcjdGNJtVcRc+vZT+xqtJilvSoOOq6YEL09BxKNRXO+E4i"
- + "Vg+VGMX4lp+f+7C3eCXpgGu91grwxnSUnfMPUNuad85LcIMjjaDKeCBEXDxU"
- + "ZPHqojAZn+pMBk0GeEtekt8i0slns3rSAQIDAQABo4IBTzCCAUswEQYJYIZI"
- + "AYb4QgEBBAQDAgAHMIGOBgNVHR8EgYYwgYMwgYCgfqB8pHoweDELMAkGA1UE"
- + "BhMCVVMxIzAhBgNVBAoTGkFkb2JlIFN5c3RlbXMgSW5jb3Jwb3JhdGVkMR0w"
- + "GwYDVQQLExRBZG9iZSBUcnVzdCBTZXJ2aWNlczEWMBQGA1UEAxMNQWRvYmUg"
- + "Um9vdCBDQTENMAsGA1UEAxMEQ1JMMTArBgNVHRAEJDAigA8yMDAzMDEwODIz"
- + "MzcyM1qBDzIwMjMwMTA5MDAwNzIzWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgw"
- + "FoAUgrc4SpOqmxDvgLvZVOLxD/uAnN4wHQYDVR0OBBYEFIK3OEqTqpsQ74C7"
- + "2VTi8Q/7gJzeMAwGA1UdEwQFMAMBAf8wHQYJKoZIhvZ9B0EABBAwDhsIVjYu"
- + "MDo0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4IBAQAy2p9DdcH6b8lv26sdNjc+"
- + "vGEZNrcCPB0jWZhsnu5NhedUyCAfp9S74r8Ad30ka3AvXME6dkm10+AjhCpx"
- + "aiLzwScpmBX2NZDkBEzDjbyfYRzn/SSM0URDjBa6m02l1DUvvBHOvfdRN42f"
- + "kOQU8Rg/vulZEjX5M5LznuDVa5pxm5lLyHHD4bFhCcTl+pHwQjo3fTT5cujN"
- + "qmIcIenV9IIQ43sFti1oVgt+fpIsb01yggztVnSynbmrLSsdEF/bJ3Vwj/0d"
- + "1+ICoHnlHOX/r2RAUS2em0fbQqV8H8KmSLDXvpJpTaT2KVfFeBEY3IdRyhOy"
- + "Yp1PKzK9MaXB+lKrBYjIMIIEyzCCA7OgAwIBAgIEPhy9tTANBgkqhkiG9w0B"
- + "AQUFADBpMQswCQYDVQQGEwJVUzEjMCEGA1UEChMaQWRvYmUgU3lzdGVtcyBJ"
- + "bmNvcnBvcmF0ZWQxHTAbBgNVBAsTFEFkb2JlIFRydXN0IFNlcnZpY2VzMRYw"
- + "FAYDVQQDEw1BZG9iZSBSb290IENBMB4XDTA0MDExNzAwMDMzOVoXDTE1MDEx"
- + "NTA4MDAwMFowRTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IElu"
- + "Yy4xHjAcBgNVBAMTFUdlb1RydXN0IENBIGZvciBBZG9iZTCCASIwDQYJKoZI"
- + "hvcNAQEBBQADggEPADCCAQoCggEBAKfld+BkeFrnOYW8r9L1WygTDlTdSfrO"
- + "YvWS/Z6Ye5/l+HrBbOHqQCXBcSeCpz7kB2WdKMh1FOE4e9JlmICsHerBLdWk"
- + "emU+/PDb69zh8E0cLoDfxukF6oVPXj6WSThdSG7H9aXFzRr6S3XGCuvgl+Qw"
- + "DTLiLYW+ONF6DXwt3TQQtKReJjOJZk46ZZ0BvMStKyBaeB6DKZsmiIo89qso"
- + "13VDZINH2w1KvXg0ygDizoNtbvgAPFymwnsINS1klfQlcvn0x0RJm9bYQXK3"
- + "5GNZAgL3M7Lqrld0jMfIUaWvuHCLyivytRuzq1dJ7E8rmidjDEk/G+27pf13"
- + "fNZ7vR7M+IkCAwEAAaOCAZ0wggGZMBIGA1UdEwEB/wQIMAYBAf8CAQEwUAYD"
- + "VR0gBEkwRzBFBgkqhkiG9y8BAgEwODA2BggrBgEFBQcCARYqaHR0cHM6Ly93"
- + "d3cuYWRvYmUuY29tL21pc2MvcGtpL2Nkc19jcC5odG1sMBQGA1UdJQQNMAsG"
- + "CSqGSIb3LwEBBTCBsgYDVR0fBIGqMIGnMCKgIKAehhxodHRwOi8vY3JsLmFk"
- + "b2JlLmNvbS9jZHMuY3JsMIGAoH6gfKR6MHgxCzAJBgNVBAYTAlVTMSMwIQYD"
- + "VQQKExpBZG9iZSBTeXN0ZW1zIEluY29ycG9yYXRlZDEdMBsGA1UECxMUQWRv"
- + "YmUgVHJ1c3QgU2VydmljZXMxFjAUBgNVBAMTDUFkb2JlIFJvb3QgQ0ExDTAL"
- + "BgNVBAMTBENSTDEwCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFIK3OEqTqpsQ"
- + "74C72VTi8Q/7gJzeMB0GA1UdDgQWBBSrgFnDZYNtHX0TvRnD7BqPDUdqozAZ"
- + "BgkqhkiG9n0HQQAEDDAKGwRWNi4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEA"
- + "PzlZLqIAjrFeEWEs0uC29YyJhkXOE9mf3YSaFGsITF+Gl1j0pajTjyH4R35Q"
- + "r3floW2q3HfNzTeZ90Jnr1DhVERD6zEMgJpCtJqVuk0sixuXJHghS/KicKf4"
- + "YXJJPx9epuIRF1siBRnznnF90svmOJMXApc0jGnYn3nQfk4kaShSnDaYaeYR"
- + "DJKcsiWhl6S5zfwS7Gg8hDeyckhMQKKWnlG1CQrwlSFisKCduoodwRtWgft8"
- + "kx13iyKK3sbalm6vnVc+5nufS4vI+TwMXoV63NqYaSroafBWk0nL53zGXPEy"
- + "+A69QhzEViJKn2Wgqt5gt++jMMNImbRObIqgfgF1VjCCBUwwggQ0oAMCAQIC"
- + "AgGDMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1H"
- + "ZW9UcnVzdCBJbmMuMR4wHAYDVQQDExVHZW9UcnVzdCBDQSBmb3IgQWRvYmUw"
- + "HhcNMDYwMzI0MTU0MjI5WhcNMDkwNDA2MTQ0MjI5WjBzMQswCQYDVQQGEwJV"
- + "UzELMAkGA1UECBMCTUExETAPBgNVBAoTCEdlb1RydXN0MR0wGwYDVQQDExRN"
- + "YXJrZXRpbmcgRGVwYXJ0bWVudDElMCMGCSqGSIb3DQEJARYWbWFya2V0aW5n"
- + "QGdlb3RydXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB"
- + "ANmvajTO4XJvAU2nVcLmXeCnAQX7RZt+7+ML3InmqQ3LCGo1weop09zV069/"
- + "1x/Nmieol7laEzeXxd2ghjGzwfXafqQEqHn6+vBCvqdNPoSi63fSWhnuDVWp"
- + "KVDOYgxOonrXl+Cc43lu4zRSq+Pi5phhrjDWcH74a3/rdljUt4c4GFezFXfa"
- + "w2oTzWkxj2cTSn0Szhpr17+p66UNt8uknlhmu4q44Speqql2HwmCEnpLYJrK"
- + "W3fOq5D4qdsvsLR2EABLhrBezamLI3iGV8cRHOUTsbTMhWhv/lKfHAyf4XjA"
- + "z9orzvPN5jthhIfICOFq/nStTgakyL4Ln+nFAB/SMPkCAwEAAaOCAhYwggIS"
- + "MA4GA1UdDwEB/wQEAwIF4DCB5QYDVR0gAQH/BIHaMIHXMIHUBgkqhkiG9y8B"
- + "AgEwgcYwgZAGCCsGAQUFBwICMIGDGoGAVGhpcyBjZXJ0aWZpY2F0ZSBoYXMg"
- + "YmVlbiBpc3N1ZWQgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBBY3JvYmF0IENy"
- + "ZWRlbnRpYWxzIENQUyBsb2NhdGVkIGF0IGh0dHA6Ly93d3cuZ2VvdHJ1c3Qu"
- + "Y29tL3Jlc291cmNlcy9jcHMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2Vv"
- + "dHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwOgYDVR0fBDMwMTAvoC2gK4YpaHR0"
- + "cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9hZG9iZWNhMS5jcmwwHwYDVR0j"
- + "BBgwFoAUq4BZw2WDbR19E70Zw+wajw1HaqMwRAYIKwYBBQUHAQEEODA2MDQG"
- + "CCsGAQUFBzABhihodHRwOi8vYWRvYmUtb2NzcC5nZW90cnVzdC5jb20vcmVz"
- + "cG9uZGVyMBQGA1UdJQQNMAsGCSqGSIb3LwEBBTA8BgoqhkiG9y8BAQkBBC4w"
- + "LAIBAYYnaHR0cDovL2Fkb2JlLXRpbWVzdGFtcC5nZW90cnVzdC5jb20vdHNh"
- + "MBMGCiqGSIb3LwEBCQIEBTADAgEBMAwGA1UdEwQFMAMCAQAwDQYJKoZIhvcN"
- + "AQEFBQADggEBAAOhy6QxOo+i3h877fvDvTa0plGD2bIqK7wMdNqbMDoSWied"
- + "FIcgcBOIm2wLxOjZBAVj/3lDq59q2rnVeNnfXM0/N0MHI9TumHRjU7WNk9e4"
- + "+JfJ4M+c3anrWOG3NE5cICDVgles+UHjXetHWql/LlP04+K2ZOLb6LE2xGnI"
- + "YyLW9REzCYNAVF+/WkYdmyceHtaBZdbyVAJq0NAJPsfgY1pWcBo31Mr1fpX9"
- + "WrXNTYDCqMyxMImJTmN3iI68tkXlNrhweQoArKFqBysiBkXzG/sGKYY6tWKU"
- + "pzjLc3vIp/LrXC5zilROes8BSvwu1w9qQrJNcGwo7O4uijoNtyYil1Exgh1Q"
- + "MIIdTAIBATBLMEUxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJ"
- + "bmMuMR4wHAYDVQQDExVHZW9UcnVzdCBDQSBmb3IgQWRvYmUCAgGDMAkGBSsO"
- + "AwIaBQCgggxMMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwIwYJKoZIhvcN"
- + "AQkEMRYEFP4R6qIdpQJzWyzrqO8X1ZfJOgChMIIMCQYJKoZIhvcvAQEIMYIL"
- + "+jCCC/agggZ5MIIGdTCCA6gwggKQMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV"
- + "BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR4wHAYDVQQDExVHZW9U"
- + "cnVzdCBDQSBmb3IgQWRvYmUXDTA2MDQwNDE3NDAxMFoXDTA2MDQwNTE3NDAx"
- + "MFowggIYMBMCAgC5Fw0wNTEwMTEyMDM2MzJaMBICAVsXDTA0MTEwNDE1MDk0"
- + "MVowEwICALgXDTA1MTIxMjIyMzgzOFowEgIBWhcNMDQxMTA0MTUwOTMzWjAT"
- + "AgIA5hcNMDUwODI3MDQwOTM4WjATAgIAtxcNMDYwMTE2MTc1NTEzWjATAgIA"
- + "hhcNMDUxMjEyMjIzODU1WjATAgIAtRcNMDUwNzA2MTgzODQwWjATAgIA4BcN"
- + "MDYwMzIwMDc0ODM0WjATAgIAgRcNMDUwODAyMjIzMTE1WjATAgIA3xcNMDUx"
- + "MjEyMjIzNjUwWjASAgFKFw0wNDExMDQxNTA5MTZaMBICAUQXDTA0MTEwNDE1"
- + "MDg1M1owEgIBQxcNMDQxMDAzMDEwMDQwWjASAgFsFw0wNDEyMDYxOTQ0MzFa"
- + "MBMCAgEoFw0wNjAzMDkxMjA3MTJaMBMCAgEkFw0wNjAxMTYxNzU1MzRaMBIC"
- + "AWcXDTA1MDMxODE3NTYxNFowEwICAVEXDTA2MDEzMTExMjcxMVowEgIBZBcN"
- + "MDQxMTExMjI0ODQxWjATAgIA8RcNMDUwOTE2MTg0ODAxWjATAgIBThcNMDYw"
- + "MjIxMjAxMDM2WjATAgIAwRcNMDUxMjEyMjIzODE2WjASAgFiFw0wNTAxMTAx"
- + "NjE5MzRaMBICAWAXDTA1MDExMDE5MDAwNFowEwICAL4XDTA1MDUxNzE0NTYx"
- + "MFowDQYJKoZIhvcNAQEFBQADggEBAEKhRMS3wVho1U3EvEQJZC8+JlUngmZQ"
- + "A78KQbHPWNZWFlNvPuf/b0s7Lu16GfNHXh1QAW6Y5Hi1YtYZ3YOPyMd4Xugt"
- + "gCdumbB6xtKsDyN5RvTht6ByXj+CYlYqsL7RX0izJZ6mJn4fjMkqzPKNOjb8"
- + "kSn5T6rn93BjlATtCE8tPVOM8dnqGccRE0OV59+nDBXc90UMt5LdEbwaUOap"
- + "snVB0oLcNm8d/HnlVH6RY5LnDjrT4vwfe/FApZtTecEWsllVUXDjSpwfcfD/"
- + "476/lpGySB2otALqzImlA9R8Ok3hJ8dnF6hhQ5Oe6OJMnGYgdhkKbxsKkdib"
- + "tTVl3qmH5QAwggLFMIIBrQIBATANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQG"
- + "EwJVUzEjMCEGA1UEChMaQWRvYmUgU3lzdGVtcyBJbmNvcnBvcmF0ZWQxHTAb"
- + "BgNVBAsTFEFkb2JlIFRydXN0IFNlcnZpY2VzMRYwFAYDVQQDEw1BZG9iZSBS"
- + "b290IENBFw0wNjAxMjcxODMzMzFaFw0wNzAxMjcwMDAwMDBaMIHeMCMCBD4c"
- + "vUAXDTAzMDEyMTIzNDY1NlowDDAKBgNVHRUEAwoBBDAjAgQ+HL1BFw0wMzAx"
- + "MjEyMzQ3MjJaMAwwCgYDVR0VBAMKAQQwIwIEPhy9YhcNMDMwMTIxMjM0NzQy"
- + "WjAMMAoGA1UdFQQDCgEEMCMCBD4cvWEXDTA0MDExNzAxMDg0OFowDDAKBgNV"
- + "HRUEAwoBBDAjAgQ+HL2qFw0wNDAxMTcwMTA5MDVaMAwwCgYDVR0VBAMKAQQw"
- + "IwIEPhy9qBcNMDQwMTE3MDEzOTI5WjAMMAoGA1UdFQQDCgEEoC8wLTAKBgNV"
- + "HRQEAwIBDzAfBgNVHSMEGDAWgBSCtzhKk6qbEO+Au9lU4vEP+4Cc3jANBgkq"
- + "hkiG9w0BAQUFAAOCAQEAwtXF9042wG39icUlsotn5tpE3oCusLb/hBpEONhx"
- + "OdfEQOq0w5hf/vqaxkcf71etA+KpbEUeSVaHMHRPhx/CmPrO9odE139dJdbt"
- + "9iqbrC9iZokFK3h/es5kg73xujLKd7C/u5ngJ4mwBtvhMLjFjF2vJhPKHL4C"
- + "IgMwdaUAhrcNzy16v+mw/VGJy3Fvc6oCESW1K9tvFW58qZSNXrMlsuidgunM"
- + "hPKG+z0SXVyCqL7pnqKiaGddcgujYGOSY4S938oVcfZeZQEODtSYGlzldojX"
- + "C1U1hCK5+tHAH0Ox/WqRBIol5VCZQwJftf44oG8oviYq52aaqSejXwmfT6zb"
- + "76GCBXUwggVxMIIFbQoBAKCCBWYwggViBgkrBgEFBQcwAQEEggVTMIIFTzCB"
- + "taIWBBS+8EpykfXdl4h3z7m/NZfdkAQQERgPMjAwNjA0MDQyMDIwMTVaMGUw"
- + "YzA7MAkGBSsOAwIaBQAEFEb4BuZYkbjBjOjT6VeA/00fBvQaBBT3fTSQniOp"
- + "BbHBSkz4xridlX0bsAICAYOAABgPMjAwNjA0MDQyMDIwMTVaoBEYDzIwMDYw"
- + "NDA1MDgyMDE1WqEjMCEwHwYJKwYBBQUHMAECBBIEEFqooq/R2WltD7TposkT"
- + "BhMwDQYJKoZIhvcNAQEFBQADgYEAMig6lty4b0JDsT/oanfQG5x6jVKPACpp"
- + "1UA9SJ0apJJa7LeIdDFmu5C2S/CYiKZm4A4P9cAu0YzgLHxE4r6Op+HfVlAG"
- + "6bzUe1P/hi1KCJ8r8wxOZAktQFPSzs85RAZwkHMfB0lP2e/h666Oye+Zf8VH"
- + "RaE+/xZ7aswE89HXoumgggQAMIID/DCCA/gwggLgoAMCAQICAXUwDQYJKoZI"
- + "hvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IElu"
- + "Yy4xHjAcBgNVBAMTFUdlb1RydXN0IENBIGZvciBBZG9iZTAeFw0wNDEyMDIy"
- + "MTI1MzlaFw0wNjEyMzAyMTI1MzlaMEwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK"
- + "EwxHZW9UcnVzdCBJbmMxJjAkBgNVBAMTHUdlb1RydXN0IEFkb2JlIE9DU1Ag"
- + "UmVzcG9uZGVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDiCc1iG3Dt"
- + "TpB5Vdk4OcaEcyP46BnQMHf3esSTprar2SrXb0gDZ7TfIoFN8l9BH1pYpzZC"
- + "P3R2xKo+O9MMcUZCxqCbYVC6GcDd9vVRaE/N4Qh2bpvEOydDydaoqrGdZnMQ"
- + "tlt2ncj1sEuLMiqhtmi/O3rQs0yCGf+6e++6Gl5VKwIDAQABo4IBbjCCAWow"
- + "DgYDVR0PAQH/BAQDAgTwMIHlBgNVHSABAf8EgdowgdcwgdQGCSqGSIb3LwEC"
- + "ATCBxjCBkAYIKwYBBQUHAgIwgYMagYBUaGlzIGNlcnRpZmljYXRlIGhhcyBi"
- + "ZWVuIGlzc3VlZCBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIEFjcm9iYXQgQ3Jl"
- + "ZGVudGlhbHMgQ1BTIGxvY2F0ZWQgYXQgaHR0cDovL3d3dy5nZW90cnVzdC5j"
- + "b20vcmVzb3VyY2VzL2NwczAxBggrBgEFBQcCARYlaHR0cDovL3d3dy5nZW90"
- + "cnVzdC5jb20vcmVzb3VyY2VzL2NwczATBgNVHSUEDDAKBggrBgEFBQcDCTA6"
- + "BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxz"
- + "L2Fkb2JlY2ExLmNybDAfBgNVHSMEGDAWgBSrgFnDZYNtHX0TvRnD7BqPDUdq"
- + "ozANBgkqhkiG9w0BAQUFAAOCAQEAQ0l/UEPs9fmK+5prC33SrU4bNekhAv8K"
- + "XMR4VWY4jGo9zURMVGr3Zi7Eblvr5H6T60aSYLA8txjyKmDplxsn8CKtCGiH"
- + "OOUW5PpgBexN8SMKoRl9YzaxLtysrYRjEIyYoTfEN89yVi2sCjPupm/F9CPR"
- + "O7EdKy0dm/f3C7ZmIbUFaIRzINDJOCpM5cGhmZ8m2yG4BxeZOmCSthKtLfvM"
- + "2U9MaH6kxhDTJYNzw5BElHg5jlld92drTWaO0lM6aPr/pc+gs9hOraBCtzYE"
- + "J40nhsSEtvuwVUE9vA+unNMT8dFtAcOvOPRiKYPF45RX9Rdy2C9jAc20SRwE"
- + "uw6b+7K0xjANBgkqhkiG9w0BAQEFAASCAQC7a4yICFGCEMPlJbydK5qLG3rV"
- + "sip7Ojjz9TB4nLhC2DgsIHds8jjdq2zguInluH2nLaBCVS+qxDVlTjgbI2cB"
- + "TaWS8nglC7nNjzkKAsa8vThA8FZUVXTW0pb74jNJJU2AA27bb4g+4WgunCrj"
- + "fpYp+QjDyMmdrJVqRmt5eQN+dpVxMS9oq+NrhOSEhyIb4/rejgNg9wnVK1ms"
- + "l5PxQ4x7kpm7+Ua41//owkJVWykRo4T1jo4eHEz1DolPykAaKie2VKH/sMqR"
- + "Spjh4E5biKJLOV9fKivZWKAXByXfwUbbMsJvz4v/2yVHFy9xP+tqB5ZbRoDK"
- + "k8PzUyCprozn+/22oYIPijCCD4YGCyqGSIb3DQEJEAIOMYIPdTCCD3EGCSqG"
- + "SIb3DQEHAqCCD2Iwgg9eAgEDMQswCQYFKw4DAhoFADCB+gYLKoZIhvcNAQkQ"
- + "AQSggeoEgecwgeQCAQEGAikCMCEwCQYFKw4DAhoFAAQUoT97qeCv3FXYaEcS"
- + "gY8patCaCA8CAiMHGA8yMDA2MDQwNDIwMjA1N1owAwIBPAEB/wIIO0yRre3L"
- + "8/6ggZCkgY0wgYoxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNl"
- + "dHRzMRAwDgYDVQQHEwdOZWVkaGFtMRUwEwYDVQQKEwxHZW9UcnVzdCBJbmMx"
- + "EzARBgNVBAsTClByb2R1Y3Rpb24xJTAjBgNVBAMTHGFkb2JlLXRpbWVzdGFt"
- + "cC5nZW90cnVzdC5jb22gggzJMIIDUTCCAjmgAwIBAgICAI8wDQYJKoZIhvcN"
- + "AQEFBQAwRTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4x"
- + "HjAcBgNVBAMTFUdlb1RydXN0IENBIGZvciBBZG9iZTAeFw0wNTAxMTAwMTI5"
- + "MTBaFw0xNTAxMTUwODAwMDBaMIGKMQswCQYDVQQGEwJVUzEWMBQGA1UECBMN"
- + "TWFzc2FjaHVzZXR0czEQMA4GA1UEBxMHTmVlZGhhbTEVMBMGA1UEChMMR2Vv"
- + "VHJ1c3QgSW5jMRMwEQYDVQQLEwpQcm9kdWN0aW9uMSUwIwYDVQQDExxhZG9i"
- + "ZS10aW1lc3RhbXAuZ2VvdHJ1c3QuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN"
- + "ADCBiQKBgQDRbxJotLFPWQuuEDhKtOMaBUJepGxIvWxeahMbq1DVmqnk88+j"
- + "w/5lfPICPzQZ1oHrcTLSAFM7Mrz3pyyQKQKMqUyiemzuG/77ESUNfBNSUfAF"
- + "PdtHuDMU8Is8ABVnFk63L+wdlvvDIlKkE08+VTKCRdjmuBVltMpQ6QcLFQzm"
- + "AQIDAQABo4GIMIGFMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwuZ2Vv"
- + "dHJ1c3QuY29tL2NybHMvYWRvYmVjYTEuY3JsMB8GA1UdIwQYMBaAFKuAWcNl"
- + "g20dfRO9GcPsGo8NR2qjMA4GA1UdDwEB/wQEAwIGwDAWBgNVHSUBAf8EDDAK"
- + "BggrBgEFBQcDCDANBgkqhkiG9w0BAQUFAAOCAQEAmnyXjdtX+F79Nf0KggTd"
- + "6YC2MQD9s09IeXTd8TP3rBmizfM+7f3icggeCGakNfPRmIUMLoa0VM5Kt37T"
- + "2X0TqzBWusfbKx7HnX4v1t/G8NJJlT4SShSHv+8bjjU4lUoCmW2oEcC5vXwP"
- + "R5JfjCyois16npgcO05ZBT+LLDXyeBijE6qWmwLDfEpLyILzVRmyU4IE7jvm"
- + "rgb3GXwDUvd3yQXGRRHbPCh3nj9hBGbuzyt7GnlqnEie3wzIyMG2ET/wvTX5"
- + "4BFXKNe7lDLvZj/MXvd3V7gMTSVW0kAszKao56LfrVTgp1VX3UBQYwmQqaoA"
- + "UwFezih+jEvjW6cYJo/ErDCCBKEwggOJoAMCAQICBD4cvSgwDQYJKoZIhvcN"
- + "AQEFBQAwaTELMAkGA1UEBhMCVVMxIzAhBgNVBAoTGkFkb2JlIFN5c3RlbXMg"
- + "SW5jb3Jwb3JhdGVkMR0wGwYDVQQLExRBZG9iZSBUcnVzdCBTZXJ2aWNlczEW"
- + "MBQGA1UEAxMNQWRvYmUgUm9vdCBDQTAeFw0wMzAxMDgyMzM3MjNaFw0yMzAx"
- + "MDkwMDA3MjNaMGkxCzAJBgNVBAYTAlVTMSMwIQYDVQQKExpBZG9iZSBTeXN0"
- + "ZW1zIEluY29ycG9yYXRlZDEdMBsGA1UECxMUQWRvYmUgVHJ1c3QgU2Vydmlj"
- + "ZXMxFjAUBgNVBAMTDUFkb2JlIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUA"
- + "A4IBDwAwggEKAoIBAQDMT1SE96ei5zNTfz+cEohrLJlHZ34PHrmtFIj5wxDY"
- + "HfDw1Z9pCi9ZNbDMbKlMnBWgn84gv6DPVOLgIGZFPzmGOH6cxI4HIsYk9gES"
- + "sDXfVeppkLDbhTce4k4HskKhahNpoGbqgJERWSqbCHlaIEQtyb1zOIs8L+BD"
- + "G12zC/CvNRop/u+mkt2BTJ09WY6tMTxAfpuRNgb84lyN0Y0m1VxFz69lP7Gq"
- + "0mKW9Kg46rpgQvT0HEo1Fc74TiJWD5UYxfiWn5/7sLd4JemAa73WCvDGdJSd"
- + "8w9Q25p3zktwgyONoMp4IERcPFRk8eqiMBmf6kwGTQZ4S16S3yLSyWezetIB"
- + "AgMBAAGjggFPMIIBSzARBglghkgBhvhCAQEEBAMCAAcwgY4GA1UdHwSBhjCB"
- + "gzCBgKB+oHykejB4MQswCQYDVQQGEwJVUzEjMCEGA1UEChMaQWRvYmUgU3lz"
- + "dGVtcyBJbmNvcnBvcmF0ZWQxHTAbBgNVBAsTFEFkb2JlIFRydXN0IFNlcnZp"
- + "Y2VzMRYwFAYDVQQDEw1BZG9iZSBSb290IENBMQ0wCwYDVQQDEwRDUkwxMCsG"
- + "A1UdEAQkMCKADzIwMDMwMTA4MjMzNzIzWoEPMjAyMzAxMDkwMDA3MjNaMAsG"
- + "A1UdDwQEAwIBBjAfBgNVHSMEGDAWgBSCtzhKk6qbEO+Au9lU4vEP+4Cc3jAd"
- + "BgNVHQ4EFgQUgrc4SpOqmxDvgLvZVOLxD/uAnN4wDAYDVR0TBAUwAwEB/zAd"
- + "BgkqhkiG9n0HQQAEEDAOGwhWNi4wOjQuMAMCBJAwDQYJKoZIhvcNAQEFBQAD"
- + "ggEBADLan0N1wfpvyW/bqx02Nz68YRk2twI8HSNZmGye7k2F51TIIB+n1Lvi"
- + "vwB3fSRrcC9cwTp2SbXT4COEKnFqIvPBJymYFfY1kOQETMONvJ9hHOf9JIzR"
- + "REOMFrqbTaXUNS+8Ec6991E3jZ+Q5BTxGD++6VkSNfkzkvOe4NVrmnGbmUvI"
- + "ccPhsWEJxOX6kfBCOjd9NPly6M2qYhwh6dX0ghDjewW2LWhWC35+kixvTXKC"
- + "DO1WdLKduastKx0QX9sndXCP/R3X4gKgeeUc5f+vZEBRLZ6bR9tCpXwfwqZI"
- + "sNe+kmlNpPYpV8V4ERjch1HKE7JinU8rMr0xpcH6UqsFiMgwggTLMIIDs6AD"
- + "AgECAgQ+HL21MA0GCSqGSIb3DQEBBQUAMGkxCzAJBgNVBAYTAlVTMSMwIQYD"
- + "VQQKExpBZG9iZSBTeXN0ZW1zIEluY29ycG9yYXRlZDEdMBsGA1UECxMUQWRv"
- + "YmUgVHJ1c3QgU2VydmljZXMxFjAUBgNVBAMTDUFkb2JlIFJvb3QgQ0EwHhcN"
- + "MDQwMTE3MDAwMzM5WhcNMTUwMTE1MDgwMDAwWjBFMQswCQYDVQQGEwJVUzEW"
- + "MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgQ0Eg"
- + "Zm9yIEFkb2JlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+V3"
- + "4GR4Wuc5hbyv0vVbKBMOVN1J+s5i9ZL9nph7n+X4esFs4epAJcFxJ4KnPuQH"
- + "ZZ0oyHUU4Th70mWYgKwd6sEt1aR6ZT788Nvr3OHwTRwugN/G6QXqhU9ePpZJ"
- + "OF1Ibsf1pcXNGvpLdcYK6+CX5DANMuIthb440XoNfC3dNBC0pF4mM4lmTjpl"
- + "nQG8xK0rIFp4HoMpmyaIijz2qyjXdUNkg0fbDUq9eDTKAOLOg21u+AA8XKbC"
- + "ewg1LWSV9CVy+fTHREmb1thBcrfkY1kCAvczsuquV3SMx8hRpa+4cIvKK/K1"
- + "G7OrV0nsTyuaJ2MMST8b7bul/Xd81nu9Hsz4iQIDAQABo4IBnTCCAZkwEgYD"
- + "VR0TAQH/BAgwBgEB/wIBATBQBgNVHSAESTBHMEUGCSqGSIb3LwECATA4MDYG"
- + "CCsGAQUFBwIBFipodHRwczovL3d3dy5hZG9iZS5jb20vbWlzYy9wa2kvY2Rz"
- + "X2NwLmh0bWwwFAYDVR0lBA0wCwYJKoZIhvcvAQEFMIGyBgNVHR8Egaowgacw"
- + "IqAgoB6GHGh0dHA6Ly9jcmwuYWRvYmUuY29tL2Nkcy5jcmwwgYCgfqB8pHow"
- + "eDELMAkGA1UEBhMCVVMxIzAhBgNVBAoTGkFkb2JlIFN5c3RlbXMgSW5jb3Jw"
- + "b3JhdGVkMR0wGwYDVQQLExRBZG9iZSBUcnVzdCBTZXJ2aWNlczEWMBQGA1UE"
- + "AxMNQWRvYmUgUm9vdCBDQTENMAsGA1UEAxMEQ1JMMTALBgNVHQ8EBAMCAQYw"
- + "HwYDVR0jBBgwFoAUgrc4SpOqmxDvgLvZVOLxD/uAnN4wHQYDVR0OBBYEFKuA"
- + "WcNlg20dfRO9GcPsGo8NR2qjMBkGCSqGSIb2fQdBAAQMMAobBFY2LjADAgSQ"
- + "MA0GCSqGSIb3DQEBBQUAA4IBAQA/OVkuogCOsV4RYSzS4Lb1jImGRc4T2Z/d"
- + "hJoUawhMX4aXWPSlqNOPIfhHflCvd+Whbarcd83NN5n3QmevUOFUREPrMQyA"
- + "mkK0mpW6TSyLG5ckeCFL8qJwp/hhckk/H16m4hEXWyIFGfOecX3Sy+Y4kxcC"
- + "lzSMadifedB+TiRpKFKcNphp5hEMkpyyJaGXpLnN/BLsaDyEN7JySExAopae"
- + "UbUJCvCVIWKwoJ26ih3BG1aB+3yTHXeLIorextqWbq+dVz7me59Li8j5PAxe"
- + "hXrc2phpKuhp8FaTScvnfMZc8TL4Dr1CHMRWIkqfZaCq3mC376Mww0iZtE5s"
- + "iqB+AXVWMYIBgDCCAXwCAQEwSzBFMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN"
- + "R2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgQ0EgZm9yIEFkb2Jl"
- + "AgIAjzAJBgUrDgMCGgUAoIGMMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB"
- + "BDAcBgkqhkiG9w0BCQUxDxcNMDYwNDA0MjAyMDU3WjAjBgkqhkiG9w0BCQQx"
- + "FgQUp7AnXBqoNcarvO7fMJut1og2U5AwKwYLKoZIhvcNAQkQAgwxHDAaMBgw"
- + "FgQU1dH4eZTNhgxdiSABrat6zsPdth0wDQYJKoZIhvcNAQEBBQAEgYCinr/F"
- + "rMiQz/MRm9ZD5YGcC0Qo2dRTPd0Aop8mZ4g1xAhKFLnp7lLsjCbkSDpVLDBh"
- + "cnCk7CV+3FT5hlvt8OqZlR0CnkSnCswLFhrppiWle6cpxlwGqyAteC8uKtQu"
- + "wjE5GtBKLcCOAzQYyyuNZZeB6oCZ+3mPhZ62FxrvvEGJCgAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==");
-
- private final byte[] emptyDNCert = Base64.decode(
- "MIICfTCCAeagAwIBAgIBajANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJVUzEMMAoGA1UEChMD"
- + "Q0RXMQkwBwYDVQQLEwAxCTAHBgNVBAcTADEJMAcGA1UECBMAMRowGAYDVQQDExFUZW1wbGFyIFRl"
- + "c3QgMTAyNDEiMCAGCSqGSIb3DQEJARYTdGVtcGxhcnRlc3RAY2R3LmNvbTAeFw0wNjA1MjIwNTAw"
- + "MDBaFw0xMDA1MjIwNTAwMDBaMHwxCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNDRFcxCTAHBgNVBAsT"
- + "ADEJMAcGA1UEBxMAMQkwBwYDVQQIEwAxGjAYBgNVBAMTEVRlbXBsYXIgVGVzdCAxMDI0MSIwIAYJ"
- + "KoZIhvcNAQkBFhN0ZW1wbGFydGVzdEBjZHcuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB"
- + "gQDH3aJpJBfM+A3d84j5YcU6zEQaQ76u5xO9NSBmHjZykKS2kCcUqPpvVOPDA5WgV22dtKPh+lYV"
- + "iUp7wyCVwAKibq8HIbihHceFqMKzjwC639rMoDJ7bi/yzQWz1Zg+075a4FGPlUKn7Yfu89wKkjdW"
- + "wDpRPXc/agqBnrx5pJTXzQIDAQABow8wDTALBgNVHQ8EBAMCALEwDQYJKoZIhvcNAQEEBQADgYEA"
- + "RRsRsjse3i2/KClFVd6YLZ+7K1BE0WxFyY2bbytkwQJSxvv3vLSuweFUbhNxutb68wl/yW4GLy4b"
- + "1QdyswNxrNDXTuu5ILKhRDDuWeocz83aG2KGtr3JlFyr3biWGEyn5WUOE6tbONoQDJ0oPYgI6CAc"
- + "EHdUp0lioOCt6UOw7Cs=");
-
- private final byte[] gostRFC4491_94 = Base64.decode(
- "MIICCzCCAboCECMO42BGlSTOxwvklBgufuswCAYGKoUDAgIEMGkxHTAbBgNVBAMM" +
- "FEdvc3RSMzQxMC05NCBleGFtcGxlMRIwEAYDVQQKDAlDcnlwdG9Qcm8xCzAJBgNV" +
- "BAYTAlJVMScwJQYJKoZIhvcNAQkBFhhHb3N0UjM0MTAtOTRAZXhhbXBsZS5jb20w" +
- "HhcNMDUwODE2MTIzMjUwWhcNMTUwODE2MTIzMjUwWjBpMR0wGwYDVQQDDBRHb3N0" +
- "UjM0MTAtOTQgZXhhbXBsZTESMBAGA1UECgwJQ3J5cHRvUHJvMQswCQYDVQQGEwJS" +
- "VTEnMCUGCSqGSIb3DQEJARYYR29zdFIzNDEwLTk0QGV4YW1wbGUuY29tMIGlMBwG" +
- "BiqFAwICFDASBgcqhQMCAiACBgcqhQMCAh4BA4GEAASBgLuEZuF5nls02CyAfxOo" +
- "GWZxV/6MVCUhR28wCyd3RpjG+0dVvrey85NsObVCNyaE4g0QiiQOHwxCTSs7ESuo" +
- "v2Y5MlyUi8Go/htjEvYJJYfMdRv05YmKCYJo01x3pg+2kBATjeM+fJyR1qwNCCw+" +
- "eMG1wra3Gqgqi0WBkzIydvp7MAgGBiqFAwICBANBABHHCH4S3ALxAiMpR3aPRyqB" +
- "g1DjB8zy5DEjiULIc+HeIveF81W9lOxGkZxnrFjXBSqnjLeFKgF1hffXOAP7zUM=");
-
- private final byte[] gostRFC4491_2001 = Base64.decode(
- "MIIB0DCCAX8CECv1xh7CEb0Xx9zUYma0LiEwCAYGKoUDAgIDMG0xHzAdBgNVBAMM" +
- "Fkdvc3RSMzQxMC0yMDAxIGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1BybzELMAkG" +
- "A1UEBhMCUlUxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDAxQGV4YW1wbGUu" +
- "Y29tMB4XDTA1MDgxNjE0MTgyMFoXDTE1MDgxNjE0MTgyMFowbTEfMB0GA1UEAwwW" +
- "R29zdFIzNDEwLTIwMDEgZXhhbXBsZTESMBAGA1UECgwJQ3J5cHRvUHJvMQswCQYD" +
- "VQQGEwJSVTEpMCcGCSqGSIb3DQEJARYaR29zdFIzNDEwLTIwMDFAZXhhbXBsZS5j" +
- "b20wYzAcBgYqhQMCAhMwEgYHKoUDAgIkAAYHKoUDAgIeAQNDAARAhJVodWACGkB1" +
- "CM0TjDGJLP3lBQN6Q1z0bSsP508yfleP68wWuZWIA9CafIWuD+SN6qa7flbHy7Df" +
- "D2a8yuoaYDAIBgYqhQMCAgMDQQA8L8kJRLcnqeyn1en7U23Sw6pkfEQu3u0xFkVP" +
- "vFQ/3cHeF26NG+xxtZPz3TaTVXdoiYkXYiD02rEx1bUcM97i");
-
- private PublicKey dudPublicKey = new PublicKey()
- {
- public String getAlgorithm()
- {
- return null;
- }
-
- public String getFormat()
- {
- return null;
- }
-
- public byte[] getEncoded()
- {
- return null;
- }
-
- };
-
- public String getName()
- {
- return "CertTest";
- }
-
- public void checkCertificate(
- int id,
- byte[] bytes)
- {
- ByteArrayInputStream bIn;
- String dump = "";
-
- try
- {
- bIn = new ByteArrayInputStream(bytes);
-
- CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC");
-
- Certificate cert = fact.generateCertificate(bIn);
-
- PublicKey k = cert.getPublicKey();
- // System.out.println(cert);
- }
- catch (Exception e)
- {
- fail(dump + System.getProperty("line.separator") + getName() + ": "+ id + " failed - exception " + e.toString(), e);
- }
-
- }
-
- public void checkNameCertificate(
- int id,
- byte[] bytes)
- {
- ByteArrayInputStream bIn;
- String dump = "";
-
- try
- {
- bIn = new ByteArrayInputStream(bytes);
-
- CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC");
-
- X509Certificate cert = (X509Certificate)fact.generateCertificate(bIn);
-
- PublicKey k = cert.getPublicKey();
- if (!cert.getIssuerDN().toString().equals("C=DE,O=DATEV eG,0.2.262.1.10.7.20=1+CN=CA DATEV D03 1:PN"))
- {
- fail(id + " failed - name test.");
- }
- // System.out.println(cert);
- }
- catch (Exception e)
- {
- fail(dump + System.getProperty("line.separator") + getName() + ": "+ id + " failed - exception " + e.toString(), e);
- }
-
- }
-
- public void checkKeyUsage(
- int id,
- byte[] bytes)
- {
- ByteArrayInputStream bIn;
- String dump = "";
-
- try
- {
- bIn = new ByteArrayInputStream(bytes);
-
- CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC");
-
- X509Certificate cert = (X509Certificate)fact.generateCertificate(bIn);
-
- PublicKey k = cert.getPublicKey();
-
- if (cert.getKeyUsage()[7])
- {
- fail("error generating cert - key usage wrong.");
- }
-
- // System.out.println(cert);
- }
- catch (Exception e)
- {
- fail(dump + System.getProperty("line.separator") + getName() + ": "+ id + " failed - exception " + e.toString(), e);
- }
-
- }
-
-
- public void checkSelfSignedCertificate(
- int id,
- byte[] bytes)
- {
- ByteArrayInputStream bIn;
- String dump = "";
-
- try
- {
- bIn = new ByteArrayInputStream(bytes);
-
- CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC");
-
- Certificate cert = fact.generateCertificate(bIn);
-
- PublicKey k = cert.getPublicKey();
-
- cert.verify(k);
- // System.out.println(cert);
- }
- catch (Exception e)
- {
- fail(dump + System.getProperty("line.separator") + getName() + ": "+ id + " failed - exception " + e.toString(), e);
- }
-
- }
-
-
- /**
- * Test a generated certificate with the sun provider
- */
- private void sunProviderCheck(byte[] encoding)
- throws CertificateException
- {
- CertificateFactory certFact = CertificateFactory.getInstance("X.509");
-
- certFact.generateCertificate(new ByteArrayInputStream(encoding));
- }
-
- /**
- * we generate a self signed certificate for the sake of testing - RSA
- */
- public void checkCreation1()
- throws Exception
- {
- //
- // a sample key pair.
- //
- RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16));
-
- RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16),
- new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
- new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
- new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
- new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
- new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
- new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
-
- //
- // set up the keys
- //
- PrivateKey privKey;
- PublicKey pubKey;
-
- KeyFactory fact = KeyFactory.getInstance("RSA", "BC");
-
- privKey = fact.generatePrivate(privKeySpec);
- pubKey = fact.generatePublic(pubKeySpec);
-
- //
- // distinguished name table.
- //
- X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
-
- builder.addRDN(BCStyle.C, "AU");
- builder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
- builder.addRDN(BCStyle.L, "Melbourne");
- builder.addRDN(BCStyle.ST, "Victoria");
- builder.addRDN(BCStyle.E, "feedback-crypto@bouncycastle.org");
-
- //
- // extensions
- //
-
- //
- // create the certificate - version 3 - without extensions
- //
- ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC).build(privKey);
- X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - 50000), new Date(System.currentTimeMillis() + 50000),builder.build(), pubKey);
-
- X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certGen.build(sigGen));
-
- cert.checkValidity(new Date());
-
- cert.verify(pubKey);
-
- cert.verify(cert.getPublicKey());
-
- Set dummySet = cert.getNonCriticalExtensionOIDs();
- if (dummySet != null)
- {
- fail("non-critical oid set should be null");
- }
- dummySet = cert.getCriticalExtensionOIDs();
- if (dummySet != null)
- {
- fail("critical oid set should be null");
- }
-
- //
- // create the certificate - version 3 - with extensions
- //
- sigGen = new JcaContentSignerBuilder("MD5WithRSAEncryption").setProvider(BC).build(privKey);
- certGen = new JcaX509v3CertificateBuilder(builder.build(), BigInteger.valueOf(1)
- , new Date(System.currentTimeMillis() - 50000)
- , new Date(System.currentTimeMillis() + 50000)
- , builder.build()
- , pubKey)
- .addExtension(new ASN1ObjectIdentifier("2.5.29.15"), true,
- new X509KeyUsage(X509KeyUsage.encipherOnly))
- .addExtension(new ASN1ObjectIdentifier("2.5.29.37"), true,
- new DERSequence(KeyPurposeId.anyExtendedKeyUsage))
- .addExtension(new ASN1ObjectIdentifier("2.5.29.17"), true,
- new GeneralNames(new GeneralName[]
- {
- new GeneralName(GeneralName.rfc822Name, "test@test.test"),
- new GeneralName(GeneralName.dNSName, "dom.test.test")
- }));
-
- X509CertificateHolder certHolder = certGen.build(sigGen);
-
- cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certHolder);
-
- cert.checkValidity(new Date());
-
- cert.verify(pubKey);
- cert.verify(cert.getPublicKey());
-
- ContentVerifierProvider contentVerifierProvider = new JcaContentVerifierProviderBuilder().setProvider(BC).build(pubKey);
- if (!certHolder.isSignatureValid(contentVerifierProvider))
- {
- fail("signature test failed");
- }
-
- ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded());
- CertificateFactory certFact = CertificateFactory.getInstance("X.509", "BC");
-
- cert = (X509Certificate)certFact.generateCertificate(bIn);
-
- if (!cert.getKeyUsage()[7])
- {
- fail("error generating cert - key usage wrong.");
- }
-
- List l = cert.getExtendedKeyUsage();
- if (!l.get(0).equals(KeyPurposeId.anyExtendedKeyUsage.getId()))
- {
- fail("failed extended key usage test");
- }
-
- Collection c = cert.getSubjectAlternativeNames();
- Iterator it = c.iterator();
- while (it.hasNext())
- {
- List gn = (List)it.next();
- if (!gn.get(1).equals("test@test.test") && !gn.get(1).equals("dom.test.test"))
- {
- fail("failed subject alternative names test");
- }
- }
-
- sunProviderCheck(certHolder.getEncoded());
- sunProviderCheck(cert.getEncoded());
-
- // System.out.println(cert);
-
- //
- // create the certificate - version 1
- //
- sigGen = new JcaContentSignerBuilder("MD5WithRSAEncryption").setProvider(BC).build(privKey);
- X509v1CertificateBuilder certGen1 = new JcaX509v1CertificateBuilder(builder.build(), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey);
-
- cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certGen1.build(sigGen));
-
- cert.checkValidity(new Date());
-
- cert.verify(pubKey);
- cert.verify(cert.getPublicKey());
-
- bIn = new ByteArrayInputStream(cert.getEncoded());
- certFact = CertificateFactory.getInstance("X.509", "BC");
-
- cert = (X509Certificate)certFact.generateCertificate(bIn);
-
- // System.out.println(cert);
- if (!cert.getIssuerDN().equals(cert.getSubjectDN()))
- {
- fail("name comparison fails");
- }
-
- sunProviderCheck(certHolder.getEncoded());
- sunProviderCheck(cert.getEncoded());
-//
- // a lightweight key pair.
- //
- RSAKeyParameters lwPubKey = new RSAKeyParameters(
- false,
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16));
-
- RSAPrivateCrtKeyParameters lwPrivKey = new RSAPrivateCrtKeyParameters(
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16),
- new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
- new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
- new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
- new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
- new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
- new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
-
- //
- // distinguished name table.
- //
- builder = new X500NameBuilder(BCStyle.INSTANCE);
-
- builder.addRDN(BCStyle.C, "AU");
- builder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
- builder.addRDN(BCStyle.L, "Melbourne");
- builder.addRDN(BCStyle.ST, "Victoria");
- builder.addRDN(BCStyle.E, "feedback-crypto@bouncycastle.org");
-
- //
- // extensions
- //
-
- //
- // create the certificate - version 3 - without extensions
- //
- AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption");
- AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
-
- sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(lwPrivKey);
- SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPublicKey(lwPubKey.getModulus(), lwPubKey.getExponent()));
- certGen = new X509v3CertificateBuilder(builder.build(), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - 50000), new Date(System.currentTimeMillis() + 50000), builder.build(), pubInfo);
-
- certHolder = certGen.build(sigGen);
-
- cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certHolder);
-
- cert.checkValidity(new Date());
-
- cert.verify(pubKey);
-
- contentVerifierProvider = new BcRSAContentVerifierProviderBuilder(new DefaultDigestAlgorithmIdentifierFinder()).build(lwPubKey);
-
- if (!certHolder.isSignatureValid(contentVerifierProvider))
- {
- fail("lw sig verification failed");
- }
- }
-
- /**
- * we generate a self signed certificate for the sake of testing - DSA
- */
- public void checkCreation2()
- throws Exception
- {
- //
- // set up the keys
- //
- PrivateKey privKey;
- PublicKey pubKey;
-
- try
- {
- KeyPairGenerator g = KeyPairGenerator.getInstance("DSA", "SUN");
-
- g.initialize(512, new SecureRandom());
-
- KeyPair p = g.generateKeyPair();
-
- privKey = p.getPrivate();
- pubKey = p.getPublic();
- }
- catch (Exception e)
- {
- fail("error setting up keys - " + e.toString());
- return;
- }
-
- //
- // distinguished name table.
- //
- X500NameBuilder builder = createStdBuilder();
-
- //
- // extensions
- //
-
- //
- // create the certificate - version 3
- //
-
- ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withDSA").setProvider(BC).build(privKey);
- JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey);
-
-
- X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certGen.build(sigGen));
-
- cert.checkValidity(new Date());
-
- cert.verify(pubKey);
-
- ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded());
- CertificateFactory fact = CertificateFactory.getInstance("X.509", BC);
-
- cert = (X509Certificate)fact.generateCertificate(bIn);
-
- // System.out.println(cert);
-
-
- //
- // create the certificate - version 1
- //
- sigGen = new JcaContentSignerBuilder("SHA1withDSA").setProvider(BC).build(privKey);
- JcaX509v1CertificateBuilder certGen1 = new JcaX509v1CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey);
-
- cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certGen1.build(sigGen));
-
- cert.checkValidity(new Date());
-
- cert.verify(pubKey);
-
- bIn = new ByteArrayInputStream(cert.getEncoded());
- fact = CertificateFactory.getInstance("X.509", BC);
-
- cert = (X509Certificate)fact.generateCertificate(bIn);
-
- //System.out.println(cert);
-
- //
- // exception test
- //
- try
- {
- certGen1 = new JcaX509v1CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),dudPublicKey);
-
-
- fail("key without encoding not detected in v1");
- }
- catch (IllegalArgumentException e)
- {
- // expected
- }
- }
-
- private X500NameBuilder createStdBuilder()
- {
- X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
-
- builder.addRDN(BCStyle.C, "AU");
- builder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
- builder.addRDN(BCStyle.L, "Melbourne");
- builder.addRDN(BCStyle.ST, "Victoria");
- builder.addRDN(BCStyle.E, "feedback-crypto@bouncycastle.org");
-
- return builder;
- }
-
- /**
- * we generate a self signed certificate for the sake of testing - ECDSA
- */
- public void checkCreation3()
- {
- ECCurve curve = new ECCurve.Fp(
- new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
- new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
- new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b
-
- ECParameterSpec spec = new ECParameterSpec(
- curve,
- curve.decodePoint(Hex.decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
- new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n
-
-
- ECPrivateKeySpec privKeySpec = new ECPrivateKeySpec(
- new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d
- spec);
-
- ECPublicKeySpec pubKeySpec = new ECPublicKeySpec(
- curve.decodePoint(Hex.decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q
- spec);
-
- //
- // set up the keys
- //
- PrivateKey privKey;
- PublicKey pubKey;
-
- try
- {
- KeyFactory fact = KeyFactory.getInstance("ECDSA", BC);
-
- privKey = fact.generatePrivate(privKeySpec);
- pubKey = fact.generatePublic(pubKeySpec);
- }
- catch (Exception e)
- {
- fail("error setting up keys - " + e.toString());
- return;
- }
-
- //
- // distinguished name table.
- //
- X500NameBuilder builder = createStdBuilder();
-
-
- //
- // toString test
- //
- X500Name p = builder.build();
- String s = p.toString();
-
- if (!s.equals("C=AU,O=The Legion of the Bouncy Castle,L=Melbourne,ST=Victoria,E=feedback-crypto@bouncycastle.org"))
- {
- fail("ordered X509Principal test failed - s = " + s + ".");
- }
-
-// p = new X509Principal(attrs);
-// s = p.toString();
-//
-// //
-// // we need two of these as the hash code for strings changed...
-// //
-// if (!s.equals("O=The Legion of the Bouncy Castle,E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU") && !s.equals("ST=Victoria,L=Melbourne,C=AU,E=feedback-crypto@bouncycastle.org,O=The Legion of the Bouncy Castle"))
-// {
-// fail("unordered X509Principal test failed.");
-// }
-
- //
- // create the certificate - version 3
- //
- try
- {
- ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withECDSA").setProvider(BC).build(privKey);
- JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey);
-
- X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certGen.build(sigGen));
-
- cert.checkValidity(new Date());
-
- cert.verify(pubKey);
-
- ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded());
- CertificateFactory fact = CertificateFactory.getInstance("X.509", BC);
-
- cert = (X509Certificate)fact.generateCertificate(bIn);
-
- //
- // try with point compression turned off
- //
- ((ECPointEncoder)pubKey).setPointFormat("UNCOMPRESSED");
-
- certGen = new JcaX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey);
-
- cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certGen.build(sigGen));
-
- cert.checkValidity(new Date());
-
- cert.verify(pubKey);
-
- bIn = new ByteArrayInputStream(cert.getEncoded());
- fact = CertificateFactory.getInstance("X.509", BC);
-
- cert = (X509Certificate)fact.generateCertificate(bIn);
- // System.out.println(cert);
- }
- catch (Exception e)
- {
- fail("error setting generating cert - " + e.toString());
- }
-
- X509Principal pr = new X509Principal("O=\"The Bouncy Castle, The Legion of\",E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU");
-
- if (!pr.toString().equals("O=The Bouncy Castle\\, The Legion of,E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU"))
- {
- fail("string based X509Principal test failed.");
- }
-
- pr = new X509Principal("O=The Bouncy Castle\\, The Legion of,E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU");
-
- if (!pr.toString().equals("O=The Bouncy Castle\\, The Legion of,E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU"))
- {
- fail("string based X509Principal test failed.");
- }
-
- }
-
- /**
- * we generate a self signed certificate for the sake of testing - SHA224withECDSA
- */
- private void createECCert(String algorithm, ASN1ObjectIdentifier algOid)
- throws Exception
- {
- ECCurve.Fp curve = new ECCurve.Fp(
- new BigInteger("6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057151"), // q (or p)
- new BigInteger("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", 16), // a
- new BigInteger("0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", 16)); // b
-
- ECParameterSpec spec = new ECParameterSpec(
- curve,
- curve.decodePoint(Hex.decode("0200C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66")), // G
- new BigInteger("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", 16)); // n
-
- ECPrivateKeySpec privKeySpec = new ECPrivateKeySpec(
- new BigInteger("5769183828869504557786041598510887460263120754767955773309066354712783118202294874205844512909370791582896372147797293913785865682804434049019366394746072023"), // d
- spec);
-
- ECPublicKeySpec pubKeySpec = new ECPublicKeySpec(
- curve.decodePoint(Hex.decode("02006BFDD2C9278B63C92D6624F151C9D7A822CC75BD983B17D25D74C26740380022D3D8FAF304781E416175EADF4ED6E2B47142D2454A7AC7801DD803CF44A4D1F0AC")), // Q
- spec);
-
- //
- // set up the keys
- //
- PrivateKey privKey;
- PublicKey pubKey;
-
- KeyFactory fact = KeyFactory.getInstance("ECDSA", BC);
-
- privKey = fact.generatePrivate(privKeySpec);
- pubKey = fact.generatePublic(pubKeySpec);
-
-
- //
- // distinguished name table.
- //
- X500NameBuilder builder = createStdBuilder();
-
- //
- // create the certificate - version 3
- //
- ContentSigner sigGen = new JcaContentSignerBuilder(algorithm).setProvider(BC).build(privKey);
- X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey);
-
- X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certGen.build(sigGen));
-
- cert.checkValidity(new Date());
-
- cert.verify(pubKey);
-
- ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded());
- CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC);
-
- cert = (X509Certificate)certFact.generateCertificate(bIn);
-
- //
- // try with point compression turned off
- //
- ((ECPointEncoder)pubKey).setPointFormat("UNCOMPRESSED");
-
- certGen = new JcaX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey);
-
- cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certGen.build(sigGen));
-
- cert.checkValidity(new Date());
-
- cert.verify(pubKey);
-
- bIn = new ByteArrayInputStream(cert.getEncoded());
- certFact = CertificateFactory.getInstance("X.509", BC);
-
- cert = (X509Certificate)certFact.generateCertificate(bIn);
-
- if (!cert.getSigAlgOID().equals(algOid.toString()))
- {
- fail("ECDSA oid incorrect.");
- }
-
- if (cert.getSigAlgParams() != null)
- {
- fail("sig parameters present");
- }
-
- Signature sig = Signature.getInstance(algorithm, BC);
-
- sig.initVerify(pubKey);
-
- sig.update(cert.getTBSCertificate());
-
- if (!sig.verify(cert.getSignature()))
- {
- fail("EC certificate signature not mapped correctly.");
- }
- // System.out.println(cert);
- }
-
- private void checkCRL(
- int id,
- byte[] bytes)
- {
- ByteArrayInputStream bIn;
- String dump = "";
-
- try
- {
- bIn = new ByteArrayInputStream(bytes);
-
- CertificateFactory fact = CertificateFactory.getInstance("X.509", BC);
-
- CRL cert = fact.generateCRL(bIn);
-
- // System.out.println(cert);
- }
- catch (Exception e)
- {
- fail(dump + System.getProperty("line.separator") + getName() + ": "+ id + " failed - exception " + e.toString(), e);
- }
-
- }
-
- public void checkCRLCreation1()
- throws Exception
- {
- KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", BC);
- Date now = new Date();
- KeyPair pair = kpGen.generateKeyPair();
- X509v2CRLBuilder crlGen = new X509v2CRLBuilder(new X500Name("CN=Test CA"), now);
-
- crlGen.setNextUpdate(new Date(now.getTime() + 100000));
-
- crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn);
-
- crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));
-
- X509CRLHolder crl = crlGen.build(new JcaContentSignerBuilder("SHA256withRSAEncryption").setProvider(BC).build(pair.getPrivate()));
-
- if (!crl.getIssuer().equals(new X500Name("CN=Test CA")))
- {
- fail("failed CRL issuer test");
- }
-
- Extension authExt = crl.getExtension(Extension.authorityKeyIdentifier);
-
- if (authExt == null)
- {
- fail("failed to find CRL extension");
- }
-
- AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);
-
- X509CRLEntryHolder entry = crl.getRevokedCertificate(BigInteger.ONE);
-
- if (entry == null)
- {
- fail("failed to find CRL entry");
- }
-
- if (!entry.getSerialNumber().equals(BigInteger.ONE))
- {
- fail("CRL cert serial number does not match");
- }
-
- if (!entry.hasExtensions())
- {
- fail("CRL entry extension not found");
- }
-
- Extension ext = entry.getExtension(X509Extension.reasonCode);
-
- if (ext != null)
- {
- ASN1Enumerated reasonCode = (ASN1Enumerated)ASN1Enumerated.getInstance(ext.getParsedValue());
-
- if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
- {
- fail("CRL entry reasonCode wrong");
- }
- }
- else
- {
- fail("CRL entry reasonCode not found");
- }
- }
-
- public void checkCRLCreation2()
- throws Exception
- {
- KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", BC);
-
- Date now = new Date();
- KeyPair pair = kpGen.generateKeyPair();
- X509v2CRLBuilder crlGen = new JcaX509v2CRLBuilder(new X500Principal("CN=Test CA"), now);
-
- crlGen.setNextUpdate(new Date(now.getTime() + 100000));
-
- Vector extOids = new Vector();
- Vector extValues = new Vector();
-
- CRLReason crlReason = CRLReason.lookup(CRLReason.privilegeWithdrawn);
-
- try
- {
- extOids.addElement(X509Extensions.ReasonCode);
- extValues.addElement(new X509Extension(false, new DEROctetString(crlReason.getEncoded())));
- }
- catch (IOException e)
- {
- throw new IllegalArgumentException("error encoding reason: " + e);
- }
-
- X509Extensions entryExtensions = new X509Extensions(extOids, extValues);
-
- crlGen.addCRLEntry(BigInteger.ONE, now, entryExtensions);
-
- crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));
-
- X509CRLHolder crlHolder = crlGen.build(new JcaContentSignerBuilder("SHA256withRSAEncryption").setProvider(BC).build(pair.getPrivate()));
-
- X509CRL crl = new JcaX509CRLConverter().setProvider(BC).getCRL(crlHolder);
-
- if (!crl.getIssuerX500Principal().equals(new X500Principal("CN=Test CA")))
- {
- fail("failed CRL issuer test");
- }
-
- byte[] authExt = crl.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
-
- if (authExt == null)
- {
- fail("failed to find CRL extension");
- }
-
- AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);
-
- X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);
-
- if (entry == null)
- {
- fail("failed to find CRL entry");
- }
-
- if (!entry.getSerialNumber().equals(BigInteger.ONE))
- {
- fail("CRL cert serial number does not match");
- }
-
- if (!entry.hasExtensions())
- {
- fail("CRL entry extension not found");
- }
-
- byte[] ext = entry.getExtensionValue(X509Extensions.ReasonCode.getId());
-
- if (ext != null)
- {
- ASN1Enumerated reasonCode = (ASN1Enumerated)X509ExtensionUtil.fromExtensionValue(ext);
-
- if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
- {
- fail("CRL entry reasonCode wrong");
- }
- }
- else
- {
- fail("CRL entry reasonCode not found");
- }
- }
-
- public void checkCRLCreation3()
- throws Exception
- {
- KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", BC);
- Date now = new Date();
- KeyPair pair = kpGen.generateKeyPair();
- X509v2CRLBuilder crlGen = new JcaX509v2CRLBuilder(new X500Principal("CN=Test CA"), now);
-
- crlGen.setNextUpdate(new Date(now.getTime() + 100000));
-
- Vector extOids = new Vector();
- Vector extValues = new Vector();
-
- CRLReason crlReason = CRLReason.lookup(CRLReason.privilegeWithdrawn);
-
- try
- {
- extOids.addElement(X509Extensions.ReasonCode);
- extValues.addElement(new X509Extension(false, new DEROctetString(crlReason.getEncoded())));
- }
- catch (IOException e)
- {
- throw new IllegalArgumentException("error encoding reason: " + e);
- }
-
- X509Extensions entryExtensions = new X509Extensions(extOids, extValues);
-
- crlGen.addCRLEntry(BigInteger.ONE, now, entryExtensions);
-
- crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));
-
- X509CRLHolder crlHolder = crlGen.build(new JcaContentSignerBuilder("SHA256withRSAEncryption").setProvider(BC).build(pair.getPrivate()));
-
- X509CRL crl = new JcaX509CRLConverter().setProvider(BC).getCRL(crlHolder);
-
- if (!crl.getIssuerX500Principal().equals(new X500Principal("CN=Test CA")))
- {
- fail("failed CRL issuer test");
- }
-
- byte[] authExt = crl.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
-
- if (authExt == null)
- {
- fail("failed to find CRL extension");
- }
-
- AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);
-
- X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE);
-
- if (entry == null)
- {
- fail("failed to find CRL entry");
- }
-
- if (!entry.getSerialNumber().equals(BigInteger.ONE))
- {
- fail("CRL cert serial number does not match");
- }
-
- if (!entry.hasExtensions())
- {
- fail("CRL entry extension not found");
- }
-
- byte[] ext = entry.getExtensionValue(X509Extensions.ReasonCode.getId());
-
- if (ext != null)
- {
- ASN1Enumerated reasonCode = (ASN1Enumerated)X509ExtensionUtil.fromExtensionValue(ext);
-
- if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
- {
- fail("CRL entry reasonCode wrong");
- }
- }
- else
- {
- fail("CRL entry reasonCode not found");
- }
-
- //
- // check loading of existing CRL
- //
- now = new Date();
- crlGen = new X509v2CRLBuilder(new X500Name("CN=Test CA"), now);
-
- crlGen.setNextUpdate(new Date(now.getTime() + 100000));
-
- crlGen.addCRL(new JcaX509CRLHolder(crl));
-
- crlGen.addCRLEntry(BigInteger.valueOf(2), now, entryExtensions);
-
- crlGen.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic()));
-
- crlHolder = crlGen.build(new JcaContentSignerBuilder("SHA256withRSAEncryption").setProvider(BC).build(pair.getPrivate()));
-
- int count = 0;
- boolean oneFound = false;
- boolean twoFound = false;
-
- Iterator it = crlHolder.getRevokedCertificates().iterator();
- while (it.hasNext())
- {
- X509CRLEntryHolder crlEnt = (X509CRLEntryHolder)it.next();
-
- if (crlEnt.getSerialNumber().intValue() == 1)
- {
- oneFound = true;
- Extension extn = crlEnt.getExtension(X509Extension.reasonCode);
-
- if (extn != null)
- {
- ASN1Enumerated reasonCode = (ASN1Enumerated)ASN1Enumerated.getInstance(extn.getParsedValue());
-
- if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn)
- {
- fail("CRL entry reasonCode wrong");
- }
- }
- else
- {
- fail("CRL entry reasonCode not found");
- }
- }
- else if (crlEnt.getSerialNumber().intValue() == 2)
- {
- twoFound = true;
- }
-
- count++;
- }
-
- if (count != 2)
- {
- fail("wrong number of CRLs found");
- }
-
- if (!oneFound || !twoFound)
- {
- fail("wrong CRLs found in copied list");
- }
-
- //
- // check factory read back
- //
- CertificateFactory cFact = CertificateFactory.getInstance("X.509", BC);
-
- X509CRL readCrl = (X509CRL)cFact.generateCRL(new ByteArrayInputStream(crlHolder.getEncoded()));
-
- if (readCrl == null)
- {
- fail("crl not returned!");
- }
-
- Collection col = cFact.generateCRLs(new ByteArrayInputStream(crlHolder.getEncoded()));
-
- if (col.size() != 1)
- {
- fail("wrong number of CRLs found in collection");
- }
- }
-
- /**
- * we generate a self signed certificate for the sake of testing - GOST3410
- */
- public void checkCreation4()
- throws Exception
- {
- //
- // set up the keys
- //
- PrivateKey privKey;
- PublicKey pubKey;
-
- KeyPairGenerator g = KeyPairGenerator.getInstance("GOST3410", BC);
- GOST3410ParameterSpec gost3410P = new GOST3410ParameterSpec("GostR3410-94-CryptoPro-A");
-
- g.initialize(gost3410P, new SecureRandom());
-
- KeyPair p = g.generateKeyPair();
-
- privKey = p.getPrivate();
- pubKey = p.getPublic();
-
- //
- // distinguished name table.
- //
- X500NameBuilder builder = createStdBuilder();
-
- //
- // extensions
- //
-
- //
- // create the certificate - version 3
- //
- ContentSigner sigGen = new JcaContentSignerBuilder("GOST3411withGOST3410").setProvider(BC).build(privKey);
- X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey);
-
- X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certGen.build(sigGen));
-
- cert.checkValidity(new Date());
-
- //
- // check verifies in general
- //
- cert.verify(pubKey);
-
- //
- // check verifies with contained key
- //
- cert.verify(cert.getPublicKey());
-
- ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded());
- CertificateFactory fact = CertificateFactory.getInstance("X.509", BC);
-
- cert = (X509Certificate)fact.generateCertificate(bIn);
-
- //System.out.println(cert);
-
- //check getEncoded()
- byte[] bytes = cert.getEncoded();
- }
-
- public void checkCreation5()
- throws Exception
- {
- //
- // a sample key pair.
- //
- RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16));
-
- RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16),
- new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
- new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
- new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
- new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
- new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
- new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
-
- //
- // set up the keys
- //
- SecureRandom rand = new SecureRandom();
- PrivateKey privKey;
- PublicKey pubKey;
-
- KeyFactory fact = KeyFactory.getInstance("RSA", BC);
-
- privKey = fact.generatePrivate(privKeySpec);
- pubKey = fact.generatePublic(pubKeySpec);
-
- //
- // distinguished name table.
- //
- Vector ord = new Vector();
- Vector values = new Vector();
-
- X500NameBuilder builder = createStdBuilder();
-
- //
- // create base certificate - version 3
- //
- ContentSigner sigGen = new JcaContentSignerBuilder("MD5WithRSAEncryption").setProvider(BC).build(privKey);
- X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey)
- .addExtension(new ASN1ObjectIdentifier("2.5.29.15"), true,
- new X509KeyUsage(X509KeyUsage.encipherOnly))
- .addExtension(new ASN1ObjectIdentifier("2.5.29.37"), true,
- new DERSequence(KeyPurposeId.anyExtendedKeyUsage))
- .addExtension(new ASN1ObjectIdentifier("2.5.29.17"), true,
- new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test")));
-
- X509Certificate baseCert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certGen.build(sigGen));
-
- //
- // copy certificate
- //
-
- certGen = new JcaX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey)
- .copyAndAddExtension(new ASN1ObjectIdentifier("2.5.29.15"), true, baseCert)
- .copyAndAddExtension(new ASN1ObjectIdentifier("2.5.29.37"), false, baseCert);
-
- X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certGen.build(sigGen));
-
- cert.checkValidity(new Date());
-
- cert.verify(pubKey);
-
- if (!areEqual(baseCert.getExtensionValue("2.5.29.15"), cert.getExtensionValue("2.5.29.15")))
- {
- fail("2.5.29.15 differs");
- }
-
- if (!areEqual(baseCert.getExtensionValue("2.5.29.37"), cert.getExtensionValue("2.5.29.37")))
- {
- fail("2.5.29.37 differs");
- }
-
- //
- // exception test
- //
-
- try
- {
- certGen.copyAndAddExtension(new ASN1ObjectIdentifier("2.5.99.99"), true, new JcaX509CertificateHolder(baseCert));
-
- fail("exception not thrown on dud extension copy");
- }
- catch (NullPointerException e)
- {
- // expected
- }
-
-// try
-// {
-// certGen.setPublicKey(dudPublicKey);
-//
-// certGen.generate(privKey, BC);
-//
-// fail("key without encoding not detected in v3");
-// }
-// catch (IllegalArgumentException e)
-// {
-// // expected
-// }
-
- }
-
- private void testForgedSignature()
- throws Exception
- {
- String cert = "MIIBsDCCAVoCAQYwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV"
- + "BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD"
- + "VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw0wNjA5MTEyMzU4NTVa"
- + "Fw0wNjEwMTEyMzU4NTVaMGMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNs"
- + "YW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEjMCEGA1UEAxMaU2VydmVy"
- + "IHRlc3QgY2VydCAoNTEyIGJpdCkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PD"
- + "hCeV/xIxUg8V70YRxK2A5jZbD92A12GN4PxyRQk0/lVmRUNMaJdq/qigpd9feP/u"
- + "12S4PwTLb/8q/v657QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAbynCRIlUQgaqyNgU"
- + "DF6P14yRKUtX8akOP2TwStaSiVf/akYqfLFm3UGka5XbPj4rifrZ0/sOoZEEBvHQ"
- + "e20sRA==";
-
- CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC);
-
- X509Certificate x509 = (X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(Base64.decode(cert)));
- try
- {
- x509.verify(x509.getPublicKey());
-
- fail("forged RSA signature passed");
- }
- catch (Exception e)
- {
- // expected
- }
- }
-
-
- private void pemTest()
- throws Exception
- {
- CertificateFactory cf = CertificateFactory.getInstance("X.509", BC);
-
- Certificate cert = readPEMCert(cf, PEMData.CERTIFICATE_1);
- if (cert == null)
- {
- fail("PEM cert not read");
- }
- cert = readPEMCert(cf, "-----BEGIN CERTIFICATE-----" + PEMData.CERTIFICATE_2);
- if (cert == null)
- {
- fail("PEM cert with extraneous header not read");
- }
- CRL crl = cf.generateCRL(new ByteArrayInputStream(PEMData.CRL_1.getBytes("US-ASCII")));
- if (crl == null)
- {
- fail("PEM crl not read");
- }
- Collection col = cf.generateCertificates(new ByteArrayInputStream(PEMData.CERTIFICATE_2.getBytes("US-ASCII")));
- if (col.size() != 1 || !col.contains(cert))
- {
- fail("PEM cert collection not right");
- }
- col = cf.generateCRLs(new ByteArrayInputStream(PEMData.CRL_2.getBytes("US-ASCII")));
- if (col.size() != 1 || !col.contains(crl))
- {
- fail("PEM crl collection not right");
- }
- }
-
- private static Certificate readPEMCert(CertificateFactory cf, String pemData)
- throws CertificateException, UnsupportedEncodingException
- {
- return cf.generateCertificate(new ByteArrayInputStream(pemData.getBytes("US-ASCII")));
- }
-
- private void pkcs7Test()
- throws Exception
- {
- /*
- ASN1EncodableVector certs = new ASN1EncodableVector();
-
- certs.add(new ASN1InputStream(CertPathTest.rootCertBin).readObject());
- certs.add(new DERTaggedObject(false, 2, new ASN1InputStream(AttrCertTest.attrCert).readObject()));
-
- ASN1EncodableVector crls = new ASN1EncodableVector();
-
- crls.add(new ASN1InputStream(CertPathTest.rootCrlBin).readObject());
- SignedData sigData = new SignedData(new DERSet(), new ContentInfo(CMSObjectIdentifiers.data, null), new DERSet(certs), new DERSet(crls), new DERSet());
-
- ContentInfo info = new ContentInfo(CMSObjectIdentifiers.signedData, sigData);
-
- CertificateFactory cf = CertificateFactory.getInstance("X.509", BC);
-
- X509Certificate cert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(info.getEncoded()));
- if (cert == null || !areEqual(cert.getEncoded(), certs.get(0).getDERObject().getEncoded()))
- {
- fail("PKCS7 cert not read");
- }
- X509CRL crl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(info.getEncoded()));
- if (crl == null || !areEqual(crl.getEncoded(), crls.get(0).getDERObject().getEncoded()))
- {
- fail("PKCS7 crl not read");
- }
- Collection col = cf.generateCertificates(new ByteArrayInputStream(info.getEncoded()));
- if (col.size() != 1 || !col.contains(cert))
- {
- fail("PKCS7 cert collection not right");
- }
- col = cf.generateCRLs(new ByteArrayInputStream(info.getEncoded()));
- if (col.size() != 1 || !col.contains(crl))
- {
- fail("PKCS7 crl collection not right");
- }
-
- // data with no certificates or CRLs
-
- sigData = new SignedData(new DERSet(), new ContentInfo(CMSObjectIdentifiers.data, null), new DERSet(), new DERSet(), new DERSet());
-
- info = new ContentInfo(CMSObjectIdentifiers.signedData, sigData);
-
- cert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(info.getEncoded()));
- if (cert != null)
- {
- fail("PKCS7 cert present");
- }
- crl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(info.getEncoded()));
- if (crl != null)
- {
- fail("PKCS7 crl present");
- }
-
- // data with absent certificates and CRLS
-
- sigData = new SignedData(new DERSet(), new ContentInfo(CMSObjectIdentifiers.data, null), null, null, new DERSet());
-
- info = new ContentInfo(CMSObjectIdentifiers.signedData, sigData);
-
- cert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(info.getEncoded()));
- if (cert != null)
- {
- fail("PKCS7 cert present");
- }
- crl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(info.getEncoded()));
- if (crl != null)
- {
- fail("PKCS7 crl present");
- }
-
- //
- // sample message
- //
- InputStream in = new ByteArrayInputStream(pkcs7CrlProblem);
- Collection certCol = cf.generateCertificates(in);
- Collection crlCol = cf.generateCRLs(in);
-
- if (crlCol.size() != 0)
- {
- fail("wrong number of CRLs: " + crlCol.size());
- }
-
- if (certCol.size() != 4)
- {
- fail("wrong number of Certs: " + certCol.size());
- }
- */
- }
-
- private void createPSSCert(String algorithm)
- throws Exception
- {
- KeyPair pair = generateLongFixedKeys();
-
- PrivateKey privKey = pair.getPrivate();
- PublicKey pubKey = pair.getPublic();
-
- //
- // distinguished name table.
- //
-
- X500NameBuilder builder = createStdBuilder();
-
- //
- // create base certificate - version 3
- //
- ContentSigner sigGen = new JcaContentSignerBuilder(algorithm).setProvider(BC).build(privKey);
- JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1),
- new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey);
-
- certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.15"), true,
- new X509KeyUsage(X509KeyUsage.encipherOnly));
- certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.37"), true,
- new DERSequence(KeyPurposeId.anyExtendedKeyUsage));
- certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.17"), true,
- new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test")));
-
- X509Certificate baseCert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certGen.build(sigGen));
-
- baseCert.verify(pubKey);
- }
-
- private KeyPair generateLongFixedKeys()
- throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException
- {
- RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
- new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16),
- new BigInteger("010001",16));
-
- RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
- new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16),
- new BigInteger("010001",16),
- new BigInteger("33a5042a90b27d4f5451ca9bbbd0b44771a101af884340aef9885f2a4bbe92e894a724ac3c568c8f97853ad07c0266c8c6a3ca0929f1e8f11231884429fc4d9ae55fee896a10ce707c3ed7e734e44727a39574501a532683109c2abacaba283c31b4bd2f53c3ee37e352cee34f9e503bd80c0622ad79c6dcee883547c6a3b325",16),
- new BigInteger("e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443",16),
- new BigInteger("b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd",16),
- new BigInteger("28fa13938655be1f8a159cbaca5a72ea190c30089e19cd274a556f36c4f6e19f554b34c077790427bbdd8dd3ede2448328f385d81b30e8e43b2fffa027861979",16),
- new BigInteger("1a8b38f398fa712049898d7fb79ee0a77668791299cdfa09efc0e507acb21ed74301ef5bfd48be455eaeb6e1678255827580a8e4e8e14151d1510a82a3f2e729",16),
- new BigInteger("27156aba4126d24a81f3a528cbfb27f56886f840a9f6e86e17a44b94fe9319584b8e22fdde1e5a2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24a79f4d",16));
-
- KeyFactory fact = KeyFactory.getInstance("RSA", BC);
-
- return new KeyPair(fact.generatePublic(pubKeySpec), fact.generatePrivate(privKeySpec));
- }
-
- private void rfc4491Test()
- throws Exception
- {
- CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC);
-
- X509Certificate x509 = (X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(gostRFC4491_94));
-
- x509.verify(x509.getPublicKey(), BC);
-
- x509 = (X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(gostRFC4491_2001));
-
- x509.verify(x509.getPublicKey(), BC);
- }
-
- private void testNullDerNullCert()
- throws Exception
- {
- KeyPair pair = generateLongFixedKeys();
- PublicKey pubKey = pair.getPublic();
- PrivateKey privKey = pair.getPrivate();
-
- ContentSigner sigGen = new JcaContentSignerBuilder("MD5WithRSAEncryption").setProvider(BC).build(privKey);
- JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(new X500Name("CN=Test"),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),new X500Name("CN=Test"),pubKey);
- X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certGen.build(sigGen));
-
- X509CertificateStructure struct = X509CertificateStructure.getInstance(ASN1Primitive.fromByteArray(cert.getEncoded()));
-
- ASN1Encodable tbsCertificate = struct.getTBSCertificate();
- AlgorithmIdentifier sig = struct.getSignatureAlgorithm();
-
- ASN1EncodableVector v = new ASN1EncodableVector();
-
- v.add(tbsCertificate);
- v.add(new AlgorithmIdentifier(sig.getAlgorithm()));
- v.add(struct.getSignature());
-
- // verify
- ByteArrayInputStream bIn;
- String dump = "";
-
- try
- {
- bIn = new ByteArrayInputStream(new DERSequence(v).getEncoded());
-
- CertificateFactory fact = CertificateFactory.getInstance("X.509", BC);
-
- cert = (X509Certificate)fact.generateCertificate(bIn);
-
- cert.verify(cert.getPublicKey());
- }
- catch (Exception e)
- {
- fail(dump + System.getProperty("line.separator") + getName() + ": testNullDerNull failed - exception " + e.toString(), e);
- }
- }
-
- private void testDirect()
- throws Exception
- {
- KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
-
- ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
-
- keyStore.load(input, "test".toCharArray());
-
- X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
- PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
-
- X500Name issuer = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());
-
- X509v2CRLBuilder builder = new X509v2CRLBuilder(issuer, new Date());
-
- builder.addCRLEntry(certificate.getSerialNumber(), new Date(), CRLReason.cACompromise);
-
- JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
-
- contentSignerBuilder.setProvider("BC");
-
- X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
-
- if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
- {
- fail("CRL signature not valid");
- }
-
- X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());
-
- if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(cRLHolder.getIssuer()))))
- {
- fail("certificate issuer incorrect");
- }
-
- JcaX509CRLConverter converter = new JcaX509CRLConverter();
-
- converter.setProvider("BC");
-
- X509CRL crl = converter.getCRL(cRLHolder);
-
- crl.verify(certificate.getPublicKey());
-
- if (!crl.isRevoked(certificate))
- {
- fail("Certificate should be revoked");
- }
-
- // now encode the CRL and load the CRL with the JCE provider
-
- CertificateFactory fac = CertificateFactory.getInstance("X.509");
-
- X509CRL jceCRL = (X509CRL) fac.generateCRL(new ByteArrayInputStream(crl.getEncoded()));
-
- jceCRL.verify(certificate.getPublicKey());
-
- if (!jceCRL.isRevoked(certificate))
- {
- fail("This certificate should also be revoked");
- }
- }
-
- private void testIndirect()
- throws Exception
- {
- KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
-
- ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
-
- keyStore.load(input, "test".toCharArray());
-
- X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
- PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
-
- X500Name crlIssuer = X500Name.getInstance(certificate.getSubjectX500Principal().getEncoded());
- X500Name caName = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());
-
- X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());
-
- builder.addExtension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint(null, true, false));
-
- ExtensionsGenerator extGen = new ExtensionsGenerator();
-
- extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
- extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));
-
- builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());
-
- JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
-
- contentSignerBuilder.setProvider("BC");
-
- X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
-
- if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
- {
- fail("CRL signature not valid");
- }
-
- X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());
-
- if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded())))))
- {
- fail("certificate issuer incorrect");
- }
-
- JcaX509CRLConverter converter = new JcaX509CRLConverter();
-
- converter.setProvider("BC");
-
- X509CRL crl = converter.getCRL(cRLHolder);
-
- crl.verify(certificate.getPublicKey());
-
- if (!crl.isRevoked(certificate))
- {
- fail("Certificate should be revoked");
- }
-
- // now encode the CRL and load the CRL with the JCE provider
-
- CertificateFactory fac = CertificateFactory.getInstance("X.509");
-
- X509CRL jceCRL = (X509CRL) fac.generateCRL(new ByteArrayInputStream(crl.getEncoded()));
-
- jceCRL.verify(certificate.getPublicKey());
-
- if (!jceCRL.isRevoked(certificate))
- {
- fail("This certificate should also be revoked");
- }
- }
-
- private void testIndirect2()
- throws Exception
- {
- KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
-
- ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
-
- keyStore.load(input, "test".toCharArray());
-
- X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
- PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
-
- X500Name crlIssuer = X500Name.getInstance(certificate.getSubjectX500Principal().getEncoded());
- X500Name caName = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());
-
- X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());
-
- builder.addExtension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint(null, true, false));
-
- builder.addCRLEntry(BigInteger.valueOf(100), new Date(), CRLReason.cACompromise);
- builder.addCRLEntry(BigInteger.valueOf(120), new Date(), CRLReason.cACompromise);
-
- ExtensionsGenerator extGen = new ExtensionsGenerator();
-
- extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
- extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));
-
- builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());
-
- builder.addCRLEntry(BigInteger.valueOf(130), new Date(), CRLReason.cACompromise);
-
- JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
-
- contentSignerBuilder.setProvider("BC");
-
- X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
-
- if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
- {
- fail("CRL signature not valid");
- }
-
- X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());
-
- if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(caName))))
- {
- fail("certificate issuer incorrect");
- }
-
- cRLEntryHolder = cRLHolder.getRevokedCertificate(BigInteger.valueOf(130));
-
- if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(caName))))
- {
- fail("certificate issuer incorrect");
- }
-
- cRLEntryHolder = cRLHolder.getRevokedCertificate(BigInteger.valueOf(100));
-
- if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(cRLHolder.getIssuer()))))
- {
- fail("certificate issuer incorrect");
- }
-
- JcaX509CRLConverter converter = new JcaX509CRLConverter();
-
- converter.setProvider("BC");
-
- X509CRL crl = converter.getCRL(cRLHolder);
-
- crl.verify(certificate.getPublicKey());
-
- X509CRLEntry crlEntry = crl.getRevokedCertificate(BigInteger.valueOf(100));
-
- if (crlEntry.getCertificateIssuer() != null)
- {
- fail("JCA 1 certificate issuer incorrect");
- }
-
- crlEntry = crl.getRevokedCertificate(BigInteger.valueOf(130));
- if (!crlEntry.getCertificateIssuer().equals(new X500Principal(caName.getEncoded())))
- {
- fail("JCA 2 certificate issuer incorrect");
- }
- }
-
- // issuing distribution point must be set for an indirect CRL to be recognised
- private void testMalformedIndirect()
- throws Exception
- {
- KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
-
- ByteArrayInputStream input = new ByteArrayInputStream(testCAp12);
-
- keyStore.load(input, "test".toCharArray());
-
- X509Certificate certificate = (X509Certificate) keyStore.getCertificate("ca");
- PrivateKey privateKey = (PrivateKey) keyStore.getKey("ca", null);
-
- X500Name crlIssuer = X500Name.getInstance(certificate.getSubjectX500Principal().getEncoded());
- X500Name caName = X500Name.getInstance(certificate.getIssuerX500Principal().getEncoded());
-
- X509v2CRLBuilder builder = new X509v2CRLBuilder(crlIssuer, new Date());
-
- ExtensionsGenerator extGen = new ExtensionsGenerator();
-
- extGen.addExtension(Extension.reasonCode, false, CRLReason.lookup(CRLReason.cACompromise));
- extGen.addExtension(Extension.certificateIssuer, true, new GeneralNames(new GeneralName(caName)));
-
- builder.addCRLEntry(certificate.getSerialNumber(), new Date(), extGen.generate());
-
- JcaContentSignerBuilder contentSignerBuilder = new JcaContentSignerBuilder("SHA256WithRSAEncryption");
-
- contentSignerBuilder.setProvider("BC");
-
- X509CRLHolder cRLHolder = builder.build(contentSignerBuilder.build(privateKey));
-
- if (!cRLHolder.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(certificate)))
- {
- fail("CRL signature not valid");
- }
-
- X509CRLEntryHolder cRLEntryHolder = cRLHolder.getRevokedCertificate(certificate.getSerialNumber());
-
- if (!cRLEntryHolder.getCertificateIssuer().equals(new GeneralNames(new GeneralName(cRLHolder.getIssuer()))))
- {
- fail("certificate issuer incorrect");
- }
-
- JcaX509CRLConverter converter = new JcaX509CRLConverter();
-
- converter.setProvider("BC");
-
- X509CRL crl = converter.getCRL(cRLHolder);
-
- crl.verify(certificate.getPublicKey());
-
- if (crl.isRevoked(certificate))
- {
- throw new Exception("Certificate should not be revoked");
- }
- }
-
- public void performTest()
- throws Exception
- {
- testDirect();
- testIndirect();
- testIndirect2();
- testMalformedIndirect();
-
- checkCertificate(1, cert1);
- checkCertificate(2, cert2);
- checkCertificate(3, cert3);
- checkCertificate(4, cert4);
- checkCertificate(5, cert5);
- checkCertificate(6, oldEcdsa);
- checkCertificate(7, cert7);
-
- checkKeyUsage(8, keyUsage);
- checkSelfSignedCertificate(9, uncompressedPtEC);
- checkNameCertificate(10, nameCert);
-
- checkSelfSignedCertificate(11, probSelfSignedCert);
- checkSelfSignedCertificate(12, gostCA1);
- checkSelfSignedCertificate(13, gostCA2);
- checkSelfSignedCertificate(14, gost341094base);
- checkSelfSignedCertificate(15, gost34102001base);
- checkSelfSignedCertificate(16, gost341094A);
- checkSelfSignedCertificate(17, gost341094B);
- checkSelfSignedCertificate(17, gost34102001A);
-
- checkCRL(1, crl1);
-
- checkCreation1();
- checkCreation2();
- checkCreation3();
- checkCreation4();
- checkCreation5();
-
- createECCert("SHA1withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
- createECCert("SHA224withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
- createECCert("SHA256withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
- createECCert("SHA384withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
- createECCert("SHA512withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
-
- createPSSCert("SHA1withRSAandMGF1");
- createPSSCert("SHA224withRSAandMGF1");
- createPSSCert("SHA256withRSAandMGF1");
- createPSSCert("SHA384withRSAandMGF1");
-
- checkCRLCreation1();
- checkCRLCreation2();
- checkCRLCreation3();
-
- pemTest();
- pkcs7Test();
- rfc4491Test();
-
- testForgedSignature();
-
- testNullDerNullCert();
-
- checkCertificate(18, emptyDNCert);
- }
-
- public static void main(
- String[] args)
- {
- Security.addProvider(new BouncyCastleProvider());
-
- runTest(new CertTest());
- }
-} \ No newline at end of file
diff --git a/pkix/src/test/java/org/bouncycastle/cert/test/ConverterTest.java b/pkix/src/test/java/org/bouncycastle/cert/test/ConverterTest.java
deleted file mode 100644
index 6413b52b..00000000
--- a/pkix/src/test/java/org/bouncycastle/cert/test/ConverterTest.java
+++ /dev/null
@@ -1,66 +0,0 @@
-package org.bouncycastle.cert.test;
-
-import java.math.BigInteger;
-import java.security.cert.X509CertSelector;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.cert.selector.X509CertificateHolderSelector;
-import org.bouncycastle.cert.selector.jcajce.JcaSelectorConverter;
-import org.bouncycastle.cert.selector.jcajce.JcaX509CertSelectorConverter;
-import org.bouncycastle.util.Arrays;
-
-public class ConverterTest
- extends TestCase
-{
- public void testCertificateSelectorConversion()
- throws Exception
- {
- JcaX509CertSelectorConverter converter = new JcaX509CertSelectorConverter();
- JcaSelectorConverter toSelector = new JcaSelectorConverter();
-
- X509CertificateHolderSelector sid1 = new X509CertificateHolderSelector(new X500Name("CN=Test"), BigInteger.valueOf(1), new byte[20]);
-
- X509CertSelector conv = converter.getCertSelector(sid1);
-
- assertTrue(conv.getIssuerAsString().equals("CN=Test"));
- assertTrue(Arrays.areEqual(conv.getSubjectKeyIdentifier(), new DEROctetString(new byte[20]).getEncoded()));
- assertEquals(conv.getSerialNumber(), sid1.getSerialNumber());
-
- X509CertificateHolderSelector sid2 = toSelector.getCertificateHolderSelector(conv);
-
- assertEquals(sid1, sid2);
-
- sid1 = new X509CertificateHolderSelector(new X500Name("CN=Test"), BigInteger.valueOf(1));
-
- conv = converter.getCertSelector(sid1);
-
- assertTrue(conv.getIssuerAsString().equals("CN=Test"));
- assertNull(conv.getSubjectKeyIdentifier());
- assertEquals(conv.getSerialNumber(), sid1.getSerialNumber());
-
- sid2 = toSelector.getCertificateHolderSelector(conv);
-
- assertEquals(sid1, sid2);
-
- sid1 = new X509CertificateHolderSelector(new byte[20]);
-
- conv = converter.getCertSelector(sid1);
-
- assertNull(conv.getIssuerAsString());
- assertTrue(Arrays.areEqual(conv.getSubjectKeyIdentifier(), new DEROctetString(new byte[20]).getEncoded()));
- assertNull(conv.getSerialNumber());
-
- sid2 = toSelector.getCertificateHolderSelector(conv);
-
- assertEquals(sid1, sid2);
- }
-
- public static Test suite()
- {
- return new TestSuite(ConverterTest.class);
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cert/test/PEMData.java b/pkix/src/test/java/org/bouncycastle/cert/test/PEMData.java
deleted file mode 100644
index 6159f36f..00000000
--- a/pkix/src/test/java/org/bouncycastle/cert/test/PEMData.java
+++ /dev/null
@@ -1,114 +0,0 @@
-package org.bouncycastle.cert.test;
-
-public class PEMData
-{
- public static String CERTIFICATE_1 =
- "-----BEGIN X509 CERTIFICATE-----\r"
- + "MIIDXjCCAsegAwIBAgIBBzANBgkqhkiG9w0BAQQFADCBtzELMAkGA1UEBhMCQVUx\r"
- + "ETAPBgNVBAgTCFZpY3RvcmlhMRgwFgYDVQQHEw9Tb3V0aCBNZWxib3VybmUxGjAY\r"
- + "BgNVBAoTEUNvbm5lY3QgNCBQdHkgTHRkMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBB\r"
- + "dXRob3JpdHkxFTATBgNVBAMTDENvbm5lY3QgNCBDQTEoMCYGCSqGSIb3DQEJARYZ\r"
- + "d2VibWFzdGVyQGNvbm5lY3Q0LmNvbS5hdTAeFw0wMDA2MDIwNzU2MjFaFw0wMTA2\r"
- + "MDIwNzU2MjFaMIG4MQswCQYDVQQGEwJBVTERMA8GA1UECBMIVmljdG9yaWExGDAW\r"
- + "BgNVBAcTD1NvdXRoIE1lbGJvdXJuZTEaMBgGA1UEChMRQ29ubmVjdCA0IFB0eSBM\r"
- + "dGQxFzAVBgNVBAsTDldlYnNlcnZlciBUZWFtMR0wGwYDVQQDExR3d3cyLmNvbm5l\r"
- + "Y3Q0LmNvbS5hdTEoMCYGCSqGSIb3DQEJARYZd2VibWFzdGVyQGNvbm5lY3Q0LmNv\r"
- + "bS5hdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArvDxclKAhyv7Q/Wmr2re\r"
- + "Gw4XL9Cnh9e+6VgWy2AWNy/MVeXdlxzd7QAuc1eOWQkGQEiLPy5XQtTY+sBUJ3AO\r"
- + "Rvd2fEVJIcjf29ey7bYua9J/vz5MG2KYo9/WCHIwqD9mmG9g0xLcfwq/s8ZJBswE\r"
- + "7sb85VU+h94PTvsWOsWuKaECAwEAAaN3MHUwJAYDVR0RBB0wG4EZd2VibWFzdGVy\r"
- + "QGNvbm5lY3Q0LmNvbS5hdTA6BglghkgBhvhCAQ0ELRYrbW9kX3NzbCBnZW5lcmF0\r"
- + "ZWQgY3VzdG9tIHNlcnZlciBjZXJ0aWZpY2F0ZTARBglghkgBhvhCAQEEBAMCBkAw\r"
- + "DQYJKoZIhvcNAQEEBQADgYEAotccfKpwSsIxM1Hae8DR7M/Rw8dg/RqOWx45HNVL\r"
- + "iBS4/3N/TO195yeQKbfmzbAA2jbPVvIvGgTxPgO1MP4ZgvgRhasaa0qCJCkWvpM4\r"
- + "yQf33vOiYQbpv4rTwzU8AmRlBG45WdjyNIigGV+oRc61aKCTnLq7zB8N3z1TF/bF\r"
- + "5/8=\r"
- + "-----END X509 CERTIFICATE-----\r";
-
- public static String CERTIFICATE_2 =
- "-----BEGIN CERTIFICATE-----\n"
- + "MIIDXjCCAsegAwIBAgIBBzANBgkqhkiG9w0BAQQFADCBtzELMAkGA1UEBhMCQVUx\n"
- + "ETAPBgNVBAgTCFZpY3RvcmlhMRgwFgYDVQQHEw9Tb3V0aCBNZWxib3VybmUxGjAY\n"
- + "BgNVBAoTEUNvbm5lY3QgNCBQdHkgTHRkMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBB\n"
- + "dXRob3JpdHkxFTATBgNVBAMTDENvbm5lY3QgNCBDQTEoMCYGCSqGSIb3DQEJARYZ\n"
- + "d2VibWFzdGVyQGNvbm5lY3Q0LmNvbS5hdTAeFw0wMDA2MDIwNzU2MjFaFw0wMTA2\n"
- + "MDIwNzU2MjFaMIG4MQswCQYDVQQGEwJBVTERMA8GA1UECBMIVmljdG9yaWExGDAW\n"
- + "BgNVBAcTD1NvdXRoIE1lbGJvdXJuZTEaMBgGA1UEChMRQ29ubmVjdCA0IFB0eSBM\n"
- + "dGQxFzAVBgNVBAsTDldlYnNlcnZlciBUZWFtMR0wGwYDVQQDExR3d3cyLmNvbm5l\n"
- + "Y3Q0LmNvbS5hdTEoMCYGCSqGSIb3DQEJARYZd2VibWFzdGVyQGNvbm5lY3Q0LmNv\n"
- + "bS5hdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArvDxclKAhyv7Q/Wmr2re\n"
- + "Gw4XL9Cnh9e+6VgWy2AWNy/MVeXdlxzd7QAuc1eOWQkGQEiLPy5XQtTY+sBUJ3AO\n"
- + "Rvd2fEVJIcjf29ey7bYua9J/vz5MG2KYo9/WCHIwqD9mmG9g0xLcfwq/s8ZJBswE\n"
- + "7sb85VU+h94PTvsWOsWuKaECAwEAAaN3MHUwJAYDVR0RBB0wG4EZd2VibWFzdGVy\n"
- + "QGNvbm5lY3Q0LmNvbS5hdTA6BglghkgBhvhCAQ0ELRYrbW9kX3NzbCBnZW5lcmF0\n"
- + "ZWQgY3VzdG9tIHNlcnZlciBjZXJ0aWZpY2F0ZTARBglghkgBhvhCAQEEBAMCBkAw\n"
- + "DQYJKoZIhvcNAQEEBQADgYEAotccfKpwSsIxM1Hae8DR7M/Rw8dg/RqOWx45HNVL\n"
- + "iBS4/3N/TO195yeQKbfmzbAA2jbPVvIvGgTxPgO1MP4ZgvgRhasaa0qCJCkWvpM4\n"
- + "yQf33vOiYQbpv4rTwzU8AmRlBG45WdjyNIigGV+oRc61aKCTnLq7zB8N3z1TF/bF\n"
- + "5/8=\n"
- + "-----END CERTIFICATE-----\n";
-
- public static String CRL_1 =
- "-----BEGIN X509 CRL-----\r\n"
- + "MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT\r\n"
- + "F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy\r\n"
- + "IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw\r\n"
- + "MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw\r\n"
- + "MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw\r\n"
- + "MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw\r\n"
- + "MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw\r\n"
- + "MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw\r\n"
- + "MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw\r\n"
- + "NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw\r\n"
- + "NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF\r\n"
- + "AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ\r\n"
- + "wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt\r\n"
- + "JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v\r\n"
- + "-----END X509 CRL-----\r\n";
-
- public static String CRL_2 =
- "-----BEGIN CRL-----\r\n"
- + "MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT\r\n"
- + "F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy\r\n"
- + "IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw\r\n"
- + "MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw\r\n"
- + "MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw\r\n"
- + "MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw\r\n"
- + "MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw\r\n"
- + "MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw\r\n"
- + "MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw\r\n"
- + "NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw\r\n"
- + "NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF\r\n"
- + "AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ\r\n"
- + "wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt\r\n"
- + "JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v\r\n"
- + "-----END CRL-----\r\n";
-
- static String ATTRIBUTE_CERTIFICATE_1 =
- "-----BEGIN X509 ATTRIBUTE CERTIFICATE-----\r\n"
- + "MIIBuDCCASECAQEwZ6BlMGCkXjBcMQswCQYDVQQGEwJBVTEoMCYGA1UEChMfVGhl\r\n"
- + "IExlZ2lvbiBvZiB0aGUgQm91bmN5IENhc3RsZTEjMCEGA1UECxMaQm91bmN5IFBy\r\n"
- + "aW1hcnkgQ2VydGlmaWNhdGUCARSgYjBgpF4wXDELMAkGA1UEBhMCQVUxKDAmBgNV\r\n"
- + "BAoTH1RoZSBMZWdpb24gb2YgdGhlIEJvdW5jeSBDYXN0bGUxIzAhBgNVBAsTGkJv\r\n"
- + "dW5jeSBQcmltYXJ5IENlcnRpZmljYXRlMA0GCSqGSIb3DQEBBQUAAgEBMCIYDzIw\r\n"
- + "MDUwNjEwMDI0MTMzWhgPMjAwNTA2MTAwMjQzMTNaMBkwFwYDVRhIMRAwDoEMREFV\r\n"
- + "MTIzNDU2Nzg5MA0GCSqGSIb3DQEBBQUAA4GBALAYXT9zdxSR5zdPLAon1xIPehgI\r\n"
- + "NZhjM7w0uu3OdzSV5sC31X1Kx9vi5RIWiM9VimRTwbQIod9POttD5QMXCwQb/fm7\r\n"
- + "eiJqL2YBIXOeClB19VrQe8xQtMFbyuFpDiM7QdvIam9ShZZMEMGjv9QHI64M4b0G\r\n"
- + "odUBlSsJwPPQjZSU\r\n"
- + "-----END X509 ATTRIBUTE CERTIFICATE-----\r\n";
-
- static String ATTRIBUTE_CERTIFICATE_2 =
- "-----BEGIN ATTRIBUTE CERTIFICATE-----\r\n"
- + "MIIBuDCCASECAQEwZ6BlMGCkXjBcMQswCQYDVQQGEwJBVTEoMCYGA1UEChMfVGhl\r\n"
- + "IExlZ2lvbiBvZiB0aGUgQm91bmN5IENhc3RsZTEjMCEGA1UECxMaQm91bmN5IFBy\r\n"
- + "aW1hcnkgQ2VydGlmaWNhdGUCARSgYjBgpF4wXDELMAkGA1UEBhMCQVUxKDAmBgNV\r\n"
- + "BAoTH1RoZSBMZWdpb24gb2YgdGhlIEJvdW5jeSBDYXN0bGUxIzAhBgNVBAsTGkJv\r\n"
- + "dW5jeSBQcmltYXJ5IENlcnRpZmljYXRlMA0GCSqGSIb3DQEBBQUAAgEBMCIYDzIw\r\n"
- + "MDUwNjEwMDI0MTMzWhgPMjAwNTA2MTAwMjQzMTNaMBkwFwYDVRhIMRAwDoEMREFV\r\n"
- + "MTIzNDU2Nzg5MA0GCSqGSIb3DQEBBQUAA4GBALAYXT9zdxSR5zdPLAon1xIPehgI\r\n"
- + "NZhjM7w0uu3OdzSV5sC31X1Kx9vi5RIWiM9VimRTwbQIod9POttD5QMXCwQb/fm7\r\n"
- + "eiJqL2YBIXOeClB19VrQe8xQtMFbyuFpDiM7QdvIam9ShZZMEMGjv9QHI64M4b0G\r\n"
- + "odUBlSsJwPPQjZSU\r\n"
- + "-----END ATTRIBUTE CERTIFICATE-----\r\n";
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cert/test/PKCS10Test.java b/pkix/src/test/java/org/bouncycastle/cert/test/PKCS10Test.java
deleted file mode 100644
index cd3e8af5..00000000
--- a/pkix/src/test/java/org/bouncycastle/cert/test/PKCS10Test.java
+++ /dev/null
@@ -1,616 +0,0 @@
-package org.bouncycastle.cert.test;
-
-import java.math.BigInteger;
-import java.security.KeyFactory;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.Security;
-import java.security.Signature;
-import java.security.spec.RSAPrivateCrtKeySpec;
-import java.security.spec.RSAPublicKeySpec;
-
-import javax.security.auth.x500.X500Principal;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.Attribute;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x500.X500NameBuilder;
-import org.bouncycastle.asn1.x500.style.BCStyle;
-import org.bouncycastle.asn1.x509.BasicConstraints;
-import org.bouncycastle.asn1.x509.Extension;
-import org.bouncycastle.asn1.x509.Extensions;
-import org.bouncycastle.asn1.x509.KeyUsage;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
-import org.bouncycastle.jce.ECGOST3410NamedCurveTable;
-import org.bouncycastle.jce.ECNamedCurveTable;
-import org.bouncycastle.jce.interfaces.ECPointEncoder;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
-import org.bouncycastle.jce.spec.ECParameterSpec;
-import org.bouncycastle.jce.spec.ECPrivateKeySpec;
-import org.bouncycastle.jce.spec.ECPublicKeySpec;
-import org.bouncycastle.math.ec.ECCurve;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.ContentVerifierProvider;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
-import org.bouncycastle.pkcs.PKCS10CertificationRequest;
-import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
-import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest;
-import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.encoders.Hex;
-import org.bouncycastle.util.test.SimpleTest;
-
-/**
- **/
-public class PKCS10Test
- extends SimpleTest
-{
- private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
-
- private byte[] gost3410EC_A = Base64.decode(
- "MIIBOzCB6wIBADB/MQ0wCwYDVQQDEwR0ZXN0MRUwEwYDVQQKEwxEZW1vcyBDbyBMdGQxHjAcBgNV"
- +"BAsTFUNyeXB0b2dyYXBoeSBkaXZpc2lvbjEPMA0GA1UEBxMGTW9zY293MQswCQYDVQQGEwJydTEZ"
- +"MBcGCSqGSIb3DQEJARYKc2RiQGRvbC5ydTBjMBwGBiqFAwICEzASBgcqhQMCAiMBBgcqhQMCAh4B"
- +"A0MABEBYx0P2D7YuuZo5HgdIAUKAXcLBDZ+4LYFgbKjrfStVfH59lc40BQ2FZ7M703hLpXK8GiBQ"
- +"GEYpKaAuQZnMIpByoAAwCAYGKoUDAgIDA0EAgXMcTrhdOY2Er2tHOSAgnMezqrYxocZTWhxmW5Rl"
- +"JY6lbXH5rndCn4swFzXU+YhgAsJv1wQBaoZEWRl5WV4/nA==");
-
- private byte[] gost3410EC_B = Base64.decode(
- "MIIBPTCB7QIBADCBgDENMAsGA1UEAxMEdGVzdDEWMBQGA1UEChMNRGVtb3MgQ28gTHRkLjEeMBwG"
- +"A1UECxMVQ3J5cHRvZ3JhcGh5IGRpdmlzaW9uMQ8wDQYDVQQHEwZNb3Njb3cxCzAJBgNVBAYTAnJ1"
- +"MRkwFwYJKoZIhvcNAQkBFgpzZGJAZG9sLnJ1MGMwHAYGKoUDAgITMBIGByqFAwICIwIGByqFAwIC"
- +"HgEDQwAEQI5SLoWT7dZVilbV9j5B/fyIDuDs6x4pjqNC2TtFYbpRHrk/Wc5g/mcHvD80tsm5o1C7"
- +"7cizNzkvAVUM4VT4Dz6gADAIBgYqhQMCAgMDQQAoT5TwJ8o+bSrxckymyo3diwG7ZbSytX4sRiKy"
- +"wXPWRS9LlBvPO2NqwpS2HUnxSU8rzfL9fJcybATf7Yt1OEVq");
-
- private byte[] gost3410EC_C = Base64.decode(
- "MIIBRDCB9AIBADCBhzEVMBMGA1UEAxMMdGVzdCByZXF1ZXN0MRUwEwYDVQQKEwxEZW1vcyBDbyBM"
- +"dGQxHjAcBgNVBAsTFUNyeXB0b2dyYXBoeSBkaXZpc2lvbjEPMA0GA1UEBxMGTW9zY293MQswCQYD"
- +"VQQGEwJydTEZMBcGCSqGSIb3DQEJARYKc2RiQGRvbC5ydTBjMBwGBiqFAwICEzASBgcqhQMCAiMD"
- +"BgcqhQMCAh4BA0MABEBcmGh7OmR4iqqj+ycYo1S1fS7r5PhisSQU2Ezuz8wmmmR2zeTZkdMYCOBa"
- +"UTMNms0msW3wuYDho7nTDNscHTB5oAAwCAYGKoUDAgIDA0EAVoOMbfyo1Un4Ss7WQrUjHJoiaYW8"
- +"Ime5LeGGU2iW3ieAv6es/FdMrwTKkqn5dhd3aL/itFg5oQbhyfXw5yw/QQ==");
-
- private byte[] gost3410EC_ExA = Base64.decode(
- "MIIBOzCB6wIBADB/MQ0wCwYDVQQDEwR0ZXN0MRUwEwYDVQQKEwxEZW1vcyBDbyBMdGQxHjAcBgNV"
- + "BAsTFUNyeXB0b2dyYXBoeSBkaXZpc2lvbjEPMA0GA1UEBxMGTW9zY293MQswCQYDVQQGEwJydTEZ"
- + "MBcGCSqGSIb3DQEJARYKc2RiQGRvbC5ydTBjMBwGBiqFAwICEzASBgcqhQMCAiQABgcqhQMCAh4B"
- + "A0MABEDkqNT/3f8NHj6EUiWnK4JbVZBh31bEpkwq9z3jf0u8ZndG56Vt+K1ZB6EpFxLT7hSIos0w"
- + "weZ2YuTZ4w43OgodoAAwCAYGKoUDAgIDA0EASk/IUXWxoi6NtcUGVF23VRV1L3undB4sRZLp4Vho"
- + "gQ7m3CMbZFfJ2cPu6QyarseXGYHmazoirH5lGjEo535c1g==");
-
- private byte[] gost3410EC_ExB = Base64.decode(
- "MIIBPTCB7QIBADCBgDENMAsGA1UEAxMEdGVzdDEWMBQGA1UEChMNRGVtb3MgQ28gTHRkLjEeMBwG"
- + "A1UECxMVQ3J5cHRvZ3JhcGh5IGRpdmlzaW9uMQ8wDQYDVQQHEwZNb3Njb3cxCzAJBgNVBAYTAnJ1"
- + "MRkwFwYJKoZIhvcNAQkBFgpzZGJAZG9sLnJ1MGMwHAYGKoUDAgITMBIGByqFAwICJAEGByqFAwIC"
- + "HgEDQwAEQMBWYUKPy/1Kxad9ChAmgoSWSYOQxRnXo7KEGLU5RNSXA4qMUvArWzvhav+EYUfTbWLh"
- + "09nELDyHt2XQcvgQHnSgADAIBgYqhQMCAgMDQQAdaNhgH/ElHp64mbMaEo1tPCg9Q22McxpH8rCz"
- + "E0QBpF4H5mSSQVGI5OAXHToetnNuh7gHHSynyCupYDEHTbkZ");
-
- public String getName()
- {
- return "PKCS10CertRequest";
- }
-
- private void generationTest(int keySize, String keyName, String sigName, String provider)
- throws Exception
- {
- KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyName, "BC");
-
- kpg.initialize(keySize);
-
- KeyPair kp = kpg.genKeyPair();
-
-
- X500NameBuilder x500NameBld = new X500NameBuilder(BCStyle.INSTANCE);
-
- x500NameBld.addRDN(BCStyle.C, "AU");
- x500NameBld.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
- x500NameBld.addRDN(BCStyle.L, "Melbourne");
- x500NameBld.addRDN(BCStyle.ST, "Victoria");
- x500NameBld.addRDN(BCStyle.EmailAddress, "feedback-crypto@bouncycastle.org");
-
- X500Name subject = x500NameBld.build();
-
- PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(subject, kp.getPublic());
-
- PKCS10CertificationRequest req1 = requestBuilder.build(new JcaContentSignerBuilder(sigName).setProvider(provider).build(kp.getPrivate()));
-
- JcaPKCS10CertificationRequest req2 = new JcaPKCS10CertificationRequest(req1.getEncoded()).setProvider(provider);
-
- if (!req2.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(provider).build(kp.getPublic())))
- {
- fail(sigName + ": Failed verify check.");
- }
-
- if (!Arrays.areEqual(req2.getPublicKey().getEncoded(), req1.getSubjectPublicKeyInfo().getEncoded()))
- {
- fail(keyName + ": Failed public key check.");
- }
- }
-
- private void generationTestX500Principal(int keySize, String keyName, String sigName, String provider)
- throws Exception
- {
- KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyName, "BC");
-
- kpg.initialize(keySize);
-
- KeyPair kp = kpg.genKeyPair();
-
-
- X500NameBuilder x500NameBld = new X500NameBuilder(BCStyle.INSTANCE);
-
- x500NameBld.addRDN(BCStyle.C, "AU");
- x500NameBld.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
- x500NameBld.addRDN(BCStyle.L, "Melbourne");
- x500NameBld.addRDN(BCStyle.ST, "Victoria");
- x500NameBld.addRDN(BCStyle.EmailAddress, "feedback-crypto@bouncycastle.org");
-
- X500Name subject = x500NameBld.build();
-
- PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Principal(subject.getEncoded()), kp.getPublic());
-
- PKCS10CertificationRequest req1 = requestBuilder.build(new JcaContentSignerBuilder(sigName).setProvider(provider).build(kp.getPrivate()));
-
- JcaPKCS10CertificationRequest req2 = new JcaPKCS10CertificationRequest(req1.getEncoded()).setProvider(provider);
-
- if (!req2.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(provider).build(kp.getPublic())))
- {
- fail(sigName + ": Failed verify check.");
- }
-
- if (!Arrays.areEqual(req2.getPublicKey().getEncoded(), req1.getSubjectPublicKeyInfo().getEncoded()))
- {
- fail(keyName + ": Failed public key check.");
- }
-
- if (!Arrays.areEqual(req2.getSubject().getEncoded(), req1.getSubject().getEncoded()))
- {
- fail(keyName + ": Failed subject key check.");
- }
- }
-
- /*
- * we generate a self signed certificate for the sake of testing - SHA224withECDSA
- */
- private void createECRequest(String algorithm, ASN1ObjectIdentifier algOid, ASN1ObjectIdentifier curveOid)
- throws Exception
- {
- ECNamedCurveParameterSpec spec = ECNamedCurveTable.getParameterSpec(curveOid.getId());
- KeyPairGenerator ecGen = KeyPairGenerator.getInstance("ECDSA", "BC");
-
- ecGen.initialize(spec);
-
- //
- // set up the keys
- //
- PrivateKey privKey;
- PublicKey pubKey;
-
- KeyPair pair = ecGen.generateKeyPair();
-
- privKey = pair.getPrivate();
- pubKey = pair.getPublic();
-
- ContentSigner signer = new JcaContentSignerBuilder(algorithm).setProvider(BC).build(privKey);
-
- PKCS10CertificationRequestBuilder reqBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name("CN=XXX"), pubKey);
- PKCS10CertificationRequest req = reqBuilder.build(signer);
-
- ContentVerifierProvider verifier = new JcaContentVerifierProviderBuilder().setProvider(BC).build(pubKey);
-
- if (!req.isSignatureValid(verifier))
- {
- fail("Failed verify check EC.");
- }
-
- req = new PKCS10CertificationRequest(req.getEncoded());
- if (!req.isSignatureValid(verifier))
- {
- fail("Failed verify check EC encoded.");
- }
-
- //
- // try with point compression turned off
- //
- ((ECPointEncoder)pubKey).setPointFormat("UNCOMPRESSED");
-
- reqBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name("CN=XXX"), pubKey);
- req = reqBuilder.build(signer);
-
- if (!req.isSignatureValid(verifier))
- {
- fail("Failed verify check EC uncompressed.");
- }
-
- req = new PKCS10CertificationRequest(req.getEncoded());
- if (!req.isSignatureValid(verifier))
- {
- fail("Failed verify check EC uncompressed encoded.");
- }
-
- if (!req.toASN1Structure().getSignatureAlgorithm().getAlgorithm().equals(algOid))
- {
- fail("ECDSA oid incorrect.");
- }
-
- if (req.toASN1Structure().getSignatureAlgorithm().getParameters() != null)
- {
- fail("ECDSA parameters incorrect.");
- }
-
- Signature sig = Signature.getInstance(algorithm, "BC");
-
- sig.initVerify(pubKey);
-
- sig.update(req.toASN1Structure().getCertificationRequestInfo().getEncoded());
-
- if (!sig.verify(req.toASN1Structure().getSignature().getBytes()))
- {
- fail("signature not mapped correctly.");
- }
- }
-
- private void createECRequest(String algorithm, ASN1ObjectIdentifier algOid)
- throws Exception
- {
- ECCurve.Fp curve = new ECCurve.Fp(
- new BigInteger("6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057151"), // q (or p)
- new BigInteger("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", 16), // a
- new BigInteger("0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", 16)); // b
-
- ECParameterSpec spec = new ECParameterSpec(
- curve,
- curve.decodePoint(Hex.decode("0200C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66")), // G
- new BigInteger("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", 16)); // n
-
- ECPrivateKeySpec privKeySpec = new ECPrivateKeySpec(
- new BigInteger("5769183828869504557786041598510887460263120754767955773309066354712783118202294874205844512909370791582896372147797293913785865682804434049019366394746072023"), // d
- spec);
-
- ECPublicKeySpec pubKeySpec = new ECPublicKeySpec(
- curve.decodePoint(Hex.decode("02006BFDD2C9278B63C92D6624F151C9D7A822CC75BD983B17D25D74C26740380022D3D8FAF304781E416175EADF4ED6E2B47142D2454A7AC7801DD803CF44A4D1F0AC")), // Q
- spec);
-
- //
- // set up the keys
- //
- PrivateKey privKey;
- PublicKey pubKey;
-
- KeyFactory fact = KeyFactory.getInstance("ECDSA", "BC");
-
- privKey = fact.generatePrivate(privKeySpec);
- pubKey = fact.generatePublic(pubKeySpec);
-
- PKCS10CertificationRequest req = new JcaPKCS10CertificationRequestBuilder(
- new X500Name("CN=XXX"), pubKey).build(new JcaContentSignerBuilder(algorithm).setProvider(BC).build(privKey));
- if (!req.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(pubKey)))
- {
- fail("Failed verify check EC.");
- }
-
- req = new PKCS10CertificationRequest(req.getEncoded());
- if (!req.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(pubKey)))
- {
- fail("Failed verify check EC encoded.");
- }
-
- //
- // try with point compression turned off
- //
- ((ECPointEncoder)pubKey).setPointFormat("UNCOMPRESSED");
-
- req = new JcaPKCS10CertificationRequestBuilder(
- new X500Name("CN=XXX"), pubKey).build(new JcaContentSignerBuilder(algorithm).setProvider(BC).build(privKey));
- if (!req.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(pubKey)))
- {
- fail("Failed verify check EC uncompressed.");
- }
-
- JcaPKCS10CertificationRequest jcaReq = new JcaPKCS10CertificationRequest(new PKCS10CertificationRequest(req.getEncoded()));
- if (!jcaReq.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(jcaReq.getPublicKey())))
- {
- fail("Failed verify check EC uncompressed encoded.");
- }
-
- if (!jcaReq.getSignatureAlgorithm().getAlgorithm().equals(algOid))
- {
- fail("ECDSA oid incorrect.");
- }
-
- if (jcaReq.getSignatureAlgorithm().getParameters() != null)
- {
- fail("ECDSA parameters incorrect.");
- }
-
- Signature sig = Signature.getInstance(algorithm, BC);
-
- sig.initVerify(pubKey);
-
- sig.update(req.toASN1Structure().getCertificationRequestInfo().getEncoded());
-
- if (!sig.verify(req.getSignature()))
- {
- fail("signature not mapped correctly.");
- }
- }
-
- private void createECGOSTRequest()
- throws Exception
- {
- String algorithm = "GOST3411withECGOST3410";
- KeyPairGenerator ecGostKpg = KeyPairGenerator.getInstance("ECGOST3410", "BC");
-
- ecGostKpg.initialize(ECGOST3410NamedCurveTable.getParameterSpec("GostR3410-2001-CryptoPro-A"), new SecureRandom());
-
- //
- // set up the keys
- //
- KeyPair pair = ecGostKpg.generateKeyPair();
- PrivateKey privKey = pair.getPrivate();
- PublicKey pubKey = pair.getPublic();
-
- PKCS10CertificationRequest req = new JcaPKCS10CertificationRequestBuilder(
- new X500Name("CN=XXX"), pubKey).build(new JcaContentSignerBuilder(algorithm).setProvider(BC).build(privKey));
- if (!req.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(pubKey)))
- {
- fail("Failed verify check EC.");
- }
-
- req = new PKCS10CertificationRequest(req.getEncoded());
- if (!req.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(pubKey)))
- {
- fail("Failed verify check EC encoded.");
- }
-
- if (!req.getSignatureAlgorithm().getAlgorithm().equals(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001))
- {
- fail("ECGOST oid incorrect.");
- }
-
- if (req.getSignatureAlgorithm().getParameters() != null)
- {
- fail("ECGOST parameters incorrect.");
- }
-
- Signature sig = Signature.getInstance(algorithm, "BC");
-
- sig.initVerify(pubKey);
-
- sig.update(req.toASN1Structure().getCertificationRequestInfo().getEncoded());
-
- if (!sig.verify(req.getSignature()))
- {
- fail("signature not mapped correctly.");
- }
- }
-
- private void createPSSTest(String algorithm)
- throws Exception
- {
- RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
- new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16),
- new BigInteger("010001",16));
-
- RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
- new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16),
- new BigInteger("010001",16),
- new BigInteger("33a5042a90b27d4f5451ca9bbbd0b44771a101af884340aef9885f2a4bbe92e894a724ac3c568c8f97853ad07c0266c8c6a3ca0929f1e8f11231884429fc4d9ae55fee896a10ce707c3ed7e734e44727a39574501a532683109c2abacaba283c31b4bd2f53c3ee37e352cee34f9e503bd80c0622ad79c6dcee883547c6a3b325",16),
- new BigInteger("e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443",16),
- new BigInteger("b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd",16),
- new BigInteger("28fa13938655be1f8a159cbaca5a72ea190c30089e19cd274a556f36c4f6e19f554b34c077790427bbdd8dd3ede2448328f385d81b30e8e43b2fffa027861979",16),
- new BigInteger("1a8b38f398fa712049898d7fb79ee0a77668791299cdfa09efc0e507acb21ed74301ef5bfd48be455eaeb6e1678255827580a8e4e8e14151d1510a82a3f2e729",16),
- new BigInteger("27156aba4126d24a81f3a528cbfb27f56886f840a9f6e86e17a44b94fe9319584b8e22fdde1e5a2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24a79f4d",16));
-
- KeyFactory fact = KeyFactory.getInstance("RSA", "BC");
-
- PrivateKey privKey = fact.generatePrivate(privKeySpec);
- PublicKey pubKey = fact.generatePublic(pubKeySpec);
-
- PKCS10CertificationRequest req = new JcaPKCS10CertificationRequestBuilder(
- new X500Name("CN=XXX"), pubKey).build(new JcaContentSignerBuilder(algorithm).setProvider(BC).build(privKey));
- if (!req.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(pubKey)))
- {
- fail("Failed verify check PSS.");
- }
-
- JcaPKCS10CertificationRequest jcaReq = new JcaPKCS10CertificationRequest(req.getEncoded()).setProvider(BC);
- if (!jcaReq.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(jcaReq.getPublicKey())))
- {
- fail("Failed verify check PSS encoded.");
- }
-
- if (!jcaReq.getSignatureAlgorithm().getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
- {
- fail("PSS oid incorrect.");
- }
-
- if (jcaReq.getSignatureAlgorithm().getParameters() == null)
- {
- fail("PSS parameters incorrect.");
- }
-
- Signature sig = Signature.getInstance(algorithm, "BC");
-
- sig.initVerify(pubKey);
-
- sig.update(jcaReq.toASN1Structure().getCertificationRequestInfo().getEncoded());
-
- if (!sig.verify(req.getSignature()))
- {
- fail("signature not mapped correctly.");
- }
- }
-
- // previous code found to cause a NullPointerException
- private void nullPointerTest()
- throws Exception
- {
- KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "BC");
- keyGen.initialize(1024, new SecureRandom());
- KeyPair pair = keyGen.generateKeyPair();
- JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
-
- Extension[] ext = new Extension[] {
- new Extension(Extension.basicConstraints, true, new DEROctetString(new BasicConstraints(true))),
- new Extension(Extension.keyUsage, true, new DEROctetString(new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign))),
- new Extension(Extension.subjectKeyIdentifier, false, new DEROctetString(extUtils.createSubjectKeyIdentifier(pair.getPublic())))
- };
-
- PKCS10CertificationRequest p1 = new JcaPKCS10CertificationRequestBuilder(
- new X500Name("cn=csr"),
- pair.getPublic())
- .addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new Extensions(ext))
- .build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(pair.getPrivate()));
- PKCS10CertificationRequest p2 = new JcaPKCS10CertificationRequestBuilder(
- new X500Name("cn=csr"),
- pair.getPublic())
- .addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new Extensions(ext))
- .build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(pair.getPrivate()));
-
- if (!p1.equals(p2))
- {
- fail("cert request comparison failed");
- }
-
- Attribute[] attr1 = p1.getAttributes();
- Attribute[] attr2 = p1.getAttributes();
-
- checkAttrs(1, attr1, attr2);
-
- attr1 = p1.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
- attr2 = p1.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
-
- checkAttrs(1, attr1, attr2);
- }
-
- private void checkAttrs(int expectedLength, Attribute[] attr1, Attribute[] attr2)
- {
- if (expectedLength != attr1.length)
- {
- fail("expected length mismatch");
- }
-
- if (attr1.length != attr2.length)
- {
- fail("atrribute length mismatch");
- }
-
- for (int i = 0; i != attr1.length; i++)
- {
- if (!attr1[i].equals(attr2[i]))
- {
- fail("atrribute mismatch");
- }
- }
- }
-
- public void performTest()
- throws Exception
- {
- generationTest(512, "RSA", "SHA1withRSA", "BC");
- generationTestX500Principal(512, "RSA", "SHA1withRSA", "BC");
- generationTest(512, "GOST3410", "GOST3411withGOST3410", "BC");
-
- if (Security.getProvider("SunRsaSign") != null)
- {
- generationTest(512, "RSA", "SHA1withRSA", "SunRsaSign");
- }
-
- // elliptic curve GOST A parameter set
- JcaPKCS10CertificationRequest req = new JcaPKCS10CertificationRequest(gost3410EC_A).setProvider(BC);
- if (!req.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(req.getPublicKey())))
- {
- fail("Failed verify check gost3410EC_A.");
- }
-
- // elliptic curve GOST B parameter set
- req = new JcaPKCS10CertificationRequest(gost3410EC_B).setProvider(BC);
- if (!req.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(req.getPublicKey())))
- {
- fail("Failed verify check gost3410EC_B.");
- }
-
- // elliptic curve GOST C parameter set
- req = new JcaPKCS10CertificationRequest(gost3410EC_C).setProvider(BC);
- if (!req.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(req.getPublicKey())))
- {
- fail("Failed verify check gost3410EC_C.");
- }
-
- // elliptic curve GOST ExA parameter set
- req = new JcaPKCS10CertificationRequest(gost3410EC_ExA).setProvider(BC);
- if (!req.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(req.getPublicKey())))
- {
- fail("Failed verify check gost3410EC_ExA.");
- }
-
- // elliptic curve GOST ExB parameter set
- req = new JcaPKCS10CertificationRequest(gost3410EC_ExB).setProvider(BC);
- if (!req.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(req.getPublicKey())))
- {
- fail("Failed verify check gost3410EC_ExA.");
- }
-
- // elliptic curve openSSL
- KeyPairGenerator g = KeyPairGenerator.getInstance("ECDSA", "BC");
-
- ECCurve curve = new ECCurve.Fp(
- new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
- new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
- new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b
-
- ECParameterSpec ecSpec = new ECParameterSpec(
- curve,
- curve.decodePoint(Hex.decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
- new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n
-
- g.initialize(ecSpec, new SecureRandom());
-
- KeyPair kp = g.generateKeyPair();
-
- req = new JcaPKCS10CertificationRequest(new JcaPKCS10CertificationRequestBuilder(
- new X500Name("CN=XXX"), kp.getPublic()).build(new JcaContentSignerBuilder( "ECDSAWITHSHA1").setProvider(BC).build(kp.getPrivate())));
- if (!req.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(req.getPublicKey())))
- {
- fail("Failed verify check EC.");
- }
-
- createECRequest("SHA1withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
- createECRequest("SHA224withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
- createECRequest("SHA256withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
- createECRequest("SHA384withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
- createECRequest("SHA512withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
-
- createECRequest("SHA1withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1, new ASN1ObjectIdentifier("1.3.132.0.34"));
-
- createECGOSTRequest();
-
- createPSSTest("SHA1withRSAandMGF1");
- createPSSTest("SHA224withRSAandMGF1");
- createPSSTest("SHA256withRSAandMGF1");
- createPSSTest("SHA384withRSAandMGF1");
-
- nullPointerTest();
- }
-
- public static void main(
- String[] args)
- {
- Security.addProvider(new BouncyCastleProvider());
-
- runTest(new PKCS10Test());
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cert/test/SHA1DigestCalculator.java b/pkix/src/test/java/org/bouncycastle/cert/test/SHA1DigestCalculator.java
deleted file mode 100644
index 4e8e7c19..00000000
--- a/pkix/src/test/java/org/bouncycastle/cert/test/SHA1DigestCalculator.java
+++ /dev/null
@@ -1,44 +0,0 @@
-package org.bouncycastle.cert.test;
-
-import java.io.ByteArrayOutputStream;
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.operator.DigestCalculator;
-
-
-class SHA1DigestCalculator
- implements DigestCalculator
-{
- private ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- public AlgorithmIdentifier getAlgorithmIdentifier()
- {
- return new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1);
- }
-
- public OutputStream getOutputStream()
- {
- return bOut;
- }
-
- public byte[] getDigest()
- {
- byte[] bytes = bOut.toByteArray();
-
- bOut.reset();
-
- Digest sha1 = new SHA1Digest();
-
- sha1.update(bytes, 0, bytes.length);
-
- byte[] digest = new byte[sha1.getDigestSize()];
-
- sha1.doFinal(digest, 0);
-
- return digest;
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cert/test/X509ExtensionUtilsTest.java b/pkix/src/test/java/org/bouncycastle/cert/test/X509ExtensionUtilsTest.java
deleted file mode 100644
index cd06082e..00000000
--- a/pkix/src/test/java/org/bouncycastle/cert/test/X509ExtensionUtilsTest.java
+++ /dev/null
@@ -1,55 +0,0 @@
-package org.bouncycastle.cert.test;
-
-import java.io.IOException;
-
-import org.bouncycastle.asn1.ASN1Primitive;
-import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.cert.X509ExtensionUtils;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.encoders.Hex;
-import org.bouncycastle.util.test.SimpleTest;
-
-public class X509ExtensionUtilsTest
- extends SimpleTest
-{
- private static byte[] pubKeyInfo = Base64.decode(
- "MFgwCwYJKoZIhvcNAQEBA0kAMEYCQQC6wMMmHYMZszT/7bNFMn+gaZoiWJLVP8ODRuu1C2jeAe" +
- "QpxM+5Oe7PaN2GNy3nBE4EOYkB5pMJWA0y9n04FX8NAgED");
-
- private static byte[] shaID = Hex.decode("d8128a06d6c2feb0865994a2936e7b75b836a021");
- private static byte[] shaTruncID = Hex.decode("436e7b75b836a021");
- private X509ExtensionUtils x509ExtensionUtils = new X509ExtensionUtils(new SHA1DigestCalculator());
-
- public String getName()
- {
- return "X509ExtensionUtilsTest";
- }
-
- public void performTest()
- throws IOException
- {
- SubjectPublicKeyInfo pubInfo = SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(pubKeyInfo));
-
- SubjectKeyIdentifier ski = x509ExtensionUtils.createSubjectKeyIdentifier(pubInfo);
-
- if (!Arrays.areEqual(shaID, ski.getKeyIdentifier()))
- {
- fail("SHA-1 ID does not match");
- }
-
- ski = x509ExtensionUtils.createTruncatedSubjectKeyIdentifier(pubInfo);
-
- if (!Arrays.areEqual(shaTruncID, ski.getKeyIdentifier()))
- {
- fail("truncated SHA-1 ID does not match");
- }
- }
-
- public static void main(
- String[] args)
- {
- runTest(new X509ExtensionUtilsTest());
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/AllTests.java b/pkix/src/test/java/org/bouncycastle/cms/test/AllTests.java
deleted file mode 100644
index 9cc2b0ec..00000000
--- a/pkix/src/test/java/org/bouncycastle/cms/test/AllTests.java
+++ /dev/null
@@ -1,51 +0,0 @@
-package org.bouncycastle.cms.test;
-
-import javax.crypto.Cipher;
-
-import junit.framework.Test;
-import junit.framework.TestSuite;
-
-public class AllTests
-{
- public static void main (String[] args)
- throws Exception
- {
- junit.textui.TestRunner.run(suite());
- }
-
- public static Test suite()
- throws Exception
- {
- TestSuite suite = new TestSuite("CMS tests");
-
- suite.addTest(NewCompressedDataTest.suite());
- suite.addTest(NewSignedDataTest.suite());
- suite.addTest(NewEnvelopedDataTest.suite());
- suite.addTest(NewAuthenticatedDataTest.suite());
- suite.addTest(NewAuthenticatedDataStreamTest.suite());
- suite.addTest(NewCompressedDataStreamTest.suite());
- suite.addTest(NewSignedDataStreamTest.suite());
- suite.addTest(NewEnvelopedDataStreamTest.suite());
-
- suite.addTest(MiscDataStreamTest.suite());
- suite.addTest(Rfc4134Test.suite());
- suite.addTest(ConverterTest.suite());
-
- suite.addTest(BcEnvelopedDataTest.suite());
- suite.addTest(BcSignedDataTest.suite());
-
- try
- {
- Cipher.getInstance("RSA", "SunJCE");
-
- suite.addTest(SunProviderTest.suite());
- suite.addTest(NullProviderTest.suite());
- }
- catch (Exception e)
- {
- // ignore
- }
-
- return suite;
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/BcEnvelopedDataTest.java b/pkix/src/test/java/org/bouncycastle/cms/test/BcEnvelopedDataTest.java
deleted file mode 100644
index 366e9cb2..00000000
--- a/pkix/src/test/java/org/bouncycastle/cms/test/BcEnvelopedDataTest.java
+++ /dev/null
@@ -1,969 +0,0 @@
-package org.bouncycastle.cms.test;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.Key;
-import java.security.KeyFactory;
-import java.security.KeyPair;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Security;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Hashtable;
-import java.util.Iterator;
-
-import javax.crypto.SecretKey;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.DERUTF8String;
-import org.bouncycastle.asn1.cms.Attribute;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
-import org.bouncycastle.cms.CMSAlgorithm;
-import org.bouncycastle.cms.CMSEnvelopedData;
-import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.CMSProcessableByteArray;
-import org.bouncycastle.cms.KeyTransRecipientInformation;
-import org.bouncycastle.cms.PasswordRecipient;
-import org.bouncycastle.cms.PasswordRecipientInformation;
-import org.bouncycastle.cms.RecipientId;
-import org.bouncycastle.cms.RecipientInformation;
-import org.bouncycastle.cms.RecipientInformationStore;
-import org.bouncycastle.cms.SimpleAttributeTableGenerator;
-import org.bouncycastle.cms.bc.BcCMSContentEncryptorBuilder;
-import org.bouncycastle.cms.bc.BcKEKEnvelopedRecipient;
-import org.bouncycastle.cms.bc.BcKEKRecipientInfoGenerator;
-import org.bouncycastle.cms.bc.BcPasswordEnvelopedRecipient;
-import org.bouncycastle.cms.bc.BcPasswordRecipientInfoGenerator;
-import org.bouncycastle.cms.bc.BcRSAKeyTransEnvelopedRecipient;
-import org.bouncycastle.cms.bc.BcRSAKeyTransRecipientInfoGenerator;
-import org.bouncycastle.cms.jcajce.JceKeyAgreeEnvelopedRecipient;
-import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientId;
-import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientInfoGenerator;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.util.PrivateKeyFactory;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.OutputEncryptor;
-import org.bouncycastle.operator.bc.BcAESSymmetricKeyUnwrapper;
-import org.bouncycastle.operator.bc.BcAESSymmetricKeyWrapper;
-import org.bouncycastle.operator.bc.BcSymmetricKeyUnwrapper;
-import org.bouncycastle.operator.bc.BcSymmetricKeyWrapper;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.encoders.Hex;
-
-public class BcEnvelopedDataTest
- extends TestCase
-{
- private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
-
- private static String _signDN;
- private static KeyPair _signKP;
- private static X509Certificate _signCert;
-
- private static String _origDN;
- private static KeyPair _origKP;
- private static X509Certificate _origCert;
-
- private static String _reciDN;
- private static String _reciDN2;
- private static KeyPair _reciKP;
- private static X509Certificate _reciCert;
-
- private static KeyPair _origEcKP;
- private static KeyPair _reciEcKP;
- private static X509Certificate _reciEcCert;
- private static KeyPair _reciEcKP2;
- private static X509Certificate _reciEcCert2;
-
- private static boolean _initialised = false;
-
- private byte[] oldKEK = Base64.decode(
- "MIAGCSqGSIb3DQEHA6CAMIACAQIxQaI/MD0CAQQwBwQFAQIDBAUwDQYJYIZIAWUDBAEFBQAEI"
- + "Fi2eHTPM4bQSjP4DUeDzJZLpfemW2gF1SPq7ZPHJi1mMIAGCSqGSIb3DQEHATAUBggqhkiG9w"
- + "0DBwQImtdGyUdGGt6ggAQYk9X9z01YFBkU7IlS3wmsKpm/zpZClTceAAAAAAAAAAAAAA==");
-
- private byte[] ecKeyAgreeMsgAES256 = Base64.decode(
- "MIAGCSqGSIb3DQEHA6CAMIACAQIxgcShgcECAQOgQ6FBMAsGByqGSM49AgEF"
- + "AAMyAAPdXlSTpub+qqno9hUGkUDl+S3/ABhPziIB5yGU4678tgOgU5CiKG9Z"
- + "kfnabIJ3nZYwGgYJK4EFEIZIPwACMA0GCWCGSAFlAwQBLQUAMFswWTAtMCgx"
- + "EzARBgNVBAMTCkFkbWluLU1EU0UxETAPBgNVBAoTCDRCQ1QtMklEAgEBBCi/"
- + "rJRLbFwEVW6PcLLmojjW9lI/xGD7CfZzXrqXFw8iHaf3hTRau1gYMIAGCSqG"
- + "SIb3DQEHATAdBglghkgBZQMEASoEEMtCnKKPwccmyrbgeSIlA3qggAQQDLw8"
- + "pNJR97bPpj6baG99bQQQwhEDsoj5Xg1oOxojHVcYzAAAAAAAAAAAAAA=");
-
- private byte[] ecKeyAgreeMsgAES128 = Base64.decode(
- "MIAGCSqGSIb3DQEHA6CAMIACAQIxgbShgbECAQOgQ6FBMAsGByqGSM49AgEF"
- + "AAMyAAL01JLEgKvKh5rbxI/hOxs/9WEezMIsAbUaZM4l5tn3CzXAN505nr5d"
- + "LhrcurMK+tAwGgYJK4EFEIZIPwACMA0GCWCGSAFlAwQBBQUAMEswSTAtMCgx"
- + "EzARBgNVBAMTCkFkbWluLU1EU0UxETAPBgNVBAoTCDRCQ1QtMklEAgEBBBhi"
- + "FLjc5g6aqDT3f8LomljOwl1WTrplUT8wgAYJKoZIhvcNAQcBMB0GCWCGSAFl"
- + "AwQBAgQQzXjms16Y69S/rB0EbHqRMaCABBAFmc/QdVW6LTKdEy97kaZzBBBa"
- + "fQuviUS03NycpojELx0bAAAAAAAAAAAAAA==");
-
- private byte[] ecKeyAgreeMsgDESEDE = Base64.decode(
- "MIAGCSqGSIb3DQEHA6CAMIACAQIxgcahgcMCAQOgQ6FBMAsGByqGSM49AgEF"
- + "AAMyAALIici6Nx1WN5f0ThH2A8ht9ovm0thpC5JK54t73E1RDzCifePaoQo0"
- + "xd6sUqoyGaYwHAYJK4EFEIZIPwACMA8GCyqGSIb3DQEJEAMGBQAwWzBZMC0w"
- + "KDETMBEGA1UEAxMKQWRtaW4tTURTRTERMA8GA1UEChMINEJDVC0ySUQCAQEE"
- + "KJuqZQ1NB1vXrKPOnb4TCpYOsdm6GscWdwAAZlm2EHMp444j0s55J9wwgAYJ"
- + "KoZIhvcNAQcBMBQGCCqGSIb3DQMHBAjwnsDMsafCrKCABBjyPvqFOVMKxxut"
- + "VfTx4fQlNGJN8S2ATRgECMcTQ/dsmeViAAAAAAAAAAAAAA==");
-
- private byte[] ecMQVKeyAgreeMsgAES128 = Base64.decode(
- "MIAGCSqGSIb3DQEHA6CAMIACAQIxgf2hgfoCAQOgQ6FBMAsGByqGSM49AgEF"
- + "AAMyAAPDKU+0H58tsjpoYmYCInMr/FayvCCkupebgsnpaGEB7qS9vzcNVUj6"
- + "mrnmiC2grpmhRwRFMEMwQTALBgcqhkjOPQIBBQADMgACZpD13z9c7DzRWx6S"
- + "0xdbq3S+EJ7vWO+YcHVjTD8NcQDcZcWASW899l1PkL936zsuMBoGCSuBBRCG"
- + "SD8AEDANBglghkgBZQMEAQUFADBLMEkwLTAoMRMwEQYDVQQDEwpBZG1pbi1N"
- + "RFNFMREwDwYDVQQKEwg0QkNULTJJRAIBAQQYFq58L71nyMK/70w3nc6zkkRy"
- + "RL7DHmpZMIAGCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEDzRUpreBsZXWHBe"
- + "onxOtSmggAQQ7csAZXwT1lHUqoazoy8bhAQQq+9Zjj8iGdOWgyebbfj67QAA"
- + "AAAAAAAAAAA=");
-
-
- private byte[] ecKeyAgreeKey = Base64.decode(
- "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDC8vp7xVTbKSgYVU5Wc"
- + "hGkWbzaj+yUFETIWP1Dt7+WSpq3ikSPdl7PpHPqnPVZfoIWhZANiAgSYHTgxf+Dd"
- + "Tt84dUvuSKkFy3RhjxJmjwIscK6zbEUzKhcPQG2GHzXhWK5x1kov0I74XpGhVkya"
- + "ElH5K6SaOXiXAzcyNGggTOk4+ZFnz5Xl0pBje3zKxPhYu0SnCw7Pcqw=");
-
- private byte[] bobPrivRsaEncrypt = Base64.decode(
- "MIIChQIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKnhZ5g/OdVf"
- + "8qCTQV6meYmFyDVdmpFb+x0B2hlwJhcPvaUi0DWFbXqYZhRBXM+3twg7CcmR"
- + "uBlpN235ZR572akzJKN/O7uvRgGGNjQyywcDWVL8hYsxBLjMGAgUSOZPHPtd"
- + "YMTgXB9T039T2GkB8QX4enDRvoPGXzjPHCyqaqfrAgMBAAECgYBnzUhMmg2P"
- + "mMIbZf8ig5xt8KYGHbztpwOIlPIcaw+LNd4Ogngwy+e6alatd8brUXlweQqg"
- + "9P5F4Kmy9Bnah5jWMIR05PxZbMHGd9ypkdB8MKCixQheIXFD/A0HPfD6bRSe"
- + "TmPwF1h5HEuYHD09sBvf+iU7o8AsmAX2EAnYh9sDGQJBANDDIsbeopkYdo+N"
- + "vKZ11mY/1I1FUox29XLE6/BGmvE+XKpVC5va3Wtt+Pw7PAhDk7Vb/s7q/WiE"
- + "I2Kv8zHCueUCQQDQUfweIrdb7bWOAcjXq/JY1PeClPNTqBlFy2bKKBlf4hAr"
- + "84/sajB0+E0R9KfEILVHIdxJAfkKICnwJAiEYH2PAkA0umTJSChXdNdVUN5q"
- + "SO8bKlocSHseIVnDYDubl6nA7xhmqU5iUjiEzuUJiEiUacUgFJlaV/4jbOSn"
- + "I3vQgLeFAkEAni+zN5r7CwZdV+EJBqRd2ZCWBgVfJAZAcpw6iIWchw+dYhKI"
- + "FmioNRobQ+g4wJhprwMKSDIETukPj3d9NDAlBwJAVxhn1grStavCunrnVNqc"
- + "BU+B1O8BiR4yPWnLMcRSyFRVJQA7HCp8JlDV6abXd8vPFfXuC9WN7rOvTKF8"
- + "Y0ZB9qANMAsGA1UdDzEEAwIAEA==");
-
- private byte[] rfc4134ex5_1 = Base64.decode(
- "MIIBHgYJKoZIhvcNAQcDoIIBDzCCAQsCAQAxgcAwgb0CAQAwJjASMRAwDgYD"
- + "VQQDEwdDYXJsUlNBAhBGNGvHgABWvBHTbi7NXXHQMA0GCSqGSIb3DQEBAQUA"
- + "BIGAC3EN5nGIiJi2lsGPcP2iJ97a4e8kbKQz36zg6Z2i0yx6zYC4mZ7mX7FB"
- + "s3IWg+f6KgCLx3M1eCbWx8+MDFbbpXadCDgO8/nUkUNYeNxJtuzubGgzoyEd"
- + "8Ch4H/dd9gdzTd+taTEgS0ipdSJuNnkVY4/M652jKKHRLFf02hosdR8wQwYJ"
- + "KoZIhvcNAQcBMBQGCCqGSIb3DQMHBAgtaMXpRwZRNYAgDsiSf8Z9P43LrY4O"
- + "xUk660cu1lXeCSFOSOpOJ7FuVyU=");
-
- private byte[] rfc4134ex5_2 = Base64.decode(
- "MIIBZQYJKoZIhvcNAQcDoIIBVjCCAVICAQIxggEAMIG9AgEAMCYwEjEQMA4G"
- + "A1UEAxMHQ2FybFJTQQIQRjRrx4AAVrwR024uzV1x0DANBgkqhkiG9w0BAQEF"
- + "AASBgJQmQojGi7Z4IP+CVypBmNFoCDoEp87khtgyff2N4SmqD3RxPx+8hbLQ"
- + "t9i3YcMwcap+aiOkyqjMalT03VUC0XBOGv+HYI3HBZm/aFzxoq+YOXAWs5xl"
- + "GerZwTOc9j6AYlK4qXvnztR5SQ8TBjlzytm4V7zg+TGrnGVNQBNw47Ewoj4C"
- + "AQQwDQQLTWFpbExpc3RSQzIwEAYLKoZIhvcNAQkQAwcCAToEGHcUr5MSJ/g9"
- + "HnJVHsQ6X56VcwYb+OfojTBJBgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgIC"
- + "AKAECJwE0hkuKlWhgCBeKNXhojuej3org9Lt7n+wWxOhnky5V50vSpoYRfRR"
- + "yw==");
-
- public BcEnvelopedDataTest()
- {
- }
-
- private static void init()
- throws Exception
- {
- if (!_initialised)
- {
- _initialised = true;
-
- if (Security.getProvider(BC) == null)
- {
- Security.addProvider(new BouncyCastleProvider());
- }
-
- _signDN = "O=Bouncy Castle, C=AU";
- _signKP = CMSTestUtil.makeKeyPair();
- _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _signKP, _signDN);
-
- _origDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU";
- _origKP = CMSTestUtil.makeKeyPair();
- _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _signKP, _signDN);
-
- _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU";
- _reciDN2 = "CN=Fred, OU=Sales, O=Bouncy Castle, C=AU";
- _reciKP = CMSTestUtil.makeKeyPair();
- _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN);
-
- _origEcKP = CMSTestUtil.makeEcDsaKeyPair();
- _reciEcKP = CMSTestUtil.makeEcDsaKeyPair();
- _reciEcCert = CMSTestUtil.makeCertificate(_reciEcKP, _reciDN, _signKP, _signDN);
- _reciEcKP2 = CMSTestUtil.makeEcDsaKeyPair();
- _reciEcCert2 = CMSTestUtil.makeCertificate(_reciEcKP2, _reciDN2, _signKP, _signDN);
- }
- }
-
- public static void main(
- String args[])
- throws Exception
- {
- junit.textui.TestRunner.run(BcEnvelopedDataTest.suite());
- }
-
- public static Test suite()
- throws Exception
- {
- init();
-
- return new CMSTestSetup(new TestSuite(BcEnvelopedDataTest.class));
- }
-
- public void testUnprotectedAttributes()
- throws Exception
- {
- byte[] data = "WallaWallaWashington".getBytes();
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new BcRSAKeyTransRecipientInfoGenerator(new JcaX509CertificateHolder(_reciCert)));
-
- Hashtable attrs = new Hashtable();
-
- attrs.put(PKCSObjectIdentifiers.id_aa_contentHint, new Attribute(PKCSObjectIdentifiers.id_aa_contentHint, new DERSet(new DERUTF8String("Hint"))));
- attrs.put(PKCSObjectIdentifiers.id_aa_receiptRequest, new Attribute(PKCSObjectIdentifiers.id_aa_receiptRequest, new DERSet(new DERUTF8String("Request"))));
-
- AttributeTable attrTable = new AttributeTable(attrs);
-
- edGen.setUnprotectedAttributeGenerator(new SimpleAttributeTableGenerator(attrTable));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new BcCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(ed.getEncryptionAlgOID(), CMSAlgorithm.DES_EDE3_CBC.getId());
-
- attrTable = ed.getUnprotectedAttributes();
-
- assertEquals(attrs.size(), 2);
-
- assertEquals(new DERUTF8String("Hint"), attrTable.get(PKCSObjectIdentifiers.id_aa_contentHint).getAttrValues().getObjectAt(0));
- assertEquals(new DERUTF8String("Request"), attrTable.get(PKCSObjectIdentifiers.id_aa_receiptRequest).getAttrValues().getObjectAt(0));
-
- Collection c = recipients.getRecipients();
-
- assertEquals(1, c.size());
-
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- byte[] recData = recipient.getContent(new BcRSAKeyTransEnvelopedRecipient(PrivateKeyFactory.createKey(_reciKP.getPrivate().getEncoded())));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
- }
-
- public void testKeyTrans()
- throws Exception
- {
- byte[] data = "WallaWallaWashington".getBytes();
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new BcRSAKeyTransRecipientInfoGenerator(new JcaX509CertificateHolder(_reciCert)));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new BcCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
-
- assertEquals(ed.getEncryptionAlgOID(), CMSAlgorithm.DES_EDE3_CBC.getId());
-
- Collection c = recipients.getRecipients();
-
- assertEquals(1, c.size());
-
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- byte[] recData = recipient.getContent(new BcRSAKeyTransEnvelopedRecipient(PrivateKeyFactory.createKey(PrivateKeyInfo.getInstance(_reciKP.getPrivate().getEncoded()))));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
- }
-
- public void testKeyTransRC4()
- throws Exception
- {
- byte[] data = "WallaWallaBouncyCastle".getBytes();
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new BcRSAKeyTransRecipientInfoGenerator(new JcaX509CertificateHolder(_reciCert)));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new BcCMSContentEncryptorBuilder(new ASN1ObjectIdentifier("1.2.840.113549.3.4")).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(ed.getEncryptionAlgOID(), new ASN1ObjectIdentifier("1.2.840.113549.3.4").getId());
-
- Collection c = recipients.getRecipients();
-
- assertEquals(1, c.size());
-
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- byte[] recData = recipient.getContent(new BcRSAKeyTransEnvelopedRecipient(PrivateKeyFactory.createKey(PrivateKeyInfo.getInstance(_reciKP.getPrivate().getEncoded()))));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
- }
-
- public void testKeyTrans128RC4()
- throws Exception
- {
- byte[] data = "WallaWallaBouncyCastle".getBytes();
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new BcRSAKeyTransRecipientInfoGenerator(new JcaX509CertificateHolder(_reciCert)));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new BcCMSContentEncryptorBuilder(new ASN1ObjectIdentifier("1.2.840.113549.3.4"), 128).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(ed.getEncryptionAlgOID(), "1.2.840.113549.3.4");
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- byte[] recData = recipient.getContent(new BcRSAKeyTransEnvelopedRecipient(PrivateKeyFactory.createKey(PrivateKeyInfo.getInstance(_reciKP.getPrivate().getEncoded()))));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
- else
- {
- fail("no recipient found");
- }
- }
-
- public void testKeyTransLight128RC4()
- throws Exception
- {
- byte[] data = "WallaWallaBouncyCastle".getBytes();
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new BcRSAKeyTransRecipientInfoGenerator(new JcaX509CertificateHolder(_reciCert)));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new BcCMSContentEncryptorBuilder(new ASN1ObjectIdentifier("1.2.840.113549.3.4"), 128).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(ed.getEncryptionAlgOID(), "1.2.840.113549.3.4");
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- byte[] recData = recipient.getContent(new BcRSAKeyTransEnvelopedRecipient(PrivateKeyFactory.createKey(PrivateKeyInfo.getInstance(_reciKP.getPrivate().getEncoded()))));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
- else
- {
- fail("no recipient found");
- }
- }
-
- public void testKeyTransODES()
- throws Exception
- {
- byte[] data = "WallaWallaBouncyCastle".getBytes();
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new BcRSAKeyTransRecipientInfoGenerator(new JcaX509CertificateHolder(_reciCert)));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new BcCMSContentEncryptorBuilder(new ASN1ObjectIdentifier("1.3.14.3.2.7")).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(ed.getEncryptionAlgOID(), "1.3.14.3.2.7");
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- byte[] recData = recipient.getContent(new BcRSAKeyTransEnvelopedRecipient(PrivateKeyFactory.createKey(PrivateKeyInfo.getInstance(_reciKP.getPrivate().getEncoded()))));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
- else
- {
- fail("no recipient found");
- }
- }
-
- public void testKeyTransSmallAES()
- throws Exception
- {
- byte[] data = new byte[] { 0, 1, 2, 3 };
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new BcRSAKeyTransRecipientInfoGenerator(new JcaX509CertificateHolder(_reciCert)));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new BcCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(ed.getEncryptionAlgOID(),
- CMSAlgorithm.AES128_CBC.getId());
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- byte[] recData = recipient.getContent(new BcRSAKeyTransEnvelopedRecipient(PrivateKeyFactory.createKey(PrivateKeyInfo.getInstance(_reciKP.getPrivate().getEncoded()))));
- assertEquals(true, Arrays.equals(data, recData));
- }
- else
- {
- fail("no recipient found");
- }
- }
-
- public void testKeyTransAES128()
- throws Exception
- {
- tryKeyTrans(CMSAlgorithm.AES128_CBC, NISTObjectIdentifiers.id_aes128_CBC, 16, DEROctetString.class);
- }
-
- public void testKeyTransAES192()
- throws Exception
- {
- tryKeyTrans(CMSAlgorithm.AES192_CBC, NISTObjectIdentifiers.id_aes192_CBC, 24, DEROctetString.class);
- }
-
- public void testKeyTransAES256()
- throws Exception
- {
- tryKeyTrans(CMSAlgorithm.AES256_CBC, NISTObjectIdentifiers.id_aes256_CBC, 32, DEROctetString.class);
- }
-
- private void tryKeyTrans(ASN1ObjectIdentifier generatorOID, ASN1ObjectIdentifier checkOID, int keySize, Class asn1Params)
- throws Exception
- {
- byte[] data = "WallaWallaWashington".getBytes();
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new BcRSAKeyTransRecipientInfoGenerator(new JcaX509CertificateHolder(_reciCert)));
-
- OutputEncryptor encryptor = new BcCMSContentEncryptorBuilder(generatorOID).build();
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data), encryptor);
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(checkOID.getId(), ed.getEncryptionAlgOID());
- assertEquals(keySize, ((byte[])encryptor.getKey().getRepresentation()).length);
-
- if (asn1Params != null)
- {
- assertTrue(asn1Params.isAssignableFrom(ed.getContentEncryptionAlgorithm().getParameters().toASN1Primitive().getClass()));
- }
-
- Collection c = recipients.getRecipients();
-
- assertEquals(1, c.size());
-
- Iterator it = c.iterator();
-
- if (!it.hasNext())
- {
- fail("no recipients found");
- }
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- byte[] recData = recipient.getContent(new BcRSAKeyTransEnvelopedRecipient(PrivateKeyFactory.createKey(PrivateKeyInfo.getInstance(_reciKP.getPrivate().getEncoded()))));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
- }
-
- public void testAES128KEK()
- throws Exception
- {
- SecretKey key = CMSTestUtil.makeAESKey(128);
-
- tryKekAlgorithm(new BcAESSymmetricKeyWrapper(new KeyParameter(key.getEncoded())), new BcAESSymmetricKeyUnwrapper(new KeyParameter(key.getEncoded())), NISTObjectIdentifiers.id_aes128_wrap);
- }
-
- public void testAES192KEK()
- throws Exception
- {
- SecretKey key = CMSTestUtil.makeAESKey(192);
-
- tryKekAlgorithm(new BcAESSymmetricKeyWrapper(new KeyParameter(key.getEncoded())), new BcAESSymmetricKeyUnwrapper(new KeyParameter(key.getEncoded())), NISTObjectIdentifiers.id_aes192_wrap);
- }
-
- public void testAES256KEK()
- throws Exception
- {
- SecretKey key = CMSTestUtil.makeAESKey(256);
-
- tryKekAlgorithm(new BcAESSymmetricKeyWrapper(new KeyParameter(key.getEncoded())), new BcAESSymmetricKeyUnwrapper(new KeyParameter(key.getEncoded())), NISTObjectIdentifiers.id_aes256_wrap);
- }
-
- private void tryKekAlgorithm(BcSymmetricKeyWrapper kekWrapper, BcSymmetricKeyUnwrapper kekUnwrapper, ASN1ObjectIdentifier algOid)
- throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
- {
- byte[] data = "WallaWallaWashington".getBytes();
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- byte[] kekId = new byte[] { 1, 2, 3, 4, 5 };
-
- edGen.addRecipientInfoGenerator(new BcKEKRecipientInfoGenerator(kekId, kekWrapper));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new BcCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- assertEquals(ed.getEncryptionAlgOID(), CMSAlgorithm.DES_EDE3_CBC.getId());
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(algOid.getId(), recipient.getKeyEncryptionAlgOID());
-
- byte[] recData = recipient.getContent(new BcKEKEnvelopedRecipient(kekUnwrapper));
-
- assertTrue(Arrays.equals(data, recData));
- }
- else
- {
- fail("no recipient found");
- }
- }
-
- public void testECKeyAgree()
- throws Exception
- {
- byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new JceKeyAgreeRecipientInfoGenerator(CMSAlgorithm.ECDH_SHA1KDF,
- _origEcKP.getPrivate(), _origEcKP.getPublic(),
- CMSAlgorithm.AES128_WRAP).addRecipient(_reciEcCert).setProvider(BC));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new BcCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).build());
-
- assertEquals(ed.getEncryptionAlgOID(), CMSAlgorithm.AES128_CBC.getId());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- confirmDataReceived(recipients, data, _reciEcCert, _reciEcKP.getPrivate(), BC);
- confirmNumberRecipients(recipients, 1);
- }
-
- public void testECMQVKeyAgree()
- throws Exception
- {
- byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new JceKeyAgreeRecipientInfoGenerator(CMSAlgorithm.ECMQV_SHA1KDF,
- _origEcKP.getPrivate(), _origEcKP.getPublic(),
- CMSAlgorithm.AES128_WRAP).addRecipient(_reciEcCert).setProvider(BC));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new BcCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).build());
-
- assertEquals(ed.getEncryptionAlgOID(), CMSAlgorithm.AES128_CBC.getId());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- confirmDataReceived(recipients, data, _reciEcCert, _reciEcKP.getPrivate(), BC);
- confirmNumberRecipients(recipients, 1);
- }
-
- public void testECMQVKeyAgreeMultiple()
- throws Exception
- {
- byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- JceKeyAgreeRecipientInfoGenerator recipientGenerator = new JceKeyAgreeRecipientInfoGenerator(CMSAlgorithm.ECMQV_SHA1KDF,
- _origEcKP.getPrivate(), _origEcKP.getPublic(), CMSAlgorithm.AES128_WRAP).setProvider(BC);
-
- recipientGenerator.addRecipient(_reciEcCert);
- recipientGenerator.addRecipient(_reciEcCert2);
-
- edGen.addRecipientInfoGenerator(recipientGenerator);
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new BcCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).build());
-
- assertEquals(ed.getEncryptionAlgOID(), CMSAlgorithm.AES128_CBC.getId());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- confirmDataReceived(recipients, data, _reciEcCert, _reciEcKP.getPrivate(), BC);
- confirmDataReceived(recipients, data, _reciEcCert2, _reciEcKP2.getPrivate(), BC);
- confirmNumberRecipients(recipients, 2);
- }
-
- private static void confirmDataReceived(RecipientInformationStore recipients,
- byte[] expectedData, X509Certificate reciCert, PrivateKey reciPrivKey, String provider)
- throws CMSException, NoSuchProviderException, CertificateEncodingException, IOException
- {
- RecipientId rid = new JceKeyAgreeRecipientId(reciCert);
-
- RecipientInformation recipient = recipients.get(rid);
- assertNotNull(recipient);
-
- byte[] actualData = recipient.getContent(new JceKeyAgreeEnvelopedRecipient(reciPrivKey).setProvider(provider));
- assertEquals(true, Arrays.equals(expectedData, actualData));
- }
-
- private static void confirmNumberRecipients(RecipientInformationStore recipients, int count)
- {
- assertEquals(count, recipients.getRecipients().size());
- }
-
- public void testECKeyAgreeVectors()
- throws Exception
- {
- PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(ecKeyAgreeKey);
- KeyFactory fact = KeyFactory.getInstance("ECDH", BC);
- PrivateKey privKey = fact.generatePrivate(privSpec);
-
- verifyECKeyAgreeVectors(privKey, "2.16.840.1.101.3.4.1.42", ecKeyAgreeMsgAES256);
- verifyECKeyAgreeVectors(privKey, "2.16.840.1.101.3.4.1.2", ecKeyAgreeMsgAES128);
- verifyECKeyAgreeVectors(privKey, "1.2.840.113549.3.7", ecKeyAgreeMsgDESEDE);
- }
-
- public void testECMQVKeyAgreeVectors()
- throws Exception
- {
- PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(ecKeyAgreeKey);
- KeyFactory fact = KeyFactory.getInstance("ECDH", BC);
- PrivateKey privKey = fact.generatePrivate(privSpec);
-
- verifyECMQVKeyAgreeVectors(privKey, "2.16.840.1.101.3.4.1.2", ecMQVKeyAgreeMsgAES128);
- }
-
- public void testPasswordAES256()
- throws Exception
- {
- passwordTest(CMSAlgorithm.AES256_CBC);
- passwordUTF8Test(CMSAlgorithm.AES256_CBC);
- }
-
- public void testPasswordDESEDE()
- throws Exception
- {
- passwordTest(CMSAlgorithm.DES_EDE3_CBC);
- passwordUTF8Test(CMSAlgorithm.DES_EDE3_CBC);
- }
-
- public void testRFC4134ex5_1()
- throws Exception
- {
- byte[] data = Hex.decode("5468697320697320736f6d652073616d706c6520636f6e74656e742e");
-
- KeyFactory kFact = KeyFactory.getInstance("RSA", BC);
- Key key = kFact.generatePrivate(new PKCS8EncodedKeySpec(bobPrivRsaEncrypt));
-
- CMSEnvelopedData ed = new CMSEnvelopedData(rfc4134ex5_1);
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals("1.2.840.113549.3.7", ed.getEncryptionAlgOID());
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- byte[] recData = recipient.getContent(new BcRSAKeyTransEnvelopedRecipient(PrivateKeyFactory.createKey(PrivateKeyInfo.getInstance(key.getEncoded()))));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
- else
- {
- fail("no recipient found");
- }
- }
-
- public void testRFC4134ex5_2()
- throws Exception
- {
- byte[] data = Hex.decode("5468697320697320736f6d652073616d706c6520636f6e74656e742e");
-
- KeyFactory kFact = KeyFactory.getInstance("RSA", BC);
- PrivateKey key = kFact.generatePrivate(new PKCS8EncodedKeySpec(bobPrivRsaEncrypt));
-
- CMSEnvelopedData ed = new CMSEnvelopedData(rfc4134ex5_2);
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals("1.2.840.113549.3.2", ed.getEncryptionAlgOID());
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
- byte[] recData;
-
- if (recipient instanceof KeyTransRecipientInformation)
- {
- recData = recipient.getContent(new BcRSAKeyTransEnvelopedRecipient(PrivateKeyFactory.createKey(PrivateKeyInfo.getInstance(key.getEncoded()))));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
- }
- }
- else
- {
- fail("no recipient found");
- }
- }
-
- public void testOriginatorInfo()
- throws Exception
- {
- CMSEnvelopedData env = new CMSEnvelopedData(CMSSampleMessages.originatorMessage);
-
- RecipientInformationStore recipients = env.getRecipientInfos();
-
- assertEquals(CMSAlgorithm.DES_EDE3_CBC.getId(), env.getEncryptionAlgOID());
- }
-
- private void passwordTest(ASN1ObjectIdentifier algorithm)
- throws Exception
- {
- byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new BcPasswordRecipientInfoGenerator(algorithm, "password".toCharArray()).setPasswordConversionScheme(PasswordRecipient.PKCS5_SCHEME2).setSaltAndIterationCount(new byte[20], 5));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new BcCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(ed.getEncryptionAlgOID(),
- CMSAlgorithm.AES128_CBC.getId());
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- PasswordRecipientInformation recipient = (PasswordRecipientInformation)it.next();
-
- byte[] recData = recipient.getContent(new BcPasswordEnvelopedRecipient("password".toCharArray()).setPasswordConversionScheme(PasswordRecipient.PKCS5_SCHEME2));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
- else
- {
- fail("no recipient found");
- }
-
- //
- // try algorithm parameters constructor
- //
- it = c.iterator();
-
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- byte[] recData = recipient.getContent(new BcPasswordEnvelopedRecipient("password".toCharArray()).setPasswordConversionScheme(PasswordRecipient.PKCS5_SCHEME2));
- assertEquals(true, Arrays.equals(data, recData));
- }
-
- private void passwordUTF8Test(ASN1ObjectIdentifier algorithm)
- throws Exception
- {
- byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new BcPasswordRecipientInfoGenerator(algorithm, "abc\u5639\u563b".toCharArray()).setSaltAndIterationCount(new byte[20], 5));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new BcCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(ed.getEncryptionAlgOID(),
- CMSAlgorithm.AES128_CBC.getId());
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- byte[] recData = recipient.getContent(new BcPasswordEnvelopedRecipient("abc\u5639\u563b".toCharArray()));
- assertEquals(true, Arrays.equals(data, recData));
- }
- else
- {
- fail("no recipient found");
- }
-
- //
- // try algorithm parameters constructor
- //
- it = c.iterator();
-
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- byte[] recData = recipient.getContent(new BcPasswordEnvelopedRecipient("abc\u5639\u563b".toCharArray()));
- assertEquals(true, Arrays.equals(data, recData));
- }
-
- private void verifyECKeyAgreeVectors(PrivateKey privKey, String wrapAlg, byte[] message)
- throws CMSException, GeneralSecurityException
- {
- byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
-
- CMSEnvelopedData ed = new CMSEnvelopedData(message);
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- assertEquals(wrapAlg, ed.getEncryptionAlgOID());
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals("1.3.133.16.840.63.0.2", recipient.getKeyEncryptionAlgOID());
-
- byte[] recData = recipient.getContent(new JceKeyAgreeEnvelopedRecipient(privKey).setProvider(BC));
-
- assertTrue(Arrays.equals(data, recData));
- }
- else
- {
- fail("no recipient found");
- }
- }
-
- private void verifyECMQVKeyAgreeVectors(PrivateKey privKey, String wrapAlg, byte[] message)
- throws CMSException, GeneralSecurityException
- {
- byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
-
- CMSEnvelopedData ed = new CMSEnvelopedData(message);
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- assertEquals(wrapAlg, ed.getEncryptionAlgOID());
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals("1.3.133.16.840.63.0.16", recipient.getKeyEncryptionAlgOID());
-
- byte[] recData = recipient.getContent(new JceKeyAgreeEnvelopedRecipient(privKey).setProvider(BC));
-
- assertTrue(Arrays.equals(data, recData));
- }
- else
- {
- fail("no recipient found");
- }
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/BcSignedDataTest.java b/pkix/src/test/java/org/bouncycastle/cms/test/BcSignedDataTest.java
deleted file mode 100644
index 1c4ccc0e..00000000
--- a/pkix/src/test/java/org/bouncycastle/cms/test/BcSignedDataTest.java
+++ /dev/null
@@ -1,1835 +0,0 @@
-package org.bouncycastle.cms.test;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.security.KeyFactory;
-import java.security.KeyPair;
-import java.security.MessageDigest;
-import java.security.Security;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.security.spec.X509EncodedKeySpec;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.cms.Attribute;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.CMSAttributes;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cert.X509AttributeCertificateHolder;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.jcajce.JcaCRLStore;
-import org.bouncycastle.cert.jcajce.JcaCertStore;
-import org.bouncycastle.cert.jcajce.JcaX509CRLHolder;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
-import org.bouncycastle.cms.CMSAbsentContent;
-import org.bouncycastle.cms.CMSAlgorithm;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.CMSProcessableByteArray;
-import org.bouncycastle.cms.CMSSignedData;
-import org.bouncycastle.cms.CMSSignedDataGenerator;
-import org.bouncycastle.cms.CMSSignedDataParser;
-import org.bouncycastle.cms.CMSTypedData;
-import org.bouncycastle.cms.DefaultCMSSignatureAlgorithmNameGenerator;
-import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
-import org.bouncycastle.cms.SignerId;
-import org.bouncycastle.cms.SignerInfoGeneratorBuilder;
-import org.bouncycastle.cms.SignerInformation;
-import org.bouncycastle.cms.SignerInformationStore;
-import org.bouncycastle.cms.bc.BcRSASignerInfoVerifierBuilder;
-import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
-import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
-import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.util.PrivateKeyFactory;
-import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.BufferingContentSigner;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.bc.BcContentSignerBuilder;
-import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
-import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
-import org.bouncycastle.util.CollectionStore;
-import org.bouncycastle.util.Store;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.io.Streams;
-
-public class BcSignedDataTest
- extends TestCase
-{
- private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
-
- boolean DEBUG = true;
-
- private static String _origDN;
- private static KeyPair _origKP;
- private static X509Certificate _origCert;
-
- private static String _signDN;
- private static KeyPair _signKP;
- private static X509Certificate _signCert;
-
- private static KeyPair _signEcDsaKP;
- private static X509Certificate _signEcDsaCert;
-
- private static KeyPair _signEcGostKP;
- private static X509Certificate _signEcGostCert;
-
- private static KeyPair _signDsaKP;
- private static X509Certificate _signDsaCert;
-
- private static String _reciDN;
- private static KeyPair _reciKP;
- private static X509Certificate _reciCert;
-
- private static X509CRL _signCrl;
-
- private static boolean _initialised = false;
-
- private byte[] disorderedMessage = Base64.decode(
- "SU9fc3RkaW5fdXNlZABfX2xpYmNfc3RhcnRfbWFpbgBnZXRob3N0aWQAX19n"
- + "bW9uX3M=");
-
- private byte[] disorderedSet = Base64.decode(
- "MIIYXQYJKoZIhvcNAQcCoIIYTjCCGEoCAQExCzAJBgUrDgMCGgUAMAsGCSqG"
- + "SIb3DQEHAaCCFqswggJUMIIBwKADAgECAgMMg6wwCgYGKyQDAwECBQAwbzEL"
- + "MAkGA1UEBhMCREUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbI"
- + "dXIgVGVsZWtvbW11bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwEx"
- + "MBEGA1UEAxQKNFItQ0EgMTpQTjAiGA8yMDAwMDMyMjA5NDM1MFoYDzIwMDQw"
- + "MTIxMTYwNDUzWjBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxpZXJ1"
- + "bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9zdDEh"
- + "MAwGBwKCBgEKBxQTATEwEQYDVQQDFAo1Ui1DQSAxOlBOMIGhMA0GCSqGSIb3"
- + "DQEBAQUAA4GPADCBiwKBgQCKHkFTJx8GmoqFTxEOxpK9XkC3NZ5dBEKiUv0I"
- + "fe3QMqeGMoCUnyJxwW0k2/53duHxtv2yHSZpFKjrjvE/uGwdOMqBMTjMzkFg"
- + "19e9JPv061wyADOucOIaNAgha/zFt9XUyrHF21knKCvDNExv2MYIAagkTKaj"
- + "LMAw0bu1J0FadQIFAMAAAAEwCgYGKyQDAwECBQADgYEAgFauXpoTLh3Z3pT/"
- + "3bhgrxO/2gKGZopWGSWSJPNwq/U3x2EuctOJurj+y2inTcJjespThflpN+7Q"
- + "nvsUhXU+jL2MtPlObU0GmLvWbi47cBShJ7KElcZAaxgWMBzdRGqTOdtMv+ev"
- + "2t4igGF/q71xf6J2c3pTLWr6P8s6tzLfOCMwggJDMIIBr6ADAgECAgQAuzyu"
- + "MAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1bGll"
- + "cnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0"
- + "MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjVSLUNBIDE6UE4wIhgPMjAwMTA4"
- + "MjAwODA4MjBaGA8yMDA1MDgyMDA4MDgyMFowSzELMAkGA1UEBhMCREUxEjAQ"
- + "BgNVBAoUCVNpZ250cnVzdDEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFDQSBT"
- + "SUdOVFJVU1QgMTpQTjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAhV12"
- + "N2WhlR6f+3CXP57GrBM9la5Vnsu2b92zv5MZqQOPeEsYbZqDCFkYg1bSwsDE"
- + "XsGVQqXdQNAGUaapr/EUVVN+hNZ07GcmC1sPeQECgUkxDYjGi4ihbvzxlahj"
- + "L4nX+UTzJVBfJwXoIvJ+lMHOSpnOLIuEL3SRhBItvRECxN0CAwEAAaMSMBAw"
- + "DgYDVR0PAQH/BAQDAgEGMAoGBiskAwMBAgUAA4GBACDc9Pc6X8sK1cerphiV"
- + "LfFv4kpZb9ev4WPy/C6987Qw1SOTElhZAmxaJQBqmDHWlQ63wj1DEqswk7hG"
- + "LrvQk/iX6KXIn8e64uit7kx6DHGRKNvNGofPjr1WelGeGW/T2ZJKgmPDjCkf"
- + "sIKt2c3gwa2pDn4mmCz/DStUIqcPDbqLMIICVTCCAcGgAwIBAgIEAJ16STAK"
- + "BgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxpZXJ1"
- + "bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9zdDEh"
- + "MAwGBwKCBgEKBxQTATEwEQYDVQQDFAo1Ui1DQSAxOlBOMCIYDzIwMDEwMjAx"
- + "MTM0NDI1WhgPMjAwNTAzMjIwODU1NTFaMG8xCzAJBgNVBAYTAkRFMT0wOwYD"
- + "VQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0"
- + "aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNhIDE6"
- + "UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGLAoGBAIOiqxUkzVyqnvthihnl"
- + "tsE5m1Xn5TZKeR/2MQPStc5hJ+V4yptEtIx+Fn5rOoqT5VEVWhcE35wdbPvg"
- + "JyQFn5msmhPQT/6XSGOlrWRoFummXN9lQzAjCj1sgTcmoLCVQ5s5WpCAOXFw"
- + "VWu16qndz3sPItn3jJ0F3Kh3w79NglvPAgUAwAAAATAKBgYrJAMDAQIFAAOB"
- + "gQBpSRdnDb6AcNVaXSmGo6+kVPIBhot1LzJOGaPyDNpGXxd7LV4tMBF1U7gr"
- + "4k1g9BO6YiMWvw9uiTZmn0CfV8+k4fWEuG/nmafRoGIuay2f+ILuT+C0rnp1"
- + "4FgMsEhuVNJJAmb12QV0PZII+UneyhAneZuQQzVUkTcVgYxogxdSOzCCAlUw"
- + "ggHBoAMCAQICBACdekowCgYGKyQDAwECBQAwbzELMAkGA1UEBhMCREUxPTA7"
- + "BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11bmlr"
- + "YXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNlItQ2Eg"
- + "MTpQTjAiGA8yMDAxMDIwMTEzNDcwN1oYDzIwMDUwMzIyMDg1NTUxWjBvMQsw"
- + "CQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1"
- + "ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEw"
- + "EQYDVQQDFAo1Ui1DQSAxOlBOMIGhMA0GCSqGSIb3DQEBAQUAA4GPADCBiwKB"
- + "gQCKHkFTJx8GmoqFTxEOxpK9XkC3NZ5dBEKiUv0Ife3QMqeGMoCUnyJxwW0k"
- + "2/53duHxtv2yHSZpFKjrjvE/uGwdOMqBMTjMzkFg19e9JPv061wyADOucOIa"
- + "NAgha/zFt9XUyrHF21knKCvDNExv2MYIAagkTKajLMAw0bu1J0FadQIFAMAA"
- + "AAEwCgYGKyQDAwECBQADgYEAV1yTi+2gyB7sUhn4PXmi/tmBxAfe5oBjDW8m"
- + "gxtfudxKGZ6l/FUPNcrSc5oqBYxKWtLmf3XX87LcblYsch617jtNTkMzhx9e"
- + "qxiD02ufcrxz2EVt0Akdqiz8mdVeqp3oLcNU/IttpSrcA91CAnoUXtDZYwb/"
- + "gdQ4FI9l3+qo/0UwggJVMIIBwaADAgECAgQAxIymMAoGBiskAwMBAgUAMG8x"
- + "CzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBm"
- + "yHVyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMB"
- + "MTARBgNVBAMUCjZSLUNhIDE6UE4wIhgPMjAwMTEwMTUxMzMxNThaGA8yMDA1"
- + "MDYwMTA5NTIxN1owbzELMAkGA1UEBhMCREUxPTA7BgNVBAoUNFJlZ3VsaWVy"
- + "dW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11bmlrYXRpb24gdW5kIFBvc3Qx"
- + "ITAMBgcCggYBCgcUEwExMBEGA1UEAxQKN1ItQ0EgMTpQTjCBoTANBgkqhkiG"
- + "9w0BAQEFAAOBjwAwgYsCgYEAiokD/j6lEP4FexF356OpU5teUpGGfUKjIrFX"
- + "BHc79G0TUzgVxqMoN1PWnWktQvKo8ETaugxLkP9/zfX3aAQzDW4Zki6x6GDq"
- + "fy09Agk+RJvhfbbIzRkV4sBBco0n73x7TfG/9NTgVr/96U+I+z/1j30aboM6"
- + "9OkLEhjxAr0/GbsCBQDAAAABMAoGBiskAwMBAgUAA4GBAHWRqRixt+EuqHhR"
- + "K1kIxKGZL2vZuakYV0R24Gv/0ZR52FE4ECr+I49o8FP1qiGSwnXB0SwjuH2S"
- + "iGiSJi+iH/MeY85IHwW1P5e+bOMvEOFhZhQXQixOD7totIoFtdyaj1XGYRef"
- + "0f2cPOjNJorXHGV8wuBk+/j++sxbd/Net3FtMIICVTCCAcGgAwIBAgIEAMSM"
- + "pzAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxp"
- + "ZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9z"
- + "dDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo3Ui1DQSAxOlBOMCIYDzIwMDEx"
- + "MDE1MTMzNDE0WhgPMjAwNTA2MDEwOTUyMTdaMG8xCzAJBgNVBAYTAkRFMT0w"
- + "OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5p"
- + "a2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNh"
- + "IDE6UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGLAoGBAIOiqxUkzVyqnvth"
- + "ihnltsE5m1Xn5TZKeR/2MQPStc5hJ+V4yptEtIx+Fn5rOoqT5VEVWhcE35wd"
- + "bPvgJyQFn5msmhPQT/6XSGOlrWRoFummXN9lQzAjCj1sgTcmoLCVQ5s5WpCA"
- + "OXFwVWu16qndz3sPItn3jJ0F3Kh3w79NglvPAgUAwAAAATAKBgYrJAMDAQIF"
- + "AAOBgQBi5W96UVDoNIRkCncqr1LLG9vF9SGBIkvFpLDIIbcvp+CXhlvsdCJl"
- + "0pt2QEPSDl4cmpOet+CxJTdTuMeBNXxhb7Dvualog69w/+K2JbPhZYxuVFZs"
- + "Zh5BkPn2FnbNu3YbJhE60aIkikr72J4XZsI5DxpZCGh6xyV/YPRdKSljFjCC"
- + "AlQwggHAoAMCAQICAwyDqzAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9"
- + "MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVu"
- + "aWthdGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo1Ui1D"
- + "QSAxOlBOMCIYDzIwMDAwMzIyMDk0MTI3WhgPMjAwNDAxMjExNjA0NTNaMG8x"
- + "CzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBm"
- + "yHVyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMB"
- + "MTARBgNVBAMUCjRSLUNBIDE6UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGL"
- + "AoGBAI8x26tmrFJanlm100B7KGlRemCD1R93PwdnG7svRyf5ZxOsdGrDszNg"
- + "xg6ouO8ZHQMT3NC2dH8TvO65Js+8bIyTm51azF6clEg0qeWNMKiiXbBXa+ph"
- + "hTkGbXiLYvACZ6/MTJMJ1lcrjpRF7BXtYeYMcEF6znD4pxOqrtbf9z5hAgUA"
- + "wAAAATAKBgYrJAMDAQIFAAOBgQB99BjSKlGPbMLQAgXlvA9jUsDNhpnVm3a1"
- + "YkfxSqS/dbQlYkbOKvCxkPGA9NBxisBM8l1zFynVjJoy++aysRmcnLY/sHaz"
- + "23BF2iU7WERy18H3lMBfYB6sXkfYiZtvQZcWaO48m73ZBySuiV3iXpb2wgs/"
- + "Cs20iqroAWxwq/W/9jCCAlMwggG/oAMCAQICBDsFZ9UwCgYGKyQDAwECBQAw"
- + "bzELMAkGA1UEBhMCREUxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNFItQ0Eg"
- + "MTpQTjE9MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxl"
- + "a29tbXVuaWthdGlvbiB1bmQgUG9zdDAiGA8xOTk5MDEyMTE3MzUzNFoYDzIw"
- + "MDQwMTIxMTYwMDAyWjBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxp"
- + "ZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9z"
- + "dDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAozUi1DQSAxOlBOMIGfMA0GCSqG"
- + "SIb3DQEBAQUAA4GNADCBiQKBgI4B557mbKQg/AqWBXNJhaT/6lwV93HUl4U8"
- + "u35udLq2+u9phns1WZkdM3gDfEpL002PeLfHr1ID/96dDYf04lAXQfombils"
- + "of1C1k32xOvxjlcrDOuPEMxz9/HDAQZA5MjmmYHAIulGI8Qg4Tc7ERRtg/hd"
- + "0QX0/zoOeXoDSEOBAgTAAAABMAoGBiskAwMBAgUAA4GBAIyzwfT3keHI/n2P"
- + "LrarRJv96mCohmDZNpUQdZTVjGu5VQjVJwk3hpagU0o/t/FkdzAjOdfEw8Ql"
- + "3WXhfIbNLv1YafMm2eWSdeYbLcbB5yJ1od+SYyf9+tm7cwfDAcr22jNRBqx8"
- + "wkWKtKDjWKkevaSdy99sAI8jebHtWz7jzydKMIID9TCCA16gAwIBAgICbMcw"
- + "DQYJKoZIhvcNAQEFBQAwSzELMAkGA1UEBhMCREUxEjAQBgNVBAoUCVNpZ250"
- + "cnVzdDEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFDQSBTSUdOVFJVU1QgMTpQ"
- + "TjAeFw0wNDA3MzAxMzAyNDZaFw0wNzA3MzAxMzAyNDZaMDwxETAPBgNVBAMM"
- + "CFlhY29tOlBOMQ4wDAYDVQRBDAVZYWNvbTELMAkGA1UEBhMCREUxCjAIBgNV"
- + "BAUTATEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIWzLlYLQApocXIp"
- + "pgCCpkkOUVLgcLYKeOd6/bXAnI2dTHQqT2bv7qzfUnYvOqiNgYdF13pOYtKg"
- + "XwXMTNFL4ZOI6GoBdNs9TQiZ7KEWnqnr2945HYx7UpgTBclbOK/wGHuCdcwO"
- + "x7juZs1ZQPFG0Lv8RoiV9s6HP7POqh1sO0P/AgMBAAGjggH1MIIB8TCBnAYD"
- + "VR0jBIGUMIGRgBQcZzNghfnXoXRm8h1+VITC5caNRqFzpHEwbzELMAkGA1UE"
- + "BhMCREUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVs"
- + "ZWtvbW11bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UE"
- + "AxQKNVItQ0EgMTpQToIEALs8rjAdBgNVHQ4EFgQU2e5KAzkVuKaM9I5heXkz"
- + "bcAIuR8wDgYDVR0PAQH/BAQDAgZAMBIGA1UdIAQLMAkwBwYFKyQIAQEwfwYD"
- + "VR0fBHgwdjB0oCygKoYobGRhcDovL2Rpci5zaWdudHJ1c3QuZGUvbz1TaWdu"
- + "dHJ1c3QsYz1kZaJEpEIwQDEdMBsGA1UEAxMUQ1JMU2lnblNpZ250cnVzdDE6"
- + "UE4xEjAQBgNVBAoTCVNpZ250cnVzdDELMAkGA1UEBhMCREUwYgYIKwYBBQUH"
- + "AQEEVjBUMFIGCCsGAQUFBzABhkZodHRwOi8vZGlyLnNpZ250cnVzdC5kZS9T"
- + "aWdudHJ1c3QvT0NTUC9zZXJ2bGV0L2h0dHBHYXRld2F5LlBvc3RIYW5kbGVy"
- + "MBgGCCsGAQUFBwEDBAwwCjAIBgYEAI5GAQEwDgYHAoIGAQoMAAQDAQH/MA0G"
- + "CSqGSIb3DQEBBQUAA4GBAHn1m3GcoyD5GBkKUY/OdtD6Sj38LYqYCF+qDbJR"
- + "6pqUBjY2wsvXepUppEler+stH8mwpDDSJXrJyuzf7xroDs4dkLl+Rs2x+2tg"
- + "BjU+ABkBDMsym2WpwgA8LCdymmXmjdv9tULxY+ec2pjSEzql6nEZNEfrU8nt"
- + "ZCSCavgqW4TtMYIBejCCAXYCAQEwUTBLMQswCQYDVQQGEwJERTESMBAGA1UE"
- + "ChQJU2lnbnRydXN0MSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMUEUNBIFNJR05U"
- + "UlVTVCAxOlBOAgJsxzAJBgUrDgMCGgUAoIGAMBgGCSqGSIb3DQEJAzELBgkq"
- + "hkiG9w0BBwEwIwYJKoZIhvcNAQkEMRYEFIYfhPoyfGzkLWWSSLjaHb4HQmaK"
- + "MBwGCSqGSIb3DQEJBTEPFw0wNTAzMjQwNzM4MzVaMCEGBSskCAYFMRgWFi92"
- + "YXIvZmlsZXMvdG1wXzEvdGVzdDEwDQYJKoZIhvcNAQEFBQAEgYA2IvA8lhVz"
- + "VD5e/itUxbFboKxeKnqJ5n/KuO/uBCl1N14+7Z2vtw1sfkIG+bJdp3OY2Cmn"
- + "mrQcwsN99Vjal4cXVj8t+DJzFG9tK9dSLvD3q9zT/GQ0kJXfimLVwCa4NaSf"
- + "Qsu4xtG0Rav6bCcnzabAkKuNNvKtH8amSRzk870DBg==");
-
- public static byte[] xtraCounterSig = Base64.decode(
- "MIIR/AYJKoZIhvcNAQcCoIIR7TCCEekCAQExCzAJBgUrDgMCGgUAMBoGCSqG"
- + "SIb3DQEHAaANBAtIZWxsbyB3b3JsZKCCDnkwggTPMIIDt6ADAgECAgRDnYD3"
- + "MA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNVBAYTAklUMRowGAYDVQQKExFJbi5U"
- + "ZS5TLkEuIFMucC5BLjEtMCsGA1UEAxMkSW4uVGUuUy5BLiAtIENlcnRpZmlj"
- + "YXRpb24gQXV0aG9yaXR5MB4XDTA4MDkxMjExNDMxMloXDTEwMDkxMjExNDMx"
- + "MlowgdgxCzAJBgNVBAYTAklUMSIwIAYDVQQKDBlJbnRlc2EgUy5wLkEuLzA1"
- + "MjYyODkwMDE0MSowKAYDVQQLDCFCdXNpbmVzcyBDb2xsYWJvcmF0aW9uICYg"
- + "U2VjdXJpdHkxHjAcBgNVBAMMFU1BU1NJTUlMSUFOTyBaSUNDQVJESTERMA8G"
- + "A1UEBAwIWklDQ0FSREkxFTATBgNVBCoMDE1BU1NJTUlMSUFOTzEcMBoGA1UE"
- + "BRMTSVQ6WkNDTVNNNzZIMTRMMjE5WTERMA8GA1UELhMIMDAwMDI1ODUwgaAw"
- + "DQYJKoZIhvcNAQEBBQADgY4AMIGKAoGBALeJTjmyFgx1SIP6c2AuB/kuyHo5"
- + "j/prKELTALsFDimre/Hxr3wOSet1TdQfFzU8Lu+EJqgfV9cV+cI1yeH1rZs7"
- + "lei7L3tX/VR565IywnguX5xwvteASgWZr537Fkws50bvTEMyYOj1Tf3FZvZU"
- + "z4n4OD39KI4mfR9i1eEVIxR3AgQAizpNo4IBoTCCAZ0wHQYDVR0RBBYwFIES"
- + "emljY2FyZGlAaW50ZXNhLml0MC8GCCsGAQUFBwEDBCMwITAIBgYEAI5GAQEw"
- + "CwYGBACORgEDAgEUMAgGBgQAjkYBBDBZBgNVHSAEUjBQME4GBgQAizABATBE"
- + "MEIGCCsGAQUFBwIBFjZodHRwOi8vZS10cnVzdGNvbS5pbnRlc2EuaXQvY2Ff"
- + "cHViYmxpY2EvQ1BTX0lOVEVTQS5odG0wDgYDVR0PAQH/BAQDAgZAMIGDBgNV"
- + "HSMEfDB6gBQZCQOW0bjFWBt+EORuxPagEgkQqKFcpFowWDELMAkGA1UEBhMC"
- + "SVQxGjAYBgNVBAoTEUluLlRlLlMuQS4gUy5wLkEuMS0wKwYDVQQDEyRJbi5U"
- + "ZS5TLkEuIC0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCBDzRARMwOwYDVR0f"
- + "BDQwMjAwoC6gLIYqaHR0cDovL2UtdHJ1c3Rjb20uaW50ZXNhLml0L0NSTC9J"
- + "TlRFU0EuY3JsMB0GA1UdDgQWBBTf5ItL8KmQh541Dxt7YxcWI1254TANBgkq"
- + "hkiG9w0BAQUFAAOCAQEAgW+uL1CVWQepbC/wfCmR6PN37Sueb4xiKQj2mTD5"
- + "UZ5KQjpivy/Hbuf0NrfKNiDEhAvoHSPC31ebGiKuTMFNyZPHfPEUnyYGSxea"
- + "2w837aXJFr6utPNQGBRi89kH90sZDlXtOSrZI+AzJJn5QK3F9gjcayU2NZXQ"
- + "MJgRwYmFyn2w4jtox+CwXPQ9E5XgxiMZ4WDL03cWVXDLX00EOJwnDDMUNTRI"
- + "m9Zv+4SKTNlfFbi9UTBqWBySkDzAelsfB2U61oqc2h1xKmCtkGMmN9iZT+Qz"
- + "ZC/vaaT+hLEBFGAH2gwFrYc4/jTBKyBYeU1vsAxsibIoTs1Apgl6MH75qPDL"
- + "BzCCBM8wggO3oAMCAQICBEOdgPcwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE"
- + "BhMCSVQxGjAYBgNVBAoTEUluLlRlLlMuQS4gUy5wLkEuMS0wKwYDVQQDEyRJ"
- + "bi5UZS5TLkEuIC0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwOTEy"
- + "MTE0MzEyWhcNMTAwOTEyMTE0MzEyWjCB2DELMAkGA1UEBhMCSVQxIjAgBgNV"
- + "BAoMGUludGVzYSBTLnAuQS4vMDUyNjI4OTAwMTQxKjAoBgNVBAsMIUJ1c2lu"
- + "ZXNzIENvbGxhYm9yYXRpb24gJiBTZWN1cml0eTEeMBwGA1UEAwwVTUFTU0lN"
- + "SUxJQU5PIFpJQ0NBUkRJMREwDwYDVQQEDAhaSUNDQVJESTEVMBMGA1UEKgwM"
- + "TUFTU0lNSUxJQU5PMRwwGgYDVQQFExNJVDpaQ0NNU003NkgxNEwyMTlZMREw"
- + "DwYDVQQuEwgwMDAwMjU4NTCBoDANBgkqhkiG9w0BAQEFAAOBjgAwgYoCgYEA"
- + "t4lOObIWDHVIg/pzYC4H+S7IejmP+msoQtMAuwUOKat78fGvfA5J63VN1B8X"
- + "NTwu74QmqB9X1xX5wjXJ4fWtmzuV6Lsve1f9VHnrkjLCeC5fnHC+14BKBZmv"
- + "nfsWTCznRu9MQzJg6PVN/cVm9lTPifg4Pf0ojiZ9H2LV4RUjFHcCBACLOk2j"
- + "ggGhMIIBnTAdBgNVHREEFjAUgRJ6aWNjYXJkaUBpbnRlc2EuaXQwLwYIKwYB"
- + "BQUHAQMEIzAhMAgGBgQAjkYBATALBgYEAI5GAQMCARQwCAYGBACORgEEMFkG"
- + "A1UdIARSMFAwTgYGBACLMAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9lLXRy"
- + "dXN0Y29tLmludGVzYS5pdC9jYV9wdWJibGljYS9DUFNfSU5URVNBLmh0bTAO"
- + "BgNVHQ8BAf8EBAMCBkAwgYMGA1UdIwR8MHqAFBkJA5bRuMVYG34Q5G7E9qAS"
- + "CRCooVykWjBYMQswCQYDVQQGEwJJVDEaMBgGA1UEChMRSW4uVGUuUy5BLiBT"
- + "LnAuQS4xLTArBgNVBAMTJEluLlRlLlMuQS4gLSBDZXJ0aWZpY2F0aW9uIEF1"
- + "dGhvcml0eYIEPNEBEzA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vZS10cnVz"
- + "dGNvbS5pbnRlc2EuaXQvQ1JML0lOVEVTQS5jcmwwHQYDVR0OBBYEFN/ki0vw"
- + "qZCHnjUPG3tjFxYjXbnhMA0GCSqGSIb3DQEBBQUAA4IBAQCBb64vUJVZB6ls"
- + "L/B8KZHo83ftK55vjGIpCPaZMPlRnkpCOmK/L8du5/Q2t8o2IMSEC+gdI8Lf"
- + "V5saIq5MwU3Jk8d88RSfJgZLF5rbDzftpckWvq6081AYFGLz2Qf3SxkOVe05"
- + "Ktkj4DMkmflArcX2CNxrJTY1ldAwmBHBiYXKfbDiO2jH4LBc9D0TleDGIxnh"
- + "YMvTdxZVcMtfTQQ4nCcMMxQ1NEib1m/7hIpM2V8VuL1RMGpYHJKQPMB6Wx8H"
- + "ZTrWipzaHXEqYK2QYyY32JlP5DNkL+9ppP6EsQEUYAfaDAWthzj+NMErIFh5"
- + "TW+wDGyJsihOzUCmCXowfvmo8MsHMIIEzzCCA7egAwIBAgIEQ52A9zANBgkq"
- + "hkiG9w0BAQUFADBYMQswCQYDVQQGEwJJVDEaMBgGA1UEChMRSW4uVGUuUy5B"
- + "LiBTLnAuQS4xLTArBgNVBAMTJEluLlRlLlMuQS4gLSBDZXJ0aWZpY2F0aW9u"
- + "IEF1dGhvcml0eTAeFw0wODA5MTIxMTQzMTJaFw0xMDA5MTIxMTQzMTJaMIHY"
- + "MQswCQYDVQQGEwJJVDEiMCAGA1UECgwZSW50ZXNhIFMucC5BLi8wNTI2Mjg5"
- + "MDAxNDEqMCgGA1UECwwhQnVzaW5lc3MgQ29sbGFib3JhdGlvbiAmIFNlY3Vy"
- + "aXR5MR4wHAYDVQQDDBVNQVNTSU1JTElBTk8gWklDQ0FSREkxETAPBgNVBAQM"
- + "CFpJQ0NBUkRJMRUwEwYDVQQqDAxNQVNTSU1JTElBTk8xHDAaBgNVBAUTE0lU"
- + "OlpDQ01TTTc2SDE0TDIxOVkxETAPBgNVBC4TCDAwMDAyNTg1MIGgMA0GCSqG"
- + "SIb3DQEBAQUAA4GOADCBigKBgQC3iU45shYMdUiD+nNgLgf5Lsh6OY/6ayhC"
- + "0wC7BQ4pq3vx8a98DknrdU3UHxc1PC7vhCaoH1fXFfnCNcnh9a2bO5Xouy97"
- + "V/1UeeuSMsJ4Ll+ccL7XgEoFma+d+xZMLOdG70xDMmDo9U39xWb2VM+J+Dg9"
- + "/SiOJn0fYtXhFSMUdwIEAIs6TaOCAaEwggGdMB0GA1UdEQQWMBSBEnppY2Nh"
- + "cmRpQGludGVzYS5pdDAvBggrBgEFBQcBAwQjMCEwCAYGBACORgEBMAsGBgQA"
- + "jkYBAwIBFDAIBgYEAI5GAQQwWQYDVR0gBFIwUDBOBgYEAIswAQEwRDBCBggr"
- + "BgEFBQcCARY2aHR0cDovL2UtdHJ1c3Rjb20uaW50ZXNhLml0L2NhX3B1YmJs"
- + "aWNhL0NQU19JTlRFU0EuaHRtMA4GA1UdDwEB/wQEAwIGQDCBgwYDVR0jBHww"
- + "eoAUGQkDltG4xVgbfhDkbsT2oBIJEKihXKRaMFgxCzAJBgNVBAYTAklUMRow"
- + "GAYDVQQKExFJbi5UZS5TLkEuIFMucC5BLjEtMCsGA1UEAxMkSW4uVGUuUy5B"
- + "LiAtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ80QETMDsGA1UdHwQ0MDIw"
- + "MKAuoCyGKmh0dHA6Ly9lLXRydXN0Y29tLmludGVzYS5pdC9DUkwvSU5URVNB"
- + "LmNybDAdBgNVHQ4EFgQU3+SLS/CpkIeeNQ8be2MXFiNdueEwDQYJKoZIhvcN"
- + "AQEFBQADggEBAIFvri9QlVkHqWwv8Hwpkejzd+0rnm+MYikI9pkw+VGeSkI6"
- + "Yr8vx27n9Da3yjYgxIQL6B0jwt9XmxoirkzBTcmTx3zxFJ8mBksXmtsPN+2l"
- + "yRa+rrTzUBgUYvPZB/dLGQ5V7Tkq2SPgMySZ+UCtxfYI3GslNjWV0DCYEcGJ"
- + "hcp9sOI7aMfgsFz0PROV4MYjGeFgy9N3FlVwy19NBDicJwwzFDU0SJvWb/uE"
- + "ikzZXxW4vVEwalgckpA8wHpbHwdlOtaKnNodcSpgrZBjJjfYmU/kM2Qv72mk"
- + "/oSxARRgB9oMBa2HOP40wSsgWHlNb7AMbImyKE7NQKYJejB++ajwywcxggM8"
- + "MIIDOAIBATBgMFgxCzAJBgNVBAYTAklUMRowGAYDVQQKExFJbi5UZS5TLkEu"
- + "IFMucC5BLjEtMCsGA1UEAxMkSW4uVGUuUy5BLiAtIENlcnRpZmljYXRpb24g"
- + "QXV0aG9yaXR5AgRDnYD3MAkGBSsOAwIaBQAwDQYJKoZIhvcNAQEBBQAEgYB+"
- + "lH2cwLqc91mP8prvgSV+RRzk13dJdZvdoVjgQoFrPhBiZCNIEoHvIhMMA/sM"
- + "X6euSRZk7EjD24FasCEGYyd0mJVLEy6TSPmuW+wWz/28w3a6IWXBGrbb/ild"
- + "/CJMkPgLPGgOVD1WDwiNKwfasiQSFtySf5DPn3jFevdLeMmEY6GCAjIwggEV"
- + "BgkqhkiG9w0BCQYxggEGMIIBAgIBATBgMFgxCzAJBgNVBAYTAklUMRowGAYD"
- + "VQQKExFJbi5UZS5TLkEuIFMucC5BLjEtMCsGA1UEAxMkSW4uVGUuUy5BLiAt"
- + "IENlcnRpZmljYXRpb24gQXV0aG9yaXR5AgRDnYD3MAkGBSsOAwIaBQAwDQYJ"
- + "KoZIhvcNAQEBBQAEgYBHlOULfT5GDigIvxP0qZOy8VbpntmzaPF55VV4buKV"
- + "35J+uHp98gXKp0LrHM69V5IRKuyuQzHHFBqsXxsRI9o6KoOfgliD9Xc+BeMg"
- + "dKzQhBhBYoFREq8hQM0nSbqDNHYAQyNHMzUA/ZQUO5dlFuH8Dw3iDYAhNtfd"
- + "PrlchKJthDCCARUGCSqGSIb3DQEJBjGCAQYwggECAgEBMGAwWDELMAkGA1UE"
- + "BhMCSVQxGjAYBgNVBAoTEUluLlRlLlMuQS4gUy5wLkEuMS0wKwYDVQQDEyRJ"
- + "bi5UZS5TLkEuIC0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCBEOdgPcwCQYF"
- + "Kw4DAhoFADANBgkqhkiG9w0BAQEFAASBgEeU5Qt9PkYOKAi/E/Spk7LxVume"
- + "2bNo8XnlVXhu4pXfkn64en3yBcqnQusczr1XkhEq7K5DMccUGqxfGxEj2joq"
- + "g5+CWIP1dz4F4yB0rNCEGEFigVESryFAzSdJuoM0dgBDI0czNQD9lBQ7l2UW"
- + "4fwPDeINgCE2190+uVyEom2E");
-
- byte[] noSignedAttrSample2 = Base64.decode(
- "MIIIlAYJKoZIhvcNAQcCoIIIhTCCCIECAQExCzAJBgUrDgMCGgUAMAsGCSqG"
- + "SIb3DQEHAaCCB3UwggOtMIIDa6ADAgECAgEzMAsGByqGSM44BAMFADCBkDEL"
- + "MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlQYWxvIEFsdG8x"
- + "HTAbBgNVBAoTFFN1biBNaWNyb3N5c3RlbXMgSW5jMSMwIQYDVQQLExpKYXZh"
- + "IFNvZnR3YXJlIENvZGUgU2lnbmluZzEcMBoGA1UEAxMTSkNFIENvZGUgU2ln"
- + "bmluZyBDQTAeFw0wMTA1MjkxNjQ3MTFaFw0wNjA1MjgxNjQ3MTFaMG4xHTAb"
- + "BgNVBAoTFFN1biBNaWNyb3N5c3RlbXMgSW5jMSMwIQYDVQQLExpKYXZhIFNv"
- + "ZnR3YXJlIENvZGUgU2lnbmluZzEoMCYGA1UEAxMfVGhlIExlZ2lvbiBvZiB0"
- + "aGUgQm91bmN5IENhc3RsZTCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OB"
- + "HXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2"
- + "y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUP"
- + "BPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvM"
- + "spK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9"
- + "B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj"
- + "rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtV"
- + "JWQBTDv+z0kqA4GEAAKBgBWry/FCAZ6miyy39+ftsa+h9lxoL+JtV0MJcUyQ"
- + "E4VAhpAwWb8vyjba9AwOylYQTktHX5sAkFvjBiU0LOYDbFSTVZSHMRJgfjxB"
- + "SHtICjOEvr1BJrrOrdzqdxcOUge5n7El124BCrv91x5Ol8UTwtiO9LrRXF/d"
- + "SyK+RT5n1klRo3YwdDARBglghkgBhvhCAQEEBAMCAIcwDgYDVR0PAQH/BAQD"
- + "AgHGMB0GA1UdDgQWBBQwMY4NRcco1AO3w1YsokfDLVseEjAPBgNVHRMBAf8E"
- + "BTADAQH/MB8GA1UdIwQYMBaAFGXi9IbJ007wkU5Yomr12HhamsGmMAsGByqG"
- + "SM44BAMFAAMvADAsAhRmigTu6QV0sTfEkVljgij/hhdVfAIUQZvMxAnIHc30"
- + "y/u0C1T5UEG9glUwggPAMIIDfqADAgECAgEQMAsGByqGSM44BAMFADCBkDEL"
- + "MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlQYWxvIEFsdG8x"
- + "HTAbBgNVBAoTFFN1biBNaWNyb3N5c3RlbXMgSW5jMSMwIQYDVQQLExpKYXZh"
- + "IFNvZnR3YXJlIENvZGUgU2lnbmluZzEcMBoGA1UEAxMTSkNFIENvZGUgU2ln"
- + "bmluZyBDQTAeFw0wMTA0MjUwNzAwMDBaFw0yMDA0MjUwNzAwMDBaMIGQMQsw"
- + "CQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVBhbG8gQWx0bzEd"
- + "MBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxIzAhBgNVBAsTGkphdmEg"
- + "U29mdHdhcmUgQ29kZSBTaWduaW5nMRwwGgYDVQQDExNKQ0UgQ29kZSBTaWdu"
- + "aW5nIENBMIIBtzCCASwGByqGSM44BAEwggEfAoGBAOuvNwQeylEeaV2w8o/2"
- + "tUkfxqSZBdcpv3S3avUZ2B7kG/gKAZqY/3Cr4kpWhmxTs/zhyIGMMfDE87CL"
- + "5nAG7PdpaNuDTHIpiSk2F1w7SgegIAIqRpdRHXDICBgLzgxum3b3BePn+9Nh"
- + "eeFgmiSNBpWDPFEg4TDPOFeCphpyDc7TAhUAhCVF4bq5qWKreehbMLiJaxv/"
- + "e3UCgYEAq8l0e3Tv7kK1alNNO92QBnJokQ8LpCl2LlU71a5NZVx+KjoEpmem"
- + "0HGqpde34sFyDaTRqh6SVEwgAAmisAlBGTMAssNcrkL4sYvKfJbYEH83RFuq"
- + "zHjI13J2N2tAmahVZvqoAx6LShECactMuCUGHKB30sms0j3pChD6dnC3+9wD"
- + "gYQAAoGALQmYXKy4nMeZfu4gGSo0kPnXq6uu3WtylQ1m+O8nj0Sy7ShEx/6v"
- + "sKYnbwBnRYJbB6hWVjvSKVFhXmk51y50dxLPGUr1LcjLcmHETm/6R0M/FLv6"
- + "vBhmKMLZZot6LS/CYJJLFP5YPiF/aGK+bEhJ+aBLXoWdGRD5FUVRG3HU9wuj"
- + "ZjBkMBEGCWCGSAGG+EIBAQQEAwIABzAPBgNVHRMBAf8EBTADAQH/MB8GA1Ud"
- + "IwQYMBaAFGXi9IbJ007wkU5Yomr12HhamsGmMB0GA1UdDgQWBBRl4vSGydNO"
- + "8JFOWKJq9dh4WprBpjALBgcqhkjOOAQDBQADLwAwLAIUKvfPPJdd+Xi2CNdB"
- + "tNkNRUzktJwCFEXNdWkOIfod1rMpsun3Mx0z/fxJMYHoMIHlAgEBMIGWMIGQ"
- + "MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVBhbG8gQWx0"
- + "bzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxIzAhBgNVBAsTGkph"
- + "dmEgU29mdHdhcmUgQ29kZSBTaWduaW5nMRwwGgYDVQQDExNKQ0UgQ29kZSBT"
- + "aWduaW5nIENBAgEzMAkGBSsOAwIaBQAwCwYHKoZIzjgEAQUABC8wLQIVAIGV"
- + "khm+kbV4a/+EP45PHcq0hIViAhR4M9os6IrJnoEDS3Y3l7O6zrSosA==");
-
- /*
- *
- * INFRASTRUCTURE
- *
- */
-
- public BcSignedDataTest(String name)
- {
- super(name);
- }
-
- public static void main(String args[])
- {
-
- junit.textui.TestRunner.run(BcSignedDataTest.class);
- }
-
- public static Test suite()
- throws Exception
- {
- init();
-
- return new CMSTestSetup(new TestSuite(BcSignedDataTest.class));
- }
-
- private static void init()
- throws Exception
- {
- if (!_initialised)
- {
- _initialised = true;
-
- if (Security.getProvider(BC) == null)
- {
- Security.addProvider(new BouncyCastleProvider());
- }
-
- _origDN = "O=Bouncy Castle, C=AU";
- _origKP = CMSTestUtil.makeKeyPair();
- _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _origKP, _origDN);
-
- _signDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU";
- _signKP = CMSTestUtil.makeKeyPair();
- _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _origKP, _origDN);
-
- _signDsaKP = CMSTestUtil.makeDsaKeyPair();
- _signDsaCert = CMSTestUtil.makeCertificate(_signDsaKP, _signDN, _origKP, _origDN);
-
- _signEcDsaKP = CMSTestUtil.makeEcDsaKeyPair();
- _signEcDsaCert = CMSTestUtil.makeCertificate(_signEcDsaKP, _signDN, _origKP, _origDN);
-
- _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU";
- _reciKP = CMSTestUtil.makeKeyPair();
- _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN);
-
- _signCrl = CMSTestUtil.makeCrl(_signKP);
- }
- }
-
- private void verifyRSASignatures(CMSSignedData s, byte[] contentDigest)
- throws Exception
- {
- Store certStore = s.getCertificates();
- SignerInformationStore signers = s.getSignerInfos();
-
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certStore.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new BcRSASignerInfoVerifierBuilder(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), new DefaultDigestAlgorithmIdentifierFinder(), new BcDigestCalculatorProvider()).build(cert)));
-
- if (contentDigest != null)
- {
- assertTrue(MessageDigest.isEqual(contentDigest, signer.getContentDigest()));
- }
- }
- }
-
- private void verifySignatures(CMSSignedData s, byte[] contentDigest)
- throws Exception
- {
- Store certStore = s.getCertificates();
- Store crlStore = s.getCRLs();
- SignerInformationStore signers = s.getSignerInfos();
-
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certStore.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
-
- if (contentDigest != null)
- {
- assertTrue(MessageDigest.isEqual(contentDigest, signer.getContentDigest()));
- }
- }
-
- Collection certColl = certStore.getMatches(null);
- Collection crlColl = crlStore.getMatches(null);
-
- assertEquals(certColl.size(), s.getCertificates().getMatches(null).size());
- assertEquals(crlColl.size(), s.getCRLs().getMatches(null).size());
- }
-
- private void verifySignatures(CMSSignedData s)
- throws Exception
- {
- verifySignatures(s, null);
- }
-
- public void testDetachedVerification()
- throws Exception
- {
- byte[] data = "Hello World!".getBytes();
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray(data);
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- DigestCalculatorProvider digProvider = new JcaDigestCalculatorProviderBuilder().setProvider(BC).build();
- JcaSignerInfoGeneratorBuilder signerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(digProvider);
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
- ContentSigner md5Signer = new JcaContentSignerBuilder("MD5withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(signerInfoGeneratorBuilder.build(sha1Signer, _origCert));
- gen.addSignerInfoGenerator(signerInfoGeneratorBuilder.build(md5Signer, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData s = gen.generate(msg);
-
- MessageDigest sha1 = MessageDigest.getInstance("SHA1", BC);
- MessageDigest md5 = MessageDigest.getInstance("MD5", BC);
- Map hashes = new HashMap();
- byte[] sha1Hash = sha1.digest(data);
- byte[] md5Hash = md5.digest(data);
-
- hashes.put(CMSAlgorithm.SHA1, sha1Hash);
- hashes.put(CMSAlgorithm.MD5, md5Hash);
-
- s = new CMSSignedData(hashes, s.getEncoded());
-
- verifySignatures(s, null);
- }
-
- public void testDetachedVerificationWithBufferingContentSigner()
- throws Exception
- {
- byte[] data = "Hello World!".getBytes();
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray(data);
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- DigestCalculatorProvider digProvider = new JcaDigestCalculatorProviderBuilder().setProvider(BC).build();
- JcaSignerInfoGeneratorBuilder signerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(digProvider);
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
- ContentSigner md5Signer = new JcaContentSignerBuilder("MD5withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(signerInfoGeneratorBuilder.build(new BufferingContentSigner(sha1Signer), _origCert));
- gen.addSignerInfoGenerator(signerInfoGeneratorBuilder.build(new BufferingContentSigner(md5Signer), _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData s = gen.generate(msg);
-
- MessageDigest sha1 = MessageDigest.getInstance("SHA1", BC);
- MessageDigest md5 = MessageDigest.getInstance("MD5", BC);
- Map hashes = new HashMap();
- byte[] sha1Hash = sha1.digest(data);
- byte[] md5Hash = md5.digest(data);
-
- hashes.put(CMSAlgorithm.SHA1, sha1Hash);
- hashes.put(CMSAlgorithm.MD5, md5Hash);
-
- s = new CMSSignedData(hashes, s.getEncoded());
-
- verifySignatures(s, null);
- }
-
- public void testSHA1AndMD5WithRSAEncapsulatedRepeated()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().setProvider(BC).build();
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(digCalcProv).build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate()), _origCert));
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(digCalcProv).build(new JcaContentSignerBuilder("MD5withRSA").setProvider(BC).build(_origKP.getPrivate()), _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData s = gen.generate(msg, true);
-
- ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded());
- ASN1InputStream aIn = new ASN1InputStream(bIn);
-
- s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
-
- certs = s.getCertificates();
-
- SignerInformationStore signers = s.getSignerInfos();
-
- assertEquals(2, signers.size());
-
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
- SignerId sid = null;
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certs.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- sid = signer.getSID();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
-
- //
- // check content digest
- //
-
- byte[] contentDigest = (byte[])gen.getGeneratedDigests().get(signer.getDigestAlgOID());
-
- AttributeTable table = signer.getSignedAttributes();
- Attribute hash = table.get(CMSAttributes.messageDigest);
-
- assertTrue(MessageDigest.isEqual(contentDigest, ((ASN1OctetString)hash.getAttrValues().getObjectAt(0)).getOctets()));
- }
-
- c = signers.getSigners(sid);
-
- assertEquals(2, c.size());
-
-
- //
- // try using existing signer
- //
-
- gen = new CMSSignedDataGenerator();
-
- gen.addSigners(s.getSignerInfos());
-
- gen.addCertificates(s.getCertificates());
-
- s = gen.generate(msg, true);
-
- bIn = new ByteArrayInputStream(s.getEncoded());
- aIn = new ASN1InputStream(bIn);
-
- s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
-
- certs = s.getCertificates();
-
- signers = s.getSignerInfos();
- c = signers.getSigners();
- it = c.iterator();
-
- assertEquals(2, c.size());
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certs.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
- }
-
- checkSignerStoreReplacement(s, signers);
- }
-
- public void testSHA1WithRSANoAttributes()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello world!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- JcaSignerInfoGeneratorBuilder builder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build());
-
- builder.setDirectSignature(true);
-
- gen.addSignerInfoGenerator(builder.build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData s = gen.generate(msg, false);
-
- //
- // compute expected content digest
- //
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
-
- verifySignatures(s, md.digest("Hello world!".getBytes()));
- }
-
- public void testSHA1WithRSANoAttributesSimple()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello world!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- JcaSimpleSignerInfoGeneratorBuilder builder = new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BC).setDirectSignature(true);
-
- gen.addSignerInfoGenerator(builder.build("SHA1withRSA", _origKP.getPrivate(), _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData s = gen.generate(msg, false);
-
- //
- // compute expected content digest
- //
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
-
- verifySignatures(s, md.digest("Hello world!".getBytes()));
- }
-
- public void testSHA1WithRSAViaConfig()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello world!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- // set some bogus mappings.
- TestCMSSignatureAlgorithmNameGenerator sigAlgNameGen = new TestCMSSignatureAlgorithmNameGenerator();
-
- sigAlgNameGen.setEncryptionAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption, "XXXX");
- sigAlgNameGen.setDigestAlgorithmMapping(OIWObjectIdentifiers.idSHA1, "YYYY");
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData s;
-
- try
- {
- // try the bogus mappings
- s = gen.generate(msg, false);
- }
- catch (CMSException e)
- {
- if (!e.getMessage().startsWith("no such algorithm: YYYYwithXXXX"))
- {
- throw e;
- }
- }
- finally
- {
- // reset to the real ones
- sigAlgNameGen.setEncryptionAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption, "RSA");
- sigAlgNameGen.setDigestAlgorithmMapping(OIWObjectIdentifiers.idSHA1, "SHA1");
- }
-
- s = gen.generate(msg, false);
-
- //
- // compute expected content digest
- //
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
-
- verifySignatures(s, md.digest("Hello world!".getBytes()));
- }
-
- public void testSHA1WithRSAAndAttributeTableSimple()
- throws Exception
- {
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello world!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- Attribute attr = new Attribute(CMSAttributes.messageDigest,
- new DERSet(
- new DEROctetString(
- md.digest("Hello world!".getBytes()))));
-
- ASN1EncodableVector v = new ASN1EncodableVector();
-
- v.add(attr);
-
- SignerInfoGeneratorBuilder builder = new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider()).setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(new AttributeTable(v)));
-
- AlgorithmIdentifier sha1withRSA = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
- gen.addSignerInfoGenerator(builder.build(new BcRSAContentSignerBuilder(sha1withRSA, new DefaultDigestAlgorithmIdentifierFinder().find(sha1withRSA)).build(PrivateKeyFactory.createKey(_origKP.getPrivate().getEncoded())), new JcaX509CertificateHolder(_origCert)));
-
- gen.addCertificates(certs);
-
- CMSSignedData s = gen.generate(new CMSAbsentContent(), false);
-
- //
- // the signature is detached, so need to add msg before passing on
- //
- s = new CMSSignedData(msg, s.getEncoded());
- //
- // compute expected content digest
- //
-
- verifySignatures(s, md.digest("Hello world!".getBytes()));
- verifyRSASignatures(s, md.digest("Hello world!".getBytes()));
- }
-
- public void testSHA1WithRSAAndAttributeTable()
- throws Exception
- {
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello world!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- Attribute attr = new Attribute(CMSAttributes.messageDigest,
- new DERSet(
- new DEROctetString(
- md.digest("Hello world!".getBytes()))));
-
- ASN1EncodableVector v = new ASN1EncodableVector();
-
- v.add(attr);
-
- JcaSignerInfoGeneratorBuilder builder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build());
-
- builder.setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(new AttributeTable(v)));
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(builder.build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData s = gen.generate(new CMSAbsentContent(), false);
-
- //
- // the signature is detached, so need to add msg before passing on
- //
- s = new CMSSignedData(msg, s.getEncoded());
- //
- // compute expected content digest
- //
-
- verifySignatures(s, md.digest("Hello world!".getBytes()));
- verifyRSASignatures(s, md.digest("Hello world!".getBytes()));
- }
-
- public void testLwSHA1WithRSAAndAttributeTable()
- throws Exception
- {
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello world!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- Attribute attr = new Attribute(CMSAttributes.messageDigest,
- new DERSet(
- new DEROctetString(
- md.digest("Hello world!".getBytes()))));
-
- ASN1EncodableVector v = new ASN1EncodableVector();
-
- v.add(attr);
-
- AsymmetricKeyParameter privKey = PrivateKeyFactory.createKey(_origKP.getPrivate().getEncoded());
-
- AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
- AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
-
- BcContentSignerBuilder contentSignerBuilder = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);
-
- gen.addSignerInfoGenerator(
- new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider())
- .setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(new AttributeTable(v)))
- .build(contentSignerBuilder.build(privKey), new JcaX509CertificateHolder(_origCert)));
-
- gen.addCertificates(certs);
-
- CMSSignedData s = gen.generate(new CMSAbsentContent(), false);
-
- //
- // the signature is detached, so need to add msg before passing on
- //
- s = new CMSSignedData(msg, s.getEncoded());
- //
- // compute expected content digest
- //
-
- verifySignatures(s, md.digest("Hello world!".getBytes()));
- verifyRSASignatures(s, md.digest("Hello world!".getBytes()));
- }
-
- public void testSHA1WithRSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signKP, _signCert, "SHA1withRSA");
- }
-
- public void testSHA1WithRSAEncapsulatedSubjectKeyID()
- throws Exception
- {
- subjectKeyIDTest(_signKP, _signCert, "SHA1withRSA");
- }
-
- public void testSHA1WithRSAPSS()
- throws Exception
- {
- rsaPSSTest("SHA1withRSAandMGF1");
- }
-
- public void testSHA224WithRSAPSS()
- throws Exception
- {
- rsaPSSTest("SHA224withRSAandMGF1");
- }
-
- public void testSHA256WithRSAPSS()
- throws Exception
- {
- rsaPSSTest("SHA256withRSAandMGF1");
- }
-
- public void testSHA384WithRSAPSS()
- throws Exception
- {
- rsaPSSTest("SHA384withRSAandMGF1");
- }
-
- public void testSHA224WithRSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signKP, _signCert, "SHA224withRSA");
- }
-
- public void testSHA256WithRSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signKP, _signCert, "SHA256withRSA");
- }
-
- public void testRIPEMD128WithRSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signKP, _signCert, "RIPEMD128withRSA");
- }
-
- public void testRIPEMD160WithRSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signKP, _signCert, "RIPEMD160withRSA");
- }
-
- public void testRIPEMD256WithRSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signKP, _signCert, "RIPEMD256withRSA");
- }
-
- public void testECDSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signEcDsaKP, _signEcDsaCert, "SHA1withECDSA");
- }
-
- public void testECDSAEncapsulatedSubjectKeyID()
- throws Exception
- {
- subjectKeyIDTest(_signEcDsaKP, _signEcDsaCert, "SHA1withECDSA");
- }
-
- public void testECDSASHA224Encapsulated()
- throws Exception
- {
- encapsulatedTest(_signEcDsaKP, _signEcDsaCert, "SHA224withECDSA");
- }
-
- public void testECDSASHA256Encapsulated()
- throws Exception
- {
- encapsulatedTest(_signEcDsaKP, _signEcDsaCert, "SHA256withECDSA");
- }
-
- public void testECDSASHA384Encapsulated()
- throws Exception
- {
- encapsulatedTest(_signEcDsaKP, _signEcDsaCert, "SHA384withECDSA");
- }
-
- public void testECDSASHA512Encapsulated()
- throws Exception
- {
- encapsulatedTest(_signEcDsaKP, _signEcDsaCert, "SHA512withECDSA");
- }
-
- public void testECDSASHA512EncapsulatedWithKeyFactoryAsEC()
- throws Exception
- {
- X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(_signEcDsaKP.getPublic().getEncoded());
- PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(_signEcDsaKP.getPrivate().getEncoded());
- KeyFactory keyFact = KeyFactory.getInstance("EC", BC);
- KeyPair kp = new KeyPair(keyFact.generatePublic(pubSpec), keyFact.generatePrivate(privSpec));
-
- encapsulatedTest(kp, _signEcDsaCert, "SHA512withECDSA");
- }
-
- public void testDSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signDsaKP, _signDsaCert, "SHA1withDSA");
- }
-
- public void testDSAEncapsulatedSubjectKeyID()
- throws Exception
- {
- subjectKeyIDTest(_signDsaKP, _signDsaCert, "SHA1withDSA");
- }
-
- public void testSHA1WithRSACounterSignature()
- throws Exception
- {
- List certList = new ArrayList();
- List crlList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
- certList.add(_signCert);
- certList.add(_origCert);
-
- crlList.add(_signCrl);
-
- Store certStore = new JcaCertStore(certList);
- Store crlStore = new JcaCRLStore(crlList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_signKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _signCert));
-
- gen.addCertificates(certStore);
- gen.addCRLs(crlStore);
-
- CMSSignedData s = gen.generate(msg, true);
- SignerInformation origSigner = (SignerInformation)s.getSignerInfos().getSigners().toArray()[0];
- SignerInformationStore counterSigners1 = gen.generateCounterSigners(origSigner);
- SignerInformationStore counterSigners2 = gen.generateCounterSigners(origSigner);
-
- SignerInformation signer1 = SignerInformation.addCounterSigners(origSigner, counterSigners1);
- SignerInformation signer2 = SignerInformation.addCounterSigners(signer1, counterSigners2);
-
- SignerInformationStore cs = signer2.getCounterSignatures();
- Collection csSigners = cs.getSigners();
- assertEquals(2, csSigners.size());
-
- Iterator it = csSigners.iterator();
- while (it.hasNext())
- {
- SignerInformation cSigner = (SignerInformation)it.next();
- Collection certCollection = certStore.getMatches(cSigner.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertTrue(cSigner.isCounterSignature());
- assertNull(cSigner.getSignedAttributes().get(PKCSObjectIdentifiers.pkcs_9_at_contentType));
- assertEquals(true, cSigner.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
- }
- }
-
- private void rsaPSSTest(String signatureAlgorithmName)
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello world!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithmName).setProvider(BC).build(_origKP.getPrivate());
-
- JcaSignerInfoGeneratorBuilder siBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build());
-
- siBuilder.setDirectSignature(true);
-
- gen.addSignerInfoGenerator(siBuilder.build(contentSigner, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData s = gen.generate(msg, false);
-
- //
- // compute expected content digest
- //
- String digestName = signatureAlgorithmName.substring(0, signatureAlgorithmName.indexOf('w'));
- MessageDigest md = MessageDigest.getInstance(digestName, BC);
-
- verifySignatures(s, md.digest("Hello world!".getBytes()));
- }
-
- private void subjectKeyIDTest(
- KeyPair signaturePair,
- X509Certificate signatureCert,
- String signatureAlgorithm)
- throws Exception
- {
- List certList = new ArrayList();
- List crlList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
- certList.add(signatureCert);
- certList.add(_origCert);
-
- crlList.add(_signCrl);
-
- Store certStore = new JcaCertStore(certList);
- Store crlStore = new JcaCRLStore(crlList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).setProvider(BC).build(signaturePair.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(contentSigner, CMSTestUtil.createSubjectKeyId(signatureCert.getPublicKey()).getKeyIdentifier()));
-
- gen.addCertificates(certStore);
- gen.addCRLs(crlStore);
-
- CMSSignedData s = gen.generate(msg, true);
-
- assertEquals(3, s.getVersion());
-
- ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded());
- ASN1InputStream aIn = new ASN1InputStream(bIn);
-
- s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
-
- certStore = s.getCertificates();
-
- SignerInformationStore signers = s.getSignerInfos();
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certStore.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
- }
-
- //
- // check for CRLs
- //
- Collection crls = crlStore.getMatches(null);
-
- assertEquals(1, crls.size());
-
- assertTrue(crls.contains(new JcaX509CRLHolder(_signCrl)));
-
- //
- // try using existing signer
- //
-
- gen = new CMSSignedDataGenerator();
-
- gen.addSigners(s.getSignerInfos());
-
- gen.addCertificates(s.getCertificates());
-
- s = gen.generate(msg, true);
-
- bIn = new ByteArrayInputStream(s.getEncoded());
- aIn = new ASN1InputStream(bIn);
-
- s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
-
- certStore = s.getCertificates();
-
- signers = s.getSignerInfos();
- c = signers.getSigners();
- it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certStore.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
- }
-
- checkSignerStoreReplacement(s, signers);
- }
-
- private void encapsulatedTest(
- KeyPair signaturePair,
- X509Certificate signatureCert,
- String signatureAlgorithm)
- throws Exception
- {
- ConfigurableProvider provider = (ConfigurableProvider)Security.getProvider(BC);
-
- if (!provider.hasAlgorithm("Signature", signatureAlgorithm))
- {
- return;
- }
-
- List certList = new ArrayList();
- List crlList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
- certList.add(signatureCert);
- certList.add(_origCert);
-
- crlList.add(_signCrl);
-
- Store certs = new JcaCertStore(certList);
- Store crlStore = new JcaCRLStore(crlList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).setProvider(BC).build(signaturePair.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(contentSigner, signatureCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData s = gen.generate(msg, true);
-
- ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded());
- ASN1InputStream aIn = new ASN1InputStream(bIn);
-
- s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
-
- certs = s.getCertificates();
-
- SignerInformationStore signers = s.getSignerInfos();
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certs.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
- }
-
- //
- // check for CRLs
- //
- Collection crls = crlStore.getMatches(null);
-
- assertEquals(1, crls.size());
-
- assertTrue(crls.contains(new JcaX509CRLHolder(_signCrl)));
-
- //
- // try using existing signer
- //
-
- gen = new CMSSignedDataGenerator();
-
- gen.addSigners(s.getSignerInfos());
-
- gen.addCertificates(s.getCertificates());
-
- s = gen.generate(msg, true);
-
- bIn = new ByteArrayInputStream(s.getEncoded());
- aIn = new ASN1InputStream(bIn);
-
- s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
-
- certs = s.getCertificates();
-
- signers = s.getSignerInfos();
- c = signers.getSigners();
- it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certs.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
- }
-
- checkSignerStoreReplacement(s, signers);
- }
-
- //
- // signerInformation store replacement test.
- //
- private void checkSignerStoreReplacement(
- CMSSignedData orig,
- SignerInformationStore signers)
- throws Exception
- {
- CMSSignedData s = CMSSignedData.replaceSigners(orig, signers);
-
- Store certs = s.getCertificates();
-
- signers = s.getSignerInfos();
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certs.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
- }
- }
-
- public void testUnsortedAttributes()
- throws Exception
- {
- CMSSignedData s = new CMSSignedData(new CMSProcessableByteArray(disorderedMessage), disorderedSet);
-
- Store certs = s.getCertificates();
-
- SignerInformationStore signers = s.getSignerInfos();
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certs.getMatches(signer.getSID());
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
- }
- }
-
- public void testNullContentWithSigner()
- throws Exception
- {
- List certList = new ArrayList();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData s = gen.generate(new CMSAbsentContent(), false);
-
- ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded());
- ASN1InputStream aIn = new ASN1InputStream(bIn);
-
- s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
-
- verifySignatures(s);
- }
-
- public void testWithAttributeCertificate()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
-
- certList.add(_signDsaCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- JcaSignerInfoGeneratorBuilder builder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build());
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(builder.build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- X509AttributeCertificateHolder attrCert = new X509AttributeCertificateHolder(CMSTestUtil.getAttributeCertificate().getEncoded());
- List attrList = new ArrayList();
-
- attrList.add(new X509AttributeCertificateHolder(attrCert.getEncoded()));
-
- Store store = new CollectionStore(attrList);
-
- gen.addAttributeCertificates(store);
-
- CMSSignedData sd = gen.generate(msg);
-
- assertEquals(4, sd.getVersion());
-
- store = sd.getAttributeCertificates();
-
- Collection coll = store.getMatches(null);
-
- assertEquals(1, coll.size());
-
- assertTrue(coll.contains(new X509AttributeCertificateHolder(attrCert.getEncoded())));
-
- //
- // create new certstore
- //
- certList = new ArrayList();
- certList.add(_origCert);
- certList.add(_signCert);
-
- certs = new JcaCertStore(certList);
-
-
- //
- // replace certs
- //
- sd = CMSSignedData.replaceCertificatesAndCRLs(sd, certs, null, null);
-
- verifySignatures(sd);
- }
-
- public void testCertStoreReplacement()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
-
- certList.add(_signDsaCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData sd = gen.generate(msg);
-
- //
- // create new certstore
- //
- certList = new ArrayList();
- certList.add(_origCert);
- certList.add(_signCert);
-
- certs = new JcaCertStore(certList);
-
- //
- // replace certs
- //
- sd = CMSSignedData.replaceCertificatesAndCRLs(sd, certs, null, null);
-
- verifySignatures(sd);
- }
-
- public void testEncapsulatedCertStoreReplacement()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
-
- certList.add(_signDsaCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData sd = gen.generate(msg, true);
-
- //
- // create new certstore
- //
- certList = new ArrayList();
- certList.add(_origCert);
- certList.add(_signCert);
-
- certs = new JcaCertStore(certList);
-
-
- //
- // replace certs
- //
- sd = CMSSignedData.replaceCertificatesAndCRLs(sd, certs, null, null);
-
- verifySignatures(sd);
- }
-
- public void testCertOrdering1()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
- certList.add(_signDsaCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData sd = gen.generate(msg, true);
-
- certs = sd.getCertificates();
- Iterator it = certs.getMatches(null).iterator();
-
- assertEquals(new JcaX509CertificateHolder(_origCert), it.next());
- assertEquals(new JcaX509CertificateHolder(_signCert), it.next());
- assertEquals(new JcaX509CertificateHolder(_signDsaCert), it.next());
- }
-
- public void testCertOrdering2()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
- certList.add(_signCert);
- certList.add(_signDsaCert);
- certList.add(_origCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData sd = gen.generate(msg, true);
-
- certs = sd.getCertificates();
- Iterator it = certs.getMatches(null).iterator();
-
- assertEquals(new JcaX509CertificateHolder(_signCert), it.next());
- assertEquals(new JcaX509CertificateHolder(_signDsaCert), it.next());
- assertEquals(new JcaX509CertificateHolder(_origCert), it.next());
- }
-
- public void testSignerStoreReplacement()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData original = gen.generate(msg, true);
-
- //
- // create new Signer
- //
- gen = new CMSSignedDataGenerator();
-
- ContentSigner sha224Signer = new JcaContentSignerBuilder("SHA224withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha224Signer, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData newSD = gen.generate(msg, true);
-
- //
- // replace signer
- //
- CMSSignedData sd = CMSSignedData.replaceSigners(original, newSD.getSignerInfos());
-
- SignerInformation signer = (SignerInformation)sd.getSignerInfos().getSigners().iterator().next();
-
- assertEquals(CMSAlgorithm.SHA224.getId(), signer.getDigestAlgOID());
-
- // we use a parser here as it requires the digests to be correct in the digest set, if it
- // isn't we'll get a NullPointerException
- CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), sd.getEncoded());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
- }
-
- public void testEncapsulatedSamples()
- throws Exception
- {
- testSample("PSSSignDataSHA1Enc.sig");
- testSample("PSSSignDataSHA256Enc.sig");
- testSample("PSSSignDataSHA512Enc.sig");
- }
-
- public void testSamples()
- throws Exception
- {
- testSample("PSSSignData.data", "PSSSignDataSHA1.sig");
- testSample("PSSSignData.data", "PSSSignDataSHA256.sig");
- testSample("PSSSignData.data", "PSSSignDataSHA512.sig");
- }
-
- public void testCounterSig()
- throws Exception
- {
- CMSSignedData sig = new CMSSignedData(getInput("counterSig.p7m"));
-
- SignerInformationStore ss = sig.getSignerInfos();
- Collection signers = ss.getSigners();
-
- SignerInformationStore cs = ((SignerInformation)signers.iterator().next()).getCounterSignatures();
- Collection csSigners = cs.getSigners();
- assertEquals(1, csSigners.size());
-
- Iterator it = csSigners.iterator();
- while (it.hasNext())
- {
- SignerInformation cSigner = (SignerInformation)it.next();
- Collection certCollection = sig.getCertificates().getMatches(cSigner.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertTrue(cSigner.isCounterSignature());
- assertNull(cSigner.getSignedAttributes().get(PKCSObjectIdentifiers.pkcs_9_at_contentType));
- assertEquals(true, cSigner.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
- }
-
- verifySignatures(sig);
- }
-
- private void testSample(String sigName)
- throws Exception
- {
- CMSSignedData sig = new CMSSignedData(getInput(sigName));
-
- verifySignatures(sig);
- }
-
- private void testSample(String messageName, String sigName)
- throws Exception
- {
- CMSSignedData sig = new CMSSignedData(new CMSProcessableByteArray(getInput(messageName)), getInput(sigName));
-
- verifySignatures(sig);
- }
-
- private byte[] getInput(String name)
- throws IOException
- {
- return Streams.readAll(getClass().getResourceAsStream(name));
- }
-
- public void testForMultipleCounterSignatures()
- throws Exception
- {
- CMSSignedData sd = new CMSSignedData(xtraCounterSig);
-
- for (Iterator sI = sd.getSignerInfos().getSigners().iterator(); sI.hasNext();)
- {
- SignerInformation sigI = (SignerInformation)sI.next();
-
- SignerInformationStore counter = sigI.getCounterSignatures();
- List sigs = new ArrayList(counter.getSigners());
-
- assertEquals(2, sigs.size());
- }
- }
-
- private void verifySignatures(CMSSignedDataParser sp)
- throws Exception
- {
- Store certs = sp.getCertificates();
- SignerInformationStore signers = sp.getSignerInfos();
-
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certs.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
- }
- }
-
- private class TestCMSSignatureAlgorithmNameGenerator
- extends DefaultCMSSignatureAlgorithmNameGenerator
- {
- void setDigestAlgorithmMapping(ASN1ObjectIdentifier oid, String algName)
- {
- super.setSigningDigestAlgorithmMapping(oid, algName);
- }
-
- void setEncryptionAlgorithmMapping(ASN1ObjectIdentifier oid, String algName)
- {
- super.setSigningEncryptionAlgorithmMapping(oid, algName);
- }
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/CMSSampleMessages.java b/pkix/src/test/java/org/bouncycastle/cms/test/CMSSampleMessages.java
deleted file mode 100644
index 20ae6ca5..00000000
--- a/pkix/src/test/java/org/bouncycastle/cms/test/CMSSampleMessages.java
+++ /dev/null
@@ -1,147 +0,0 @@
-package org.bouncycastle.cms.test;
-
-import org.bouncycastle.util.encoders.Base64;
-
-public class CMSSampleMessages
-{
- static byte[] originatorMessage = Base64.decode(
- "MIIYGgYJKoZIhvcNAQcDoIIYCzCCGAcCAQKgggRJoIIERTCCBEEwggIpAgkA"
- + "xS/+IvjTL8YwDQYJKoZIhvcNAQEFBQAwaTELMAkGA1UEBhMCVVMxGDAWBgNV"
- + "BAoTD1UuUy4gR292ZXJubWVudDESMBAGA1UECxMJSFNQRDEyTGFiMQ8wDQYD"
- + "VQQLEwZBZ2VudHMxGzAZBgNVBAMTEkhTUEQxMiBMYWIgQ0EgUm9vdDAeFw0w"
- + "NzA1MTQxNzEzMzRaFw0wODA1MTMxNzEzMzRaMFwxCzAJBgNVBAYTAlVTMRgw"
- + "FgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxEjAQBgNVBAsTCUhTUEQxMkxhYjEP"
- + "MA0GA1UECxMGQWdlbnRzMQ4wDAYDVQQDEwV1c2VyMTCCASIwDQYJKoZIhvcN"
- + "AQEBBQADggEPADCCAQoCggEBALC54HvfpSE3yq/EkpNCkUEV6a6Df3q4k8EM"
- + "dlg0nQSf2FgYh1GMiztw8SVjrF80l4+Hg5/FW2XN2kpVQBap/H5ziPYXenbi"
- + "VLJHCF9LVyYDOS7xGfRtQ+ZhFUcECtaCLJsR7HIiFyKZWGg0c3bFZvFkdZqT"
- + "8MMwjhcIVE1BptMqcGriqqMQAUKYmOguAOzMCTGAOxqBXYFmR68WtggVNMMc"
- + "5qU6S/4OxeCmaNSPG5p7pA1o4Cnv4aJF1mAPedVPQpAS4Lu2K9nNhRkug0yd"
- + "6nPaxgQudk5YxlreNOPKiAHApk9RhGVepGchJCFP2aIPu9tkIiSe3omezSZu"
- + "Sy/3F5UCAwEAATANBgkqhkiG9w0BAQUFAAOCAgEAGDxqVI4aR4XNfbk2MtXF"
- + "agNYZOswn85X84um9gG323qjYhroW0QDuy3CwtUwhH866mpnJyhJvKx3b8UE"
- + "7pZInoNEz1UVn+wgJVXMmaG5mfp3X6z0xDAEaKmDMJXl66wlFGG1iveGgcEi"
- + "oMkrxFJKvu/FXywzPvz2pXD9LQapogOQpVsvg/hed//wijDG94UBkhbHTZ53"
- + "6ODKuHGmooO6bgqJxKcVyLwQAq/lXGtLqODK9BDicfUzuhLWA0si7Y1daehj"
- + "fjgAqFGirqRtPDdk1jywoMJdDCQqocNqNGuu/+9ZoRNtY7XFbiN7h4s4KTkw"
- + "YqCph8g+RZYJVZJDw/+qc5ymYZiufbImA08D7x7IzqX9eeuAqKCebkxcK0Dz"
- + "eh/wT7Ff8csw0xqkkEbi5sTORogPexKGo9T1P4j/UbOyCHaIwFQVE67kYJqZ"
- + "U3BB7mGNE/dKru7jC7Aadorpj7P/EQ8sfoq5wC9r3wfFB1f5znN9ZfXd3zSU"
- + "Gxne2PGl3Ry4DhrhWGy/HqB+StPSkLPJL1RNtKkywtaJG1QBnrMnLNsV7T0R"
- + "mIDn69NkDkc59LAuB7yxwBmhYA7c7cHckdX3bE7zgN6yYdiyLyXr+ZQl+3J8"
- + "bBPN/IVSs5Wr1kK9RDrFX8MdP95LZxHlgMATwAqoEPe5r2tvvGBoajoIA2Tw"
- + "71QxggGSMIIBjgIBADB2MGkxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMu"
- + "IEdvdmVybm1lbnQxEjAQBgNVBAsTCUhTUEQxMkxhYjEPMA0GA1UECxMGQWdl"
- + "bnRzMRswGQYDVQQDExJIU1BEMTIgTGFiIENBIFJvb3QCCQDFL/4i+NMvyTAN"
- + "BgkqhkiG9w0BAQEFAASCAQCGpoi8DBLf6I2fwqVp9MPA5M0QNRnC34AMoc7N"
- + "/JGKM5dWcGNpN83yL9QmOfjgyxzwJ3L3e3hYdoXp9MNelzG5ssyyKw4NxRgM"
- + "C1aRPWx1R1aKee/NAgvBjN3FyDN3Pl4ACz2EMrDMmilR0zmSJkDBVbGjxNzs"
- + "ZPxtsBlHeLRky/K/ZrTy5jIheFcKt/0dNJiMsFh+677OlRhDihdLzYeV4RK1"
- + "5Iy1j18ls5rJMYh1fmZOx9T6wvlpw84IjFHzUcIxIBg8t1cUkncXbg1r+rxm"
- + "zIaalAKdYp58oMpjy9wV6E1mxgAM/lvE/jwiYP4/a6TsXTLDPNIxe9RZVdhA"
- + "GCPvMIISHQYJKoZIhvcNAQcBMBQGCCqGSIb3DQMHBAgQBLQIaeQQMYCCEfgv"
- + "FBzVKLnlRNCjs2JE/G8jBI8aduv6YQTYTt0ePh9JEHTmSi7ISbCDdAf5baKN"
- + "mzVGQJj87Srz3YyEmUcozxscWnWgVWpUbx0GJkjz6LqyGLQ3VnqUDG80xnXo"
- + "nQY5q4ko6avyMIDZ+zzI2fs9ChAlBjZ41Qb0FnwDPZBH3N43q+puVWesE4wj"
- + "LGftt63T4k2D/qMdg7fVfHkAsXPJIxkvR4vUrGEvxTl9e24146wYgCXe+66T"
- + "UcAMViNCMr8UiFQFQYSmuPcSTHgQHqEaBwYys6X+fe61yE16mUazs32yVH2v"
- + "Cyf1mG4/GAaSmqR/BIU7y7trGd+g/KaT1Kp76e+Rys9G/oakoeIH3Hkgdhmc"
- + "pFBPklIlgA57EocK5n84tFRv9n9cmsbOfy0EjEa6vU4ImMPZQS4iyhLCWD1u"
- + "tQziu5FyHSb9COveUPuGY2iTrOWG34rHIagNndXi1OuAIGQrLjbntHmogqxb"
- + "zkB+yojr+WBwY1efb8X+WQ2L+us9v31qNGA0wyfg4AC5FZur90rBxBq59UPz"
- + "JAVRD6NP5FRPdxuvHclDoGBoiMr9NXO3Uv0tJuYADHlWMQnUGoPEL7UxzuPJ"
- + "VAWuHpGiywzOcWMiFEiDSIZrv4RViIVIRhEtm2bO7Ta/AGTfvJcyb6ySexc1"
- + "aR5TWYOjqv1NaGAVQ1vPyqazH+g17y5wnBRj2c3nSMwksn/nC60e4ax+/yaE"
- + "Ls9Qou9a0L2IyQgDlvhBA4CcRGcHklhlzAovGBX2gWG31CK05doZhH7bRIrj"
- + "8h1XOF2izffrfWb6LcDcZptw5BQWT5XeyoKD4eNZfJ4ww+dMw4+0MkXPZEn6"
- + "Fqg+jam9ZioqXiw5Y6bdzxawefe6gvxeca3f53KDXEm4qFaVuDgyjNZhEmyB"
- + "gmsWRKokQ5DDlj1PfVlO4g2Uee4zbvmr7Yx6tGnnxm6o5i/COwvvRSXp8Oj7"
- + "Zej0ZA+1zenNRAGXwuTKrbQ9ZZYRi4LCXluuVmy8vocGm8bnuqulMyz5hsUi"
- + "QMAl1knunhaT+/kQOLRwEdJUgfq8ME14XsTNiVq26W8n+9AsYHoFzJhFoCfe"
- + "i2wngAs1MMnw1erfnhWibkFZDlG9/5OPBZ3ZzJfgMEdT5Fs+hJxrw7UqNMkb"
- + "EoH+3HpzEXfcGqCL6RfdbS0hu85v1CrZv0veK8qI+rQnoqXp+xmBRiSCyWNR"
- + "ITepXcJsi6vWYX0nvNNbBjTsFqi78BSVRpg/zOFRvw1gX1TtTXQLcEdalKgf"
- + "tEo+An3f3GugB3CFw38IM4JwCB06vXTRQAoK4PM4uNYVXEgSPq4vg9UuHZ3n"
- + "V5l96emGLK55N5FO6FvlHFft/7elEFglbnSzSQnzVyj36Z6P7x/Q3td5SY4J"
- + "VAJWvR/X4Fe2G6ebIZdNSJef9UyuNPee0Fi1iJUL8L4qO61ijkjYdE3bBcGm"
- + "61eWj8NgxtELVgRyXq1vNgMOFlVAwkf2ZNDgNRUM49UnIFTNKnTaeAVB9pW2"
- + "DGrZER8LA8ABctAdElECceoMVRUG1uFdAicrEbBHcWJkTdjBPjumE4bE6HUm"
- + "vbpNBC4wyoPS6CSvNut/re7I4wgZwho6C6GRUuwraxJZlS+jwEvC+F4Bzlf5"
- + "aPygECgVaNmSGP1E/vyN2aF8CLo4NL/5o9GG8DWg9O5GdNSislr4r6ciEjCr"
- + "0a6rk47QDn4rDQy8iu/YkZz9u8/GJCAinWQzAvV8byhZxc81CfKj9xYTclDX"
- + "AB75blJvUQIP4U7gpWxLB/1sdN2V5f9jw+xTLSpoJ7r/tIeBygF6rFe402Sd"
- + "840SLi8ZSufAVeHUoNNDYkA/c1b6k5FaxDtN22tYQi4y3Hs7k03mGhvvLC0l"
- + "05fMmvtasFaW5Bupqw8E2a7wHSLmRAXrPvnrblSL/wajptKPJWDJ+oH/9d9k"
- + "NkC4EFBpcMEfIDky4PoCtfKQBFa5LT1WDQGfcCnrC9SDfUfhfRLBOpoFmUaT"
- + "O0xc0vI/jmDRsoBy9d42ebyGMg5uD6tTOIvszEirpMy5SYPPa64zhHcN+Pzs"
- + "db+J6fthc3aVIoob9jdv/aRUH3gDwltSnaLUIc7CWcuHSCGyM/zQPiAzkw0z"
- + "x6ii5fdKXsmnQn88E+YqiJTPH0fG+kkhokAGU76bQMn7fJyBeVHhF2hqSr/0"
- + "4zCIjgq1Zb+d9sEuRZWF+/XsGl2gwk4vgHTwM+XfU7edQssUR6kyD6wkw7EU"
- + "6HaRrflymAHTEvdAB+PaREQbyej7/2lY41qmA9df2I5Izb60NxmMFj9F4M4V"
- + "bLJOVNX5fuc8vaIhPG82hIiqe05cnBfRhtmcUUb1WDHVH3klRkti+fHrnbAW"
- + "TpWd5m6Wi3VssopaUozWgYVgW9M+Zr5ZUAN9H0Kb4CatxG5YFkD0MCZShGl/"
- + "lSc1SUxho6YakBB+5HxCI853/sQ3RMgSrMk+8ftalM2+BrT+V9wMK2O+wM5W"
- + "ujrAcM85sQ4OqSZfJ7MmKT8+pcIsRRocmlM/cxUf5hKXfXrmCR5mkf9jxF8B"
- + "J1JOwhkD8zQP7sPUcOWEcT8ctOKPygtz6tWWQDW8ciiYULYyJA6ydGrrn6T+"
- + "fQj8M2VsM1y4YK9dMfJUeaiP+m4BeoOjs0vqz6pBI6J3lrNz31DaNO6SApUL"
- + "4cOx8EZMg498TG0zmQ87yVw4mGmL3JpWBZH89HiNEY5eJ0zEIS3lMaOADRMf"
- + "kX8B5YHadeTuAEjXsGtFIlSf1xo45kwCxIfUcikdfu2rb+Bh251Im0oq/XTj"
- + "XPeviXasfas6VsMHsmTrqynFdP8THnrmHLCoeAMvgpjirXfIdR7tULJcFJtr"
- + "0lZLZfdZgbTsbn9GMQKwMkAAjJLfJq42usvzf4ShC7IRtvOEVAMrebaaK1YF"
- + "rtV5z1WNo3VRFonakKj85nXLOAdCNe6T3zESebexJKFn8e/6+shp9IDIRmWr"
- + "hiWut6KPFiSgAgfqpeIt9fuHiYeIK8DqISA7QUdAZrgPe8GlctvKkQLvjNW0"
- + "srglx9CQuDqZC6C1BLaIs3sE//yLvEd06vDFjDa0WGKWjM/Uo29af/tlL1kC"
- + "vDQtDPi8OPIebK8OwI2uNDZ+cnHhv3gZXCdbKkRZc1W+mrU7rUk1Fa0ViVmc"
- + "zhVGX22fDXbIrs9zJ+sA+3Towrx2XmMZ+PDkVBxHFE2bk+GABM62BW9YZoX4"
- + "R4U+n7E8Ec0sI8srcxEZYX8LWHh1XSU0yEHYjkIWDQUUSGpsbgqnjXJcnTdk"
- + "KK5PLk4sthLYwT4o1Gg4lRpc4dn26bIQcpGdY5PEknItDt6IBSc6bYYYoQrl"
- + "PIufY67haoc//d5y1LpCi5vc0wTcvbdoVepLrxVAn4MPsejbfIFJ01N0qKgv"
- + "fGWVxmRGtGXHe3iNLsMrvSE2FkORSc4sgjC42hfxHTEVmhTnzOplxTsN/MzE"
- + "S7ESv/c0rIen+zwXgtiFnTg1VPHcaT4z0DtLBMNjqYNoyDrIHUrWguFeV7/i"
- + "RSP7SiztMmlfKhrxlQpaNNm/XvKa1OpKbVStHMgOdpMaaCp8WaX++wb9lG6V"
- + "3PqBeVSCuFm1xq6KAERLUdF4XsdXNM/uUhYZX7cGIqRS3vSDJB1EfrZTpUY5"
- + "xGllybE/P2gufnG5EMpC2FHx4iW4pWMkYhIpzKv1Tkxe3K6ISs4wEs4n/AtL"
- + "hupMGZE9hDJ0LV0nRvRbY8YCRXoBaj6/qF1QED7CG4hx16yrkLAR7Th5rbH7"
- + "GFEzNSq1HI0IssDIimD2ZN9Cf++uH6ZpP2JZeJ/gEqGi17ovtnuklx6dtu0l"
- + "KL0pQjCyAoQFEFSaVJ1m4oOQJyb58lsG4gOPaPvOw1ruiJ2obt4228VR1pA8"
- + "Vm9A41E4pk/vA+VFJ/tSmkB5s2gmBBVcA8mU8iIyzMmliTNHeg53EYAytF5M"
- + "X2rA7Ct8ApqbrYSSBTUPC+MEBV7UajamWB6UaSUj575MhEnzm0xl/lFqU6ZF"
- + "6w0rdey/KvTiotErOS1q8RcY2dcs9Mz8Dm/8IMBcGfny0i/KLtz0OUOLFg3P"
- + "/VrPBt7f+YfDqLVc8AujhrxAH/hwYauJ+Q6HSVTSJI7aXB9xtdsijzMZCmnE"
- + "1oKRBkACSWD9BGvS3hpv/VqaHWU4B2dnv2oyrIkdkgQu2OtlFxpcOkqwexIj"
- + "ssxxOCmT6dpB8JNehjLDU8WXhtFJVFuR84V7KlyeG/s8TaZgCW6uLLVmpteE"
- + "J15bnM9jRTW/FZiHwsjy9kVbvaAT+bbIjn5u7qdGsgAQHdeKy191ONvHIttZ"
- + "l/qnvrygLImaTOcuMMzU/0ECNlk0QiU0YbfS/RGH2LtRzk8x3FLFVXRiNtrD"
- + "uJuwzlP4RufuoZfJsi0rFOuxNFQ/cZEq1q7TCzqP+saRoSLFK1iRE/Ei06pS"
- + "JH+cwHMxk3u7k4+HxF72uK9XHIgY6G6WfZTklH2w2VrsLLZLmJ9SO6Zpyt48"
- + "KcwvEcxYoZxp1gfPYDCMHeb7oi/gRj9FjnBaNf2dW3a1RqVo5y0QeSfSH4k8"
- + "YWX6k+Yh803ZmoIb//TEbfkbXe8XOIffbMSUuIozCQY/Rt9wAHesMWfgTuB5"
- + "LSoa8R+mR5lIS/P1ANHdgNrh+XRFrNFeD0dCw6bdYWUXMVaZbCE8Z8pXQ0LO"
- + "ItiPuI+w/izD/lXdKXWJJmN/bq2RJRo4WFEDe6sJH9G2Poe/T4xwTm4kX2uA"
- + "IZkYy7bZcez8a0bFJzcsJxUbBPRq93J0fXzpvQsszbVZh94VSc9nkH4FnAxT"
- + "Kk2bLcsXANJlw3cFO9jOygrXh6R2fyHX0E8WExb2Q7lG68wU1BJVupT8rZ0Y"
- + "oRY6WBYG0LuZb+4VAQuI0/Are3BznsgkqudCjf+JUhu1Yefh2hblWuMPNEWb"
- + "mOorerNiIzkrt5tjXyBj0g8w/pL//BIlkW5JerMtKTPMfZSroHw9wuAuqHqF"
- + "2sMjsW/Lbr5b8SIdIgo3vrS6EM9MGkATfSZz4z+ZWG3EB6QqcMXCZ4N2/WWl"
- + "EPKsIqY/509NZRzqOavcMXkOryRJ7GQpmotNbbalI6r6swRoEQ2IzK5XPCC1"
- + "iv52YpcRaV9BDpNNByk4l3ddOiEc4dsOkHjaLNvj6Vo1pG/C1Z8VXRRY909D"
- + "nH2+PfUL684WZ6kIPeLfqr7N3ZbNxZAVozVG+WXwBlLFT7L+axeGHOhHdH/g"
- + "SVMSmWdRX4eNuofmpsU8f3A9aCnPGDxPnB4WKnAGw34TYZrtZ9mHcjYPsq1q"
- + "zY6brfZD4T7tktjAlRL2PYZ15MfWVXVH1xoyjeWImTi0o4nyuy/M0HukDfwY"
- + "l6nW77TMRiH54wdQqIZUxa32dNNhjcNslRlpOf6td3FbELqhTiaptRSuKjs9"
- + "8evbDFK7rb7n6RSSzAwb3oU8pwr4dM8ArTVc0EqnvdSCs1tx46ckIK3AFgcd"
- + "opmNq+Qa7qhN5Zgds3cLPIQiyDThhYGPaIgyn4j/dZb1Qwa2U7urijJrBqeS"
- + "/kJ2rEXV9v+OX9yTYKypM05A2gOK/ESPbx24C/HmmGm/yBXBx3pABvKt41Dh"
- + "b0syB4hYrsq0RriovGemBrNgy4tiJB5BDI9VpWFC/7LR0quFFOrxxm7YvH2h"
- + "GkR0oUc/socA80WZx9TegdiBg9TVPbe0gZmoeQc6XLfscBol0QdZWSmLqFxf"
- + "TFN7ksaVAUPXA9phBg/k51YmrwNvx4D/A1bBQRtQmq2N4R0j3uMkynubBEfb"
- + "9qvQNXpdygouzKUyrN/w+7clilaq2P+R9i7rriZ1waHyjfvAdeBzQQ/pVmgh"
- + "o8EiL/TZpIZ71sTYv28scY+V7yYgBA5S/Y4bdmvzSSoMoK8yH/LcBFJOZLQd"
- + "YPt7uKWSwQN8iVDA6ZcsYoKuAUw3ziiRaf+GN58ihLB/y/sGmAmX2XwLsPSZ"
- + "uQIF/gT8yXjxoyWDLXl3MUgfx+pGg5vBwAtk9a2elEQR9C3a8PPsOy3N9Jh3"
- + "xY/A1gJ/rjuubwrb0Sd2LinzPg5uVuKR1jeMSCEebgoyBj8/t8HvknBqJkpl"
- + "tjZ6AxGiQ8+v5jRBzYSyiTQfPMxWzdBKqUePdJcLPITf/XitegQnikgAN6bh"
- + "kYMS2G9kXJH2CgDm9z3svmu/0Oz2XWEpVHlOjknghPlTaLRqgWoQbK5dkuiV"
- + "k9HhGwwsgiR+");
-
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/CMSTestSetup.java b/pkix/src/test/java/org/bouncycastle/cms/test/CMSTestSetup.java
deleted file mode 100644
index 5fca6180..00000000
--- a/pkix/src/test/java/org/bouncycastle/cms/test/CMSTestSetup.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package org.bouncycastle.cms.test;
-
-import junit.extensions.TestSetup;
-import junit.framework.Test;
-
-import java.security.Security;
-
-class CMSTestSetup extends TestSetup
-{
- public CMSTestSetup(Test test)
- {
- super(test);
- }
-
- protected void setUp()
- {
- Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
- }
-
- protected void tearDown()
- {
- Security.removeProvider("BC");
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/CMSTestUtil.java b/pkix/src/test/java/org/bouncycastle/cms/test/CMSTestUtil.java
deleted file mode 100644
index 3a1517af..00000000
--- a/pkix/src/test/java/org/bouncycastle/cms/test/CMSTestUtil.java
+++ /dev/null
@@ -1,503 +0,0 @@
-package org.bouncycastle.cms.test;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.security.interfaces.RSAPublicKey;
-import java.security.spec.DSAParameterSpec;
-import java.util.Date;
-
-import javax.crypto.KeyGenerator;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.RSAESOAEPparams;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
-import org.bouncycastle.asn1.x509.BasicConstraints;
-import org.bouncycastle.asn1.x509.CRLReason;
-import org.bouncycastle.asn1.x509.Extension;
-import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.cert.X509AttributeCertificateHolder;
-import org.bouncycastle.cert.X509ExtensionUtils;
-import org.bouncycastle.cert.X509v1CertificateBuilder;
-import org.bouncycastle.cert.X509v2CRLBuilder;
-import org.bouncycastle.cert.X509v3CertificateBuilder;
-import org.bouncycastle.cert.jcajce.JcaX509CRLConverter;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
-import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
-import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder;
-import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
-import org.bouncycastle.jce.ECGOST3410NamedCurveTable;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.jce.spec.GOST3410ParameterSpec;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.util.encoders.Base64;
-
-public class CMSTestUtil
-{
- public static SecureRandom rand;
- public static KeyPairGenerator kpg;
-
- public static KeyPairGenerator gostKpg;
- public static KeyPairGenerator dsaKpg;
- public static KeyPairGenerator ecGostKpg;
- public static KeyPairGenerator ecDsaKpg;
- public static KeyGenerator aes192kg;
- public static KeyGenerator desede128kg;
- public static KeyGenerator desede192kg;
- public static KeyGenerator rc240kg;
- public static KeyGenerator rc264kg;
- public static KeyGenerator rc2128kg;
- public static KeyGenerator aesKg;
- public static KeyGenerator seedKg;
- public static KeyGenerator camelliaKg;
- public static BigInteger serialNumber;
-
- public static final boolean DEBUG = true;
-
- private static byte[] attrCert = Base64.decode(
- "MIIHQDCCBqkCAQEwgZChgY2kgYowgYcxHDAaBgkqhkiG9w0BCQEWDW1sb3JjaEB2"
- + "dC5lZHUxHjAcBgNVBAMTFU1hcmt1cyBMb3JjaCAobWxvcmNoKTEbMBkGA1UECxMS"
- + "VmlyZ2luaWEgVGVjaCBVc2VyMRAwDgYDVQQLEwdDbGFzcyAyMQswCQYDVQQKEwJ2"
- + "dDELMAkGA1UEBhMCVVMwgYmkgYYwgYMxGzAZBgkqhkiG9w0BCQEWDHNzaGFoQHZ0"
- + "LmVkdTEbMBkGA1UEAxMSU3VtaXQgU2hhaCAoc3NoYWgpMRswGQYDVQQLExJWaXJn"
- + "aW5pYSBUZWNoIFVzZXIxEDAOBgNVBAsTB0NsYXNzIDExCzAJBgNVBAoTAnZ0MQsw"
- + "CQYDVQQGEwJVUzANBgkqhkiG9w0BAQQFAAIBBTAiGA8yMDAzMDcxODE2MDgwMloY"
- + "DzIwMDMwNzI1MTYwODAyWjCCBU0wggVJBgorBgEEAbRoCAEBMYIFORaCBTU8UnVs"
- + "ZSBSdWxlSWQ9IkZpbGUtUHJpdmlsZWdlLVJ1bGUiIEVmZmVjdD0iUGVybWl0Ij4K"
- + "IDxUYXJnZXQ+CiAgPFN1YmplY3RzPgogICA8U3ViamVjdD4KICAgIDxTdWJqZWN0"
- + "TWF0Y2ggTWF0Y2hJZD0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjEuMDpmdW5j"
- + "dGlvbjpzdHJpbmctZXF1YWwiPgogICAgIDxBdHRyaWJ1dGVWYWx1ZSBEYXRhVHlw"
- + "ZT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjc3RyaW5nIj4KICAg"
- + "ICAgIENOPU1hcmt1cyBMb3JjaDwvQXR0cmlidXRlVmFsdWU+CiAgICAgPFN1Ympl"
- + "Y3RBdHRyaWJ1dGVEZXNpZ25hdG9yIEF0dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFt"
- + "ZXM6dGM6eGFjbWw6MS4wOnN1YmplY3Q6c3ViamVjdC1pZCIgRGF0YVR5cGU9Imh0"
- + "dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hI3N0cmluZyIgLz4gCiAgICA8"
- + "L1N1YmplY3RNYXRjaD4KICAgPC9TdWJqZWN0PgogIDwvU3ViamVjdHM+CiAgPFJl"
- + "c291cmNlcz4KICAgPFJlc291cmNlPgogICAgPFJlc291cmNlTWF0Y2ggTWF0Y2hJ"
- + "ZD0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjEuMDpmdW5jdGlvbjpzdHJpbmct"
- + "ZXF1YWwiPgogICAgIDxBdHRyaWJ1dGVWYWx1ZSBEYXRhVHlwZT0iaHR0cDovL3d3"
- + "dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjYW55VVJJIj4KICAgICAgaHR0cDovL3p1"
- + "bmkuY3MudnQuZWR1PC9BdHRyaWJ1dGVWYWx1ZT4KICAgICA8UmVzb3VyY2VBdHRy"
- + "aWJ1dGVEZXNpZ25hdG9yIEF0dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFtZXM6dGM6"
- + "eGFjbWw6MS4wOnJlc291cmNlOnJlc291cmNlLWlkIiBEYXRhVHlwZT0iaHR0cDov"
- + "L3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjYW55VVJJIiAvPiAKICAgIDwvUmVz"
- + "b3VyY2VNYXRjaD4KICAgPC9SZXNvdXJjZT4KICA8L1Jlc291cmNlcz4KICA8QWN0"
- + "aW9ucz4KICAgPEFjdGlvbj4KICAgIDxBY3Rpb25NYXRjaCBNYXRjaElkPSJ1cm46"
- + "b2FzaXM6bmFtZXM6dGM6eGFjbWw6MS4wOmZ1bmN0aW9uOnN0cmluZy1lcXVhbCI+"
- + "CiAgICAgPEF0dHJpYnV0ZVZhbHVlIERhdGFUeXBlPSJodHRwOi8vd3d3LnczLm9y"
- + "Zy8yMDAxL1hNTFNjaGVtYSNzdHJpbmciPgpEZWxlZ2F0ZSBBY2Nlc3MgICAgIDwv"
- + "QXR0cmlidXRlVmFsdWU+CgkgIDxBY3Rpb25BdHRyaWJ1dGVEZXNpZ25hdG9yIEF0"
- + "dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFtZXM6dGM6eGFjbWw6MS4wOmFjdGlvbjph"
- + "Y3Rpb24taWQiIERhdGFUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNj"
- + "aGVtYSNzdHJpbmciIC8+IAogICAgPC9BY3Rpb25NYXRjaD4KICAgPC9BY3Rpb24+"
- + "CiAgPC9BY3Rpb25zPgogPC9UYXJnZXQ+CjwvUnVsZT4KMA0GCSqGSIb3DQEBBAUA"
- + "A4GBAGiJSM48XsY90HlYxGmGVSmNR6ZW2As+bot3KAfiCIkUIOAqhcphBS23egTr"
- + "6asYwy151HshbPNYz+Cgeqs45KkVzh7bL/0e1r8sDVIaaGIkjHK3CqBABnfSayr3"
- + "Rd1yBoDdEv8Qb+3eEPH6ab9021AsLEnJ6LWTmybbOpMNZ3tv");
-
- static
- {
- try
- {
- java.security.Security.addProvider(new BouncyCastleProvider());
-
- rand = new SecureRandom();
-
- kpg = KeyPairGenerator.getInstance("RSA", "BC");
- kpg.initialize(1024, rand);
-
- kpg = KeyPairGenerator.getInstance("RSA", "BC");
- kpg.initialize(1024, rand);
-
- gostKpg = KeyPairGenerator.getInstance("GOST3410", "BC");
- GOST3410ParameterSpec gost3410P = new GOST3410ParameterSpec(CryptoProObjectIdentifiers.gostR3410_94_CryptoPro_A.getId());
-
- gostKpg.initialize(gost3410P, new SecureRandom());
-
- dsaKpg = KeyPairGenerator.getInstance("DSA", "BC");
- DSAParameterSpec dsaSpec = new DSAParameterSpec(
- new BigInteger("7434410770759874867539421675728577177024889699586189000788950934679315164676852047058354758883833299702695428196962057871264685291775577130504050839126673"),
- new BigInteger("1138656671590261728308283492178581223478058193247"),
- new BigInteger("4182906737723181805517018315469082619513954319976782448649747742951189003482834321192692620856488639629011570381138542789803819092529658402611668375788410"));
-
- dsaKpg.initialize(dsaSpec, new SecureRandom());
-
- ecGostKpg = KeyPairGenerator.getInstance("ECGOST3410", "BC");
- ecGostKpg.initialize(ECGOST3410NamedCurveTable.getParameterSpec("GostR3410-2001-CryptoPro-A"), new SecureRandom());
-
- ecDsaKpg = KeyPairGenerator.getInstance("ECDSA", "BC");
- ecDsaKpg.initialize(239, new SecureRandom());
-
- aes192kg = KeyGenerator.getInstance("AES", "BC");
- aes192kg.init(192, rand);
-
- desede128kg = KeyGenerator.getInstance("DESEDE", "BC");
- desede128kg.init(112, rand);
-
- desede192kg = KeyGenerator.getInstance("DESEDE", "BC");
- desede192kg.init(168, rand);
-
- rc240kg = KeyGenerator.getInstance("RC2", "BC");
- rc240kg.init(40, rand);
-
- rc264kg = KeyGenerator.getInstance("RC2", "BC");
- rc264kg.init(64, rand);
-
- rc2128kg = KeyGenerator.getInstance("RC2", "BC");
- rc2128kg.init(128, rand);
-
- aesKg = KeyGenerator.getInstance("AES", "BC");
-
- seedKg = KeyGenerator.getInstance("SEED", "BC");
-
- camelliaKg = KeyGenerator.getInstance("Camellia", "BC");
-
- serialNumber = new BigInteger("1");
- }
- catch (Exception ex)
- {
- throw new RuntimeException(ex.toString());
- }
- }
-
- public static String dumpBase64(
- byte[] data)
- {
- StringBuffer buf = new StringBuffer();
-
- data = Base64.encode(data);
-
- for (int i = 0; i < data.length; i += 64)
- {
- if (i + 64 < data.length)
- {
- buf.append(new String(data, i, 64));
- }
- else
- {
- buf.append(new String(data, i, data.length - i));
- }
- buf.append('\n');
- }
-
- return buf.toString();
- }
-
- public static X509AttributeCertificateHolder getAttributeCertificate()
- throws Exception
- {
- return new X509AttributeCertificateHolder(CMSTestUtil.attrCert);
- }
-
- public static KeyPair makeKeyPair()
- {
- return kpg.generateKeyPair();
- }
-
- public static KeyPair makeGostKeyPair()
- {
- return gostKpg.generateKeyPair();
- }
-
- public static KeyPair makeDsaKeyPair()
- {
- return dsaKpg.generateKeyPair();
- }
-
- public static KeyPair makeEcDsaKeyPair()
- {
- return ecDsaKpg.generateKeyPair();
- }
-
- public static KeyPair makeEcGostKeyPair()
- {
- return ecGostKpg.generateKeyPair();
- }
-
- public static SecretKey makeDesede128Key()
- {
- return desede128kg.generateKey();
- }
-
- public static SecretKey makeAES192Key()
- {
- return aes192kg.generateKey();
- }
-
- public static SecretKey makeDesede192Key()
- {
- return desede192kg.generateKey();
- }
-
- public static SecretKey makeRC240Key()
- {
- return rc240kg.generateKey();
- }
-
- public static SecretKey makeRC264Key()
- {
- return rc264kg.generateKey();
- }
-
- public static SecretKey makeRC2128Key()
- {
- return rc2128kg.generateKey();
- }
-
- public static SecretKey makeSEEDKey()
- {
- return seedKg.generateKey();
- }
-
- public static SecretKey makeAESKey(int keySize)
- {
- aesKg.init(keySize);
- return aesKg.generateKey();
- }
-
- public static SecretKey makeCamelliaKey(int keySize)
- {
- camelliaKg.init(keySize);
- return camelliaKg.generateKey();
- }
-
- public static X509Certificate makeCertificate(KeyPair _subKP,
- String _subDN, KeyPair _issKP, String _issDN)
- throws GeneralSecurityException, IOException, OperatorCreationException
- {
- return makeCertificate(_subKP, _subDN, _issKP, _issDN, false);
- }
-
- public static X509Certificate makeOaepCertificate(KeyPair _subKP,
- String _subDN, KeyPair _issKP, String _issDN)
- throws GeneralSecurityException, IOException, OperatorCreationException
- {
- return makeOaepCertificate(_subKP, _subDN, _issKP, _issDN, false);
- }
-
- public static X509Certificate makeCACertificate(KeyPair _subKP,
- String _subDN, KeyPair _issKP, String _issDN)
- throws GeneralSecurityException, IOException, OperatorCreationException
- {
- return makeCertificate(_subKP, _subDN, _issKP, _issDN, true);
- }
-
- public static X509Certificate makeV1Certificate(KeyPair subKP, String _subDN, KeyPair issKP, String _issDN)
- throws GeneralSecurityException, IOException, OperatorCreationException
- {
-
- PublicKey subPub = subKP.getPublic();
- PrivateKey issPriv = issKP.getPrivate();
- PublicKey issPub = issKP.getPublic();
-
- X509v1CertificateBuilder v1CertGen = new JcaX509v1CertificateBuilder(
- new X500Name(_issDN),
- allocateSerialNumber(),
- new Date(System.currentTimeMillis()),
- new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)),
- new X500Name(_subDN),
- subPub);
-
- JcaContentSignerBuilder contentSignerBuilder = makeContentSignerBuilder(issPub);
-
- X509Certificate _cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(v1CertGen.build(contentSignerBuilder.build(issPriv)));
-
- _cert.checkValidity(new Date());
- _cert.verify(issPub);
-
- return _cert;
- }
-
- public static X509Certificate makeCertificate(KeyPair subKP, String _subDN, KeyPair issKP, String _issDN, boolean _ca)
- throws GeneralSecurityException, IOException, OperatorCreationException
- {
-
- PublicKey subPub = subKP.getPublic();
- PrivateKey issPriv = issKP.getPrivate();
- PublicKey issPub = issKP.getPublic();
-
- X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(
- new X500Name(_issDN),
- allocateSerialNumber(),
- new Date(System.currentTimeMillis()),
- new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)),
- new X500Name(_subDN),
- subPub);
-
- JcaContentSignerBuilder contentSignerBuilder = makeContentSignerBuilder(issPub);
-
- v3CertGen.addExtension(
- Extension.subjectKeyIdentifier,
- false,
- createSubjectKeyId(subPub));
-
- v3CertGen.addExtension(
- Extension.authorityKeyIdentifier,
- false,
- createAuthorityKeyId(issPub));
-
- v3CertGen.addExtension(
- Extension.basicConstraints,
- false,
- new BasicConstraints(_ca));
-
- X509Certificate _cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(v3CertGen.build(contentSignerBuilder.build(issPriv)));
-
- _cert.checkValidity(new Date());
- _cert.verify(issPub);
-
- return _cert;
- }
-
- public static X509Certificate makeOaepCertificate(KeyPair subKP, String _subDN, KeyPair issKP, String _issDN, boolean _ca)
- throws GeneralSecurityException, IOException, OperatorCreationException
- {
-
- SubjectPublicKeyInfo subPub = SubjectPublicKeyInfo.getInstance(subKP.getPublic().getEncoded());
- PrivateKey issPriv = issKP.getPrivate();
- PublicKey issPub = issKP.getPublic();
-
- X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(
- new X500Name(_issDN),
- allocateSerialNumber(),
- new Date(System.currentTimeMillis()),
- new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)),
- new X500Name(_subDN),
- new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP, new RSAESOAEPparams()), subPub.parsePublicKey()));
-
- JcaContentSignerBuilder contentSignerBuilder = makeContentSignerBuilder(issPub);
-
- v3CertGen.addExtension(
- Extension.subjectKeyIdentifier,
- false,
- createSubjectKeyId(subPub));
-
- v3CertGen.addExtension(
- Extension.authorityKeyIdentifier,
- false,
- createAuthorityKeyId(issPub));
-
- v3CertGen.addExtension(
- Extension.basicConstraints,
- false,
- new BasicConstraints(_ca));
-
- X509Certificate _cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(v3CertGen.build(contentSignerBuilder.build(issPriv)));
-
- _cert.checkValidity(new Date());
- _cert.verify(issPub);
-
- return _cert;
- }
-
- private static JcaContentSignerBuilder makeContentSignerBuilder(PublicKey issPub)
- {
- JcaContentSignerBuilder contentSignerBuilder;
- if (issPub instanceof RSAPublicKey)
- {
- contentSignerBuilder = new JcaContentSignerBuilder("SHA1WithRSA");
- }
- else if (issPub.getAlgorithm().equals("DSA"))
- {
- contentSignerBuilder = new JcaContentSignerBuilder("SHA1withDSA");
- }
- else if (issPub.getAlgorithm().equals("ECDSA"))
- {
- contentSignerBuilder = new JcaContentSignerBuilder("SHA1withECDSA");
- }
- else if (issPub.getAlgorithm().equals("ECGOST3410"))
- {
- contentSignerBuilder = new JcaContentSignerBuilder("GOST3411withECGOST3410");
- }
- else
- {
- contentSignerBuilder = new JcaContentSignerBuilder("GOST3411WithGOST3410");
- }
-
- contentSignerBuilder.setProvider(BouncyCastleProvider.PROVIDER_NAME);
-
- return contentSignerBuilder;
- }
-
- public static X509CRL makeCrl(KeyPair pair)
- throws Exception
- {
- Date now = new Date();
- X509v2CRLBuilder crlGen = new X509v2CRLBuilder(new X500Name("CN=Test CA"), now);
- JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
-
- crlGen.setNextUpdate(new Date(now.getTime() + 100000));
-
- crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn);
-
- crlGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(pair.getPublic()));
-
- return new JcaX509CRLConverter().setProvider("BC").getCRL(crlGen.build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC").build(pair.getPrivate())));
- }
-
- /*
- *
- * INTERNAL METHODS
- *
- */
-
- private static final X509ExtensionUtils extUtils = new X509ExtensionUtils(new SHA1DigestCalculator());
-
- private static AuthorityKeyIdentifier createAuthorityKeyId(
- PublicKey _pubKey)
- throws IOException
- {
- return extUtils.createAuthorityKeyIdentifier(SubjectPublicKeyInfo.getInstance(_pubKey.getEncoded()));
- }
-
- static SubjectKeyIdentifier createSubjectKeyId(
- SubjectPublicKeyInfo _pubKey)
- throws IOException
- {
- return extUtils.createSubjectKeyIdentifier(_pubKey);
- }
-
- static SubjectKeyIdentifier createSubjectKeyId(
- PublicKey _pubKey)
- throws IOException
- {
- return extUtils.createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance(_pubKey.getEncoded()));
- }
-
- private static BigInteger allocateSerialNumber()
- {
- BigInteger _tmp = serialNumber;
- serialNumber = serialNumber.add(BigInteger.ONE);
- return _tmp;
- }
-
- public static byte[] streamToByteArray(
- InputStream in)
- throws IOException
- {
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- int ch;
-
- while ((ch = in.read()) >= 0)
- {
- bOut.write(ch);
- }
-
- return bOut.toByteArray();
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/ConverterTest.java b/pkix/src/test/java/org/bouncycastle/cms/test/ConverterTest.java
deleted file mode 100644
index 534d0dd8..00000000
--- a/pkix/src/test/java/org/bouncycastle/cms/test/ConverterTest.java
+++ /dev/null
@@ -1,111 +0,0 @@
-package org.bouncycastle.cms.test;
-
-import java.math.BigInteger;
-import java.security.cert.X509CertSelector;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.cms.KeyTransRecipientId;
-import org.bouncycastle.cms.SignerId;
-import org.bouncycastle.cms.jcajce.JcaSelectorConverter;
-import org.bouncycastle.cms.jcajce.JcaX509CertSelectorConverter;
-import org.bouncycastle.util.Arrays;
-
-public class ConverterTest
- extends TestCase
-{
- public void testSignerIdConversion()
- throws Exception
- {
- JcaX509CertSelectorConverter converter = new JcaX509CertSelectorConverter();
- JcaSelectorConverter toSelector = new JcaSelectorConverter();
-
- SignerId sid1 = new SignerId(new X500Name("CN=Test"), BigInteger.valueOf(1), new byte[20]);
-
- X509CertSelector conv = converter.getCertSelector(sid1);
-
- assertTrue(conv.getIssuerAsString().equals("CN=Test"));
- assertTrue(Arrays.areEqual(conv.getSubjectKeyIdentifier(), new DEROctetString(new byte[20]).getEncoded()));
- assertEquals(conv.getSerialNumber(), sid1.getSerialNumber());
-
- SignerId sid2 = toSelector.getSignerId(conv);
-
- assertEquals(sid1, sid2);
-
- sid1 = new SignerId(new X500Name("CN=Test"), BigInteger.valueOf(1));
-
- conv = converter.getCertSelector(sid1);
-
- assertTrue(conv.getIssuerAsString().equals("CN=Test"));
- assertNull(conv.getSubjectKeyIdentifier());
- assertEquals(conv.getSerialNumber(), sid1.getSerialNumber());
-
- sid2 = toSelector.getSignerId(conv);
-
- assertEquals(sid1, sid2);
-
- sid1 = new SignerId(new byte[20]);
-
- conv = converter.getCertSelector(sid1);
-
- assertNull(conv.getIssuerAsString());
- assertTrue(Arrays.areEqual(conv.getSubjectKeyIdentifier(), new DEROctetString(new byte[20]).getEncoded()));
- assertNull(conv.getSerialNumber());
-
- sid2 = toSelector.getSignerId(conv);
-
- assertEquals(sid1, sid2);
- }
-
- public void testRecipientIdConversion()
- throws Exception
- {
- JcaX509CertSelectorConverter converter = new JcaX509CertSelectorConverter();
- JcaSelectorConverter toSelector = new JcaSelectorConverter();
-
- KeyTransRecipientId ktid1 = new KeyTransRecipientId(new X500Name("CN=Test"), BigInteger.valueOf(1), new byte[20]);
-
- X509CertSelector conv = converter.getCertSelector(ktid1);
-
- assertTrue(conv.getIssuerAsString().equals("CN=Test"));
- assertTrue(Arrays.areEqual(conv.getSubjectKeyIdentifier(), new DEROctetString(new byte[20]).getEncoded()));
- assertEquals(conv.getSerialNumber(), ktid1.getSerialNumber());
-
- KeyTransRecipientId ktid2 = toSelector.getKeyTransRecipientId(conv);
-
- assertEquals(ktid1, ktid2);
-
- ktid1 = new KeyTransRecipientId(new X500Name("CN=Test"), BigInteger.valueOf(1));
-
- conv = converter.getCertSelector(ktid1);
-
- assertTrue(conv.getIssuerAsString().equals("CN=Test"));
- assertNull(conv.getSubjectKeyIdentifier());
- assertEquals(conv.getSerialNumber(), ktid1.getSerialNumber());
-
- ktid2 = toSelector.getKeyTransRecipientId(conv);
-
- assertEquals(ktid1, ktid2);
-
- ktid1 = new KeyTransRecipientId(new byte[20]);
-
- conv = converter.getCertSelector(ktid1);
-
- assertNull(conv.getIssuerAsString());
- assertTrue(Arrays.areEqual(conv.getSubjectKeyIdentifier(), new DEROctetString(new byte[20]).getEncoded()));
- assertNull(conv.getSerialNumber());
-
- ktid2 = toSelector.getKeyTransRecipientId(conv);
-
- assertEquals(ktid1, ktid2);
- }
-
- public static Test suite()
- throws Exception
- {
- return new TestSuite(ConverterTest.class);
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/MiscDataStreamTest.java b/pkix/src/test/java/org/bouncycastle/cms/test/MiscDataStreamTest.java
deleted file mode 100644
index bc633dd4..00000000
--- a/pkix/src/test/java/org/bouncycastle/cms/test/MiscDataStreamTest.java
+++ /dev/null
@@ -1,265 +0,0 @@
-package org.bouncycastle.cms.test;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.OutputStream;
-import java.security.KeyPair;
-import java.security.MessageDigest;
-import java.security.Security;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.List;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.jcajce.JcaCRLStore;
-import org.bouncycastle.cert.jcajce.JcaCertStore;
-import org.bouncycastle.cms.CMSCompressedDataStreamGenerator;
-import org.bouncycastle.cms.CMSDigestedData;
-import org.bouncycastle.cms.CMSSignedDataParser;
-import org.bouncycastle.cms.CMSSignedDataStreamGenerator;
-import org.bouncycastle.cms.CMSTypedStream;
-import org.bouncycastle.cms.SignerInformation;
-import org.bouncycastle.cms.SignerInformationStore;
-import org.bouncycastle.cms.jcajce.JcaSignerInfoVerifierBuilder;
-import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
-import org.bouncycastle.cms.jcajce.JcaX509CertSelectorConverter;
-import org.bouncycastle.cms.jcajce.ZlibCompressor;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.Store;
-import org.bouncycastle.util.encoders.Base64;
-
-public class MiscDataStreamTest
- extends TestCase
-{
- private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
-
- private static byte[] data = Base64.decode(
- "TUlNRS1WZXJzaW9uOiAxLjAKQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9v" +
- "Y3RldC1zdHJlYW0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogYmluYXJ5" +
- "CkNvbnRlbnQtRGlzcG9zaXRpb246IGF0dGFjaG1lbnQ7IGZpbGVuYW1lPWRv" +
- "Yy5iaW4KClRoaXMgaXMgYSB2ZXJ5IGh1Z2Ugc2VjcmV0LCBtYWRlIHdpdGgg" +
- "b3BlbnNzbAoKCgo=");
-
- private static byte[] digestedData = Base64.decode(
- "MIIBGAYJKoZIhvcNAQcFoIIBCTCCAQUCAQAwCwYJYIZIAWUDBAIBMIHQBgkq"
- + "hkiG9w0BBwGggcIEgb9NSU1FLVZlcnNpb246IDEuMApDb250ZW50LVR5cGU6"
- + "IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQpDb250ZW50LVRyYW5zZmVyLUVu"
- + "Y29kaW5nOiBiaW5hcnkKQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVu"
- + "dDsgZmlsZW5hbWU9ZG9jLmJpbgoKVGhpcyBpcyBhIHZlcnkgaHVnZSBzZWNy"
- + "ZXQsIG1hZGUgd2l0aCBvcGVuc3NsCgoKCgQgHLG72tSYW0LgcxOA474iwdCv"
- + "KyhnaV4RloWTAvkq+do=");
-
- private static final String TEST_MESSAGE = "Hello World!";
- private static String _signDN;
- private static KeyPair _signKP;
- private static X509Certificate _signCert;
-
- private static String _origDN;
- private static KeyPair _origKP;
- private static X509Certificate _origCert;
-
- private static String _reciDN;
- private static KeyPair _reciKP;
- private static X509Certificate _reciCert;
-
- private static KeyPair _origDsaKP;
- private static X509Certificate _origDsaCert;
-
- private static X509CRL _signCrl;
- private static X509CRL _origCrl;
-
- private static boolean _initialised = false;
-
- private static final JcaX509CertSelectorConverter selectorConverter = new JcaX509CertSelectorConverter();
-
- private static final DigestCalculatorProvider digCalcProv;
-
- static
- {
- try
- {
- digCalcProv = new JcaDigestCalculatorProviderBuilder().build();
- }
- catch (OperatorCreationException e)
- {
- throw new IllegalStateException("can't create default provider!!!");
- }
- }
-
- public MiscDataStreamTest(String name)
- {
- super(name);
- }
-
- private static void init()
- throws Exception
- {
- if (!_initialised)
- {
- _initialised = true;
- Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
-
- _signDN = "O=Bouncy Castle, C=AU";
- _signKP = CMSTestUtil.makeKeyPair();
- _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _signKP, _signDN);
-
- _origDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU";
- _origKP = CMSTestUtil.makeKeyPair();
- _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _signKP, _signDN);
-
- _origDsaKP = CMSTestUtil.makeDsaKeyPair();
- _origDsaCert = CMSTestUtil.makeCertificate(_origDsaKP, _origDN, _signKP, _signDN);
-
- _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU";
- _reciKP = CMSTestUtil.makeKeyPair();
- _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN);
-
- _signCrl = CMSTestUtil.makeCrl(_signKP);
- _origCrl = CMSTestUtil.makeCrl(_origKP);
- }
- }
-
- private void verifySignatures(CMSSignedDataParser sp, byte[] contentDigest)
- throws Exception
- {
- Store certStore = sp.getCertificates();
- SignerInformationStore signers = sp.getSignerInfos();
-
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certStore.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSignerInfoVerifierBuilder(digCalcProv).setProvider(BC).build(cert)));
-
- if (contentDigest != null)
- {
- assertTrue(MessageDigest.isEqual(contentDigest, signer.getContentDigest()));
- }
- }
- }
-
- private void verifySignatures(CMSSignedDataParser sp)
- throws Exception
- {
- verifySignatures(sp, null);
- }
-
- private void verifyEncodedData(ByteArrayOutputStream bOut)
- throws Exception
- {
- CMSSignedDataParser sp;
- sp = new CMSSignedDataParser(digCalcProv, bOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
-
- sp.close();
- }
-
- private void checkSigParseable(byte[] sig)
- throws Exception
- {
- CMSSignedDataParser sp = new CMSSignedDataParser(digCalcProv, sig);
- sp.getVersion();
- CMSTypedStream sc = sp.getSignedContent();
- if (sc != null)
- {
- sc.drain();
- }
- sp.getCertificates();
- sp.getSignerInfos();
- sp.close();
- }
-
- public void testSHA1WithRSA()
- throws Exception
- {
- List certList = new ArrayList();
- List crlList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- crlList.add(_signCrl);
- crlList.add(_origCrl);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BC).build("SHA1withRSA", _origKP.getPrivate(), _origCert));
-
- gen.addCertificates(new JcaCertStore(certList));
- gen.addCRLs(new JcaCRLStore(crlList));
-
- OutputStream sigOut = gen.open(bOut);
-
- CMSCompressedDataStreamGenerator cGen = new CMSCompressedDataStreamGenerator();
-
- OutputStream cOut = cGen.open(sigOut, new ZlibCompressor());
-
- cOut.write(TEST_MESSAGE.getBytes());
-
- cOut.close();
-
- sigOut.close();
-
- checkSigParseable(bOut.toByteArray());
-
- // generate compressed stream
- ByteArrayOutputStream cDataOut = new ByteArrayOutputStream();
-
- cOut = cGen.open(cDataOut, new ZlibCompressor());
-
- cOut.write(TEST_MESSAGE.getBytes());
-
- cOut.close();
-
- CMSSignedDataParser sp = new CMSSignedDataParser(digCalcProv,
- new CMSTypedStream(new ByteArrayInputStream(cDataOut.toByteArray())), bOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- //
- // compute expected content digest
- //
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
-
- verifySignatures(sp, md.digest(cDataOut.toByteArray()));
- }
-
- public void testDigestedData()
- throws Exception
- {
- CMSDigestedData digData = new CMSDigestedData(digestedData);
-
- assertTrue(Arrays.areEqual(data, (byte[])digData.getDigestedContent().getContent()));
-
- assertTrue(digData.verify(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()));
- }
-
- public static Test suite()
- throws Exception
- {
- init();
-
- return new CMSTestSetup(new TestSuite(MiscDataStreamTest.class));
- }
-} \ No newline at end of file
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/NewAuthenticatedDataStreamTest.java b/pkix/src/test/java/org/bouncycastle/cms/test/NewAuthenticatedDataStreamTest.java
deleted file mode 100644
index b260bcbc..00000000
--- a/pkix/src/test/java/org/bouncycastle/cms/test/NewAuthenticatedDataStreamTest.java
+++ /dev/null
@@ -1,251 +0,0 @@
-package org.bouncycastle.cms.test;
-
-import java.io.ByteArrayOutputStream;
-import java.io.OutputStream;
-import java.security.KeyPair;
-import java.security.Security;
-import java.security.cert.X509Certificate;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Iterator;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cms.CMSAlgorithm;
-import org.bouncycastle.cms.CMSAuthenticatedDataParser;
-import org.bouncycastle.cms.CMSAuthenticatedDataStreamGenerator;
-import org.bouncycastle.cms.OriginatorInfoGenerator;
-import org.bouncycastle.cms.RecipientInformation;
-import org.bouncycastle.cms.RecipientInformationStore;
-import org.bouncycastle.cms.jcajce.JceCMSMacCalculatorBuilder;
-import org.bouncycastle.cms.jcajce.JceKeyTransAuthenticatedRecipient;
-import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
-
-public class NewAuthenticatedDataStreamTest
- extends TestCase
-{
- private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
-
- private static String _signDN;
- private static KeyPair _signKP;
- private static X509Certificate _signCert;
-
- private static String _origDN;
- private static KeyPair _origKP;
- private static X509Certificate _origCert;
-
- private static String _reciDN;
- private static KeyPair _reciKP;
- private static X509Certificate _reciCert;
-
- private static KeyPair _origEcKP;
- private static KeyPair _reciEcKP;
- private static X509Certificate _reciEcCert;
-
- private static boolean _initialised = false;
-
- public boolean DEBUG = true;
-
- private static void init()
- throws Exception
- {
- if (!_initialised)
- {
- _initialised = true;
- Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
-
- _signDN = "O=Bouncy Castle, C=AU";
- _signKP = CMSTestUtil.makeKeyPair();
- _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _signKP, _signDN);
-
- _origDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU";
- _origKP = CMSTestUtil.makeKeyPair();
- _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _signKP, _signDN);
-
- _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU";
- _reciKP = CMSTestUtil.makeKeyPair();
- _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN);
-
- _origEcKP = CMSTestUtil.makeEcDsaKeyPair();
- _reciEcKP = CMSTestUtil.makeEcDsaKeyPair();
- _reciEcCert = CMSTestUtil.makeCertificate(_reciEcKP, _reciDN, _signKP, _signDN);
- }
- }
-
- public void setUp()
- throws Exception
- {
- init();
- }
-
- public NewAuthenticatedDataStreamTest(String name)
- {
- super(name);
- }
-
- public static void main(String args[])
- {
- junit.textui.TestRunner.run(NewAuthenticatedDataStreamTest.class);
- }
-
- public static Test suite()
- throws Exception
- {
- init();
-
- return new CMSTestSetup(new TestSuite(NewAuthenticatedDataStreamTest.class));
- }
-
- public void testKeyTransDESede()
- throws Exception
- {
- tryKeyTrans(CMSAlgorithm.DES_EDE3_CBC);
- }
-
- public void testKeyTransDESedeWithDigest()
- throws Exception
- {
- tryKeyTransWithDigest(CMSAlgorithm.DES_EDE3_CBC);
- }
-
- public void testOriginatorInfo()
- throws Exception
- {
- ASN1ObjectIdentifier macAlg = CMSAlgorithm.DES_EDE3_CBC;
- byte[] data = "Eric H. Echidna".getBytes();
-
- CMSAuthenticatedDataStreamGenerator adGen = new CMSAuthenticatedDataStreamGenerator();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- X509CertificateHolder origCert = new X509CertificateHolder(_origCert.getEncoded());
-
- adGen.setOriginatorInfo(new OriginatorInfoGenerator(origCert).generate());
-
- adGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
-
- OutputStream aOut = adGen.open(bOut, new JceCMSMacCalculatorBuilder(macAlg).setProvider(BC).build());
-
- aOut.write(data);
-
- aOut.close();
-
- CMSAuthenticatedDataParser ad = new CMSAuthenticatedDataParser(bOut.toByteArray());
-
- assertTrue(ad.getOriginatorInfo().getCertificates().getMatches(null).contains(origCert));
-
- RecipientInformationStore recipients = ad.getRecipientInfos();
-
- assertEquals(ad.getMacAlgOID(), macAlg.getId());
-
- Collection c = recipients.getRecipients();
-
- assertEquals(1, c.size());
-
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- byte[] recData = recipient.getContent(new JceKeyTransAuthenticatedRecipient(_reciKP.getPrivate()).setProvider(BC));
-
- assertTrue(Arrays.equals(data, recData));
- assertTrue(Arrays.equals(ad.getMac(), recipient.getMac()));
- }
- }
-
- private void tryKeyTrans(ASN1ObjectIdentifier macAlg)
- throws Exception
- {
- byte[] data = "Eric H. Echidna".getBytes();
-
- CMSAuthenticatedDataStreamGenerator adGen = new CMSAuthenticatedDataStreamGenerator();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- adGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
-
- OutputStream aOut = adGen.open(bOut, new JceCMSMacCalculatorBuilder(macAlg).setProvider(BC).build());
-
- aOut.write(data);
-
- aOut.close();
-
- CMSAuthenticatedDataParser ad = new CMSAuthenticatedDataParser(bOut.toByteArray());
-
- RecipientInformationStore recipients = ad.getRecipientInfos();
-
- assertEquals(ad.getMacAlgOID(), macAlg.getId());
-
- Collection c = recipients.getRecipients();
-
- assertEquals(1, c.size());
-
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- byte[] recData = recipient.getContent(new JceKeyTransAuthenticatedRecipient(_reciKP.getPrivate()).setProvider(BC));
-
- assertTrue(Arrays.equals(data, recData));
- assertTrue(Arrays.equals(ad.getMac(), recipient.getMac()));
- }
- }
-
- private void tryKeyTransWithDigest(ASN1ObjectIdentifier macAlg)
- throws Exception
- {
- byte[] data = "Eric H. Echidna".getBytes();
-
- CMSAuthenticatedDataStreamGenerator adGen = new CMSAuthenticatedDataStreamGenerator();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- DigestCalculatorProvider calcProvider = new JcaDigestCalculatorProviderBuilder().setProvider(BC).build();
-
- adGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
-
- OutputStream aOut = adGen.open(bOut, new JceCMSMacCalculatorBuilder(macAlg).setProvider(BC).build(), calcProvider.get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)));
-
- aOut.write(data);
-
- aOut.close();
-
- CMSAuthenticatedDataParser ad = new CMSAuthenticatedDataParser(bOut.toByteArray(), calcProvider);
-
- RecipientInformationStore recipients = ad.getRecipientInfos();
-
- assertEquals(ad.getMacAlgOID(), macAlg.getId());
-
- Collection c = recipients.getRecipients();
-
- assertEquals(1, c.size());
-
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- byte[] recData = recipient.getContent(new JceKeyTransAuthenticatedRecipient(_reciKP.getPrivate()).setProvider(BC));
-
- assertTrue(Arrays.equals(data, recData));
- assertTrue(Arrays.equals(ad.getMac(), recipient.getMac()));
- assertTrue(Arrays.equals(ad.getContentDigest(), recipient.getContentDigest()));
- }
- }
-} \ No newline at end of file
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/NewAuthenticatedDataTest.java b/pkix/src/test/java/org/bouncycastle/cms/test/NewAuthenticatedDataTest.java
deleted file mode 100644
index 8d788b58..00000000
--- a/pkix/src/test/java/org/bouncycastle/cms/test/NewAuthenticatedDataTest.java
+++ /dev/null
@@ -1,472 +0,0 @@
-package org.bouncycastle.cms.test;
-
-import java.security.KeyPair;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Security;
-import java.security.cert.X509Certificate;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Iterator;
-
-import javax.crypto.SecretKey;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cms.CMSAlgorithm;
-import org.bouncycastle.cms.CMSAuthenticatedData;
-import org.bouncycastle.cms.CMSAuthenticatedDataGenerator;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.CMSProcessableByteArray;
-import org.bouncycastle.cms.OriginatorInfoGenerator;
-import org.bouncycastle.cms.PasswordRecipient;
-import org.bouncycastle.cms.PasswordRecipientInformation;
-import org.bouncycastle.cms.RecipientInformation;
-import org.bouncycastle.cms.RecipientInformationStore;
-import org.bouncycastle.cms.jcajce.JceCMSMacCalculatorBuilder;
-import org.bouncycastle.cms.jcajce.JceKEKAuthenticatedRecipient;
-import org.bouncycastle.cms.jcajce.JceKEKRecipientInfoGenerator;
-import org.bouncycastle.cms.jcajce.JceKeyAgreeAuthenticatedRecipient;
-import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientInfoGenerator;
-import org.bouncycastle.cms.jcajce.JceKeyTransAuthenticatedRecipient;
-import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
-import org.bouncycastle.cms.jcajce.JcePasswordAuthenticatedRecipient;
-import org.bouncycastle.cms.jcajce.JcePasswordRecipientInfoGenerator;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
-import org.bouncycastle.util.encoders.Hex;
-
-public class NewAuthenticatedDataTest
- extends TestCase
-{
- private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
-
- private static String _signDN;
- private static KeyPair _signKP;
- private static X509Certificate _signCert;
-
- private static String _origDN;
- private static KeyPair _origKP;
- private static X509Certificate _origCert;
-
- private static String _reciDN;
- private static KeyPair _reciKP;
- private static X509Certificate _reciCert;
-
- private static KeyPair _origEcKP;
- private static KeyPair _reciEcKP;
- private static X509Certificate _reciEcCert;
-
- private static boolean _initialised = false;
-
- public boolean DEBUG = true;
-
- private static void init()
- throws Exception
- {
- if (!_initialised)
- {
- _initialised = true;
- Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
-
- _signDN = "O=Bouncy Castle, C=AU";
- _signKP = CMSTestUtil.makeKeyPair();
- _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _signKP, _signDN);
-
- _origDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU";
- _origKP = CMSTestUtil.makeKeyPair();
- _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _signKP, _signDN);
-
- _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU";
- _reciKP = CMSTestUtil.makeKeyPair();
- _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN);
-
- _origEcKP = CMSTestUtil.makeEcDsaKeyPair();
- _reciEcKP = CMSTestUtil.makeEcDsaKeyPair();
- _reciEcCert = CMSTestUtil.makeCertificate(_reciEcKP, _reciDN, _signKP, _signDN);
- }
- }
-
- public void setUp()
- throws Exception
- {
- init();
- }
-
- public NewAuthenticatedDataTest(String name)
- {
- super(name);
- }
-
- public static void main(String args[])
- {
- junit.textui.TestRunner.run(NewAuthenticatedDataTest.class);
- }
-
- public static Test suite()
- throws Exception
- {
- init();
-
- return new CMSTestSetup(new TestSuite(NewAuthenticatedDataTest.class));
- }
-
- public void testKeyTransDESede()
- throws Exception
- {
- tryKeyTrans(CMSAlgorithm.DES_EDE3_CBC);
- }
-
- public void testKeyTransDESedeWithDigest()
- throws Exception
- {
- tryKeyTransWithDigest(CMSAlgorithm.DES_EDE3_CBC);
- }
-
- public void testKeyTransRC2()
- throws Exception
- {
- tryKeyTrans(CMSAlgorithm.RC2_CBC);
- }
-
- public void testKEKDESede()
- throws Exception
- {
- tryKekAlgorithm(CMSTestUtil.makeDesede192Key(), new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.3.6"));
- }
-
- public void testKEKDESedeWithDigest()
- throws Exception
- {
- tryKekAlgorithmWithDigest(CMSTestUtil.makeDesede192Key(), new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.3.6"));
- }
-
- public void testPasswordAES256()
- throws Exception
- {
- passwordTest(CMSAuthenticatedDataGenerator.AES256_CBC);
- }
-
- public void testECKeyAgree()
- throws Exception
- {
- byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
-
- CMSAuthenticatedDataGenerator adGen = new CMSAuthenticatedDataGenerator();
-
- JceKeyAgreeRecipientInfoGenerator recipientGenerator = new JceKeyAgreeRecipientInfoGenerator(CMSAlgorithm.ECDH_SHA1KDF, _origEcKP.getPrivate(), _origEcKP.getPublic(), CMSAlgorithm.AES128_WRAP).setProvider(BC);
-
- recipientGenerator.addRecipient(_reciEcCert);
-
- adGen.addRecipientInfoGenerator(recipientGenerator);
-
- CMSAuthenticatedData ad = adGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSMacCalculatorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build());
-
- RecipientInformationStore recipients = ad.getRecipientInfos();
-
- assertEquals(ad.getMacAlgOID(),
- CMSAuthenticatedDataGenerator.DES_EDE3_CBC);
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- byte[] recData = recipient.getContent(new JceKeyAgreeAuthenticatedRecipient(_reciEcKP.getPrivate()).setProvider(BC));
- assertTrue(Arrays.equals(data, recData));
- assertTrue(Arrays.equals(ad.getMac(), recipient.getMac()));
- }
- else
- {
- fail("no recipient found");
- }
- }
-
- public void testEncoding()
- throws Exception
- {
- byte[] data = "Eric H. Echidna".getBytes();
-
- CMSAuthenticatedDataGenerator adGen = new CMSAuthenticatedDataGenerator();
-
- adGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
-
- CMSAuthenticatedData ad = adGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSMacCalculatorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build());
-
- ad = new CMSAuthenticatedData(ad.getEncoded());
-
- RecipientInformationStore recipients = ad.getRecipientInfos();
-
- assertEquals(CMSAuthenticatedDataGenerator.DES_EDE3_CBC, ad.getMacAlgOID());
-
- Collection c = recipients.getRecipients();
-
- assertEquals(1, c.size());
-
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- byte[] recData = recipient.getContent(new JceKeyTransAuthenticatedRecipient(_reciKP.getPrivate()).setProvider(BC));
-
- assertTrue(Arrays.equals(data, recData));
- assertTrue(Arrays.equals(ad.getMac(), recipient.getMac()));
- }
- }
-
- public void testOriginatorInfo()
- throws Exception
- {
- byte[] data = "Eric H. Echidna".getBytes();
- ASN1ObjectIdentifier macAlg = CMSAlgorithm.DES_EDE3_CBC;
-
- CMSAuthenticatedDataGenerator adGen = new CMSAuthenticatedDataGenerator();
-
- X509CertificateHolder origCert = new X509CertificateHolder(_origCert.getEncoded());
-
- adGen.setOriginatorInfo(new OriginatorInfoGenerator(origCert).generate());
-
- adGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
-
- CMSAuthenticatedData ad = adGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSMacCalculatorBuilder(macAlg).setProvider(BC).build());
-
- assertTrue(ad.getOriginatorInfo().getCertificates().getMatches(null).contains(origCert));
-
- RecipientInformationStore recipients = ad.getRecipientInfos();
-
- assertEquals(ad.getMacAlgOID(), macAlg.getId());
-
- Collection c = recipients.getRecipients();
-
- assertEquals(1, c.size());
-
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- byte[] recData = recipient.getContent(new JceKeyTransAuthenticatedRecipient(_reciKP.getPrivate()).setProvider(BC));
-
- assertTrue(Arrays.equals(data, recData));
- assertTrue(Arrays.equals(ad.getMac(), recipient.getMac()));
- }
- }
-
- private void tryKeyTrans(ASN1ObjectIdentifier macAlg)
- throws Exception
- {
- byte[] data = "Eric H. Echidna".getBytes();
-
- CMSAuthenticatedDataGenerator adGen = new CMSAuthenticatedDataGenerator();
-
- adGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
-
- CMSAuthenticatedData ad = adGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSMacCalculatorBuilder(macAlg).setProvider(BC).build());
-
- RecipientInformationStore recipients = ad.getRecipientInfos();
-
- assertEquals(ad.getMacAlgOID(), macAlg.getId());
-
- Collection c = recipients.getRecipients();
-
- assertEquals(1, c.size());
-
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- byte[] recData = recipient.getContent(new JceKeyTransAuthenticatedRecipient(_reciKP.getPrivate()).setProvider(BC));
-
- assertTrue(Arrays.equals(data, recData));
- assertTrue(Arrays.equals(ad.getMac(), recipient.getMac()));
- }
- }
-
- private void tryKeyTransWithDigest(ASN1ObjectIdentifier macAlg)
- throws Exception
- {
- byte[] data = "Eric H. Echidna".getBytes();
-
- CMSAuthenticatedDataGenerator adGen = new CMSAuthenticatedDataGenerator();
- DigestCalculatorProvider calcProvider = new JcaDigestCalculatorProviderBuilder().setProvider(BC).build();
-
- adGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
-
- CMSAuthenticatedData ad = adGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSMacCalculatorBuilder(macAlg).setProvider(BC).build(),
- calcProvider.get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)));
-
- RecipientInformationStore recipients = ad.getRecipientInfos();
-
- assertEquals(ad.getMacAlgOID(), macAlg.getId());
-
- Collection c = recipients.getRecipients();
-
- assertEquals(1, c.size());
-
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- byte[] recData = recipient.getContent(new JceKeyTransAuthenticatedRecipient(_reciKP.getPrivate()).setProvider(BC));
-
- assertTrue(Arrays.equals(data, recData));
- assertTrue(Arrays.equals(ad.getMac(), recipient.getMac()));
- assertTrue(Arrays.equals(ad.getContentDigest(), recipient.getContentDigest()));
- }
- }
-
- private void tryKekAlgorithm(SecretKey kek, ASN1ObjectIdentifier algOid)
- throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, OperatorCreationException
- {
- byte[] data = "Eric H. Echidna".getBytes();
-
- CMSAuthenticatedDataGenerator adGen = new CMSAuthenticatedDataGenerator();
-
- byte[] kekId = new byte[] { 1, 2, 3, 4, 5 };
-
- adGen.addRecipientInfoGenerator(new JceKEKRecipientInfoGenerator(kekId, kek).setProvider(BC));
-
- CMSAuthenticatedData ad = adGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSMacCalculatorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build());
-
- RecipientInformationStore recipients = ad.getRecipientInfos();
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- assertEquals(ad.getMacAlgOID(), CMSAuthenticatedDataGenerator.DES_EDE3_CBC);
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), algOid.getId());
-
- byte[] recData = recipient.getContent(new JceKEKAuthenticatedRecipient(kek).setProvider(BC));
-
- assertTrue(Arrays.equals(data, recData));
- assertTrue(Arrays.equals(ad.getMac(), recipient.getMac()));
- }
- else
- {
- fail("no recipient found");
- }
- }
-
- private void tryKekAlgorithmWithDigest(SecretKey kek, ASN1ObjectIdentifier algOid)
- throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, OperatorCreationException
- {
- byte[] data = "Eric H. Echidna".getBytes();
-
- CMSAuthenticatedDataGenerator adGen = new CMSAuthenticatedDataGenerator();
- DigestCalculatorProvider calcProvider = new JcaDigestCalculatorProviderBuilder().setProvider(BC).build();
-
- byte[] kekId = new byte[] { 1, 2, 3, 4, 5 };
-
- adGen.addRecipientInfoGenerator(new JceKEKRecipientInfoGenerator(kekId, kek).setProvider(BC));
-
- CMSAuthenticatedData ad = adGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSMacCalculatorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build(),
- calcProvider.get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)));
-
- RecipientInformationStore recipients = ad.getRecipientInfos();
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- assertEquals(ad.getMacAlgOID(), CMSAuthenticatedDataGenerator.DES_EDE3_CBC);
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), algOid.getId());
-
- byte[] recData = recipient.getContent(new JceKEKAuthenticatedRecipient(kek).setProvider(BC));
-
- assertTrue(Arrays.equals(data, recData));
- assertTrue(Arrays.equals(ad.getMac(), recipient.getMac()));
- assertTrue(Arrays.equals(ad.getContentDigest(), recipient.getContentDigest()));
- }
- else
- {
- fail("no recipient found");
- }
- }
-
-
- private void passwordTest(String algorithm)
- throws Exception
- {
- byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
-
- CMSAuthenticatedDataGenerator adGen = new CMSAuthenticatedDataGenerator();
-
- adGen.addRecipientInfoGenerator(new JcePasswordRecipientInfoGenerator(new ASN1ObjectIdentifier(algorithm), "password".toCharArray()).setProvider(BC).setSaltAndIterationCount(new byte[20], 5));
-
- CMSAuthenticatedData ad = adGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSMacCalculatorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build());
-
- RecipientInformationStore recipients = ad.getRecipientInfos();
-
- assertEquals(ad.getMacAlgOID(),
- CMSAuthenticatedDataGenerator.DES_EDE3_CBC);
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- PasswordRecipientInformation recipient = (PasswordRecipientInformation)it.next();
-
- PasswordRecipient pbeRep = new JcePasswordAuthenticatedRecipient("password".toCharArray()).setProvider(BC);
-
- byte[] recData = recipient.getContent(pbeRep);
-
- assertTrue(Arrays.equals(data, recData));
- assertTrue(Arrays.equals(ad.getMac(), recipient.getMac()));
- }
- else
- {
- fail("no recipient found");
- }
- }
-} \ No newline at end of file
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/NewCompressedDataStreamTest.java b/pkix/src/test/java/org/bouncycastle/cms/test/NewCompressedDataStreamTest.java
deleted file mode 100644
index 3acc15db..00000000
--- a/pkix/src/test/java/org/bouncycastle/cms/test/NewCompressedDataStreamTest.java
+++ /dev/null
@@ -1,127 +0,0 @@
-package org.bouncycastle.cms.test;
-
-import java.io.ByteArrayOutputStream;
-import java.io.OutputStream;
-import java.util.Arrays;
-import java.util.Random;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.cms.CMSCompressedDataParser;
-import org.bouncycastle.cms.CMSCompressedDataStreamGenerator;
-import org.bouncycastle.cms.jcajce.ZlibCompressor;
-import org.bouncycastle.cms.jcajce.ZlibExpanderProvider;
-import org.bouncycastle.util.encoders.Base64;
-
-public class NewCompressedDataStreamTest
- extends TestCase
-{
- public NewCompressedDataStreamTest(String name)
- {
- super(name);
- }
-
- public void testWorkingData()
- throws Exception
- {
- byte[] compData = Base64.decode(
- "MIAGCyqGSIb3DQEJEAEJoIAwgAIBADANBgsqhkiG9w0BCRADCDCABgkqhkiG9w0BBwGggCSABIIC"
- + "Hnic7ZRdb9owFIbvK/k/5PqVYPFXGK12YYyboVFASSp1vQtZGiLRACZE49/XHoUW7S/0tXP8Efux"
- + "fU5ivWnasml72XFb3gb5druui7ytN803M570nii7C5r8tfwR281hy/p/KSM3+jzH5s3+pbQ90xSb"
- + "P3VT3QbLusnt8WPIuN5vN/vaA2+DulnXTXkXvNTr8j8ouZmkCmGI/UW+ZS/C8zP0bz2dz0zwLt+1"
- + "UEk2M8mlaxjRMByAhZTj0RGYg4TvogiRASROsZgjpVcJCb1KV6QzQeDJ1XkoQ5Jm+C5PbOHZZGRi"
- + "v+ORAcshOGeCcdFJyfgFxdtCdEcmOrbinc/+BBMzRThEYpwl+jEBpciSGWQkI0TSlREmD/eOHb2D"
- + "SGLuESm/iKUFt1y4XHBO2a5oq0IKJKWLS9kUZTA7vC5LSxYmgVL46SIWxIfWBQd6AdrnjLmH94UT"
- + "vGxVibLqRCtIpp4g2qpdtqK1LiOeolpVK5wVQ5P7+QjZAlrh0cePYTx/gNZuB9Vhndtgujl9T/tg"
- + "W9ogK+3rnmg3YWygnTuF5GDS+Q/jIVLnCcYZFc6Kk/+c80wKwZjwdZIqDYWRH68MuBQSXLgXYXj2"
- + "3CAaYOBNJMliTl0X7eV5DnoKIFSKYdj3cRpD/cK/JWTHJRe76MUXnfBW8m7Hd5zhQ4ri2NrVF/WL"
- + "+kV1/3AGSlJ32bFPd2BsQD8uSzIx6lObkjdz95c0AAAAAAAAAAAAAAAA");
-
- byte[] uncompData = Base64.decode(
- "Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9FREktWDEyOyBuYW1lPUdyb3VwMi54MTINCkNvbnRl"
- + "bnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJpbmFyeQ0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5l"
- + "OyBmaWxlbmFtZT1Hcm91cDIueDEyDQoNCklTQSowMCpzc3Nzc3Nzc3NzKjAwKnJycnJycnJycnIqW"
- + "loqQ1lDTE9ORSAgICAgICAgKlpaKlBBUlRORVIgICAgICAgICo5NjEwMDcqMjAxMypVKjAwMjAwKj"
- + "AwMDAwMDAwMSowKlQqKg1HUypQTypTMVMxUzFTMVMxUzFTMVMqUjFSMVIxUjFSMVIxUjFSKjk2MTA"
- + "wNyoyMDEzKjAwMDAwMDAwNCpYKjAwMzA1MA1TVCo4NTAqMDAwMDQwMDAxDUJFRyowMCpCRSoyYSo0"
- + "MzMyNDIzNHY1NTIzKjk2MTAwNyoyM3RjNHZ5MjR2MmgzdmgzdmgqWloqSUVMKjA5KlJFKjA5DUNVU"
- + "ioxMSpUUk4qNTY1Nio2NSo1NjYqSU1GKjAwNio5NjEwMDcNUkVGKjZBKjQzM3IxYzNyMzRyMzRjMz"
- + "MxMnFjdGdjNTQqUmVmZXJlbmNlIE51bWJlcg1QRVIqQUEqSGFucyBHdXR0ZW4qQ1AqMS4zMjIuMzI"
- + "zLjQ0NDQqKioqKnJnZzRlZ3Y0dDQNVEFYKjR0Z3RidDR0cjR0cipHTCpnaGdoKioqKioqKioqRypD"
- + "DUZPQipUUCpDQSpVU0EqMDIqRE9NKkNDKlJlZ3VsYXIgTG9jYXRpb25zIHBlciBUZXJtcw1DVFAqR"
- + "EUqQzA0KjQ1MyoyNTAwMCpEOSpTRUwqMjMyMTQqMjM0MzI0MjM0MjMqRVMqNDIyNDM0MjMNU0FDKk"
- + "EqQjAwMCpBRSozNTQ1KjM0NDIzMDANQ1VSKjExKjc2Nyo3NzY3KjY1DVBPMSoxMTEtYWFhKjEwMDA"
- + "wMDAqQVMqOTAuMDAqQkQqQUsqMjM0MjM1djM1MzRxNmYzNTM0djQzNTM0NTN2cTNxMzIqKioqKioq"
- + "KioqKkExKnl0cmgNUE8xKjExMS1hYWEqMTAwMDAwMCpBUyo5MC4wMCpCRCpBSyoyMzQyMzV2MzUzN"
- + "HE2ZjM1MzR2NDM1MzQ1M3ZxM3EzMioqKioqKioqKioqQTEqeXRyaA1QTzEqMTExLWFhYSoxMDAwMD"
- + "AwKkFTKjkwLjAwKkJEKkFLKjIzNDIzNXYzNTM0cTZmMzUzNHY0MzUzNDUzdnEzcTMyKioqKioqKio"
- + "qKipBMSp5dHJoDVBPMSoxMTEtYWFhKjEwMDAwMDAqQVMqOTAuMDAqQkQqQUsqMjM0MjM1djM1MzRx"
- + "NmYzNTM0djQzNTM0NTN2cTNxMzIqKioqKioqKioqKkExKnl0cmgNUE8xKjExMS1hYWEqMTAwMDAwM"
- + "CpBUyo5MC4wMCpCRCpBSyoyMzQyMzV2MzUzNHE2ZjM1MzR2NDM1MzQ1M3ZxM3EzMioqKioqKioqKi"
- + "oqQTEqeXRyaA1QTzEqMTExLWFhYSoxMDAwMDAwKkFTKjkwLjAwKkJEKkFLKjIzNDIzNXYzNTM0cTZ"
- + "mMzUzNHY0MzUzNDUzdnEzcTMyKioqKioqKioqKipBMSp5dHJoDVBPMSoxMTEtYWFhKjEwMDAwMDAq"
- + "QVMqOTAuMDAqQkQqQUsqMjM0MjM1djM1MzRxNmYzNTM0djQzNTM0NTN2cTNxMzIqKioqKioqKioqK"
- + "kExKnl0cmgNUE8xKjExMS1hYWEqMTAwMDAwMCpBUyo5MC4wMCpCRCpBSyoyMzQyMzV2MzUzNHE2Zj"
- + "M1MzR2NDM1MzQ1M3ZxM3EzMioqKioqKioqKioqQTEqeXRyaA1QTzEqMTExLWFhYSoxMDAwMDAwKkF"
- + "TKjkwLjAwKkJEKkFLKjIzNDIzNXYzNTM0cTZmMzUzNHY0MzUzNDUzdnEzcTMyKioqKioqKioqKipB"
- + "MSp5dHJoDVBPMSoxMTEtYWFhKjEwMDAwMDAqQVMqOTAuMDAqQkQqQUsqMjM0MjM1djM1MzRxNmYzN"
- + "TM0djQzNTM0NTN2cTNxMzIqKioqKioqKioqKkExKnl0cmgNQ1RUKjENU0UqMjIqMDAwMDQwMDAxDU"
- + "dFKjEqMDAwMDAwMDA0DUlFQSoxKjAwMDAwMDAwMQ0=");
-
- CMSCompressedDataParser ed = new CMSCompressedDataParser(compData);
-
- assertEquals(true, Arrays.equals(uncompData, CMSTestUtil.streamToByteArray(ed.getContent(new ZlibExpanderProvider()).getContentStream())));
- }
-
- public void testEach()
- throws Exception
- {
- byte[] testData = "Hello world!".getBytes();
-
- CMSCompressedDataStreamGenerator gen = new CMSCompressedDataStreamGenerator();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- OutputStream cOut = gen.open(bOut, new ZlibCompressor());
-
- cOut.write(testData);
-
- cOut.close();
-
- CMSCompressedDataParser ed = new CMSCompressedDataParser(bOut.toByteArray());
-
- assertEquals(true, Arrays.equals(testData, CMSTestUtil.streamToByteArray(ed.getContent(new ZlibExpanderProvider()).getContentStream())));
- }
-
- public void test1000()
- throws Exception
- {
- byte[] testData = new byte[10000];
- Random rand = new Random();
-
- rand.setSeed(0);
-
- for (int i = 0; i != 10; i++)
- {
- CMSCompressedDataStreamGenerator gen = new CMSCompressedDataStreamGenerator();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- OutputStream cOut = gen.open(bOut, new ZlibCompressor());
-
- rand.nextBytes(testData);
-
- cOut.write(testData);
-
- cOut.close();
-
- CMSCompressedDataParser ed = new CMSCompressedDataParser(bOut.toByteArray());
-
- assertEquals(true, Arrays.equals(testData, CMSTestUtil.streamToByteArray(ed.getContent(new ZlibExpanderProvider()).getContentStream())));
- }
- }
-
- public static Test suite()
- {
- return new TestSuite(NewCompressedDataStreamTest.class);
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/NewCompressedDataTest.java b/pkix/src/test/java/org/bouncycastle/cms/test/NewCompressedDataTest.java
deleted file mode 100644
index 9c888ce6..00000000
--- a/pkix/src/test/java/org/bouncycastle/cms/test/NewCompressedDataTest.java
+++ /dev/null
@@ -1,151 +0,0 @@
-package org.bouncycastle.cms.test;
-
-import java.util.Arrays;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.cms.CMSCompressedData;
-import org.bouncycastle.cms.CMSCompressedDataGenerator;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.CMSProcessableByteArray;
-import org.bouncycastle.cms.jcajce.ZlibCompressor;
-import org.bouncycastle.cms.jcajce.ZlibExpanderProvider;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.io.StreamOverflowException;
-
-public class NewCompressedDataTest
- extends TestCase
-{
- private static final byte[] TEST_DATA = "Hello world!".getBytes();
-
- /*
- *
- * INFRASTRUCTURE
- *
- */
-
- public NewCompressedDataTest(String name)
- {
- super(name);
- }
-
- public static void main(String args[])
- {
- junit.textui.TestRunner.run(NewCompressedDataTest.class);
- }
-
- public static Test suite()
- {
- return new CMSTestSetup(new TestSuite(NewCompressedDataTest.class));
- }
-
- public void setUp()
- {
-
- }
-
- public void tearDown()
- {
-
- }
-
- public void testWorkingData()
- throws Exception
- {
- byte[] compData = Base64
- .decode("MIAGCyqGSIb3DQEJEAEJoIAwgAIBADANBgsqhkiG9w0BCRADCDCABgkqhkiG9w0BBwGggCSABIIC"
- + "Hnic7ZRdb9owFIbvK/k/5PqVYPFXGK12YYyboVFASSp1vQtZGiLRACZE49/XHoUW7S/0tXP8Efux"
- + "fU5ivWnasml72XFb3gb5druui7ytN803M570nii7C5r8tfwR281hy/p/KSM3+jzH5s3+pbQ90xSb"
- + "P3VT3QbLusnt8WPIuN5vN/vaA2+DulnXTXkXvNTr8j8ouZmkCmGI/UW+ZS/C8zP0bz2dz0zwLt+1"
- + "UEk2M8mlaxjRMByAhZTj0RGYg4TvogiRASROsZgjpVcJCb1KV6QzQeDJ1XkoQ5Jm+C5PbOHZZGRi"
- + "v+ORAcshOGeCcdFJyfgFxdtCdEcmOrbinc/+BBMzRThEYpwl+jEBpciSGWQkI0TSlREmD/eOHb2D"
- + "SGLuESm/iKUFt1y4XHBO2a5oq0IKJKWLS9kUZTA7vC5LSxYmgVL46SIWxIfWBQd6AdrnjLmH94UT"
- + "vGxVibLqRCtIpp4g2qpdtqK1LiOeolpVK5wVQ5P7+QjZAlrh0cePYTx/gNZuB9Vhndtgujl9T/tg"
- + "W9ogK+3rnmg3YWygnTuF5GDS+Q/jIVLnCcYZFc6Kk/+c80wKwZjwdZIqDYWRH68MuBQSXLgXYXj2"
- + "3CAaYOBNJMliTl0X7eV5DnoKIFSKYdj3cRpD/cK/JWTHJRe76MUXnfBW8m7Hd5zhQ4ri2NrVF/WL"
- + "+kV1/3AGSlJ32bFPd2BsQD8uSzIx6lObkjdz95c0AAAAAAAAAAAAAAAA");
-
- byte[] uncompData = Base64
- .decode("Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9FREktWDEyOyBuYW1lPUdyb3VwMi54MTINCkNvbnRl"
- + "bnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJpbmFyeQ0KQ29udGVudC1EaXNwb3NpdGlvbjogaW5saW5l"
- + "OyBmaWxlbmFtZT1Hcm91cDIueDEyDQoNCklTQSowMCpzc3Nzc3Nzc3NzKjAwKnJycnJycnJycnIqW"
- + "loqQ1lDTE9ORSAgICAgICAgKlpaKlBBUlRORVIgICAgICAgICo5NjEwMDcqMjAxMypVKjAwMjAwKj"
- + "AwMDAwMDAwMSowKlQqKg1HUypQTypTMVMxUzFTMVMxUzFTMVMqUjFSMVIxUjFSMVIxUjFSKjk2MTA"
- + "wNyoyMDEzKjAwMDAwMDAwNCpYKjAwMzA1MA1TVCo4NTAqMDAwMDQwMDAxDUJFRyowMCpCRSoyYSo0"
- + "MzMyNDIzNHY1NTIzKjk2MTAwNyoyM3RjNHZ5MjR2MmgzdmgzdmgqWloqSUVMKjA5KlJFKjA5DUNVU"
- + "ioxMSpUUk4qNTY1Nio2NSo1NjYqSU1GKjAwNio5NjEwMDcNUkVGKjZBKjQzM3IxYzNyMzRyMzRjMz"
- + "MxMnFjdGdjNTQqUmVmZXJlbmNlIE51bWJlcg1QRVIqQUEqSGFucyBHdXR0ZW4qQ1AqMS4zMjIuMzI"
- + "zLjQ0NDQqKioqKnJnZzRlZ3Y0dDQNVEFYKjR0Z3RidDR0cjR0cipHTCpnaGdoKioqKioqKioqRypD"
- + "DUZPQipUUCpDQSpVU0EqMDIqRE9NKkNDKlJlZ3VsYXIgTG9jYXRpb25zIHBlciBUZXJtcw1DVFAqR"
- + "EUqQzA0KjQ1MyoyNTAwMCpEOSpTRUwqMjMyMTQqMjM0MzI0MjM0MjMqRVMqNDIyNDM0MjMNU0FDKk"
- + "EqQjAwMCpBRSozNTQ1KjM0NDIzMDANQ1VSKjExKjc2Nyo3NzY3KjY1DVBPMSoxMTEtYWFhKjEwMDA"
- + "wMDAqQVMqOTAuMDAqQkQqQUsqMjM0MjM1djM1MzRxNmYzNTM0djQzNTM0NTN2cTNxMzIqKioqKioq"
- + "KioqKkExKnl0cmgNUE8xKjExMS1hYWEqMTAwMDAwMCpBUyo5MC4wMCpCRCpBSyoyMzQyMzV2MzUzN"
- + "HE2ZjM1MzR2NDM1MzQ1M3ZxM3EzMioqKioqKioqKioqQTEqeXRyaA1QTzEqMTExLWFhYSoxMDAwMD"
- + "AwKkFTKjkwLjAwKkJEKkFLKjIzNDIzNXYzNTM0cTZmMzUzNHY0MzUzNDUzdnEzcTMyKioqKioqKio"
- + "qKipBMSp5dHJoDVBPMSoxMTEtYWFhKjEwMDAwMDAqQVMqOTAuMDAqQkQqQUsqMjM0MjM1djM1MzRx"
- + "NmYzNTM0djQzNTM0NTN2cTNxMzIqKioqKioqKioqKkExKnl0cmgNUE8xKjExMS1hYWEqMTAwMDAwM"
- + "CpBUyo5MC4wMCpCRCpBSyoyMzQyMzV2MzUzNHE2ZjM1MzR2NDM1MzQ1M3ZxM3EzMioqKioqKioqKi"
- + "oqQTEqeXRyaA1QTzEqMTExLWFhYSoxMDAwMDAwKkFTKjkwLjAwKkJEKkFLKjIzNDIzNXYzNTM0cTZ"
- + "mMzUzNHY0MzUzNDUzdnEzcTMyKioqKioqKioqKipBMSp5dHJoDVBPMSoxMTEtYWFhKjEwMDAwMDAq"
- + "QVMqOTAuMDAqQkQqQUsqMjM0MjM1djM1MzRxNmYzNTM0djQzNTM0NTN2cTNxMzIqKioqKioqKioqK"
- + "kExKnl0cmgNUE8xKjExMS1hYWEqMTAwMDAwMCpBUyo5MC4wMCpCRCpBSyoyMzQyMzV2MzUzNHE2Zj"
- + "M1MzR2NDM1MzQ1M3ZxM3EzMioqKioqKioqKioqQTEqeXRyaA1QTzEqMTExLWFhYSoxMDAwMDAwKkF"
- + "TKjkwLjAwKkJEKkFLKjIzNDIzNXYzNTM0cTZmMzUzNHY0MzUzNDUzdnEzcTMyKioqKioqKioqKipB"
- + "MSp5dHJoDVBPMSoxMTEtYWFhKjEwMDAwMDAqQVMqOTAuMDAqQkQqQUsqMjM0MjM1djM1MzRxNmYzN"
- + "TM0djQzNTM0NTN2cTNxMzIqKioqKioqKioqKkExKnl0cmgNQ1RUKjENU0UqMjIqMDAwMDQwMDAxDUdFKjEqMDAwMDAwMDA0DUlFQSoxKjAwMDAwMDAwMQ0=");
-
- CMSCompressedData ed = new CMSCompressedData(compData);
-
- assertEquals(true, Arrays.equals(uncompData, ed.getContent(new ZlibExpanderProvider())));
- }
-
- public void testEach()
- throws Exception
- {
- CMSCompressedData cd = getStdData();
-
- assertEquals(true, Arrays.equals(TEST_DATA, cd.getContent(new ZlibExpanderProvider())));
- }
-
- public void testLimitUnder()
- throws Exception
- {
- CMSCompressedData cd = getStdData();
-
- try
- {
- cd.getContent(new ZlibExpanderProvider(TEST_DATA.length / 2));
- }
- catch (CMSException e)
- {
- assertEquals(true, e.getCause() instanceof StreamOverflowException);
- }
- }
-
- public void testLimitOver()
- throws Exception
- {
- CMSCompressedData cd = getStdData();
-
- assertEquals(true, Arrays.equals(TEST_DATA, cd.getContent(new ZlibExpanderProvider(TEST_DATA.length * 2))));
- }
-
- public void testLimitEqual()
- throws Exception
- {
- CMSCompressedData cd = getStdData();
-
- assertEquals(true, Arrays.equals(TEST_DATA, cd.getContent(new ZlibExpanderProvider(TEST_DATA.length))));
- }
-
- private CMSCompressedData getStdData()
- throws CMSException
- {
- CMSProcessableByteArray testData = new CMSProcessableByteArray(TEST_DATA);
- CMSCompressedDataGenerator gen = new CMSCompressedDataGenerator();
-
- return gen.generate(testData, new ZlibCompressor());
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/NewEnvelopedDataStreamTest.java b/pkix/src/test/java/org/bouncycastle/cms/test/NewEnvelopedDataStreamTest.java
deleted file mode 100644
index 77596779..00000000
--- a/pkix/src/test/java/org/bouncycastle/cms/test/NewEnvelopedDataStreamTest.java
+++ /dev/null
@@ -1,760 +0,0 @@
-package org.bouncycastle.cms.test;
-
-import java.io.BufferedOutputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.security.KeyFactory;
-import java.security.KeyPair;
-import java.security.PrivateKey;
-import java.security.Security;
-import java.security.cert.X509Certificate;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Hashtable;
-import java.util.Iterator;
-
-import javax.crypto.SecretKey;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.DEROutputStream;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.DERUTF8String;
-import org.bouncycastle.asn1.cms.Attribute;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cms.CMSAlgorithm;
-import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
-import org.bouncycastle.cms.CMSEnvelopedDataParser;
-import org.bouncycastle.cms.CMSEnvelopedDataStreamGenerator;
-import org.bouncycastle.cms.CMSTypedStream;
-import org.bouncycastle.cms.KEKRecipientId;
-import org.bouncycastle.cms.OriginatorInfoGenerator;
-import org.bouncycastle.cms.OriginatorInformation;
-import org.bouncycastle.cms.RecipientId;
-import org.bouncycastle.cms.RecipientInformation;
-import org.bouncycastle.cms.RecipientInformationStore;
-import org.bouncycastle.cms.SimpleAttributeTableGenerator;
-import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
-import org.bouncycastle.cms.jcajce.JceKEKEnvelopedRecipient;
-import org.bouncycastle.cms.jcajce.JceKEKRecipientInfoGenerator;
-import org.bouncycastle.cms.jcajce.JceKeyAgreeEnvelopedRecipient;
-import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientId;
-import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientInfoGenerator;
-import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
-import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.encoders.Hex;
-
-public class NewEnvelopedDataStreamTest
- extends TestCase
-{
- private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
-
- private static final int BUFFER_SIZE = 4000;
- private static String _signDN;
- private static KeyPair _signKP;
- private static X509Certificate _signCert;
-
- private static String _origDN;
- private static KeyPair _origKP;
- private static X509Certificate _origCert;
-
- private static String _reciDN;
- private static KeyPair _reciKP;
- private static X509Certificate _reciCert;
-
- private static KeyPair _origEcKP;
- private static KeyPair _reciEcKP;
- private static X509Certificate _reciEcCert;
-
- private static boolean _initialised = false;
-
- public NewEnvelopedDataStreamTest()
- {
- }
-
- private static void init()
- throws Exception
- {
- if (!_initialised)
- {
- _initialised = true;
-
- _signDN = "O=Bouncy Castle, C=AU";
- _signKP = CMSTestUtil.makeKeyPair();
- _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _signKP, _signDN);
-
- _origDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU";
- _origKP = CMSTestUtil.makeKeyPair();
- _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _signKP, _signDN);
-
- _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU";
- _reciKP = CMSTestUtil.makeKeyPair();
- _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN);
-
- _origEcKP = CMSTestUtil.makeEcDsaKeyPair();
- _reciEcKP = CMSTestUtil.makeEcDsaKeyPair();
- _reciEcCert = CMSTestUtil.makeCertificate(_reciEcKP, _reciDN, _signKP, _signDN);
- }
- }
-
- public void setUp()
- throws Exception
- {
- init();
- }
-
- public void testWorkingData()
- throws Exception
- {
- byte[] keyData = Base64.decode(
- "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKrAz/SQKrcQ" +
- "nj9IxHIfKDbuXsMqUpI06s2gps6fp7RDNvtUDDMOciWGFhD45YSy8GO0mPx3" +
- "Nkc7vKBqX4TLcqLUz7kXGOHGOwiPZoNF+9jBMPNROe/B0My0PkWg9tuq+nxN" +
- "64oD47+JvDwrpNOS5wsYavXeAW8Anv9ZzHLU7KwZAgMBAAECgYA/fqdVt+5K" +
- "WKGfwr1Z+oAHvSf7xtchiw/tGtosZ24DOCNP3fcTXUHQ9kVqVkNyzt9ZFCT3" +
- "bJUAdBQ2SpfuV4DusVeQZVzcROKeA09nPkxBpTefWbSDQGhb+eZq9L8JDRSW" +
- "HyYqs+MBoUpLw7GKtZiJkZyY6CsYkAnQ+uYVWq/TIQJBAP5zafO4HUV/w4KD" +
- "VJi+ua+GYF1Sg1t/dYL1kXO9GP1p75YAmtm6LdnOCas7wj70/G1YlPGkOP0V" +
- "GFzeG5KAmAUCQQCryvKU9nwWA+kypcQT9Yr1P4vGS0APYoBThnZq7jEPc5Cm" +
- "ZI82yseSxSeea0+8KQbZ5mvh1p3qImDLEH/iNSQFAkAghS+tboKPN10NeSt+" +
- "uiGRRWNbiggv0YJ7Uldcq3ZeLQPp7/naiekCRUsHD4Qr97OrZf7jQ1HlRqTu" +
- "eZScjMLhAkBNUMZCQnhwFAyEzdPkQ7LpU1MdyEopYmRssuxijZao5JLqQAGw" +
- "YCzXokGFa7hz72b09F4DQurJL/WuDlvvu4jdAkEAxwT9lylvfSfEQw4/qQgZ" +
- "MFB26gqB6Gqs1pHIZCzdliKx5BO3VDeUGfXMI8yOkbXoWbYx5xPid/+N8R//" +
- "+sxLBw==");
-
- byte[] envData = Base64.decode(
- "MIAGCSqGSIb3DQEHA6CAMIACAQAxgcQwgcECAQAwKjAlMRYwFAYDVQQKEw1C" +
- "b3VuY3kgQ2FzdGxlMQswCQYDVQQGEwJBVQIBHjANBgkqhkiG9w0BAQEFAASB" +
- "gDmnaDZ0vDJNlaUSYyEXsgbaUH+itNTjCOgv77QTX2ImXj+kTctM19PQF2I1" +
- "0/NL0fjakvCgBTHKmk13a7jqB6cX3bysenHNrglHsgNGgeXQ7ggAq5fV/JQQ" +
- "T7rSxEtuwpbuHQnoVUZahOHVKy/a0uLr9iIh1A3y+yZTZaG505ZJMIAGCSqG" +
- "SIb3DQEHATAdBglghkgBZQMEAQIEENmkYNbDXiZxJWtq82qIRZKggAQgkOGr" +
- "1JcTsADStez1eY4+rO4DtyBIyUYQ3pilnbirfPkAAAAAAAAAAAAA");
-
-
- CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(envData);
-
- RecipientInformationStore recipients = ep.getRecipientInfos();
-
- assertEquals(ep.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES128_CBC);
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyData);
- KeyFactory keyFact = KeyFactory.getInstance("RSA", BC);
- PrivateKey priKey = keyFact.generatePrivate(keySpec);
- byte[] data = Hex.decode("57616c6c6157616c6c6157617368696e67746f6e");
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- CMSTypedStream recData = recipient.getContentStream(new JceKeyTransEnvelopedRecipient(priKey).setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, CMSTestUtil.streamToByteArray(recData.getContentStream())));
- }
- }
-
- private void verifyData(
- ByteArrayOutputStream encodedStream,
- String expectedOid,
- byte[] expectedData)
- throws Exception
- {
- CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(encodedStream.toByteArray());
- RecipientInformationStore recipients = ep.getRecipientInfos();
-
- assertEquals(ep.getEncryptionAlgOID(), expectedOid);
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- CMSTypedStream recData = recipient.getContentStream(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC));
-
- assertEquals(true, Arrays.equals(expectedData, CMSTestUtil.streamToByteArray(recData.getContentStream())));
- }
- }
-
- public void testUnprotectedAttributes()
- throws Exception
- {
- byte[] data = "WallaWallaWashington".getBytes();
-
- CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
-
- Hashtable attrs = new Hashtable();
-
- attrs.put(PKCSObjectIdentifiers.id_aa_contentHint, new Attribute(PKCSObjectIdentifiers.id_aa_contentHint, new DERSet(new DERUTF8String("Hint"))));
- attrs.put(PKCSObjectIdentifiers.id_aa_receiptRequest, new Attribute(PKCSObjectIdentifiers.id_aa_receiptRequest, new DERSet(new DERUTF8String("Request"))));
-
- AttributeTable attrTable = new AttributeTable(attrs);
-
- edGen.setUnprotectedAttributeGenerator(new SimpleAttributeTableGenerator(attrTable));
-
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- OutputStream out = edGen.open(
- bOut, new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
-
- out.write(data);
-
- out.close();
-
- CMSEnvelopedDataParser ed = new CMSEnvelopedDataParser(bOut.toByteArray());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- Collection c = recipients.getRecipients();
-
- assertEquals(1, c.size());
-
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
-
- attrTable = ed.getUnprotectedAttributes();
-
- assertEquals(attrs.size(), 2);
-
- assertEquals(new DERUTF8String("Hint"), attrTable.get(PKCSObjectIdentifiers.id_aa_contentHint).getAttrValues().getObjectAt(0));
- assertEquals(new DERUTF8String("Request"), attrTable.get(PKCSObjectIdentifiers.id_aa_receiptRequest).getAttrValues().getObjectAt(0));
-
- }
-
- public void testKeyTransAES128BufferedStream()
- throws Exception
- {
- byte[] data = new byte[2000];
-
- for (int i = 0; i != 2000; i++)
- {
- data[i] = (byte)(i & 0xff);
- }
-
- //
- // unbuffered
- //
- CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
-
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- OutputStream out = edGen.open(
- bOut, new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
-
- for (int i = 0; i != 2000; i++)
- {
- out.write(data[i]);
- }
-
- out.close();
-
- verifyData(bOut, CMSEnvelopedDataGenerator.AES128_CBC, data);
-
- int unbufferedLength = bOut.toByteArray().length;
-
- //
- // Using buffered output - should be == to unbuffered
- //
- edGen = new CMSEnvelopedDataStreamGenerator();
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
-
- bOut = new ByteArrayOutputStream();
-
- out = edGen.open(bOut, new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
-
- BufferedOutputStream bfOut = new BufferedOutputStream(out, 300);
-
- for (int i = 0; i != 2000; i++)
- {
- bfOut.write(data[i]);
- }
-
- bfOut.close();
-
- verifyData(bOut, CMSEnvelopedDataGenerator.AES128_CBC, data);
-
- assertTrue(bOut.toByteArray().length == unbufferedLength);
- }
-
- public void testKeyTransAES128Buffered()
- throws Exception
- {
- byte[] data = new byte[2000];
-
- for (int i = 0; i != 2000; i++)
- {
- data[i] = (byte)(i & 0xff);
- }
-
- //
- // unbuffered
- //
- CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
-
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- OutputStream out = edGen.open(
- bOut, new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
-
- for (int i = 0; i != 2000; i++)
- {
- out.write(data[i]);
- }
-
- out.close();
-
- verifyData(bOut, CMSEnvelopedDataGenerator.AES128_CBC, data);
-
- int unbufferedLength = bOut.toByteArray().length;
-
- //
- // buffered - less than default of 1000
- //
- edGen = new CMSEnvelopedDataStreamGenerator();
-
- edGen.setBufferSize(300);
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
-
- bOut = new ByteArrayOutputStream();
-
- out = edGen.open(bOut, new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
-
- for (int i = 0; i != 2000; i++)
- {
- out.write(data[i]);
- }
-
- out.close();
-
- verifyData(bOut, CMSEnvelopedDataGenerator.AES128_CBC, data);
-
- assertTrue(bOut.toByteArray().length > unbufferedLength);
- }
-
- public void testKeyTransAES128Der()
- throws Exception
- {
- byte[] data = new byte[2000];
-
- for (int i = 0; i != 2000; i++)
- {
- data[i] = (byte)(i & 0xff);
- }
-
- CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
-
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- OutputStream out = edGen.open(
- bOut, new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
-
- for (int i = 0; i != 2000; i++)
- {
- out.write(data[i]);
- }
-
- out.close();
-
- // convert to DER
- ASN1InputStream aIn = new ASN1InputStream(bOut.toByteArray());
-
- bOut.reset();
-
- DEROutputStream dOut = new DEROutputStream(bOut);
-
- dOut.writeObject(aIn.readObject());
-
- verifyData(bOut, CMSEnvelopedDataGenerator.AES128_CBC, data);
- }
-
- public void testKeyTransAES128Throughput()
- throws Exception
- {
- byte[] data = new byte[40001];
-
- for (int i = 0; i != data.length; i++)
- {
- data[i] = (byte)(i & 0xff);
- }
-
- //
- // buffered
- //
- CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
-
- edGen.setBufferSize(BUFFER_SIZE);
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
-
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- OutputStream out = edGen.open(bOut, new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
-
- for (int i = 0; i != data.length; i++)
- {
- out.write(data[i]);
- }
-
- out.close();
-
- CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(bOut.toByteArray());
- RecipientInformationStore recipients = ep.getRecipientInfos();
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- CMSTypedStream recData = recipient.getContentStream(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC));
-
- InputStream dataStream = recData.getContentStream();
- ByteArrayOutputStream dataOut = new ByteArrayOutputStream();
- int len;
- byte[] buf = new byte[BUFFER_SIZE];
- int count = 0;
-
- while (count != 10 && (len = dataStream.read(buf)) > 0)
- {
- assertEquals(buf.length, len);
-
- dataOut.write(buf);
- count++;
- }
-
- len = dataStream.read(buf);
- dataOut.write(buf, 0, len);
-
- assertEquals(true, Arrays.equals(data, dataOut.toByteArray()));
- }
- else
- {
- fail("recipient not found.");
- }
- }
-
- public void testKeyTransAES128AndOriginatorInfo()
- throws Exception
- {
- byte[] data = "WallaWallaWashington".getBytes();
-
- CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
-
- X509CertificateHolder origCert = new X509CertificateHolder(_origCert.getEncoded());
-
- edGen.setOriginatorInfo(new OriginatorInfoGenerator(origCert).generate());
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
-
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- OutputStream out = edGen.open(
- bOut, new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
-
- out.write(data);
-
- out.close();
-
- CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(bOut.toByteArray());
-
- assertTrue(ep.getOriginatorInfo().getCertificates().getMatches(null).contains(origCert));
-
- RecipientInformationStore recipients = ep.getRecipientInfos();
-
- assertEquals(ep.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES128_CBC);
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- CMSTypedStream recData = recipient.getContentStream(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, CMSTestUtil.streamToByteArray(recData.getContentStream())));
- }
-
- ep.close();
- }
-
- public void testKeyTransAES128()
- throws Exception
- {
- byte[] data = "WallaWallaWashington".getBytes();
-
- CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
-
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- OutputStream out = edGen.open(
- bOut, new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
-
- out.write(data);
-
- out.close();
-
- CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(bOut.toByteArray());
-
- RecipientInformationStore recipients = ep.getRecipientInfos();
-
- assertEquals(ep.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES128_CBC);
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- CMSTypedStream recData = recipient.getContentStream(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, CMSTestUtil.streamToByteArray(recData.getContentStream())));
- }
-
- ep.close();
- }
-
- public void testKeyTransCAST5SunJCE()
- throws Exception
- {
- if (Security.getProvider("SunJCE") == null)
- {
- return;
- }
-
- String version = System.getProperty("java.version");
- if (version.startsWith("1.4") || version.startsWith("1.3"))
- {
- return;
- }
-
- byte[] data = "WallaWallaWashington".getBytes();
-
- CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider("SunJCE"));
-
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- OutputStream out = edGen.open(
- bOut, new JceCMSContentEncryptorBuilder(CMSAlgorithm.CAST5_CBC).setProvider(BC).build());
-
- out.write(data);
-
- out.close();
-
- CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(bOut.toByteArray());
-
- RecipientInformationStore recipients = ep.getRecipientInfos();
-
- assertEquals(ep.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.CAST5_CBC);
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- CMSTypedStream recData = recipient.getContentStream(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider("SunJCE").setContentProvider(BC));
-
- assertEquals(true, Arrays.equals(data, CMSTestUtil.streamToByteArray(recData.getContentStream())));
- }
-
- ep.close();
- }
-
- public void testAESKEK()
- throws Exception
- {
- byte[] data = "WallaWallaWashington".getBytes();
- SecretKey kek = CMSTestUtil.makeAES192Key();
-
- CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
-
- byte[] kekId = new byte[] { 1, 2, 3, 4, 5 };
-
- edGen.addRecipientInfoGenerator(new JceKEKRecipientInfoGenerator(kekId, kek).setProvider(BC));
-
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- OutputStream out = edGen.open(
- bOut,
- new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build());
- out.write(data);
-
- out.close();
-
- CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(bOut.toByteArray());
-
- RecipientInformationStore recipients = ep.getRecipientInfos();
-
- assertEquals(ep.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC);
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), "2.16.840.1.101.3.4.1.25");
-
- CMSTypedStream recData = recipient.getContentStream(new JceKEKEnvelopedRecipient(kek).setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, CMSTestUtil.streamToByteArray(recData.getContentStream())));
- }
-
- ep.close();
- }
-
- public void testTwoAESKEK()
- throws Exception
- {
- byte[] data = "WallaWallaWashington".getBytes();
- SecretKey kek1 = CMSTestUtil.makeAES192Key();
- SecretKey kek2 = CMSTestUtil.makeAES192Key();
-
- CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
-
- byte[] kekId1 = new byte[] { 1, 2, 3, 4, 5 };
- byte[] kekId2 = new byte[] { 5, 4, 3, 2, 1 };
-
- edGen.addRecipientInfoGenerator(new JceKEKRecipientInfoGenerator(kekId1, kek1).setProvider(BC));
- edGen.addRecipientInfoGenerator(new JceKEKRecipientInfoGenerator(kekId2, kek2).setProvider(BC));
-
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- OutputStream out = edGen.open(
- bOut,
- new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build());
- out.write(data);
-
- out.close();
-
- CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(bOut.toByteArray());
-
- RecipientInformationStore recipients = ep.getRecipientInfos();
-
- assertEquals(ep.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC);
-
- RecipientId recSel = new KEKRecipientId(kekId2);
-
- RecipientInformation recipient = recipients.get(recSel);
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), "2.16.840.1.101.3.4.1.25");
-
- CMSTypedStream recData = recipient.getContentStream(new JceKEKEnvelopedRecipient(kek2).setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, CMSTestUtil.streamToByteArray(recData.getContentStream())));
-
- ep.close();
- }
-
- public void testECKeyAgree()
- throws Exception
- {
- byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
-
- CMSEnvelopedDataStreamGenerator edGen = new CMSEnvelopedDataStreamGenerator();
-
- JceKeyAgreeRecipientInfoGenerator recipientGenerator = new JceKeyAgreeRecipientInfoGenerator(CMSAlgorithm.ECDH_SHA1KDF, _origEcKP.getPrivate(), _origEcKP.getPublic(), CMSAlgorithm.AES128_WRAP).setProvider(BC);
-
- recipientGenerator.addRecipient(_reciEcCert);
-
- edGen.addRecipientInfoGenerator(recipientGenerator);
-
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- OutputStream out = edGen.open(
- bOut,
- new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
- out.write(data);
-
- out.close();
-
- CMSEnvelopedDataParser ep = new CMSEnvelopedDataParser(bOut.toByteArray());
-
- RecipientInformationStore recipients = ep.getRecipientInfos();
-
- assertEquals(ep.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES128_CBC);
-
- RecipientId recSel = new JceKeyAgreeRecipientId(_reciEcCert);
-
- RecipientInformation recipient = recipients.get(recSel);
-
- CMSTypedStream recData = recipient.getContentStream(new JceKeyAgreeEnvelopedRecipient(_reciEcKP.getPrivate()).setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, CMSTestUtil.streamToByteArray(recData.getContentStream())));
-
- ep.close();
- }
-
- public void testOriginatorInfo()
- throws Exception
- {
- CMSEnvelopedDataParser env = new CMSEnvelopedDataParser(CMSSampleMessages.originatorMessage);
-
- OriginatorInformation origInfo = env.getOriginatorInfo();
-
- RecipientInformationStore recipients = env.getRecipientInfos();
-
- assertEquals(new X500Name("C=US,O=U.S. Government,OU=HSPD12Lab,OU=Agents,CN=user1"), ((X509CertificateHolder)origInfo.getCertificates().getMatches(null).iterator().next()).getSubject());
- assertEquals(CMSEnvelopedDataGenerator.DES_EDE3_CBC, env.getEncryptionAlgOID());
- }
-
- public static Test suite()
- throws Exception
- {
- return new CMSTestSetup(new TestSuite(NewEnvelopedDataStreamTest.class));
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/NewEnvelopedDataTest.java b/pkix/src/test/java/org/bouncycastle/cms/test/NewEnvelopedDataTest.java
deleted file mode 100644
index da3641cb..00000000
--- a/pkix/src/test/java/org/bouncycastle/cms/test/NewEnvelopedDataTest.java
+++ /dev/null
@@ -1,1488 +0,0 @@
-package org.bouncycastle.cms.test;
-
-import java.io.IOException;
-import java.security.*;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.security.spec.MGF1ParameterSpec;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Hashtable;
-import java.util.Iterator;
-
-import javax.crypto.SecretKey;
-import javax.crypto.spec.OAEPParameterSpec;
-import javax.crypto.spec.PSource;
-import javax.crypto.spec.SecretKeySpec;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.DERUTF8String;
-import org.bouncycastle.asn1.cms.Attribute;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.RC2CBCParameter;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.Extension;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
-import org.bouncycastle.cms.CMSAlgorithm;
-import org.bouncycastle.cms.CMSEnvelopedData;
-import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.CMSProcessableByteArray;
-import org.bouncycastle.cms.KeyTransRecipientInformation;
-import org.bouncycastle.cms.OriginatorInfoGenerator;
-import org.bouncycastle.cms.OriginatorInformation;
-import org.bouncycastle.cms.PasswordRecipient;
-import org.bouncycastle.cms.PasswordRecipientInformation;
-import org.bouncycastle.cms.RecipientId;
-import org.bouncycastle.cms.RecipientInformation;
-import org.bouncycastle.cms.RecipientInformationStore;
-import org.bouncycastle.cms.SimpleAttributeTableGenerator;
-import org.bouncycastle.cms.bc.BcCMSContentEncryptorBuilder;
-import org.bouncycastle.cms.bc.BcRSAKeyTransRecipientInfoGenerator;
-import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
-import org.bouncycastle.cms.jcajce.JceKEKEnvelopedRecipient;
-import org.bouncycastle.cms.jcajce.JceKEKRecipientInfoGenerator;
-import org.bouncycastle.cms.jcajce.JceKeyAgreeEnvelopedRecipient;
-import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientId;
-import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientInfoGenerator;
-import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
-import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId;
-import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
-import org.bouncycastle.cms.jcajce.JcePasswordEnvelopedRecipient;
-import org.bouncycastle.cms.jcajce.JcePasswordRecipientInfoGenerator;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.OutputEncryptor;
-import org.bouncycastle.operator.jcajce.JcaAlgorithmParametersConverter;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.encoders.Hex;
-
-public class NewEnvelopedDataTest
- extends TestCase
-{
- private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
-
- private static String _signDN;
- private static KeyPair _signKP;
- private static X509Certificate _signCert;
-
- private static String _origDN;
- private static KeyPair _origKP;
- private static X509Certificate _origCert;
-
- private static String _reciDN;
- private static String _reciDN2;
- private static KeyPair _reciKP;
- private static KeyPair _reciOaepKP;
- private static X509Certificate _reciCert;
- private static X509Certificate _reciCertOaep;
-
- private static KeyPair _origEcKP;
- private static KeyPair _reciEcKP;
- private static X509Certificate _reciEcCert;
- private static KeyPair _reciEcKP2;
- private static X509Certificate _reciEcCert2;
-
- private static boolean _initialised = false;
-
- private byte[] oldKEK = Base64.decode(
- "MIAGCSqGSIb3DQEHA6CAMIACAQIxQaI/MD0CAQQwBwQFAQIDBAUwDQYJYIZIAWUDBAEFBQAEI"
- + "Fi2eHTPM4bQSjP4DUeDzJZLpfemW2gF1SPq7ZPHJi1mMIAGCSqGSIb3DQEHATAUBggqhkiG9w"
- + "0DBwQImtdGyUdGGt6ggAQYk9X9z01YFBkU7IlS3wmsKpm/zpZClTceAAAAAAAAAAAAAA==");
-
- private byte[] ecKeyAgreeMsgAES256 = Base64.decode(
- "MIAGCSqGSIb3DQEHA6CAMIACAQIxgcShgcECAQOgQ6FBMAsGByqGSM49AgEF"
- + "AAMyAAPdXlSTpub+qqno9hUGkUDl+S3/ABhPziIB5yGU4678tgOgU5CiKG9Z"
- + "kfnabIJ3nZYwGgYJK4EFEIZIPwACMA0GCWCGSAFlAwQBLQUAMFswWTAtMCgx"
- + "EzARBgNVBAMTCkFkbWluLU1EU0UxETAPBgNVBAoTCDRCQ1QtMklEAgEBBCi/"
- + "rJRLbFwEVW6PcLLmojjW9lI/xGD7CfZzXrqXFw8iHaf3hTRau1gYMIAGCSqG"
- + "SIb3DQEHATAdBglghkgBZQMEASoEEMtCnKKPwccmyrbgeSIlA3qggAQQDLw8"
- + "pNJR97bPpj6baG99bQQQwhEDsoj5Xg1oOxojHVcYzAAAAAAAAAAAAAA=");
-
- private byte[] ecKeyAgreeMsgAES128 = Base64.decode(
- "MIAGCSqGSIb3DQEHA6CAMIACAQIxgbShgbECAQOgQ6FBMAsGByqGSM49AgEF"
- + "AAMyAAL01JLEgKvKh5rbxI/hOxs/9WEezMIsAbUaZM4l5tn3CzXAN505nr5d"
- + "LhrcurMK+tAwGgYJK4EFEIZIPwACMA0GCWCGSAFlAwQBBQUAMEswSTAtMCgx"
- + "EzARBgNVBAMTCkFkbWluLU1EU0UxETAPBgNVBAoTCDRCQ1QtMklEAgEBBBhi"
- + "FLjc5g6aqDT3f8LomljOwl1WTrplUT8wgAYJKoZIhvcNAQcBMB0GCWCGSAFl"
- + "AwQBAgQQzXjms16Y69S/rB0EbHqRMaCABBAFmc/QdVW6LTKdEy97kaZzBBBa"
- + "fQuviUS03NycpojELx0bAAAAAAAAAAAAAA==");
-
- private byte[] ecKeyAgreeMsgDESEDE = Base64.decode(
- "MIAGCSqGSIb3DQEHA6CAMIACAQIxgcahgcMCAQOgQ6FBMAsGByqGSM49AgEF"
- + "AAMyAALIici6Nx1WN5f0ThH2A8ht9ovm0thpC5JK54t73E1RDzCifePaoQo0"
- + "xd6sUqoyGaYwHAYJK4EFEIZIPwACMA8GCyqGSIb3DQEJEAMGBQAwWzBZMC0w"
- + "KDETMBEGA1UEAxMKQWRtaW4tTURTRTERMA8GA1UEChMINEJDVC0ySUQCAQEE"
- + "KJuqZQ1NB1vXrKPOnb4TCpYOsdm6GscWdwAAZlm2EHMp444j0s55J9wwgAYJ"
- + "KoZIhvcNAQcBMBQGCCqGSIb3DQMHBAjwnsDMsafCrKCABBjyPvqFOVMKxxut"
- + "VfTx4fQlNGJN8S2ATRgECMcTQ/dsmeViAAAAAAAAAAAAAA==");
-
- private byte[] ecMQVKeyAgreeMsgAES128 = Base64.decode(
- "MIAGCSqGSIb3DQEHA6CAMIACAQIxgf2hgfoCAQOgQ6FBMAsGByqGSM49AgEF"
- + "AAMyAAPDKU+0H58tsjpoYmYCInMr/FayvCCkupebgsnpaGEB7qS9vzcNVUj6"
- + "mrnmiC2grpmhRwRFMEMwQTALBgcqhkjOPQIBBQADMgACZpD13z9c7DzRWx6S"
- + "0xdbq3S+EJ7vWO+YcHVjTD8NcQDcZcWASW899l1PkL936zsuMBoGCSuBBRCG"
- + "SD8AEDANBglghkgBZQMEAQUFADBLMEkwLTAoMRMwEQYDVQQDEwpBZG1pbi1N"
- + "RFNFMREwDwYDVQQKEwg0QkNULTJJRAIBAQQYFq58L71nyMK/70w3nc6zkkRy"
- + "RL7DHmpZMIAGCSqGSIb3DQEHATAdBglghkgBZQMEAQIEEDzRUpreBsZXWHBe"
- + "onxOtSmggAQQ7csAZXwT1lHUqoazoy8bhAQQq+9Zjj8iGdOWgyebbfj67QAA"
- + "AAAAAAAAAAA=");
-
-
- private byte[] ecKeyAgreeKey = Base64.decode(
- "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDC8vp7xVTbKSgYVU5Wc"
- + "hGkWbzaj+yUFETIWP1Dt7+WSpq3ikSPdl7PpHPqnPVZfoIWhZANiAgSYHTgxf+Dd"
- + "Tt84dUvuSKkFy3RhjxJmjwIscK6zbEUzKhcPQG2GHzXhWK5x1kov0I74XpGhVkya"
- + "ElH5K6SaOXiXAzcyNGggTOk4+ZFnz5Xl0pBje3zKxPhYu0SnCw7Pcqw=");
-
- private byte[] bobPrivRsaEncrypt = Base64.decode(
- "MIIChQIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKnhZ5g/OdVf"
- + "8qCTQV6meYmFyDVdmpFb+x0B2hlwJhcPvaUi0DWFbXqYZhRBXM+3twg7CcmR"
- + "uBlpN235ZR572akzJKN/O7uvRgGGNjQyywcDWVL8hYsxBLjMGAgUSOZPHPtd"
- + "YMTgXB9T039T2GkB8QX4enDRvoPGXzjPHCyqaqfrAgMBAAECgYBnzUhMmg2P"
- + "mMIbZf8ig5xt8KYGHbztpwOIlPIcaw+LNd4Ogngwy+e6alatd8brUXlweQqg"
- + "9P5F4Kmy9Bnah5jWMIR05PxZbMHGd9ypkdB8MKCixQheIXFD/A0HPfD6bRSe"
- + "TmPwF1h5HEuYHD09sBvf+iU7o8AsmAX2EAnYh9sDGQJBANDDIsbeopkYdo+N"
- + "vKZ11mY/1I1FUox29XLE6/BGmvE+XKpVC5va3Wtt+Pw7PAhDk7Vb/s7q/WiE"
- + "I2Kv8zHCueUCQQDQUfweIrdb7bWOAcjXq/JY1PeClPNTqBlFy2bKKBlf4hAr"
- + "84/sajB0+E0R9KfEILVHIdxJAfkKICnwJAiEYH2PAkA0umTJSChXdNdVUN5q"
- + "SO8bKlocSHseIVnDYDubl6nA7xhmqU5iUjiEzuUJiEiUacUgFJlaV/4jbOSn"
- + "I3vQgLeFAkEAni+zN5r7CwZdV+EJBqRd2ZCWBgVfJAZAcpw6iIWchw+dYhKI"
- + "FmioNRobQ+g4wJhprwMKSDIETukPj3d9NDAlBwJAVxhn1grStavCunrnVNqc"
- + "BU+B1O8BiR4yPWnLMcRSyFRVJQA7HCp8JlDV6abXd8vPFfXuC9WN7rOvTKF8"
- + "Y0ZB9qANMAsGA1UdDzEEAwIAEA==");
-
- private byte[] rfc4134ex5_1 = Base64.decode(
- "MIIBHgYJKoZIhvcNAQcDoIIBDzCCAQsCAQAxgcAwgb0CAQAwJjASMRAwDgYD"
- + "VQQDEwdDYXJsUlNBAhBGNGvHgABWvBHTbi7NXXHQMA0GCSqGSIb3DQEBAQUA"
- + "BIGAC3EN5nGIiJi2lsGPcP2iJ97a4e8kbKQz36zg6Z2i0yx6zYC4mZ7mX7FB"
- + "s3IWg+f6KgCLx3M1eCbWx8+MDFbbpXadCDgO8/nUkUNYeNxJtuzubGgzoyEd"
- + "8Ch4H/dd9gdzTd+taTEgS0ipdSJuNnkVY4/M652jKKHRLFf02hosdR8wQwYJ"
- + "KoZIhvcNAQcBMBQGCCqGSIb3DQMHBAgtaMXpRwZRNYAgDsiSf8Z9P43LrY4O"
- + "xUk660cu1lXeCSFOSOpOJ7FuVyU=");
-
- private byte[] rfc4134ex5_2 = Base64.decode(
- "MIIBZQYJKoZIhvcNAQcDoIIBVjCCAVICAQIxggEAMIG9AgEAMCYwEjEQMA4G"
- + "A1UEAxMHQ2FybFJTQQIQRjRrx4AAVrwR024uzV1x0DANBgkqhkiG9w0BAQEF"
- + "AASBgJQmQojGi7Z4IP+CVypBmNFoCDoEp87khtgyff2N4SmqD3RxPx+8hbLQ"
- + "t9i3YcMwcap+aiOkyqjMalT03VUC0XBOGv+HYI3HBZm/aFzxoq+YOXAWs5xl"
- + "GerZwTOc9j6AYlK4qXvnztR5SQ8TBjlzytm4V7zg+TGrnGVNQBNw47Ewoj4C"
- + "AQQwDQQLTWFpbExpc3RSQzIwEAYLKoZIhvcNAQkQAwcCAToEGHcUr5MSJ/g9"
- + "HnJVHsQ6X56VcwYb+OfojTBJBgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgIC"
- + "AKAECJwE0hkuKlWhgCBeKNXhojuej3org9Lt7n+wWxOhnky5V50vSpoYRfRR"
- + "yw==");
-
- private byte[] tooShort3DES = Base64.decode(
- "MIAGCSqGSIb3DQEHA6CAMIACAQAxgcQwgcECAQAwKjAlMRYwFAYDVQQKDA1C" +
- "b3VuY3kgQ2FzdGxlMQswCQYDVQQGEwJBVQIBCjANBgkqhkiG9w0BAQEFAASB" +
- "gJIM2QN0o6iv8Ux018pVCJ8js+ROV4t6+KoMwLJ4DzRKLU8XCAb9BS+crP+F" +
- "ghNTxTpTX8TaxPrO4wV0USgVHu2SvFnxNaWZjBDVIyZI2HR4QkSTqFMhsUB2" +
- "6CuZIWBZkhqQ6ruDfvn9UuBWVnfsBD4iryZ1idr713sDeVo5TyvTMIAGCSqG" +
- "SIb3DQEHATAUBggqhkiG9w0DBwQIQq9e4+WB3CqggAQIwU4cOlmkWUcAAAAA" +
- "AAAAAAAA");
-
- private byte[] tooShort3DESKey = Base64.decode(
- "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAODZDCj0nQdV" +
- "f0GGeFsPjjvPx1Vem0V6IkJ4SzazGKfddk0pX58ZDCnG+S+OPiXmPDqValiu" +
- "9FtNy2/r9rrf/6qtcVQJkfSJv9E5Y7HgI98L/Y9lKxZWsfRqu/SlYO5zx0Dc" +
- "2rzDvvZRtrtaq0uuHXWJlbWda2L9S65sv/Le/zvjAgMBAAECgYEAnn+iGMTG" +
- "ZMMaH6Cg+t/uTa9cPougPMuplt2hd3+sY7izihUeONK5RkHiqmlE2gaAcnOd" +
- "McKysiIWxGC73mPEnsOObPkaFlneVb5CtjTaTMdptuLNEQkwvtKhuW2HnMra" +
- "4afEgFZdll3FyRpvW/CDooe4Bppjd4aGn/Sr/o9nOzECQQD4QKLwZssuclji" +
- "nD/8gU1CqGMMnGNogTMpHm1269HUOE7r1y3MuapUqSWsVhpuEQ8P/Tko0haJ" +
- "jeZn2eWTbZu/AkEA591snui8FMeGvkRgvyMFNvXZWDEjsh+N74XEL1lykTgZ" +
- "FQJ+cmThnrdM/8yj1dKkdASYrk5kFJ4PVE6CzDI43QJAFS22eNncJZc9u/9m" +
- "eg0x4SjqYk4JMQYsripZXlbZ7Mfs+7O8xYVlYZmYjC5ATPmJlmyc7r2VjKCd" +
- "cmilbEFikwJBAMh7yf8BaBdjitubzjeW9VxXaa37F01eQWD5PfBfHFP6uJ1V" +
- "AbayCfAtuHN6I7OwJih3DPmyqJC3NrQECs67IjUCQAb4TfVE/2G1s66SGnb4" +
- "no34BspoV/i4f0uLhJap84bTHcF/ZRSXCmQOCRGdSvQkXHeNPI5Lus6lOHuU" +
- "vUDbQC8=");
-
- public NewEnvelopedDataTest()
- {
- }
-
- private static void init()
- throws Exception
- {
- if (!_initialised)
- {
- _initialised = true;
- Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
-
- _signDN = "O=Bouncy Castle, C=AU";
- _signKP = CMSTestUtil.makeKeyPair();
- _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _signKP, _signDN);
-
- _origDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU";
- _origKP = CMSTestUtil.makeKeyPair();
- _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _signKP, _signDN);
-
- _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU";
- _reciDN2 = "CN=Fred, OU=Sales, O=Bouncy Castle, C=AU";
- _reciKP = CMSTestUtil.makeKeyPair();
- _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN);
- _reciCertOaep = CMSTestUtil.makeOaepCertificate(_reciKP, _reciDN, _signKP, _signDN);
-
- _origEcKP = CMSTestUtil.makeEcDsaKeyPair();
- _reciEcKP = CMSTestUtil.makeEcDsaKeyPair();
- _reciEcCert = CMSTestUtil.makeCertificate(_reciEcKP, _reciDN, _signKP, _signDN);
- _reciEcKP2 = CMSTestUtil.makeEcDsaKeyPair();
- _reciEcCert2 = CMSTestUtil.makeCertificate(_reciEcKP2, _reciDN2, _signKP, _signDN);
- }
- }
-
- public static void main(
- String args[])
- throws Exception
- {
- junit.textui.TestRunner.run(NewEnvelopedDataTest.suite());
- }
-
- public static Test suite()
- throws Exception
- {
- init();
-
- return new CMSTestSetup(new TestSuite(NewEnvelopedDataTest.class));
- }
-
- public void testUnprotectedAttributes()
- throws Exception
- {
- byte[] data = "WallaWallaWashington".getBytes();
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
-
- Hashtable attrs = new Hashtable();
-
- attrs.put(PKCSObjectIdentifiers.id_aa_contentHint, new Attribute(PKCSObjectIdentifiers.id_aa_contentHint, new DERSet(new DERUTF8String("Hint"))));
- attrs.put(PKCSObjectIdentifiers.id_aa_receiptRequest, new Attribute(PKCSObjectIdentifiers.id_aa_receiptRequest, new DERSet(new DERUTF8String("Request"))));
-
- AttributeTable attrTable = new AttributeTable(attrs);
-
- edGen.setUnprotectedAttributeGenerator(new SimpleAttributeTableGenerator(attrTable));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC);
-
- attrTable = ed.getUnprotectedAttributes();
-
- assertEquals(attrs.size(), 2);
-
- assertEquals(new DERUTF8String("Hint"), attrTable.get(PKCSObjectIdentifiers.id_aa_contentHint).getAttrValues().getObjectAt(0));
- assertEquals(new DERUTF8String("Request"), attrTable.get(PKCSObjectIdentifiers.id_aa_receiptRequest).getAttrValues().getObjectAt(0));
-
- Collection c = recipients.getRecipients();
-
- assertEquals(1, c.size());
-
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
- }
-
- public void testKeyTrans()
- throws Exception
- {
- byte[] data = "WallaWallaWashington".getBytes();
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(ASN1OctetString.getInstance(ASN1OctetString.getInstance(_reciCert.getExtensionValue(Extension.subjectKeyIdentifier.getId())).getOctets()).getOctets(), _reciCert.getPublicKey()).setProvider(BC));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
-
- assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC);
-
- Collection c = recipients.getRecipients();
-
- assertEquals(2, c.size());
-
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
-
- RecipientId id = new JceKeyTransRecipientId(_reciCert);
-
- Collection collection = recipients.getRecipients(id);
- if (collection.size() != 2)
- {
- fail("recipients not matched using general recipient ID.");
- }
- assertTrue(collection.iterator().next() instanceof RecipientInformation);
- }
-
- public void testKeyTransOAEPDefault()
- throws Exception
- {
- byte[] data = "WallaWallaWashington".getBytes();
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
- JcaAlgorithmParametersConverter paramsConverter = new JcaAlgorithmParametersConverter();
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert, paramsConverter.getAlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP, OAEPParameterSpec.DEFAULT)).setProvider(BC));
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(ASN1OctetString.getInstance(ASN1OctetString.getInstance(_reciCert.getExtensionValue(Extension.subjectKeyIdentifier.getId())).getOctets()).getOctets(), paramsConverter.getAlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP, OAEPParameterSpec.DEFAULT), _reciCert.getPublicKey()).setProvider(BC));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
-
- assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC);
-
- Collection c = recipients.getRecipients();
-
- assertEquals(2, c.size());
-
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(PKCSObjectIdentifiers.id_RSAES_OAEP, recipient.getKeyEncryptionAlgorithm().getAlgorithm());
-
- byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
-
- RecipientId id = new JceKeyTransRecipientId(_reciCert);
-
- Collection collection = recipients.getRecipients(id);
- if (collection.size() != 2)
- {
- fail("recipients not matched using general recipient ID.");
- }
- assertTrue(collection.iterator().next() instanceof RecipientInformation);
- }
-
- public void testKeyTransOAEPSHA1()
- throws Exception
- {
- doTestKeyTransOAEPDefaultNamed("SHA-1");
- }
-
- public void testKeyTransOAEPSHA224()
- throws Exception
- {
- doTestKeyTransOAEPDefaultNamed("SHA-224");
- }
-
- public void testKeyTransOAEPSHA256()
- throws Exception
- {
- doTestKeyTransOAEPDefaultNamed("SHA-256");
- }
-
- public void testKeyTransOAEPSHA1AndSHA256()
- throws Exception
- {
- doTestKeyTransOAEPDefaultNamed("SHA-1", "SHA-256");
- }
-
- private void doTestKeyTransOAEPDefaultNamed(String digest)
- throws Exception
- {
- doTestKeyTransOAEPDefaultNamed(digest, digest);
- }
-
- private void doTestKeyTransOAEPDefaultNamed(String digest, String mgfDigest)
- throws Exception
- {
- byte[] data = "WallaWallaWashington".getBytes();
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
- JcaAlgorithmParametersConverter paramsConverter = new JcaAlgorithmParametersConverter();
-
- OAEPParameterSpec oaepSpec = new OAEPParameterSpec(digest, "MGF1", new MGF1ParameterSpec(mgfDigest), new PSource.PSpecified(new byte[]{1, 2, 3, 4, 5}));
- AlgorithmIdentifier oaepAlgId = paramsConverter.getAlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP, oaepSpec);
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert, oaepAlgId).setProvider(BC));
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(ASN1OctetString.getInstance(ASN1OctetString.getInstance(_reciCert.getExtensionValue(Extension.subjectKeyIdentifier.getId())).getOctets()).getOctets(), oaepAlgId, _reciCert.getPublicKey()).setProvider(BC));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
-
- assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC);
-
- Collection c = recipients.getRecipients();
-
- assertEquals(2, c.size());
-
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(PKCSObjectIdentifiers.id_RSAES_OAEP, recipient.getKeyEncryptionAlgorithm().getAlgorithm());
-
- byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
-
- RecipientId id = new JceKeyTransRecipientId(_reciCert);
-
- Collection collection = recipients.getRecipients(id);
- if (collection.size() != 2)
- {
- fail("recipients not matched using general recipient ID.");
- }
- assertTrue(collection.iterator().next() instanceof RecipientInformation);
- }
-
- public void testKeyTransOAEPInCert()
- throws Exception
- {
- byte[] data = "WallaWallaWashington".getBytes();
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCertOaep).setProvider(BC));
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(ASN1OctetString.getInstance(ASN1OctetString.getInstance(_reciCertOaep.getExtensionValue(Extension.subjectKeyIdentifier.getId())).getOctets()).getOctets(), _reciCertOaep.getPublicKey()).setProvider(BC));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
-
- assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC);
-
- Collection c = recipients.getRecipients();
-
- assertEquals(2, c.size());
-
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(PKCSObjectIdentifiers.id_RSAES_OAEP, recipient.getKeyEncryptionAlgorithm().getAlgorithm());
-
- byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
-
- RecipientId id = new JceKeyTransRecipientId(_reciCertOaep);
-
- Collection collection = recipients.getRecipients(id);
- if (collection.size() != 2)
- {
- fail("recipients not matched using general recipient ID.");
- }
- assertTrue(collection.iterator().next() instanceof RecipientInformation);
- }
-
- public void testKeyTransWithAlgMapping()
- throws Exception
- {
- byte[] data = "WallaWallaWashington".getBytes();
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption, "RSA/2/PKCS1Padding").setProvider(BC));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC);
-
- Collection c = recipients.getRecipients();
-
- assertEquals(1, c.size());
-
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption, "RSA/2/PKCS1Padding").setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
-
- RecipientId id = new JceKeyTransRecipientId(_reciCert);
-
- Collection collection = recipients.getRecipients(id);
- if (collection.size() != 1)
- {
- fail("recipients not matched using general recipient ID.");
- }
- assertTrue(collection.iterator().next() instanceof RecipientInformation);
- }
-
- public void testOriginatorInfoGeneration()
- throws Exception
- {
- byte[] data = "WallaWallaWashington".getBytes();
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- X509CertificateHolder origCert = new X509CertificateHolder(_origCert.getEncoded());
-
- edGen.setOriginatorInfo(new OriginatorInfoGenerator(origCert).generate());
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(ASN1OctetString.getInstance(ASN1OctetString.getInstance(_reciCert.getExtensionValue(Extension.subjectKeyIdentifier.getId())).getOctets()).getOctets(), _reciCert.getPublicKey()).setProvider(BC));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
-
- assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC);
-
- assertTrue(ed.getOriginatorInfo().getCertificates().getMatches(null).contains(origCert));
-
- Collection c = recipients.getRecipients();
-
- assertEquals(2, c.size());
-
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
-
- RecipientId id = new JceKeyTransRecipientId(_reciCert);
-
- Collection collection = recipients.getRecipients(id);
- if (collection.size() != 2)
- {
- fail("recipients not matched using general recipient ID.");
- }
- assertTrue(collection.iterator().next() instanceof RecipientInformation);
- }
-
- public void testKeyTransRC2bit40()
- throws Exception
- {
- byte[] data = "WallaWallaBouncyCastle".getBytes();
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSContentEncryptorBuilder(CMSAlgorithm.RC2_CBC, 40).setProvider(BC).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(ed.getContentEncryptionAlgorithm().getAlgorithm(), CMSAlgorithm.RC2_CBC);
-
- RC2CBCParameter rc2P = RC2CBCParameter.getInstance(ed.getContentEncryptionAlgorithm().getParameters());
- assertEquals(160, rc2P.getRC2ParameterVersion().intValue());
-
- Collection c = recipients.getRecipients();
-
- assertEquals(1, c.size());
-
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
- }
-
- public void testKeyTransRC4()
- throws Exception
- {
- byte[] data = "WallaWallaBouncyCastle".getBytes();
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier("1.2.840.113549.3.4")).setProvider(BC).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(ed.getEncryptionAlgOID(), "1.2.840.113549.3.4");
-
- Collection c = recipients.getRecipients();
-
- assertEquals(1, c.size());
-
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
- }
-
- public void testKeyTrans128RC4()
- throws Exception
- {
- byte[] data = "WallaWallaBouncyCastle".getBytes();
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier("1.2.840.113549.3.4"), 128).setProvider(BC).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(ed.getEncryptionAlgOID(), "1.2.840.113549.3.4");
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
- else
- {
- fail("no recipient found");
- }
- }
-
- public void testKeyTransLight128RC4()
- throws Exception
- {
- byte[] data = "WallaWallaBouncyCastle".getBytes();
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new BcRSAKeyTransRecipientInfoGenerator(new JcaX509CertificateHolder(_reciCert)));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier("1.2.840.113549.3.4"), 128).setProvider(BC).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(ed.getEncryptionAlgOID(), "1.2.840.113549.3.4");
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
- else
- {
- fail("no recipient found");
- }
- }
-
- public void testKeyTransODES()
- throws Exception
- {
- byte[] data = "WallaWallaBouncyCastle".getBytes();
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier("1.3.14.3.2.7")).setProvider(BC).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(ed.getEncryptionAlgOID(), "1.3.14.3.2.7");
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
- else
- {
- fail("no recipient found");
- }
- }
-
- public void testKeyTransSmallAES()
- throws Exception
- {
- byte[] data = new byte[] { 0, 1, 2, 3 };
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(ed.getEncryptionAlgOID(),
- CMSEnvelopedDataGenerator.AES128_CBC);
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setProvider(BC));
- assertEquals(true, Arrays.equals(data, recData));
- }
- else
- {
- fail("no recipient found");
- }
- }
-
- public void testKeyTransDESEDE3Short()
- throws Exception
- {
- byte[] data = new byte[] { 0, 1, 2, 3 };
- KeyFactory kf = KeyFactory.getInstance("RSA", BC);
- PrivateKey kPriv = kf.generatePrivate(new PKCS8EncodedKeySpec(tooShort3DESKey));
-
- CMSEnvelopedData ed = new CMSEnvelopedData(tooShort3DES);
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC);
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
- try
- {
- byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(kPriv).setKeySizeValidation(true).setProvider(BC));
- fail("invalid 3DES-EDE key not picked up");
- }
- catch (CMSException e)
- {
- assertEquals("Expected key size for algorithm OID not found in recipient.", e.getMessage());
- }
-
- byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(kPriv).setKeySizeValidation(false).setProvider(BC));
- assertEquals(true, Arrays.equals(data, recData));
- }
- else
- {
- fail("no recipient found");
- }
- }
-
- public void testKeyTransDESEDE3Light()
- throws Exception
- {
- byte[] data = new byte[] { 0, 1, 2, 3 };
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new BcRSAKeyTransRecipientInfoGenerator(new JcaX509CertificateHolder(_reciCert)));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new BcCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC, 192).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC);
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setKeySizeValidation(true).setProvider(BC));
- assertEquals(true, Arrays.equals(data, recData));
- }
- else
- {
- fail("no recipient found");
- }
- }
-
- public void testKeyTransDES()
- throws Exception
- {
- tryKeyTrans(CMSAlgorithm.DES_CBC, CMSAlgorithm.DES_CBC, 8, DEROctetString.class);
- }
-
- public void testKeyTransCAST5()
- throws Exception
- {
- tryKeyTrans(CMSAlgorithm.CAST5_CBC, CMSAlgorithm.CAST5_CBC, 16, ASN1Sequence.class);
- }
-
- public void testKeyTransAES128()
- throws Exception
- {
- tryKeyTrans(CMSAlgorithm.AES128_CBC, NISTObjectIdentifiers.id_aes128_CBC, 16, DEROctetString.class);
- }
-
- public void testKeyTransAES192()
- throws Exception
- {
- tryKeyTrans(CMSAlgorithm.AES192_CBC, NISTObjectIdentifiers.id_aes192_CBC, 24, DEROctetString.class);
- }
-
- public void testKeyTransAES256()
- throws Exception
- {
- tryKeyTrans(CMSAlgorithm.AES256_CBC, NISTObjectIdentifiers.id_aes256_CBC, 32, DEROctetString.class);
- }
-
- public void testKeyTransSEED()
- throws Exception
- {
- tryKeyTrans(CMSAlgorithm.SEED_CBC, KISAObjectIdentifiers.id_seedCBC, 16, DEROctetString.class);
- }
-
- public void testKeyTransCamellia128()
- throws Exception
- {
- tryKeyTrans(CMSAlgorithm.CAMELLIA128_CBC, NTTObjectIdentifiers.id_camellia128_cbc, 16, DEROctetString.class);
- }
-
- public void testKeyTransCamellia192()
- throws Exception
- {
- tryKeyTrans(CMSAlgorithm.CAMELLIA192_CBC, NTTObjectIdentifiers.id_camellia192_cbc, 24, DEROctetString.class);
- }
-
- public void testKeyTransCamellia256()
- throws Exception
- {
- tryKeyTrans(CMSAlgorithm.CAMELLIA256_CBC, NTTObjectIdentifiers.id_camellia256_cbc, 32, DEROctetString.class);
- }
-
- private void tryKeyTrans(ASN1ObjectIdentifier generatorOID, ASN1ObjectIdentifier checkOID, int keySize, Class asn1Params)
- throws Exception
- {
- byte[] data = "WallaWallaWashington".getBytes();
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(_reciCert).setProvider(BC));
-
- OutputEncryptor encryptor = new JceCMSContentEncryptorBuilder(generatorOID).setProvider(BC).build();
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- encryptor);
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(checkOID.getId(), ed.getEncryptionAlgOID());
- assertEquals(keySize, ((byte[])encryptor.getKey().getRepresentation()).length);
-
- if (asn1Params != null)
- {
- ASN1InputStream aIn = new ASN1InputStream(ed.getEncryptionAlgParams());
-
- assertTrue(asn1Params.isAssignableFrom(aIn.readObject().getClass()));
- }
-
- Collection c = recipients.getRecipients();
-
- assertEquals(1, c.size());
-
- Iterator it = c.iterator();
-
- if (!it.hasNext())
- {
- fail("no recipients found");
- }
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(_reciKP.getPrivate()).setKeySizeValidation(true).setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
- }
-
- public void testErroneousKEK()
- throws Exception
- {
- byte[] data = "WallaWallaWashington".getBytes();
- SecretKey kek = new SecretKeySpec(new byte[] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 }, "AES");
-
- CMSEnvelopedData ed = new CMSEnvelopedData(oldKEK);
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC);
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), NISTObjectIdentifiers.id_aes128_wrap.getId());
-
- byte[] recData = recipient.getContent(new JceKEKEnvelopedRecipient(kek).setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
- else
- {
- fail("no recipient found");
- }
- }
-
- public void testDESKEK()
- throws Exception
- {
- tryKekAlgorithm(CMSTestUtil.makeDesede192Key(), new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.3.6"));
- }
- public void testRC2128KEK()
- throws Exception
- {
- tryKekAlgorithm(CMSTestUtil.makeRC2128Key(), new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.3.7"));
- }
-
- public void testAES128KEK()
- throws Exception
- {
- tryKekAlgorithm(CMSTestUtil.makeAESKey(128), NISTObjectIdentifiers.id_aes128_wrap);
- }
-
- public void testAES192KEK()
- throws Exception
- {
- tryKekAlgorithm(CMSTestUtil.makeAESKey(192), NISTObjectIdentifiers.id_aes192_wrap);
- }
-
- public void testAES256KEK()
- throws Exception
- {
- tryKekAlgorithm(CMSTestUtil.makeAESKey(256), NISTObjectIdentifiers.id_aes256_wrap);
- }
-
- public void testSEED128KEK()
- throws Exception
- {
- tryKekAlgorithm(CMSTestUtil.makeSEEDKey(), KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap);
- }
-
- public void testCamellia128KEK()
- throws Exception
- {
- tryKekAlgorithm(CMSTestUtil.makeCamelliaKey(128), NTTObjectIdentifiers.id_camellia128_wrap);
- }
-
- public void testCamellia192KEK()
- throws Exception
- {
- tryKekAlgorithm(CMSTestUtil.makeCamelliaKey(192), NTTObjectIdentifiers.id_camellia192_wrap);
- }
-
- public void testCamellia256KEK()
- throws Exception
- {
- tryKekAlgorithm(CMSTestUtil.makeCamelliaKey(256), NTTObjectIdentifiers.id_camellia256_wrap);
- }
-
- private void tryKekAlgorithm(SecretKey kek, ASN1ObjectIdentifier algOid)
- throws NoSuchAlgorithmException, NoSuchProviderException, CMSException
- {
- byte[] data = "WallaWallaWashington".getBytes();
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- byte[] kekId = new byte[] { 1, 2, 3, 4, 5 };
-
- edGen.addRecipientInfoGenerator(new JceKEKRecipientInfoGenerator(kekId, kek).setProvider(BC));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSContentEncryptorBuilder(CMSAlgorithm.DES_EDE3_CBC).setProvider(BC).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.DES_EDE3_CBC);
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(algOid.getId(), recipient.getKeyEncryptionAlgOID());
-
- byte[] recData = recipient.getContent(new JceKEKEnvelopedRecipient(kek).setKeySizeValidation(true).setProvider(BC));
-
- assertTrue(Arrays.equals(data, recData));
- }
- else
- {
- fail("no recipient found");
- }
- }
-
- public void testECKeyAgree()
- throws Exception
- {
- byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new JceKeyAgreeRecipientInfoGenerator(CMSAlgorithm.ECDH_SHA1KDF,
- _origEcKP.getPrivate(), _origEcKP.getPublic(),
- CMSAlgorithm.AES128_WRAP).addRecipient(_reciEcCert).setProvider(BC));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
-
- assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES128_CBC);
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- confirmDataReceived(recipients, data, _reciEcCert, _reciEcKP.getPrivate(), BC);
- confirmNumberRecipients(recipients, 1);
- }
-
- public void testECMQVKeyAgree()
- throws Exception
- {
- byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new JceKeyAgreeRecipientInfoGenerator(CMSAlgorithm.ECMQV_SHA1KDF,
- _origEcKP.getPrivate(), _origEcKP.getPublic(),
- CMSAlgorithm.AES128_WRAP).addRecipient(_reciEcCert).setProvider(BC));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
-
- assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES128_CBC);
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- confirmDataReceived(recipients, data, _reciEcCert, _reciEcKP.getPrivate(), BC);
- confirmNumberRecipients(recipients, 1);
- }
-
- public void testECMQVKeyAgreeMultiple()
- throws Exception
- {
- byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- JceKeyAgreeRecipientInfoGenerator recipientGenerator = new JceKeyAgreeRecipientInfoGenerator(CMSAlgorithm.ECMQV_SHA1KDF,
- _origEcKP.getPrivate(), _origEcKP.getPublic(), CMSAlgorithm.AES128_WRAP).setProvider(BC);
-
- recipientGenerator.addRecipient(_reciEcCert);
- recipientGenerator.addRecipient(_reciEcCert2);
-
- edGen.addRecipientInfoGenerator(recipientGenerator);
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
-
- assertEquals(ed.getEncryptionAlgOID(), CMSEnvelopedDataGenerator.AES128_CBC);
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- confirmDataReceived(recipients, data, _reciEcCert, _reciEcKP.getPrivate(), BC);
- confirmDataReceived(recipients, data, _reciEcCert2, _reciEcKP2.getPrivate(), BC);
- confirmNumberRecipients(recipients, 2);
- }
-
- private static void confirmDataReceived(RecipientInformationStore recipients,
- byte[] expectedData, X509Certificate reciCert, PrivateKey reciPrivKey, String provider)
- throws CMSException, NoSuchProviderException, CertificateEncodingException, IOException
- {
- RecipientId rid = new JceKeyAgreeRecipientId(reciCert);
-
- RecipientInformation recipient = recipients.get(rid);
- assertNotNull(recipient);
-
- byte[] actualData = recipient.getContent(new JceKeyAgreeEnvelopedRecipient(reciPrivKey).setProvider(provider));
- assertEquals(true, Arrays.equals(expectedData, actualData));
- }
-
- private static void confirmNumberRecipients(RecipientInformationStore recipients, int count)
- {
- assertEquals(count, recipients.getRecipients().size());
- }
-
- public void testECKeyAgreeVectors()
- throws Exception
- {
- PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(ecKeyAgreeKey);
- KeyFactory fact = KeyFactory.getInstance("ECDH", BC);
- PrivateKey privKey = fact.generatePrivate(privSpec);
-
- verifyECKeyAgreeVectors(privKey, "2.16.840.1.101.3.4.1.42", ecKeyAgreeMsgAES256);
- verifyECKeyAgreeVectors(privKey, "2.16.840.1.101.3.4.1.2", ecKeyAgreeMsgAES128);
- verifyECKeyAgreeVectors(privKey, "1.2.840.113549.3.7", ecKeyAgreeMsgDESEDE);
- }
-
- public void testECMQVKeyAgreeVectors()
- throws Exception
- {
- PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(ecKeyAgreeKey);
- KeyFactory fact = KeyFactory.getInstance("ECDH", BC);
- PrivateKey privKey = fact.generatePrivate(privSpec);
-
- verifyECMQVKeyAgreeVectors(privKey, "2.16.840.1.101.3.4.1.2", ecMQVKeyAgreeMsgAES128);
- }
-
- public void testPasswordAES256()
- throws Exception
- {
- passwordTest(CMSEnvelopedDataGenerator.AES256_CBC);
- passwordUTF8Test(CMSEnvelopedDataGenerator.AES256_CBC);
- }
-
- public void testPasswordDESEDE()
- throws Exception
- {
- passwordTest(CMSEnvelopedDataGenerator.DES_EDE3_CBC);
- passwordUTF8Test(CMSEnvelopedDataGenerator.DES_EDE3_CBC);
- }
-
- public void testRFC4134ex5_1()
- throws Exception
- {
- byte[] data = Hex.decode("5468697320697320736f6d652073616d706c6520636f6e74656e742e");
-
- KeyFactory kFact = KeyFactory.getInstance("RSA", BC);
- Key key = kFact.generatePrivate(new PKCS8EncodedKeySpec(bobPrivRsaEncrypt));
-
- CMSEnvelopedData ed = new CMSEnvelopedData(rfc4134ex5_1);
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals("1.2.840.113549.3.7", ed.getEncryptionAlgOID());
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient((PrivateKey)key).setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
- else
- {
- fail("no recipient found");
- }
- }
-
- public void testRFC4134ex5_2()
- throws Exception
- {
- byte[] data = Hex.decode("5468697320697320736f6d652073616d706c6520636f6e74656e742e");
-
- KeyFactory kFact = KeyFactory.getInstance("RSA", BC);
- PrivateKey key = kFact.generatePrivate(new PKCS8EncodedKeySpec(bobPrivRsaEncrypt));
-
- CMSEnvelopedData ed = new CMSEnvelopedData(rfc4134ex5_2);
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals("1.2.840.113549.3.2", ed.getEncryptionAlgOID());
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
- byte[] recData;
-
- if (recipient instanceof KeyTransRecipientInformation)
- {
- recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(key).setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
- }
- }
- else
- {
- fail("no recipient found");
- }
- }
-
- public void testOriginatorInfo()
- throws Exception
- {
- CMSEnvelopedData env = new CMSEnvelopedData(CMSSampleMessages.originatorMessage);
-
- RecipientInformationStore recipients = env.getRecipientInfos();
-
- OriginatorInformation origInfo = env.getOriginatorInfo();
-
- assertEquals(new X500Name("C=US,O=U.S. Government,OU=HSPD12Lab,OU=Agents,CN=user1"), ((X509CertificateHolder)origInfo.getCertificates().getMatches(null).iterator().next()).getSubject());
- assertEquals(CMSEnvelopedDataGenerator.DES_EDE3_CBC, env.getEncryptionAlgOID());
- }
-
- private void passwordTest(String algorithm)
- throws Exception
- {
- byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new JcePasswordRecipientInfoGenerator(new ASN1ObjectIdentifier(algorithm), "password".toCharArray()).setProvider(BC).setPasswordConversionScheme(PasswordRecipient.PKCS5_SCHEME2).setSaltAndIterationCount(new byte[20], 5));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(ed.getEncryptionAlgOID(),
- CMSEnvelopedDataGenerator.AES128_CBC);
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- PasswordRecipientInformation recipient = (PasswordRecipientInformation)it.next();
-
- byte[] recData = recipient.getContent(new JcePasswordEnvelopedRecipient("password".toCharArray()).setPasswordConversionScheme(PasswordRecipient.PKCS5_SCHEME2).setProvider(BC));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
- else
- {
- fail("no recipient found");
- }
-
- //
- // try algorithm parameters constructor
- //
- it = c.iterator();
-
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- byte[] recData = recipient.getContent(new JcePasswordEnvelopedRecipient("password".toCharArray()).setPasswordConversionScheme(PasswordRecipient.PKCS5_SCHEME2).setProvider(BC));
- assertEquals(true, Arrays.equals(data, recData));
- }
-
- private void passwordUTF8Test(String algorithm)
- throws Exception
- {
- byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new JcePasswordRecipientInfoGenerator(new ASN1ObjectIdentifier(algorithm), "abc\u5639\u563b".toCharArray()).setProvider(BC).setSaltAndIterationCount(new byte[20], 5));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(ed.getEncryptionAlgOID(),
- CMSEnvelopedDataGenerator.AES128_CBC);
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- byte[] recData = recipient.getContent(new JcePasswordEnvelopedRecipient("abc\u5639\u563b".toCharArray()).setProvider(BC));
- assertEquals(true, Arrays.equals(data, recData));
- }
- else
- {
- fail("no recipient found");
- }
-
- //
- // try algorithm parameters constructor
- //
- it = c.iterator();
-
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- byte[] recData = recipient.getContent(new JcePasswordEnvelopedRecipient("abc\u5639\u563b".toCharArray()).setProvider(BC));
- assertEquals(true, Arrays.equals(data, recData));
- }
-
- private void verifyECKeyAgreeVectors(PrivateKey privKey, String wrapAlg, byte[] message)
- throws CMSException, GeneralSecurityException
- {
- byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
-
- CMSEnvelopedData ed = new CMSEnvelopedData(message);
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- assertEquals(wrapAlg, ed.getEncryptionAlgOID());
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals("1.3.133.16.840.63.0.2", recipient.getKeyEncryptionAlgOID());
-
- byte[] recData = recipient.getContent(new JceKeyAgreeEnvelopedRecipient(privKey).setProvider(BC));
-
- assertTrue(Arrays.equals(data, recData));
- }
- else
- {
- fail("no recipient found");
- }
- }
-
- private void verifyECMQVKeyAgreeVectors(PrivateKey privKey, String wrapAlg, byte[] message)
- throws CMSException, GeneralSecurityException
- {
- byte[] data = Hex.decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
-
- CMSEnvelopedData ed = new CMSEnvelopedData(message);
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- Collection c = recipients.getRecipients();
- Iterator it = c.iterator();
-
- assertEquals(wrapAlg, ed.getEncryptionAlgOID());
-
- if (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals("1.3.133.16.840.63.0.16", recipient.getKeyEncryptionAlgOID());
-
- byte[] recData = recipient.getContent(new JceKeyAgreeEnvelopedRecipient(privKey).setProvider(BC));
-
- assertTrue(Arrays.equals(data, recData));
- }
- else
- {
- fail("no recipient found");
- }
- }
-} \ No newline at end of file
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/NewSignedDataStreamTest.java b/pkix/src/test/java/org/bouncycastle/cms/test/NewSignedDataStreamTest.java
deleted file mode 100644
index 8a92caeb..00000000
--- a/pkix/src/test/java/org/bouncycastle/cms/test/NewSignedDataStreamTest.java
+++ /dev/null
@@ -1,1311 +0,0 @@
-package org.bouncycastle.cms.test;
-
-import java.io.BufferedOutputStream;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.OutputStream;
-import java.security.KeyPair;
-import java.security.MessageDigest;
-import java.security.Security;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Hashtable;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.cms.Attribute;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.CMSAttributes;
-import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-import org.bouncycastle.asn1.ocsp.OCSPResponse;
-import org.bouncycastle.cert.X509AttributeCertificateHolder;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.jcajce.JcaCRLStore;
-import org.bouncycastle.cert.jcajce.JcaCertStore;
-import org.bouncycastle.cert.jcajce.JcaX509CRLHolder;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
-import org.bouncycastle.cert.ocsp.OCSPResp;
-import org.bouncycastle.cms.CMSAlgorithm;
-import org.bouncycastle.cms.CMSAttributeTableGenerator;
-import org.bouncycastle.cms.CMSProcessableByteArray;
-import org.bouncycastle.cms.CMSSignedData;
-import org.bouncycastle.cms.CMSSignedDataGenerator;
-import org.bouncycastle.cms.CMSSignedDataParser;
-import org.bouncycastle.cms.CMSSignedDataStreamGenerator;
-import org.bouncycastle.cms.CMSTypedData;
-import org.bouncycastle.cms.CMSTypedStream;
-import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
-import org.bouncycastle.cms.SignerInformation;
-import org.bouncycastle.cms.SignerInformationStore;
-import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
-import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
-import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
-import org.bouncycastle.util.CollectionStore;
-import org.bouncycastle.util.Store;
-import org.bouncycastle.util.encoders.Base64;
-
-public class NewSignedDataStreamTest
- extends TestCase
-{
-
- byte[] successResp = Base64.decode(
- "MIIFnAoBAKCCBZUwggWRBgkrBgEFBQcwAQEEggWCMIIFfjCCARehgZ8wgZwx"
- + "CzAJBgNVBAYTAklOMRcwFQYDVQQIEw5BbmRocmEgcHJhZGVzaDESMBAGA1UE"
- + "BxMJSHlkZXJhYmFkMQwwCgYDVQQKEwNUQ1MxDDAKBgNVBAsTA0FUQzEeMBwG"
- + "A1UEAxMVVENTLUNBIE9DU1AgUmVzcG9uZGVyMSQwIgYJKoZIhvcNAQkBFhVv"
- + "Y3NwQHRjcy1jYS50Y3MuY28uaW4YDzIwMDMwNDAyMTIzNDU4WjBiMGAwOjAJ"
- + "BgUrDgMCGgUABBRs07IuoCWNmcEl1oHwIak1BPnX8QQUtGyl/iL9WJ1VxjxF"
- + "j0hAwJ/s1AcCAQKhERgPMjAwMjA4MjkwNzA5MjZaGA8yMDAzMDQwMjEyMzQ1"
- + "OFowDQYJKoZIhvcNAQEFBQADgYEAfbN0TCRFKdhsmvOdUoiJ+qvygGBzDxD/"
- + "VWhXYA+16AphHLIWNABR3CgHB3zWtdy2j7DJmQ/R7qKj7dUhWLSqclAiPgFt"
- + "QQ1YvSJAYfEIdyHkxv4NP0LSogxrumANcDyC9yt/W9yHjD2ICPBIqCsZLuLk"
- + "OHYi5DlwWe9Zm9VFwCGgggPMMIIDyDCCA8QwggKsoAMCAQICAQYwDQYJKoZI"
- + "hvcNAQEFBQAwgZQxFDASBgNVBAMTC1RDUy1DQSBPQ1NQMSYwJAYJKoZIhvcN"
- + "AQkBFhd0Y3MtY2FAdGNzLWNhLnRjcy5jby5pbjEMMAoGA1UEChMDVENTMQww"
- + "CgYDVQQLEwNBVEMxEjAQBgNVBAcTCUh5ZGVyYWJhZDEXMBUGA1UECBMOQW5k"
- + "aHJhIHByYWRlc2gxCzAJBgNVBAYTAklOMB4XDTAyMDgyOTA3MTE0M1oXDTAz"
- + "MDgyOTA3MTE0M1owgZwxCzAJBgNVBAYTAklOMRcwFQYDVQQIEw5BbmRocmEg"
- + "cHJhZGVzaDESMBAGA1UEBxMJSHlkZXJhYmFkMQwwCgYDVQQKEwNUQ1MxDDAK"
- + "BgNVBAsTA0FUQzEeMBwGA1UEAxMVVENTLUNBIE9DU1AgUmVzcG9uZGVyMSQw"
- + "IgYJKoZIhvcNAQkBFhVvY3NwQHRjcy1jYS50Y3MuY28uaW4wgZ8wDQYJKoZI"
- + "hvcNAQEBBQADgY0AMIGJAoGBAM+XWW4caMRv46D7L6Bv8iwtKgmQu0SAybmF"
- + "RJiz12qXzdvTLt8C75OdgmUomxp0+gW/4XlTPUqOMQWv463aZRv9Ust4f8MH"
- + "EJh4ekP/NS9+d8vEO3P40ntQkmSMcFmtA9E1koUtQ3MSJlcs441JjbgUaVnm"
- + "jDmmniQnZY4bU3tVAgMBAAGjgZowgZcwDAYDVR0TAQH/BAIwADALBgNVHQ8E"
- + "BAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwNgYIKwYBBQUHAQEEKjAoMCYG"
- + "CCsGAQUFBzABhhpodHRwOi8vMTcyLjE5LjQwLjExMDo3NzAwLzAtBgNVHR8E"
- + "JjAkMCKgIKAehhxodHRwOi8vMTcyLjE5LjQwLjExMC9jcmwuY3JsMA0GCSqG"
- + "SIb3DQEBBQUAA4IBAQB6FovM3B4VDDZ15o12gnADZsIk9fTAczLlcrmXLNN4"
- + "PgmqgnwF0Ymj3bD5SavDOXxbA65AZJ7rBNAguLUo+xVkgxmoBH7R2sBxjTCc"
- + "r07NEadxM3HQkt0aX5XYEl8eRoifwqYAI9h0ziZfTNes8elNfb3DoPPjqq6V"
- + "mMg0f0iMS4W8LjNPorjRB+kIosa1deAGPhq0eJ8yr0/s2QR2/WFD5P4aXc8I"
- + "KWleklnIImS3zqiPrq6tl2Bm8DZj7vXlTOwmraSQxUwzCKwYob1yGvNOUQTq"
- + "pG6jxn7jgDawHU1+WjWQe4Q34/pWeGLysxTraMa+Ug9kPe+jy/qRX2xwvKBZ");
-
- private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
-
- private static final String TEST_MESSAGE = "Hello World!";
- private static String _signDN;
- private static KeyPair _signKP;
- private static X509Certificate _signCert;
-
- private static String _origDN;
- private static KeyPair _origKP;
- private static X509Certificate _origCert;
-
- private static String _reciDN;
- private static KeyPair _reciKP;
- private static X509Certificate _reciCert;
-
- private static KeyPair _origDsaKP;
- private static X509Certificate _origDsaCert;
-
- private static X509CRL _signCrl;
- private static X509CRL _origCrl;
-
- private static boolean _initialised = false;
-
- public NewSignedDataStreamTest(String name)
- {
- super(name);
- }
-
- private static void init()
- throws Exception
- {
- if (!_initialised)
- {
- _initialised = true;
-
- if (Security.getProvider(BC) == null)
- {
- Security.addProvider(new BouncyCastleProvider());
- }
-
- _signDN = "O=Bouncy Castle, C=AU";
- _signKP = CMSTestUtil.makeKeyPair();
- _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _signKP, _signDN);
-
- _origDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU";
- _origKP = CMSTestUtil.makeKeyPair();
- _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _signKP, _signDN);
-
- _origDsaKP = CMSTestUtil.makeDsaKeyPair();
- _origDsaCert = CMSTestUtil.makeCertificate(_origDsaKP, _origDN, _signKP, _signDN);
-
- _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU";
- _reciKP = CMSTestUtil.makeKeyPair();
- _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN);
-
- _signCrl = CMSTestUtil.makeCrl(_signKP);
- _origCrl = CMSTestUtil.makeCrl(_origKP);
- }
- }
-
- private void verifySignatures(CMSSignedDataParser sp, byte[] contentDigest)
- throws Exception
- {
- Store certStore = sp.getCertificates();
- Store crlStore = sp.getCRLs();
- SignerInformationStore signers = sp.getSignerInfos();
-
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certStore.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
-
- if (contentDigest != null)
- {
- assertTrue(MessageDigest.isEqual(contentDigest, signer.getContentDigest()));
- }
- }
-
- assertEquals(certStore.getMatches(null).size(), sp.getCertificates().getMatches(null).size());
- assertEquals(crlStore.getMatches(null).size(), sp.getCRLs().getMatches(null).size());
- }
-
- private void verifySignatures(CMSSignedDataParser sp)
- throws Exception
- {
- verifySignatures(sp, null);
- }
-
- private void verifyEncodedData(ByteArrayOutputStream bOut)
- throws Exception
- {
- CMSSignedDataParser sp;
- sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), bOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
-
- sp.close();
- }
-
- private void checkSigParseable(byte[] sig)
- throws Exception
- {
- CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), sig);
- sp.getVersion();
- CMSTypedStream sc = sp.getSignedContent();
- if (sc != null)
- {
- sc.drain();
- }
- sp.getCertificates();
- sp.getCRLs();
- sp.getSignerInfos();
- sp.close();
- }
-
-// public void testEarlyInvalidKeyException() throws Exception
-// {
-// try
-// {
-// CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-// gen.addSigner( _origKP.getPrivate(), _origCert,
-// "DSA", // DOESN'T MATCH KEY ALG
-// CMSSignedDataStreamGenerator.DIGEST_SHA1, BC);
-//
-// fail("Expected InvalidKeyException in addSigner");
-// }
-// catch (InvalidKeyException e)
-// {
-// // Ignore
-// }
-// }
-
-// public void testEarlyNoSuchAlgorithmException() throws Exception
-// {
-// try
-// {
-// CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-// gen.addSigner( _origKP.getPrivate(), _origCert,
-// CMSSignedDataStreamGenerator.DIGEST_SHA1, // BAD OID!
-// CMSSignedDataStreamGenerator.DIGEST_SHA1, BC);
-//
-// fail("Expected NoSuchAlgorithmException in addSigner");
-// }
-// catch (NoSuchAlgorithmException e)
-// {
-// // Ignore
-// }
-// }
-
- public void testSha1EncapsulatedSignature()
- throws Exception
- {
- byte[] encapSigData = Base64.decode(
- "MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEH"
- + "AaCAJIAEDEhlbGxvIFdvcmxkIQAAAAAAAKCCBGIwggINMIIBdqADAgECAgEF"
- + "MA0GCSqGSIb3DQEBBAUAMCUxFjAUBgNVBAoTDUJvdW5jeSBDYXN0bGUxCzAJ"
- + "BgNVBAYTAkFVMB4XDTA1MDgwNzA2MjU1OVoXDTA1MTExNTA2MjU1OVowJTEW"
- + "MBQGA1UEChMNQm91bmN5IENhc3RsZTELMAkGA1UEBhMCQVUwgZ8wDQYJKoZI"
- + "hvcNAQEBBQADgY0AMIGJAoGBAI1fZGgH9wgC3QiK6yluH6DlLDkXkxYYL+Qf"
- + "nVRszJVYl0LIxZdpb7WEbVpO8fwtEgFtoDsOdxyqh3dTBv+L7NVD/v46kdPt"
- + "xVkSNHRbutJVY8Xn4/TC/CDngqtbpbniMO8n0GiB6vs94gBT20M34j96O2IF"
- + "73feNHP+x8PkJ+dNAgMBAAGjTTBLMB0GA1UdDgQWBBQ3XUfEE6+D+t+LIJgK"
- + "ESSUE58eyzAfBgNVHSMEGDAWgBQ3XUfEE6+D+t+LIJgKESSUE58eyzAJBgNV"
- + "HRMEAjAAMA0GCSqGSIb3DQEBBAUAA4GBAFK3r1stYOeXYJOlOyNGDTWEhZ+a"
- + "OYdFeFaS6c+InjotHuFLAy+QsS8PslE48zYNFEqYygGfLhZDLlSnJ/LAUTqF"
- + "01vlp+Bgn/JYiJazwi5WiiOTf7Th6eNjHFKXS3hfSGPNPIOjvicAp3ce3ehs"
- + "uK0MxgLAaxievzhFfJcGSUMDMIICTTCCAbagAwIBAgIBBzANBgkqhkiG9w0B"
- + "AQQFADAlMRYwFAYDVQQKEw1Cb3VuY3kgQ2FzdGxlMQswCQYDVQQGEwJBVTAe"
- + "Fw0wNTA4MDcwNjI1NTlaFw0wNTExMTUwNjI1NTlaMGUxGDAWBgNVBAMTD0Vy"
- + "aWMgSC4gRWNoaWRuYTEkMCIGCSqGSIb3DQEJARYVZXJpY0Bib3VuY3ljYXN0"
- + "bGUub3JnMRYwFAYDVQQKEw1Cb3VuY3kgQ2FzdGxlMQswCQYDVQQGEwJBVTCB"
- + "nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAgHCJyfwV6/V3kqSu2SOU2E/K"
- + "I+N0XohCMUaxPLLNtNBZ3ijxwaV6JGFz7siTgZD/OGfzir/eZimkt+L1iXQn"
- + "OAB+ZChivKvHtX+dFFC7Vq+E4Uy0Ftqc/wrGxE6DHb5BR0hprKH8wlDS8wSP"
- + "zxovgk4nH0ffUZOoDSuUgjh3gG8CAwEAAaNNMEswHQYDVR0OBBYEFLfY/4EG"
- + "mYrvJa7Cky+K9BJ7YmERMB8GA1UdIwQYMBaAFDddR8QTr4P634sgmAoRJJQT"
- + "nx7LMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEEBQADgYEADIOmpMd6UHdMjkyc"
- + "mIE1yiwfClCsGhCK9FigTg6U1G2FmkBwJIMWBlkeH15uvepsAncsgK+Cn3Zr"
- + "dZMb022mwtTJDtcaOM+SNeuCnjdowZ4i71Hf68siPm6sMlZkhz49rA0Yidoo"
- + "WuzYOO+dggzwDsMldSsvsDo/ARyCGOulDOAxggEvMIIBKwIBATAqMCUxFjAU"
- + "BgNVBAoTDUJvdW5jeSBDYXN0bGUxCzAJBgNVBAYTAkFVAgEHMAkGBSsOAwIa"
- + "BQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP"
- + "Fw0wNTA4MDcwNjI1NTlaMCMGCSqGSIb3DQEJBDEWBBQu973mCM5UBOl9XwQv"
- + "lfifHCMocTANBgkqhkiG9w0BAQEFAASBgGxnBl2qozYKLgZ0ygqSFgWcRGl1"
- + "LgNuE587LtO+EKkgoc3aFqEdjXlAyP8K7naRsvWnFrsB6pUpnrgI9Z8ZSKv8"
- + "98IlpsSSJ0jBlEb4gzzavwcBpYbr2ryOtDcF+kYmKIpScglyyoLzm+KPXOoT"
- + "n7MsJMoKN3Kd2Vzh6s10PFgeAAAAAAAA");
-
- CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), encapSigData);
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
- }
-
- public void testSHA1WithRSANoAttributes()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray(TEST_MESSAGE.getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- JcaSignerInfoGeneratorBuilder siBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build());
-
- siBuilder.setDirectSignature(true);
-
- gen.addSignerInfoGenerator(siBuilder.build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData s = gen.generate(msg, false);
-
- CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(),
- new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), s.getEncoded());
-
- sp.getSignedContent().drain();
-
- //
- // compute expected content digest
- //
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
-
- verifySignatures(sp, md.digest(TEST_MESSAGE.getBytes()));
- }
-
- public void testDSANoAttributes()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray(TEST_MESSAGE.getBytes());
-
- certList.add(_origDsaCert);
- certList.add(_signCert);
-
- JcaCertStore certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- JcaSignerInfoGeneratorBuilder builder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build());
-
- builder.setDirectSignature(true);
-
- gen.addSignerInfoGenerator(builder.build(new JcaContentSignerBuilder("SHA1withDSA").setProvider(BC).build(_origDsaKP.getPrivate()), _origDsaCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData s = gen.generate(msg);
-
- CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(),
- new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), s.getEncoded());
-
- sp.getSignedContent().drain();
-
- //
- // compute expected content digest
- //
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
-
- verifySignatures(sp, md.digest(TEST_MESSAGE.getBytes()));
- }
-
- public void testSHA1WithRSA()
- throws Exception
- {
- List certList = new ArrayList();
- List crlList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- crlList.add(_signCrl);
- crlList.add(_origCrl);
-
- Store certs = new JcaCertStore(certList);
- Store crls = new JcaCRLStore(crlList);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- gen.addCRLs(crls);
-
- OutputStream sigOut = gen.open(bOut);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- checkSigParseable(bOut.toByteArray());
-
- CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(),
- new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), bOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- //
- // compute expected content digest
- //
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
-
- verifySignatures(sp, md.digest(TEST_MESSAGE.getBytes()));
-
- //
- // try using existing signer
- //
- gen = new CMSSignedDataStreamGenerator();
-
- gen.addSigners(sp.getSignerInfos());
-
- gen.addCertificates(sp.getCertificates());
- gen.addCRLs(sp.getCRLs());
-
- bOut.reset();
-
- sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- verifyEncodedData(bOut);
-
- //
- // look for the CRLs
- //
- Collection col = sp.getCRLs().getMatches(null);
-
- assertEquals(2, col.size());
- assertTrue(col.contains(new JcaX509CRLHolder(_signCrl)));
- assertTrue(col.contains(new JcaX509CRLHolder(_origCrl)));
- }
-
- public void testSHA1WithRSAAndOtherRevocation()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello world!".getBytes());
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- List otherInfo = new ArrayList();
- OCSPResp response = new OCSPResp(successResp);
-
- otherInfo.add(response.toASN1Structure());
-
- gen.addOtherRevocationInfo(CMSObjectIdentifiers.id_ri_ocsp_response, new CollectionStore(otherInfo));
-
- OutputStream sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), bOut.toByteArray());
-
- CMSTypedStream stream = sp.getSignedContent();
-
- assertEquals(CMSObjectIdentifiers.data, stream.getContentType());
-
- stream.drain();
-
- //
- // check version
- //
- assertEquals(5, sp.getVersion());
-
- //
- // compute expected content digest
- //
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
-
- verifySignatures(sp, md.digest(TEST_MESSAGE.getBytes()));
-
- Store dataOtherInfo = sp.getOtherRevocationInfo(CMSObjectIdentifiers.id_ri_ocsp_response);
-
- assertEquals(1, dataOtherInfo.getMatches(null).size());
-
- OCSPResp dataResponse = new OCSPResp(OCSPResponse.getInstance(dataOtherInfo.getMatches(null).iterator().next()));
-
- assertEquals(response, dataResponse);
- }
-
- public void testSHA1WithRSANonData()
- throws Exception
- {
- List certList = new ArrayList();
- List crlList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(new JcaX509CertificateHolder(_origCert));
- certList.add(new JcaX509CertificateHolder(_signCert));
-
- crlList.add(new JcaX509CRLHolder(_signCrl));
- crlList.add(new JcaX509CRLHolder(_origCrl));
-
- Store certs = new JcaCertStore(certList);
- Store crls = new JcaCRLStore(crlList);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
- gen.addCRLs(crls);
-
- OutputStream sigOut = gen.open(new ASN1ObjectIdentifier("1.2.3.4"), bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), bOut.toByteArray());
-
- CMSTypedStream stream = sp.getSignedContent();
-
- assertEquals(new ASN1ObjectIdentifier("1.2.3.4"), stream.getContentType());
-
- stream.drain();
-
- //
- // compute expected content digest
- //
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
-
- verifySignatures(sp, md.digest(TEST_MESSAGE.getBytes()));
- }
-
- public void testSHA1AndMD5WithRSA()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
- JcaSignerInfoGeneratorBuilder signerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build());
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
- ContentSigner md5Signer = new JcaContentSignerBuilder("MD5withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(signerInfoGeneratorBuilder.build(sha1Signer, _origCert));
-
- gen.addSignerInfoGenerator(signerInfoGeneratorBuilder.build(md5Signer, _origCert));
-
- gen.addCertificates(certs);
-
- OutputStream sigOut = gen.open(bOut);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- checkSigParseable(bOut.toByteArray());
-
- CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(),
- new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), bOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
- }
-
- public void testSHA1WithRSAEncapsulatedBufferedStream()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- //
- // find unbuffered length
- //
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- OutputStream sigOut = gen.open(bOut, true);
-
- for (int i = 0; i != 2000; i++)
- {
- sigOut.write(i & 0xff);
- }
-
- sigOut.close();
-
- CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), bOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
-
- int unbufferedLength = bOut.toByteArray().length;
-
- //
- // find buffered length with buffered stream - should be equal
- //
- bOut = new ByteArrayOutputStream();
-
- gen = new CMSSignedDataStreamGenerator();
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- sigOut = gen.open(bOut, true);
-
- BufferedOutputStream bfOut = new BufferedOutputStream(sigOut, 300);
-
- for (int i = 0; i != 2000; i++)
- {
- bfOut.write(i & 0xff);
- }
-
- bfOut.close();
-
- verifyEncodedData(bOut);
-
- assertTrue(bOut.toByteArray().length == unbufferedLength);
- }
-
- public void testSHA1WithRSAEncapsulatedBuffered()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- //
- // find unbuffered length
- //
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- OutputStream sigOut = gen.open(bOut, true);
-
- for (int i = 0; i != 2000; i++)
- {
- sigOut.write(i & 0xff);
- }
-
- sigOut.close();
-
- CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), bOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
-
- int unbufferedLength = bOut.toByteArray().length;
-
- //
- // find buffered length - buffer size less than default
- //
- bOut = new ByteArrayOutputStream();
-
- gen = new CMSSignedDataStreamGenerator();
-
- gen.setBufferSize(300);
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- sigOut = gen.open(bOut, true);
-
- for (int i = 0; i != 2000; i++)
- {
- sigOut.write(i & 0xff);
- }
-
- sigOut.close();
-
- verifyEncodedData(bOut);
-
- assertTrue(bOut.toByteArray().length > unbufferedLength);
- }
-
- public void testSHA1WithRSAEncapsulated()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- OutputStream sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), bOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
-
- byte[] contentDigest = (byte[])gen.getGeneratedDigests().get(CMSAlgorithm.SHA1.getId());
-
- AttributeTable table = ((SignerInformation)sp.getSignerInfos().getSigners().iterator().next()).getSignedAttributes();
- Attribute hash = table.get(CMSAttributes.messageDigest);
-
- assertTrue(MessageDigest.isEqual(contentDigest, ((ASN1OctetString)hash.getAttrValues().getObjectAt(0)).getOctets()));
-
- //
- // try using existing signer
- //
- gen = new CMSSignedDataStreamGenerator();
-
- gen.addSigners(sp.getSignerInfos());
-
- gen.addCertificates(sp.getCertificates());
-
- bOut.reset();
-
- sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- CMSSignedData sd = new CMSSignedData(new CMSProcessableByteArray(TEST_MESSAGE.getBytes()), bOut.toByteArray());
-
- assertEquals(1, sd.getSignerInfos().getSigners().size());
-
- verifyEncodedData(bOut);
- }
-
- public void testSHA1WithRSAEncapsulatedSubjectKeyID()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, CMSTestUtil.createSubjectKeyId(_origCert.getPublicKey()).getKeyIdentifier()));
-
- gen.addCertificates(certs);
-
- OutputStream sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), bOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
-
- byte[] contentDigest = (byte[])gen.getGeneratedDigests().get(CMSAlgorithm.SHA1.getId());
-
- AttributeTable table = ((SignerInformation)sp.getSignerInfos().getSigners().iterator().next()).getSignedAttributes();
- Attribute hash = table.get(CMSAttributes.messageDigest);
-
- assertTrue(MessageDigest.isEqual(contentDigest, ((ASN1OctetString)hash.getAttrValues().getObjectAt(0)).getOctets()));
-
- //
- // try using existing signer
- //
- gen = new CMSSignedDataStreamGenerator();
-
- gen.addSigners(sp.getSignerInfos());
-
- gen.addCertificates(sp.getCertificates());
-
- bOut.reset();
-
- sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- CMSSignedData sd = new CMSSignedData(new CMSProcessableByteArray(TEST_MESSAGE.getBytes()), bOut.toByteArray());
-
- assertEquals(1, sd.getSignerInfos().getSigners().size());
-
- verifyEncodedData(bOut);
- }
-
- public void testAttributeGenerators()
- throws Exception
- {
- final ASN1ObjectIdentifier dummyOid1 = new ASN1ObjectIdentifier("1.2.3");
- final ASN1ObjectIdentifier dummyOid2 = new ASN1ObjectIdentifier("1.2.3.4");
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- JcaCertStore certs = new JcaCertStore(certList);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- CMSAttributeTableGenerator signedGen = new DefaultSignedAttributeTableGenerator()
- {
- public AttributeTable getAttributes(Map parameters)
- {
- Hashtable table = createStandardAttributeTable(parameters);
-
- DEROctetString val = new DEROctetString((byte[])parameters.get(CMSAttributeTableGenerator.DIGEST));
- Attribute attr = new Attribute(dummyOid1, new DERSet(val));
-
- table.put(attr.getAttrType(), attr);
-
- return new AttributeTable(table);
- }
- };
-
- CMSAttributeTableGenerator unsignedGen = new CMSAttributeTableGenerator()
- {
- public AttributeTable getAttributes(Map parameters)
- {
- DEROctetString val = new DEROctetString((byte[])parameters.get(CMSAttributeTableGenerator.SIGNATURE));
- Attribute attr = new Attribute(dummyOid2, new DERSet(val));
-
- return new AttributeTable(new DERSet(attr));
- }
- };
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- JcaSignerInfoGeneratorBuilder siBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build());
-
- siBuilder.setSignedAttributeGenerator(signedGen).setUnsignedAttributeGenerator(unsignedGen);
-
- gen.addSignerInfoGenerator(siBuilder.build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- OutputStream sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), bOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
-
- //
- // check attributes
- //
- SignerInformationStore signers = sp.getSignerInfos();
-
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- checkAttribute(signer.getContentDigest(), signer.getSignedAttributes().get(dummyOid1));
- checkAttribute(signer.getSignature(), signer.getUnsignedAttributes().get(dummyOid2));
- }
- }
-
- private void checkAttribute(byte[] expected, Attribute attr)
- {
- DEROctetString value = (DEROctetString)attr.getAttrValues().getObjectAt(0);
-
- assertEquals(new DEROctetString(expected), value);
- }
-
- public void testWithAttributeCertificate()
- throws Exception
- {
- List certList = new ArrayList();
-
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- X509AttributeCertificateHolder attrCert = CMSTestUtil.getAttributeCertificate();
-
- Store store = new CollectionStore(Collections.singleton(attrCert));
-
- gen.addAttributeCertificates(store);
-
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- OutputStream sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), bOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- assertEquals(4, sp.getVersion());
-
-// store = sp.getAttributeCertificates();
-//
-// Collection coll = store.getMatches(null);
-//
-// assertEquals(1, coll.size());
-//
-// assertTrue(coll.contains(new JcaX509AttributeCertificateHolder(attrCert)));
- }
-
- public void testSignerStoreReplacement()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- byte[] data = TEST_MESSAGE.getBytes();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BC).build("SHA1withRSA", _origKP.getPrivate(), _origCert));
-
- gen.addCertificates(certs);
-
- OutputStream sigOut = gen.open(bOut, false);
-
- sigOut.write(data);
-
- sigOut.close();
-
- checkSigParseable(bOut.toByteArray());
-
- //
- // create new Signer
- //
- ByteArrayInputStream original = new ByteArrayInputStream(bOut.toByteArray());
-
- bOut.reset();
-
- gen = new CMSSignedDataStreamGenerator();
-
- gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BC).build("SHA224withRSA", _origKP.getPrivate(), _origCert));
-
- gen.addCertificates(certs);
-
- sigOut = gen.open(bOut);
-
- sigOut.write(data);
-
- sigOut.close();
-
- checkSigParseable(bOut.toByteArray());
-
- CMSSignedData sd = new CMSSignedData(bOut.toByteArray());
-
- //
- // replace signer
- //
- ByteArrayOutputStream newOut = new ByteArrayOutputStream();
-
- CMSSignedDataParser.replaceSigners(original, sd.getSignerInfos(), newOut);
-
- sd = new CMSSignedData(new CMSProcessableByteArray(data), newOut.toByteArray());
- SignerInformation signer = (SignerInformation)sd.getSignerInfos().getSigners().iterator().next();
-
- assertEquals(signer.getDigestAlgOID(), CMSAlgorithm.SHA224.getId());
-
- CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), new CMSTypedStream(new ByteArrayInputStream(data)), newOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
- }
-
- public void testEncapsulatedSignerStoreReplacement()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BC).build("SHA1withRSA", _origKP.getPrivate(), _origCert));
-
- gen.addCertificates(certs);
-
- OutputStream sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- //
- // create new Signer
- //
- ByteArrayInputStream original = new ByteArrayInputStream(bOut.toByteArray());
-
- bOut.reset();
-
- gen = new CMSSignedDataStreamGenerator();
-
- gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BC).build("SHA224withRSA", _origKP.getPrivate(), _origCert));
-
- gen.addCertificates(certs);
-
- sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- CMSSignedData sd = new CMSSignedData(bOut.toByteArray());
-
- //
- // replace signer
- //
- ByteArrayOutputStream newOut = new ByteArrayOutputStream();
-
- CMSSignedDataParser.replaceSigners(original, sd.getSignerInfos(), newOut);
-
- sd = new CMSSignedData(newOut.toByteArray());
- SignerInformation signer = (SignerInformation)sd.getSignerInfos().getSigners().iterator().next();
-
- assertEquals(signer.getDigestAlgOID(), CMSAlgorithm.SHA224.getId());
-
- CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), newOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
- }
-
- public void testCertStoreReplacement()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- byte[] data = TEST_MESSAGE.getBytes();
-
- certList.add(_origDsaCert);
-
- JcaCertStore certs = new JcaCertStore(certList);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- JcaSignerInfoGeneratorBuilder builder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build());
-
- gen.addSignerInfoGenerator(builder.build(new JcaContentSignerBuilder("SHA1withRSA").build(_origKP.getPrivate()), _origCert));
-
- gen.addCertificates(certs);
-
- OutputStream sigOut = gen.open(bOut);
-
- sigOut.write(data);
-
- sigOut.close();
-
- checkSigParseable(bOut.toByteArray());
-
- //
- // create new certstore with the right certificates
- //
- certList = new ArrayList();
- certList.add(_origCert);
- certList.add(_signCert);
-
- certs = new JcaCertStore(certList);
-
-
- //
- // replace certs
- //
- ByteArrayInputStream original = new ByteArrayInputStream(bOut.toByteArray());
- ByteArrayOutputStream newOut = new ByteArrayOutputStream();
-
- CMSSignedDataParser.replaceCertificatesAndCRLs(original, certs, null, null, newOut);
-
- CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), new CMSTypedStream(new ByteArrayInputStream(data)), newOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
- }
-
- public void testEncapsulatedCertStoreReplacement()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_origDsaCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- JcaSignerInfoGeneratorBuilder builder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build());
-
- gen.addSignerInfoGenerator(builder.build(new JcaContentSignerBuilder("SHA1withRSA").build(_origKP.getPrivate()), _origCert));
-
- gen.addCertificates(certs);
-
- OutputStream sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- //
- // create new certstore with the right certificates
- //
- certList = new ArrayList();
- certList.add(_origCert);
- certList.add(_signCert);
-
- certs = new JcaCertStore(certList);
-
- //
- // replace certs
- //
- ByteArrayInputStream original = new ByteArrayInputStream(bOut.toByteArray());
- ByteArrayOutputStream newOut = new ByteArrayOutputStream();
-
- CMSSignedDataParser.replaceCertificatesAndCRLs(original, certs, null, null, newOut);
-
- CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), newOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
- }
-
- public void testCertOrdering1()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BC).build("SHA1withRSA", _origKP.getPrivate(), _origCert));
-
- gen.addCertificates(certs);
-
- OutputStream sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), bOut.toByteArray());
-
- sp.getSignedContent().drain();
- certs = sp.getCertificates();
- Iterator it = certs.getMatches(null).iterator();
-
- assertEquals(new JcaX509CertificateHolder(_origCert), it.next());
- assertEquals(new JcaX509CertificateHolder(_signCert), it.next());
- }
-
- public void testCertOrdering2()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(_signCert);
- certList.add(_origCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BC).build("SHA1withRSA", _origKP.getPrivate(), _origCert));
-
- gen.addCertificates(certs);
-
- OutputStream sigOut = gen.open(bOut, true);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), bOut.toByteArray());
-
- sp.getSignedContent().drain();
- certs = sp.getCertificates();
- Iterator it = certs.getMatches(null).iterator();
-
- assertEquals(new JcaX509CertificateHolder(_signCert), it.next());
- assertEquals(new JcaX509CertificateHolder(_origCert), it.next());
- }
-
- public void testCertsOnly()
- throws Exception
- {
- List certList = new ArrayList();
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
- gen.addCertificates(certs);
-
- gen.open(bOut).close();
-
- checkSigParseable(bOut.toByteArray());
- }
-
- public static Test suite()
- throws Exception
- {
- init();
-
- return new CMSTestSetup(new TestSuite(NewSignedDataStreamTest.class));
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/NewSignedDataTest.java b/pkix/src/test/java/org/bouncycastle/cms/test/NewSignedDataTest.java
deleted file mode 100644
index 7df2c130..00000000
--- a/pkix/src/test/java/org/bouncycastle/cms/test/NewSignedDataTest.java
+++ /dev/null
@@ -1,2060 +0,0 @@
-package org.bouncycastle.cms.test;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.security.KeyFactory;
-import java.security.KeyPair;
-import java.security.MessageDigest;
-import java.security.Security;
-import java.security.cert.X509CRL;
-import java.security.cert.X509Certificate;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.security.spec.X509EncodedKeySpec;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.cms.Attribute;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.CMSAttributes;
-import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.ocsp.OCSPResponse;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cert.X509AttributeCertificateHolder;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.jcajce.JcaCRLStore;
-import org.bouncycastle.cert.jcajce.JcaCertStore;
-import org.bouncycastle.cert.jcajce.JcaX509CRLHolder;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
-import org.bouncycastle.cert.ocsp.OCSPResp;
-import org.bouncycastle.cms.CMSAbsentContent;
-import org.bouncycastle.cms.CMSAlgorithm;
-import org.bouncycastle.cms.CMSProcessableByteArray;
-import org.bouncycastle.cms.CMSSignedData;
-import org.bouncycastle.cms.CMSSignedDataGenerator;
-import org.bouncycastle.cms.CMSSignedDataParser;
-import org.bouncycastle.cms.CMSTypedData;
-import org.bouncycastle.cms.DefaultCMSSignatureAlgorithmNameGenerator;
-import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
-import org.bouncycastle.cms.SignerId;
-import org.bouncycastle.cms.SignerInfoGeneratorBuilder;
-import org.bouncycastle.cms.SignerInformation;
-import org.bouncycastle.cms.SignerInformationStore;
-import org.bouncycastle.cms.SignerInformationVerifier;
-import org.bouncycastle.cms.SignerInformationVerifierProvider;
-import org.bouncycastle.cms.bc.BcRSASignerInfoVerifierBuilder;
-import org.bouncycastle.cms.jcajce.JcaSignerId;
-import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
-import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
-import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
-import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
-import org.bouncycastle.crypto.util.PrivateKeyFactory;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.bc.BcContentSignerBuilder;
-import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
-import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
-import org.bouncycastle.util.CollectionStore;
-import org.bouncycastle.util.Store;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.io.Streams;
-
-public class NewSignedDataTest
- extends TestCase
-{
- private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
-
- boolean DEBUG = true;
-
- private static String _origDN;
- private static KeyPair _origKP;
- private static X509Certificate _origCert;
-
- private static String _signDN;
- private static KeyPair _signKP;
- private static X509Certificate _signCert;
-
- private static KeyPair _signGostKP;
- private static X509Certificate _signGostCert;
-
- private static KeyPair _signEcDsaKP;
- private static X509Certificate _signEcDsaCert;
-
- private static KeyPair _signEcGostKP;
- private static X509Certificate _signEcGostCert;
-
- private static KeyPair _signDsaKP;
- private static X509Certificate _signDsaCert;
-
- private static String _reciDN;
- private static KeyPair _reciKP;
- private static X509Certificate _reciCert;
-
- private static X509CRL _signCrl;
-
- private static boolean _initialised = false;
-
- private byte[] disorderedMessage = Base64.decode(
- "SU9fc3RkaW5fdXNlZABfX2xpYmNfc3RhcnRfbWFpbgBnZXRob3N0aWQAX19n"
- + "bW9uX3M=");
-
- private byte[] disorderedSet = Base64.decode(
- "MIIYXQYJKoZIhvcNAQcCoIIYTjCCGEoCAQExCzAJBgUrDgMCGgUAMAsGCSqG"
- + "SIb3DQEHAaCCFqswggJUMIIBwKADAgECAgMMg6wwCgYGKyQDAwECBQAwbzEL"
- + "MAkGA1UEBhMCREUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbI"
- + "dXIgVGVsZWtvbW11bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwEx"
- + "MBEGA1UEAxQKNFItQ0EgMTpQTjAiGA8yMDAwMDMyMjA5NDM1MFoYDzIwMDQw"
- + "MTIxMTYwNDUzWjBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxpZXJ1"
- + "bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9zdDEh"
- + "MAwGBwKCBgEKBxQTATEwEQYDVQQDFAo1Ui1DQSAxOlBOMIGhMA0GCSqGSIb3"
- + "DQEBAQUAA4GPADCBiwKBgQCKHkFTJx8GmoqFTxEOxpK9XkC3NZ5dBEKiUv0I"
- + "fe3QMqeGMoCUnyJxwW0k2/53duHxtv2yHSZpFKjrjvE/uGwdOMqBMTjMzkFg"
- + "19e9JPv061wyADOucOIaNAgha/zFt9XUyrHF21knKCvDNExv2MYIAagkTKaj"
- + "LMAw0bu1J0FadQIFAMAAAAEwCgYGKyQDAwECBQADgYEAgFauXpoTLh3Z3pT/"
- + "3bhgrxO/2gKGZopWGSWSJPNwq/U3x2EuctOJurj+y2inTcJjespThflpN+7Q"
- + "nvsUhXU+jL2MtPlObU0GmLvWbi47cBShJ7KElcZAaxgWMBzdRGqTOdtMv+ev"
- + "2t4igGF/q71xf6J2c3pTLWr6P8s6tzLfOCMwggJDMIIBr6ADAgECAgQAuzyu"
- + "MAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1bGll"
- + "cnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0"
- + "MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjVSLUNBIDE6UE4wIhgPMjAwMTA4"
- + "MjAwODA4MjBaGA8yMDA1MDgyMDA4MDgyMFowSzELMAkGA1UEBhMCREUxEjAQ"
- + "BgNVBAoUCVNpZ250cnVzdDEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFDQSBT"
- + "SUdOVFJVU1QgMTpQTjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAhV12"
- + "N2WhlR6f+3CXP57GrBM9la5Vnsu2b92zv5MZqQOPeEsYbZqDCFkYg1bSwsDE"
- + "XsGVQqXdQNAGUaapr/EUVVN+hNZ07GcmC1sPeQECgUkxDYjGi4ihbvzxlahj"
- + "L4nX+UTzJVBfJwXoIvJ+lMHOSpnOLIuEL3SRhBItvRECxN0CAwEAAaMSMBAw"
- + "DgYDVR0PAQH/BAQDAgEGMAoGBiskAwMBAgUAA4GBACDc9Pc6X8sK1cerphiV"
- + "LfFv4kpZb9ev4WPy/C6987Qw1SOTElhZAmxaJQBqmDHWlQ63wj1DEqswk7hG"
- + "LrvQk/iX6KXIn8e64uit7kx6DHGRKNvNGofPjr1WelGeGW/T2ZJKgmPDjCkf"
- + "sIKt2c3gwa2pDn4mmCz/DStUIqcPDbqLMIICVTCCAcGgAwIBAgIEAJ16STAK"
- + "BgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxpZXJ1"
- + "bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9zdDEh"
- + "MAwGBwKCBgEKBxQTATEwEQYDVQQDFAo1Ui1DQSAxOlBOMCIYDzIwMDEwMjAx"
- + "MTM0NDI1WhgPMjAwNTAzMjIwODU1NTFaMG8xCzAJBgNVBAYTAkRFMT0wOwYD"
- + "VQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0"
- + "aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNhIDE6"
- + "UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGLAoGBAIOiqxUkzVyqnvthihnl"
- + "tsE5m1Xn5TZKeR/2MQPStc5hJ+V4yptEtIx+Fn5rOoqT5VEVWhcE35wdbPvg"
- + "JyQFn5msmhPQT/6XSGOlrWRoFummXN9lQzAjCj1sgTcmoLCVQ5s5WpCAOXFw"
- + "VWu16qndz3sPItn3jJ0F3Kh3w79NglvPAgUAwAAAATAKBgYrJAMDAQIFAAOB"
- + "gQBpSRdnDb6AcNVaXSmGo6+kVPIBhot1LzJOGaPyDNpGXxd7LV4tMBF1U7gr"
- + "4k1g9BO6YiMWvw9uiTZmn0CfV8+k4fWEuG/nmafRoGIuay2f+ILuT+C0rnp1"
- + "4FgMsEhuVNJJAmb12QV0PZII+UneyhAneZuQQzVUkTcVgYxogxdSOzCCAlUw"
- + "ggHBoAMCAQICBACdekowCgYGKyQDAwECBQAwbzELMAkGA1UEBhMCREUxPTA7"
- + "BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11bmlr"
- + "YXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNlItQ2Eg"
- + "MTpQTjAiGA8yMDAxMDIwMTEzNDcwN1oYDzIwMDUwMzIyMDg1NTUxWjBvMQsw"
- + "CQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1"
- + "ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEw"
- + "EQYDVQQDFAo1Ui1DQSAxOlBOMIGhMA0GCSqGSIb3DQEBAQUAA4GPADCBiwKB"
- + "gQCKHkFTJx8GmoqFTxEOxpK9XkC3NZ5dBEKiUv0Ife3QMqeGMoCUnyJxwW0k"
- + "2/53duHxtv2yHSZpFKjrjvE/uGwdOMqBMTjMzkFg19e9JPv061wyADOucOIa"
- + "NAgha/zFt9XUyrHF21knKCvDNExv2MYIAagkTKajLMAw0bu1J0FadQIFAMAA"
- + "AAEwCgYGKyQDAwECBQADgYEAV1yTi+2gyB7sUhn4PXmi/tmBxAfe5oBjDW8m"
- + "gxtfudxKGZ6l/FUPNcrSc5oqBYxKWtLmf3XX87LcblYsch617jtNTkMzhx9e"
- + "qxiD02ufcrxz2EVt0Akdqiz8mdVeqp3oLcNU/IttpSrcA91CAnoUXtDZYwb/"
- + "gdQ4FI9l3+qo/0UwggJVMIIBwaADAgECAgQAxIymMAoGBiskAwMBAgUAMG8x"
- + "CzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBm"
- + "yHVyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMB"
- + "MTARBgNVBAMUCjZSLUNhIDE6UE4wIhgPMjAwMTEwMTUxMzMxNThaGA8yMDA1"
- + "MDYwMTA5NTIxN1owbzELMAkGA1UEBhMCREUxPTA7BgNVBAoUNFJlZ3VsaWVy"
- + "dW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11bmlrYXRpb24gdW5kIFBvc3Qx"
- + "ITAMBgcCggYBCgcUEwExMBEGA1UEAxQKN1ItQ0EgMTpQTjCBoTANBgkqhkiG"
- + "9w0BAQEFAAOBjwAwgYsCgYEAiokD/j6lEP4FexF356OpU5teUpGGfUKjIrFX"
- + "BHc79G0TUzgVxqMoN1PWnWktQvKo8ETaugxLkP9/zfX3aAQzDW4Zki6x6GDq"
- + "fy09Agk+RJvhfbbIzRkV4sBBco0n73x7TfG/9NTgVr/96U+I+z/1j30aboM6"
- + "9OkLEhjxAr0/GbsCBQDAAAABMAoGBiskAwMBAgUAA4GBAHWRqRixt+EuqHhR"
- + "K1kIxKGZL2vZuakYV0R24Gv/0ZR52FE4ECr+I49o8FP1qiGSwnXB0SwjuH2S"
- + "iGiSJi+iH/MeY85IHwW1P5e+bOMvEOFhZhQXQixOD7totIoFtdyaj1XGYRef"
- + "0f2cPOjNJorXHGV8wuBk+/j++sxbd/Net3FtMIICVTCCAcGgAwIBAgIEAMSM"
- + "pzAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxp"
- + "ZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9z"
- + "dDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo3Ui1DQSAxOlBOMCIYDzIwMDEx"
- + "MDE1MTMzNDE0WhgPMjAwNTA2MDEwOTUyMTdaMG8xCzAJBgNVBAYTAkRFMT0w"
- + "OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5p"
- + "a2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNh"
- + "IDE6UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGLAoGBAIOiqxUkzVyqnvth"
- + "ihnltsE5m1Xn5TZKeR/2MQPStc5hJ+V4yptEtIx+Fn5rOoqT5VEVWhcE35wd"
- + "bPvgJyQFn5msmhPQT/6XSGOlrWRoFummXN9lQzAjCj1sgTcmoLCVQ5s5WpCA"
- + "OXFwVWu16qndz3sPItn3jJ0F3Kh3w79NglvPAgUAwAAAATAKBgYrJAMDAQIF"
- + "AAOBgQBi5W96UVDoNIRkCncqr1LLG9vF9SGBIkvFpLDIIbcvp+CXhlvsdCJl"
- + "0pt2QEPSDl4cmpOet+CxJTdTuMeBNXxhb7Dvualog69w/+K2JbPhZYxuVFZs"
- + "Zh5BkPn2FnbNu3YbJhE60aIkikr72J4XZsI5DxpZCGh6xyV/YPRdKSljFjCC"
- + "AlQwggHAoAMCAQICAwyDqzAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9"
- + "MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVu"
- + "aWthdGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo1Ui1D"
- + "QSAxOlBOMCIYDzIwMDAwMzIyMDk0MTI3WhgPMjAwNDAxMjExNjA0NTNaMG8x"
- + "CzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBm"
- + "yHVyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMB"
- + "MTARBgNVBAMUCjRSLUNBIDE6UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGL"
- + "AoGBAI8x26tmrFJanlm100B7KGlRemCD1R93PwdnG7svRyf5ZxOsdGrDszNg"
- + "xg6ouO8ZHQMT3NC2dH8TvO65Js+8bIyTm51azF6clEg0qeWNMKiiXbBXa+ph"
- + "hTkGbXiLYvACZ6/MTJMJ1lcrjpRF7BXtYeYMcEF6znD4pxOqrtbf9z5hAgUA"
- + "wAAAATAKBgYrJAMDAQIFAAOBgQB99BjSKlGPbMLQAgXlvA9jUsDNhpnVm3a1"
- + "YkfxSqS/dbQlYkbOKvCxkPGA9NBxisBM8l1zFynVjJoy++aysRmcnLY/sHaz"
- + "23BF2iU7WERy18H3lMBfYB6sXkfYiZtvQZcWaO48m73ZBySuiV3iXpb2wgs/"
- + "Cs20iqroAWxwq/W/9jCCAlMwggG/oAMCAQICBDsFZ9UwCgYGKyQDAwECBQAw"
- + "bzELMAkGA1UEBhMCREUxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNFItQ0Eg"
- + "MTpQTjE9MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxl"
- + "a29tbXVuaWthdGlvbiB1bmQgUG9zdDAiGA8xOTk5MDEyMTE3MzUzNFoYDzIw"
- + "MDQwMTIxMTYwMDAyWjBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxp"
- + "ZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9z"
- + "dDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAozUi1DQSAxOlBOMIGfMA0GCSqG"
- + "SIb3DQEBAQUAA4GNADCBiQKBgI4B557mbKQg/AqWBXNJhaT/6lwV93HUl4U8"
- + "u35udLq2+u9phns1WZkdM3gDfEpL002PeLfHr1ID/96dDYf04lAXQfombils"
- + "of1C1k32xOvxjlcrDOuPEMxz9/HDAQZA5MjmmYHAIulGI8Qg4Tc7ERRtg/hd"
- + "0QX0/zoOeXoDSEOBAgTAAAABMAoGBiskAwMBAgUAA4GBAIyzwfT3keHI/n2P"
- + "LrarRJv96mCohmDZNpUQdZTVjGu5VQjVJwk3hpagU0o/t/FkdzAjOdfEw8Ql"
- + "3WXhfIbNLv1YafMm2eWSdeYbLcbB5yJ1od+SYyf9+tm7cwfDAcr22jNRBqx8"
- + "wkWKtKDjWKkevaSdy99sAI8jebHtWz7jzydKMIID9TCCA16gAwIBAgICbMcw"
- + "DQYJKoZIhvcNAQEFBQAwSzELMAkGA1UEBhMCREUxEjAQBgNVBAoUCVNpZ250"
- + "cnVzdDEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFDQSBTSUdOVFJVU1QgMTpQ"
- + "TjAeFw0wNDA3MzAxMzAyNDZaFw0wNzA3MzAxMzAyNDZaMDwxETAPBgNVBAMM"
- + "CFlhY29tOlBOMQ4wDAYDVQRBDAVZYWNvbTELMAkGA1UEBhMCREUxCjAIBgNV"
- + "BAUTATEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIWzLlYLQApocXIp"
- + "pgCCpkkOUVLgcLYKeOd6/bXAnI2dTHQqT2bv7qzfUnYvOqiNgYdF13pOYtKg"
- + "XwXMTNFL4ZOI6GoBdNs9TQiZ7KEWnqnr2945HYx7UpgTBclbOK/wGHuCdcwO"
- + "x7juZs1ZQPFG0Lv8RoiV9s6HP7POqh1sO0P/AgMBAAGjggH1MIIB8TCBnAYD"
- + "VR0jBIGUMIGRgBQcZzNghfnXoXRm8h1+VITC5caNRqFzpHEwbzELMAkGA1UE"
- + "BhMCREUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVs"
- + "ZWtvbW11bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UE"
- + "AxQKNVItQ0EgMTpQToIEALs8rjAdBgNVHQ4EFgQU2e5KAzkVuKaM9I5heXkz"
- + "bcAIuR8wDgYDVR0PAQH/BAQDAgZAMBIGA1UdIAQLMAkwBwYFKyQIAQEwfwYD"
- + "VR0fBHgwdjB0oCygKoYobGRhcDovL2Rpci5zaWdudHJ1c3QuZGUvbz1TaWdu"
- + "dHJ1c3QsYz1kZaJEpEIwQDEdMBsGA1UEAxMUQ1JMU2lnblNpZ250cnVzdDE6"
- + "UE4xEjAQBgNVBAoTCVNpZ250cnVzdDELMAkGA1UEBhMCREUwYgYIKwYBBQUH"
- + "AQEEVjBUMFIGCCsGAQUFBzABhkZodHRwOi8vZGlyLnNpZ250cnVzdC5kZS9T"
- + "aWdudHJ1c3QvT0NTUC9zZXJ2bGV0L2h0dHBHYXRld2F5LlBvc3RIYW5kbGVy"
- + "MBgGCCsGAQUFBwEDBAwwCjAIBgYEAI5GAQEwDgYHAoIGAQoMAAQDAQH/MA0G"
- + "CSqGSIb3DQEBBQUAA4GBAHn1m3GcoyD5GBkKUY/OdtD6Sj38LYqYCF+qDbJR"
- + "6pqUBjY2wsvXepUppEler+stH8mwpDDSJXrJyuzf7xroDs4dkLl+Rs2x+2tg"
- + "BjU+ABkBDMsym2WpwgA8LCdymmXmjdv9tULxY+ec2pjSEzql6nEZNEfrU8nt"
- + "ZCSCavgqW4TtMYIBejCCAXYCAQEwUTBLMQswCQYDVQQGEwJERTESMBAGA1UE"
- + "ChQJU2lnbnRydXN0MSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMUEUNBIFNJR05U"
- + "UlVTVCAxOlBOAgJsxzAJBgUrDgMCGgUAoIGAMBgGCSqGSIb3DQEJAzELBgkq"
- + "hkiG9w0BBwEwIwYJKoZIhvcNAQkEMRYEFIYfhPoyfGzkLWWSSLjaHb4HQmaK"
- + "MBwGCSqGSIb3DQEJBTEPFw0wNTAzMjQwNzM4MzVaMCEGBSskCAYFMRgWFi92"
- + "YXIvZmlsZXMvdG1wXzEvdGVzdDEwDQYJKoZIhvcNAQEFBQAEgYA2IvA8lhVz"
- + "VD5e/itUxbFboKxeKnqJ5n/KuO/uBCl1N14+7Z2vtw1sfkIG+bJdp3OY2Cmn"
- + "mrQcwsN99Vjal4cXVj8t+DJzFG9tK9dSLvD3q9zT/GQ0kJXfimLVwCa4NaSf"
- + "Qsu4xtG0Rav6bCcnzabAkKuNNvKtH8amSRzk870DBg==");
-
- public static byte[] xtraCounterSig = Base64.decode(
- "MIIR/AYJKoZIhvcNAQcCoIIR7TCCEekCAQExCzAJBgUrDgMCGgUAMBoGCSqG"
- + "SIb3DQEHAaANBAtIZWxsbyB3b3JsZKCCDnkwggTPMIIDt6ADAgECAgRDnYD3"
- + "MA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNVBAYTAklUMRowGAYDVQQKExFJbi5U"
- + "ZS5TLkEuIFMucC5BLjEtMCsGA1UEAxMkSW4uVGUuUy5BLiAtIENlcnRpZmlj"
- + "YXRpb24gQXV0aG9yaXR5MB4XDTA4MDkxMjExNDMxMloXDTEwMDkxMjExNDMx"
- + "MlowgdgxCzAJBgNVBAYTAklUMSIwIAYDVQQKDBlJbnRlc2EgUy5wLkEuLzA1"
- + "MjYyODkwMDE0MSowKAYDVQQLDCFCdXNpbmVzcyBDb2xsYWJvcmF0aW9uICYg"
- + "U2VjdXJpdHkxHjAcBgNVBAMMFU1BU1NJTUlMSUFOTyBaSUNDQVJESTERMA8G"
- + "A1UEBAwIWklDQ0FSREkxFTATBgNVBCoMDE1BU1NJTUlMSUFOTzEcMBoGA1UE"
- + "BRMTSVQ6WkNDTVNNNzZIMTRMMjE5WTERMA8GA1UELhMIMDAwMDI1ODUwgaAw"
- + "DQYJKoZIhvcNAQEBBQADgY4AMIGKAoGBALeJTjmyFgx1SIP6c2AuB/kuyHo5"
- + "j/prKELTALsFDimre/Hxr3wOSet1TdQfFzU8Lu+EJqgfV9cV+cI1yeH1rZs7"
- + "lei7L3tX/VR565IywnguX5xwvteASgWZr537Fkws50bvTEMyYOj1Tf3FZvZU"
- + "z4n4OD39KI4mfR9i1eEVIxR3AgQAizpNo4IBoTCCAZ0wHQYDVR0RBBYwFIES"
- + "emljY2FyZGlAaW50ZXNhLml0MC8GCCsGAQUFBwEDBCMwITAIBgYEAI5GAQEw"
- + "CwYGBACORgEDAgEUMAgGBgQAjkYBBDBZBgNVHSAEUjBQME4GBgQAizABATBE"
- + "MEIGCCsGAQUFBwIBFjZodHRwOi8vZS10cnVzdGNvbS5pbnRlc2EuaXQvY2Ff"
- + "cHViYmxpY2EvQ1BTX0lOVEVTQS5odG0wDgYDVR0PAQH/BAQDAgZAMIGDBgNV"
- + "HSMEfDB6gBQZCQOW0bjFWBt+EORuxPagEgkQqKFcpFowWDELMAkGA1UEBhMC"
- + "SVQxGjAYBgNVBAoTEUluLlRlLlMuQS4gUy5wLkEuMS0wKwYDVQQDEyRJbi5U"
- + "ZS5TLkEuIC0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCBDzRARMwOwYDVR0f"
- + "BDQwMjAwoC6gLIYqaHR0cDovL2UtdHJ1c3Rjb20uaW50ZXNhLml0L0NSTC9J"
- + "TlRFU0EuY3JsMB0GA1UdDgQWBBTf5ItL8KmQh541Dxt7YxcWI1254TANBgkq"
- + "hkiG9w0BAQUFAAOCAQEAgW+uL1CVWQepbC/wfCmR6PN37Sueb4xiKQj2mTD5"
- + "UZ5KQjpivy/Hbuf0NrfKNiDEhAvoHSPC31ebGiKuTMFNyZPHfPEUnyYGSxea"
- + "2w837aXJFr6utPNQGBRi89kH90sZDlXtOSrZI+AzJJn5QK3F9gjcayU2NZXQ"
- + "MJgRwYmFyn2w4jtox+CwXPQ9E5XgxiMZ4WDL03cWVXDLX00EOJwnDDMUNTRI"
- + "m9Zv+4SKTNlfFbi9UTBqWBySkDzAelsfB2U61oqc2h1xKmCtkGMmN9iZT+Qz"
- + "ZC/vaaT+hLEBFGAH2gwFrYc4/jTBKyBYeU1vsAxsibIoTs1Apgl6MH75qPDL"
- + "BzCCBM8wggO3oAMCAQICBEOdgPcwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE"
- + "BhMCSVQxGjAYBgNVBAoTEUluLlRlLlMuQS4gUy5wLkEuMS0wKwYDVQQDEyRJ"
- + "bi5UZS5TLkEuIC0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwOTEy"
- + "MTE0MzEyWhcNMTAwOTEyMTE0MzEyWjCB2DELMAkGA1UEBhMCSVQxIjAgBgNV"
- + "BAoMGUludGVzYSBTLnAuQS4vMDUyNjI4OTAwMTQxKjAoBgNVBAsMIUJ1c2lu"
- + "ZXNzIENvbGxhYm9yYXRpb24gJiBTZWN1cml0eTEeMBwGA1UEAwwVTUFTU0lN"
- + "SUxJQU5PIFpJQ0NBUkRJMREwDwYDVQQEDAhaSUNDQVJESTEVMBMGA1UEKgwM"
- + "TUFTU0lNSUxJQU5PMRwwGgYDVQQFExNJVDpaQ0NNU003NkgxNEwyMTlZMREw"
- + "DwYDVQQuEwgwMDAwMjU4NTCBoDANBgkqhkiG9w0BAQEFAAOBjgAwgYoCgYEA"
- + "t4lOObIWDHVIg/pzYC4H+S7IejmP+msoQtMAuwUOKat78fGvfA5J63VN1B8X"
- + "NTwu74QmqB9X1xX5wjXJ4fWtmzuV6Lsve1f9VHnrkjLCeC5fnHC+14BKBZmv"
- + "nfsWTCznRu9MQzJg6PVN/cVm9lTPifg4Pf0ojiZ9H2LV4RUjFHcCBACLOk2j"
- + "ggGhMIIBnTAdBgNVHREEFjAUgRJ6aWNjYXJkaUBpbnRlc2EuaXQwLwYIKwYB"
- + "BQUHAQMEIzAhMAgGBgQAjkYBATALBgYEAI5GAQMCARQwCAYGBACORgEEMFkG"
- + "A1UdIARSMFAwTgYGBACLMAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9lLXRy"
- + "dXN0Y29tLmludGVzYS5pdC9jYV9wdWJibGljYS9DUFNfSU5URVNBLmh0bTAO"
- + "BgNVHQ8BAf8EBAMCBkAwgYMGA1UdIwR8MHqAFBkJA5bRuMVYG34Q5G7E9qAS"
- + "CRCooVykWjBYMQswCQYDVQQGEwJJVDEaMBgGA1UEChMRSW4uVGUuUy5BLiBT"
- + "LnAuQS4xLTArBgNVBAMTJEluLlRlLlMuQS4gLSBDZXJ0aWZpY2F0aW9uIEF1"
- + "dGhvcml0eYIEPNEBEzA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vZS10cnVz"
- + "dGNvbS5pbnRlc2EuaXQvQ1JML0lOVEVTQS5jcmwwHQYDVR0OBBYEFN/ki0vw"
- + "qZCHnjUPG3tjFxYjXbnhMA0GCSqGSIb3DQEBBQUAA4IBAQCBb64vUJVZB6ls"
- + "L/B8KZHo83ftK55vjGIpCPaZMPlRnkpCOmK/L8du5/Q2t8o2IMSEC+gdI8Lf"
- + "V5saIq5MwU3Jk8d88RSfJgZLF5rbDzftpckWvq6081AYFGLz2Qf3SxkOVe05"
- + "Ktkj4DMkmflArcX2CNxrJTY1ldAwmBHBiYXKfbDiO2jH4LBc9D0TleDGIxnh"
- + "YMvTdxZVcMtfTQQ4nCcMMxQ1NEib1m/7hIpM2V8VuL1RMGpYHJKQPMB6Wx8H"
- + "ZTrWipzaHXEqYK2QYyY32JlP5DNkL+9ppP6EsQEUYAfaDAWthzj+NMErIFh5"
- + "TW+wDGyJsihOzUCmCXowfvmo8MsHMIIEzzCCA7egAwIBAgIEQ52A9zANBgkq"
- + "hkiG9w0BAQUFADBYMQswCQYDVQQGEwJJVDEaMBgGA1UEChMRSW4uVGUuUy5B"
- + "LiBTLnAuQS4xLTArBgNVBAMTJEluLlRlLlMuQS4gLSBDZXJ0aWZpY2F0aW9u"
- + "IEF1dGhvcml0eTAeFw0wODA5MTIxMTQzMTJaFw0xMDA5MTIxMTQzMTJaMIHY"
- + "MQswCQYDVQQGEwJJVDEiMCAGA1UECgwZSW50ZXNhIFMucC5BLi8wNTI2Mjg5"
- + "MDAxNDEqMCgGA1UECwwhQnVzaW5lc3MgQ29sbGFib3JhdGlvbiAmIFNlY3Vy"
- + "aXR5MR4wHAYDVQQDDBVNQVNTSU1JTElBTk8gWklDQ0FSREkxETAPBgNVBAQM"
- + "CFpJQ0NBUkRJMRUwEwYDVQQqDAxNQVNTSU1JTElBTk8xHDAaBgNVBAUTE0lU"
- + "OlpDQ01TTTc2SDE0TDIxOVkxETAPBgNVBC4TCDAwMDAyNTg1MIGgMA0GCSqG"
- + "SIb3DQEBAQUAA4GOADCBigKBgQC3iU45shYMdUiD+nNgLgf5Lsh6OY/6ayhC"
- + "0wC7BQ4pq3vx8a98DknrdU3UHxc1PC7vhCaoH1fXFfnCNcnh9a2bO5Xouy97"
- + "V/1UeeuSMsJ4Ll+ccL7XgEoFma+d+xZMLOdG70xDMmDo9U39xWb2VM+J+Dg9"
- + "/SiOJn0fYtXhFSMUdwIEAIs6TaOCAaEwggGdMB0GA1UdEQQWMBSBEnppY2Nh"
- + "cmRpQGludGVzYS5pdDAvBggrBgEFBQcBAwQjMCEwCAYGBACORgEBMAsGBgQA"
- + "jkYBAwIBFDAIBgYEAI5GAQQwWQYDVR0gBFIwUDBOBgYEAIswAQEwRDBCBggr"
- + "BgEFBQcCARY2aHR0cDovL2UtdHJ1c3Rjb20uaW50ZXNhLml0L2NhX3B1YmJs"
- + "aWNhL0NQU19JTlRFU0EuaHRtMA4GA1UdDwEB/wQEAwIGQDCBgwYDVR0jBHww"
- + "eoAUGQkDltG4xVgbfhDkbsT2oBIJEKihXKRaMFgxCzAJBgNVBAYTAklUMRow"
- + "GAYDVQQKExFJbi5UZS5TLkEuIFMucC5BLjEtMCsGA1UEAxMkSW4uVGUuUy5B"
- + "LiAtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ80QETMDsGA1UdHwQ0MDIw"
- + "MKAuoCyGKmh0dHA6Ly9lLXRydXN0Y29tLmludGVzYS5pdC9DUkwvSU5URVNB"
- + "LmNybDAdBgNVHQ4EFgQU3+SLS/CpkIeeNQ8be2MXFiNdueEwDQYJKoZIhvcN"
- + "AQEFBQADggEBAIFvri9QlVkHqWwv8Hwpkejzd+0rnm+MYikI9pkw+VGeSkI6"
- + "Yr8vx27n9Da3yjYgxIQL6B0jwt9XmxoirkzBTcmTx3zxFJ8mBksXmtsPN+2l"
- + "yRa+rrTzUBgUYvPZB/dLGQ5V7Tkq2SPgMySZ+UCtxfYI3GslNjWV0DCYEcGJ"
- + "hcp9sOI7aMfgsFz0PROV4MYjGeFgy9N3FlVwy19NBDicJwwzFDU0SJvWb/uE"
- + "ikzZXxW4vVEwalgckpA8wHpbHwdlOtaKnNodcSpgrZBjJjfYmU/kM2Qv72mk"
- + "/oSxARRgB9oMBa2HOP40wSsgWHlNb7AMbImyKE7NQKYJejB++ajwywcxggM8"
- + "MIIDOAIBATBgMFgxCzAJBgNVBAYTAklUMRowGAYDVQQKExFJbi5UZS5TLkEu"
- + "IFMucC5BLjEtMCsGA1UEAxMkSW4uVGUuUy5BLiAtIENlcnRpZmljYXRpb24g"
- + "QXV0aG9yaXR5AgRDnYD3MAkGBSsOAwIaBQAwDQYJKoZIhvcNAQEBBQAEgYB+"
- + "lH2cwLqc91mP8prvgSV+RRzk13dJdZvdoVjgQoFrPhBiZCNIEoHvIhMMA/sM"
- + "X6euSRZk7EjD24FasCEGYyd0mJVLEy6TSPmuW+wWz/28w3a6IWXBGrbb/ild"
- + "/CJMkPgLPGgOVD1WDwiNKwfasiQSFtySf5DPn3jFevdLeMmEY6GCAjIwggEV"
- + "BgkqhkiG9w0BCQYxggEGMIIBAgIBATBgMFgxCzAJBgNVBAYTAklUMRowGAYD"
- + "VQQKExFJbi5UZS5TLkEuIFMucC5BLjEtMCsGA1UEAxMkSW4uVGUuUy5BLiAt"
- + "IENlcnRpZmljYXRpb24gQXV0aG9yaXR5AgRDnYD3MAkGBSsOAwIaBQAwDQYJ"
- + "KoZIhvcNAQEBBQAEgYBHlOULfT5GDigIvxP0qZOy8VbpntmzaPF55VV4buKV"
- + "35J+uHp98gXKp0LrHM69V5IRKuyuQzHHFBqsXxsRI9o6KoOfgliD9Xc+BeMg"
- + "dKzQhBhBYoFREq8hQM0nSbqDNHYAQyNHMzUA/ZQUO5dlFuH8Dw3iDYAhNtfd"
- + "PrlchKJthDCCARUGCSqGSIb3DQEJBjGCAQYwggECAgEBMGAwWDELMAkGA1UE"
- + "BhMCSVQxGjAYBgNVBAoTEUluLlRlLlMuQS4gUy5wLkEuMS0wKwYDVQQDEyRJ"
- + "bi5UZS5TLkEuIC0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCBEOdgPcwCQYF"
- + "Kw4DAhoFADANBgkqhkiG9w0BAQEFAASBgEeU5Qt9PkYOKAi/E/Spk7LxVume"
- + "2bNo8XnlVXhu4pXfkn64en3yBcqnQusczr1XkhEq7K5DMccUGqxfGxEj2joq"
- + "g5+CWIP1dz4F4yB0rNCEGEFigVESryFAzSdJuoM0dgBDI0czNQD9lBQ7l2UW"
- + "4fwPDeINgCE2190+uVyEom2E");
-
- byte[] noSignedAttrSample2 = Base64.decode(
- "MIIIlAYJKoZIhvcNAQcCoIIIhTCCCIECAQExCzAJBgUrDgMCGgUAMAsGCSqG"
- + "SIb3DQEHAaCCB3UwggOtMIIDa6ADAgECAgEzMAsGByqGSM44BAMFADCBkDEL"
- + "MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlQYWxvIEFsdG8x"
- + "HTAbBgNVBAoTFFN1biBNaWNyb3N5c3RlbXMgSW5jMSMwIQYDVQQLExpKYXZh"
- + "IFNvZnR3YXJlIENvZGUgU2lnbmluZzEcMBoGA1UEAxMTSkNFIENvZGUgU2ln"
- + "bmluZyBDQTAeFw0wMTA1MjkxNjQ3MTFaFw0wNjA1MjgxNjQ3MTFaMG4xHTAb"
- + "BgNVBAoTFFN1biBNaWNyb3N5c3RlbXMgSW5jMSMwIQYDVQQLExpKYXZhIFNv"
- + "ZnR3YXJlIENvZGUgU2lnbmluZzEoMCYGA1UEAxMfVGhlIExlZ2lvbiBvZiB0"
- + "aGUgQm91bmN5IENhc3RsZTCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OB"
- + "HXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2"
- + "y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUP"
- + "BPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvM"
- + "spK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9"
- + "B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj"
- + "rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtV"
- + "JWQBTDv+z0kqA4GEAAKBgBWry/FCAZ6miyy39+ftsa+h9lxoL+JtV0MJcUyQ"
- + "E4VAhpAwWb8vyjba9AwOylYQTktHX5sAkFvjBiU0LOYDbFSTVZSHMRJgfjxB"
- + "SHtICjOEvr1BJrrOrdzqdxcOUge5n7El124BCrv91x5Ol8UTwtiO9LrRXF/d"
- + "SyK+RT5n1klRo3YwdDARBglghkgBhvhCAQEEBAMCAIcwDgYDVR0PAQH/BAQD"
- + "AgHGMB0GA1UdDgQWBBQwMY4NRcco1AO3w1YsokfDLVseEjAPBgNVHRMBAf8E"
- + "BTADAQH/MB8GA1UdIwQYMBaAFGXi9IbJ007wkU5Yomr12HhamsGmMAsGByqG"
- + "SM44BAMFAAMvADAsAhRmigTu6QV0sTfEkVljgij/hhdVfAIUQZvMxAnIHc30"
- + "y/u0C1T5UEG9glUwggPAMIIDfqADAgECAgEQMAsGByqGSM44BAMFADCBkDEL"
- + "MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlQYWxvIEFsdG8x"
- + "HTAbBgNVBAoTFFN1biBNaWNyb3N5c3RlbXMgSW5jMSMwIQYDVQQLExpKYXZh"
- + "IFNvZnR3YXJlIENvZGUgU2lnbmluZzEcMBoGA1UEAxMTSkNFIENvZGUgU2ln"
- + "bmluZyBDQTAeFw0wMTA0MjUwNzAwMDBaFw0yMDA0MjUwNzAwMDBaMIGQMQsw"
- + "CQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVBhbG8gQWx0bzEd"
- + "MBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxIzAhBgNVBAsTGkphdmEg"
- + "U29mdHdhcmUgQ29kZSBTaWduaW5nMRwwGgYDVQQDExNKQ0UgQ29kZSBTaWdu"
- + "aW5nIENBMIIBtzCCASwGByqGSM44BAEwggEfAoGBAOuvNwQeylEeaV2w8o/2"
- + "tUkfxqSZBdcpv3S3avUZ2B7kG/gKAZqY/3Cr4kpWhmxTs/zhyIGMMfDE87CL"
- + "5nAG7PdpaNuDTHIpiSk2F1w7SgegIAIqRpdRHXDICBgLzgxum3b3BePn+9Nh"
- + "eeFgmiSNBpWDPFEg4TDPOFeCphpyDc7TAhUAhCVF4bq5qWKreehbMLiJaxv/"
- + "e3UCgYEAq8l0e3Tv7kK1alNNO92QBnJokQ8LpCl2LlU71a5NZVx+KjoEpmem"
- + "0HGqpde34sFyDaTRqh6SVEwgAAmisAlBGTMAssNcrkL4sYvKfJbYEH83RFuq"
- + "zHjI13J2N2tAmahVZvqoAx6LShECactMuCUGHKB30sms0j3pChD6dnC3+9wD"
- + "gYQAAoGALQmYXKy4nMeZfu4gGSo0kPnXq6uu3WtylQ1m+O8nj0Sy7ShEx/6v"
- + "sKYnbwBnRYJbB6hWVjvSKVFhXmk51y50dxLPGUr1LcjLcmHETm/6R0M/FLv6"
- + "vBhmKMLZZot6LS/CYJJLFP5YPiF/aGK+bEhJ+aBLXoWdGRD5FUVRG3HU9wuj"
- + "ZjBkMBEGCWCGSAGG+EIBAQQEAwIABzAPBgNVHRMBAf8EBTADAQH/MB8GA1Ud"
- + "IwQYMBaAFGXi9IbJ007wkU5Yomr12HhamsGmMB0GA1UdDgQWBBRl4vSGydNO"
- + "8JFOWKJq9dh4WprBpjALBgcqhkjOOAQDBQADLwAwLAIUKvfPPJdd+Xi2CNdB"
- + "tNkNRUzktJwCFEXNdWkOIfod1rMpsun3Mx0z/fxJMYHoMIHlAgEBMIGWMIGQ"
- + "MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVBhbG8gQWx0"
- + "bzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxIzAhBgNVBAsTGkph"
- + "dmEgU29mdHdhcmUgQ29kZSBTaWduaW5nMRwwGgYDVQQDExNKQ0UgQ29kZSBT"
- + "aWduaW5nIENBAgEzMAkGBSsOAwIaBQAwCwYHKoZIzjgEAQUABC8wLQIVAIGV"
- + "khm+kbV4a/+EP45PHcq0hIViAhR4M9os6IrJnoEDS3Y3l7O6zrSosA==");
-
- private static final byte[] rawGost = Base64.decode(
- "MIIEBwYJKoZIhvcNAQcCoIID+DCCA/QCAQExDDAKBgYqhQMCAgkFADAfBgkq"
- + "hkiG9w0BBwGgEgQQU29tZSBEYXRhIEhFUkUhIaCCAuYwggLiMIICkaADAgEC"
- + "AgopoLG9AAIAArWeMAgGBiqFAwICAzBlMSAwHgYJKoZIhvcNAQkBFhFpbmZv"
- + "QGNyeXB0b3Byby5ydTELMAkGA1UEBhMCUlUxEzARBgNVBAoTCkNSWVBUTy1Q"
- + "Uk8xHzAdBgNVBAMTFlRlc3QgQ2VudGVyIENSWVBUTy1QUk8wHhcNMTIxMDE1"
- + "MTEwNDIzWhcNMTQxMDA0MDcwOTQxWjAhMRIwEAYDVQQDDAl0ZXN0IGdvc3Qx"
- + "CzAJBgNVBAYTAlJVMGMwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwICHgED"
- + "QwAEQPz/F99AG8wyMQz5uK3vJ3MdHk7ZyFzM4Ofnq8nAmDgI5/Nuzcu791/0"
- + "hRd+1i+fArRsiPMdQXOF0E7bEMHwWfWjggFjMIIBXzAOBgNVHQ8BAf8EBAMC"
- + "BPAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFO353ZD7sLCx6rVR"
- + "2o/IsSxuE1gAMB8GA1UdIwQYMBaAFG2PXgXZX6yRF5QelZoFMDg3ehAqMFUG"
- + "A1UdHwROMEwwSqBIoEaGRGh0dHA6Ly93d3cuY3J5cHRvcHJvLnJ1L0NlcnRF"
- + "bnJvbGwvVGVzdCUyMENlbnRlciUyMENSWVBUTy1QUk8oMikuY3JsMIGgBggr"
- + "BgEFBQcBAQSBkzCBkDAzBggrBgEFBQcwAYYnaHR0cDovL3d3dy5jcnlwdG9w"
- + "cm8ucnUvb2NzcG5jL29jc3Auc3JmMFkGCCsGAQUFBzAChk1odHRwOi8vd3d3"
- + "LmNyeXB0b3Byby5ydS9DZXJ0RW5yb2xsL3BraS1zaXRlX1Rlc3QlMjBDZW50"
- + "ZXIlMjBDUllQVE8tUFJPKDIpLmNydDAIBgYqhQMCAgMDQQBAR4mr69a62d3l"
- + "yK/UZ4Yz/Yi3jqURtbnJR2gugdzkG5pYHRwC41BbDaa1ItP+1gDp4s78+EiK"
- + "AJc17CHGZTz3MYHVMIHSAgEBMHMwZTEgMB4GCSqGSIb3DQEJARYRaW5mb0Bj"
- + "cnlwdG9wcm8ucnUxCzAJBgNVBAYTAlJVMRMwEQYDVQQKEwpDUllQVE8tUFJP"
- + "MR8wHQYDVQQDExZUZXN0IENlbnRlciBDUllQVE8tUFJPAgopoLG9AAIAArWe"
- + "MAoGBiqFAwICCQUAMAoGBiqFAwICEwUABED0Gs9zP9lSz/2/e3BUSpzCI3dx"
- + "39gfl/pFVkx4p5N/GW5o4gHIST9OhDSmdxwpMSK+39YSRD4R0Ue0faOqWEsj"
- + "AAAAAAAAAAAAAAAAAAAAAA==");
-
- private static final byte[] noAttrEncData = Base64.decode(
- "MIIFjwYJKoZIhvcNAQcCoIIFgDCCBXwCAQExDTALBglghkgBZQMEAgEwgdAG"
- + "CSqGSIb3DQEHAaCBwgSBv01JTUUtVmVyc2lvbjogMS4wCkNvbnRlbnQtVHlw"
- + "ZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtCkNvbnRlbnQtVHJhbnNmZXIt"
- + "RW5jb2Rpbmc6IGJpbmFyeQpDb250ZW50LURpc3Bvc2l0aW9uOiBhdHRhY2ht"
- + "ZW50OyBmaWxlbmFtZT1kb2MuYmluCgpUaGlzIGlzIGEgdmVyeSBodWdlIHNl"
- + "Y3JldCwgbWFkZSB3aXRoIG9wZW5zc2wKCgoKoIIDNDCCAzAwggKZoAMCAQIC"
- + "AQEwDQYJKoZIhvcNAQEFBQAwgawxCzAJBgNVBAYTAkFUMRAwDgYDVQQIEwdB"
- + "dXN0cmlhMQ8wDQYDVQQHEwZWaWVubmExFTATBgNVBAoTDFRpYW5pIFNwaXJp"
- + "dDEUMBIGA1UECxMLSlVuaXQgdGVzdHMxGjAYBgNVBAMTEU1hc3NpbWlsaWFu"
- + "byBNYXNpMTEwLwYJKoZIhvcNAQkBFiJtYXNzaW1pbGlhbm8ubWFzaUB0aWFu"
- + "aS1zcGlyaXQuY29tMCAXDTEyMDEwMjA5MDAzNVoYDzIxOTEwNjA4MDkwMDM1"
- + "WjCBjzELMAkGA1UEBhMCQVQxEDAOBgNVBAgTB0F1c3RyaWExFTATBgNVBAoT"
- + "DFRpYW5pIFNwaXJpdDEUMBIGA1UECxMLSlVuaXQgVGVzdHMxDjAMBgNVBAMT"
- + "BWNlcnQxMTEwLwYJKoZIhvcNAQkBFiJtYXNzaW1pbGlhbm8ubWFzaUB0aWFu"
- + "aS1zcGlyaXQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYHz8n"
- + "soeWpILn+5tK8XgJc3k5n0h0MOlRXLbZZVB7yuxKMBIZwl8kqqnehfqxX+hr"
- + "b2MXSCgKEstnVunJVPUGuNxnQ8Z0R9p1o/9gR0KTXmoJ+Epx5wdEofk4Phsi"
- + "MxjC8FVvt3sSnzal1/m0/9KntrPWksefumGm5XD3W43e5wIDAQABo3sweTAJ"
- + "BgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBD"
- + "ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU8mTZGl0EFv6aHo3bup144d6wYW8wHwYD"
- + "VR0jBBgwFoAUdHG2RdrchT0PFcUBiIiYcy5hAA4wDQYJKoZIhvcNAQEFBQAD"
- + "gYEATcc52eo73zEA4wmbyPv0lRrmyAxrHvZGIHiKpM8bP38WUB39lgmS8J0S"
- + "1ioj21bosiakGj/gXnxlk8M8O+mm4zzpYjy8gqGXiUt20+j3bm7MJYM8ePcq"
- + "dG/kReNuLUbRgIA6b0T4o+0WCELhrd9IlTk5IBKjHIjsP/GR1h0t//kxggFb"
- + "MIIBVwIBATCBsjCBrDELMAkGA1UEBhMCQVQxEDAOBgNVBAgTB0F1c3RyaWEx"
- + "DzANBgNVBAcTBlZpZW5uYTEVMBMGA1UEChMMVGlhbmkgU3Bpcml0MRQwEgYD"
- + "VQQLEwtKVW5pdCB0ZXN0czEaMBgGA1UEAxMRTWFzc2ltaWxpYW5vIE1hc2kx"
- + "MTAvBgkqhkiG9w0BCQEWIm1hc3NpbWlsaWFuby5tYXNpQHRpYW5pLXNwaXJp"
- + "dC5jb20CAQEwCwYJYIZIAWUDBAIBMA0GCSqGSIb3DQEBAQUABIGAEthqA7FK"
- + "V1i+MzzS4zz4DxT4lwUYkWfHaDtZADUyTD5lnP3Pf+t/ScpBEGkEtI7hDqOO"
- + "zE0WfkBshTx5B/uxDibc/jqjQpSYSz5cvBTgpocIalbqsErOkDYF1QP6UgaV"
- + "ZoVGwvGYIuIrFgWqgk08NsPHVVjYseTEhUDwkI1KSxU=");
-
- byte[] successResp = Base64.decode(
- "MIIFnAoBAKCCBZUwggWRBgkrBgEFBQcwAQEEggWCMIIFfjCCARehgZ8wgZwx"
- + "CzAJBgNVBAYTAklOMRcwFQYDVQQIEw5BbmRocmEgcHJhZGVzaDESMBAGA1UE"
- + "BxMJSHlkZXJhYmFkMQwwCgYDVQQKEwNUQ1MxDDAKBgNVBAsTA0FUQzEeMBwG"
- + "A1UEAxMVVENTLUNBIE9DU1AgUmVzcG9uZGVyMSQwIgYJKoZIhvcNAQkBFhVv"
- + "Y3NwQHRjcy1jYS50Y3MuY28uaW4YDzIwMDMwNDAyMTIzNDU4WjBiMGAwOjAJ"
- + "BgUrDgMCGgUABBRs07IuoCWNmcEl1oHwIak1BPnX8QQUtGyl/iL9WJ1VxjxF"
- + "j0hAwJ/s1AcCAQKhERgPMjAwMjA4MjkwNzA5MjZaGA8yMDAzMDQwMjEyMzQ1"
- + "OFowDQYJKoZIhvcNAQEFBQADgYEAfbN0TCRFKdhsmvOdUoiJ+qvygGBzDxD/"
- + "VWhXYA+16AphHLIWNABR3CgHB3zWtdy2j7DJmQ/R7qKj7dUhWLSqclAiPgFt"
- + "QQ1YvSJAYfEIdyHkxv4NP0LSogxrumANcDyC9yt/W9yHjD2ICPBIqCsZLuLk"
- + "OHYi5DlwWe9Zm9VFwCGgggPMMIIDyDCCA8QwggKsoAMCAQICAQYwDQYJKoZI"
- + "hvcNAQEFBQAwgZQxFDASBgNVBAMTC1RDUy1DQSBPQ1NQMSYwJAYJKoZIhvcN"
- + "AQkBFhd0Y3MtY2FAdGNzLWNhLnRjcy5jby5pbjEMMAoGA1UEChMDVENTMQww"
- + "CgYDVQQLEwNBVEMxEjAQBgNVBAcTCUh5ZGVyYWJhZDEXMBUGA1UECBMOQW5k"
- + "aHJhIHByYWRlc2gxCzAJBgNVBAYTAklOMB4XDTAyMDgyOTA3MTE0M1oXDTAz"
- + "MDgyOTA3MTE0M1owgZwxCzAJBgNVBAYTAklOMRcwFQYDVQQIEw5BbmRocmEg"
- + "cHJhZGVzaDESMBAGA1UEBxMJSHlkZXJhYmFkMQwwCgYDVQQKEwNUQ1MxDDAK"
- + "BgNVBAsTA0FUQzEeMBwGA1UEAxMVVENTLUNBIE9DU1AgUmVzcG9uZGVyMSQw"
- + "IgYJKoZIhvcNAQkBFhVvY3NwQHRjcy1jYS50Y3MuY28uaW4wgZ8wDQYJKoZI"
- + "hvcNAQEBBQADgY0AMIGJAoGBAM+XWW4caMRv46D7L6Bv8iwtKgmQu0SAybmF"
- + "RJiz12qXzdvTLt8C75OdgmUomxp0+gW/4XlTPUqOMQWv463aZRv9Ust4f8MH"
- + "EJh4ekP/NS9+d8vEO3P40ntQkmSMcFmtA9E1koUtQ3MSJlcs441JjbgUaVnm"
- + "jDmmniQnZY4bU3tVAgMBAAGjgZowgZcwDAYDVR0TAQH/BAIwADALBgNVHQ8E"
- + "BAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwNgYIKwYBBQUHAQEEKjAoMCYG"
- + "CCsGAQUFBzABhhpodHRwOi8vMTcyLjE5LjQwLjExMDo3NzAwLzAtBgNVHR8E"
- + "JjAkMCKgIKAehhxodHRwOi8vMTcyLjE5LjQwLjExMC9jcmwuY3JsMA0GCSqG"
- + "SIb3DQEBBQUAA4IBAQB6FovM3B4VDDZ15o12gnADZsIk9fTAczLlcrmXLNN4"
- + "PgmqgnwF0Ymj3bD5SavDOXxbA65AZJ7rBNAguLUo+xVkgxmoBH7R2sBxjTCc"
- + "r07NEadxM3HQkt0aX5XYEl8eRoifwqYAI9h0ziZfTNes8elNfb3DoPPjqq6V"
- + "mMg0f0iMS4W8LjNPorjRB+kIosa1deAGPhq0eJ8yr0/s2QR2/WFD5P4aXc8I"
- + "KWleklnIImS3zqiPrq6tl2Bm8DZj7vXlTOwmraSQxUwzCKwYob1yGvNOUQTq"
- + "pG6jxn7jgDawHU1+WjWQe4Q34/pWeGLysxTraMa+Ug9kPe+jy/qRX2xwvKBZ");
-
- public NewSignedDataTest(String name)
- {
- super(name);
- }
-
- public static void main(String args[])
- {
-
- junit.textui.TestRunner.run(NewSignedDataTest.class);
- }
-
- public static Test suite()
- throws Exception
- {
- init();
-
- return new CMSTestSetup(new TestSuite(NewSignedDataTest.class));
- }
-
- private static void init()
- throws Exception
- {
- if (!_initialised)
- {
- _initialised = true;
-
- if (Security.getProvider(BC) == null)
- {
- Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
- }
-
- _origDN = "O=Bouncy Castle, C=AU";
- _origKP = CMSTestUtil.makeKeyPair();
- _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _origKP, _origDN);
-
- _signDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU";
- _signKP = CMSTestUtil.makeKeyPair();
- _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _origKP, _origDN);
-
- _signGostKP = CMSTestUtil.makeGostKeyPair();
- _signGostCert = CMSTestUtil.makeCertificate(_signGostKP, _signDN, _origKP, _origDN);
-
- _signDsaKP = CMSTestUtil.makeDsaKeyPair();
- _signDsaCert = CMSTestUtil.makeCertificate(_signDsaKP, _signDN, _origKP, _origDN);
-
- _signEcDsaKP = CMSTestUtil.makeEcDsaKeyPair();
- _signEcDsaCert = CMSTestUtil.makeCertificate(_signEcDsaKP, _signDN, _origKP, _origDN);
-
- _signEcGostKP = CMSTestUtil.makeEcGostKeyPair();
- _signEcGostCert = CMSTestUtil.makeCertificate(_signEcGostKP, _signDN, _origKP, _origDN);
-
- _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU";
- _reciKP = CMSTestUtil.makeKeyPair();
- _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN);
-
- _signCrl = CMSTestUtil.makeCrl(_signKP);
- }
- }
-
- private void verifyRSASignatures(CMSSignedData s, byte[] contentDigest)
- throws Exception
- {
- Store certStore = s.getCertificates();
- SignerInformationStore signers = s.getSignerInfos();
-
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certStore.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new BcRSASignerInfoVerifierBuilder(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), new DefaultDigestAlgorithmIdentifierFinder(), new BcDigestCalculatorProvider()).build(cert)));
-
- if (contentDigest != null)
- {
- assertTrue(MessageDigest.isEqual(contentDigest, signer.getContentDigest()));
- }
- }
- }
-
- private void verifySignatures(CMSSignedData s, byte[] contentDigest)
- throws Exception
- {
- Store certStore = s.getCertificates();
- Store crlStore = s.getCRLs();
- SignerInformationStore signers = s.getSignerInfos();
-
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certStore.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
-
- if (contentDigest != null)
- {
- assertTrue(MessageDigest.isEqual(contentDigest, signer.getContentDigest()));
- }
- }
-
- Collection certColl = certStore.getMatches(null);
- Collection crlColl = crlStore.getMatches(null);
-
- assertEquals(certColl.size(), s.getCertificates().getMatches(null).size());
- assertEquals(crlColl.size(), s.getCRLs().getMatches(null).size());
- }
-
- private void verifySignatures(CMSSignedData s)
- throws Exception
- {
- verifySignatures(s, null);
- }
-
- public void testDetachedVerification()
- throws Exception
- {
- byte[] data = "Hello World!".getBytes();
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray(data);
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- DigestCalculatorProvider digProvider = new JcaDigestCalculatorProviderBuilder().setProvider(BC).build();
- JcaSignerInfoGeneratorBuilder signerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(digProvider);
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
- ContentSigner md5Signer = new JcaContentSignerBuilder("MD5withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(signerInfoGeneratorBuilder.build(sha1Signer, _origCert));
- gen.addSignerInfoGenerator(signerInfoGeneratorBuilder.build(md5Signer, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData s = gen.generate(msg);
-
- MessageDigest sha1 = MessageDigest.getInstance("SHA1", BC);
- MessageDigest md5 = MessageDigest.getInstance("MD5", BC);
- Map hashes = new HashMap();
- byte[] sha1Hash = sha1.digest(data);
- byte[] md5Hash = md5.digest(data);
-
- hashes.put(CMSAlgorithm.SHA1, sha1Hash);
- hashes.put(CMSAlgorithm.MD5, md5Hash);
-
- s = new CMSSignedData(hashes, s.getEncoded());
-
- verifySignatures(s, null);
- }
-
- public void testSHA1AndMD5WithRSAEncapsulatedRepeated()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().setProvider(BC).build();
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(digCalcProv).build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate()), _origCert));
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(digCalcProv).build(new JcaContentSignerBuilder("MD5withRSA").setProvider(BC).build(_origKP.getPrivate()), _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData s = gen.generate(msg, true);
-
- ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded());
- ASN1InputStream aIn = new ASN1InputStream(bIn);
-
- s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
-
- certs = s.getCertificates();
-
- SignerInformationStore signers = s.getSignerInfos();
-
- assertEquals(2, signers.size());
-
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
- SignerId sid = null;
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certs.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- sid = signer.getSID();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
-
- //
- // check content digest
- //
-
- byte[] contentDigest = (byte[])gen.getGeneratedDigests().get(signer.getDigestAlgOID());
-
- AttributeTable table = signer.getSignedAttributes();
- Attribute hash = table.get(CMSAttributes.messageDigest);
-
- assertTrue(MessageDigest.isEqual(contentDigest, ((ASN1OctetString)hash.getAttrValues().getObjectAt(0)).getOctets()));
- }
-
- c = signers.getSigners(sid);
-
- assertEquals(2, c.size());
-
-
- //
- // try using existing signer
- //
-
- gen = new CMSSignedDataGenerator();
-
- gen.addSigners(s.getSignerInfos());
-
- gen.addCertificates(s.getCertificates());
-
- s = gen.generate(msg, true);
-
- bIn = new ByteArrayInputStream(s.getEncoded());
- aIn = new ASN1InputStream(bIn);
-
- s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
-
- certs = s.getCertificates();
-
- signers = s.getSignerInfos();
- c = signers.getSigners();
- it = c.iterator();
-
- assertEquals(2, c.size());
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certs.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
- }
-
- checkSignerStoreReplacement(s, signers);
- }
-
- public void testSHA1WithRSANoAttributes()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello world!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- JcaSignerInfoGeneratorBuilder builder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build());
-
- builder.setDirectSignature(true);
-
- gen.addSignerInfoGenerator(builder.build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData s = gen.generate(msg, false);
-
- //
- // compute expected content digest
- //
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
-
- verifySignatures(s, md.digest("Hello world!".getBytes()));
- }
-
- public void testSHA1WithRSANoAttributesSimple()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello world!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- JcaSimpleSignerInfoGeneratorBuilder builder = new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BC).setDirectSignature(true);
-
- gen.addSignerInfoGenerator(builder.build("SHA1withRSA", _origKP.getPrivate(), _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData s = gen.generate(msg, false);
-
- //
- // compute expected content digest
- //
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
-
- verifySignatures(s, md.digest("Hello world!".getBytes()));
- }
-
- public void testSHA1WithRSAAndOtherRevocation()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello world!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- List otherInfo = new ArrayList();
- OCSPResp response = new OCSPResp(successResp);
-
- otherInfo.add(response.toASN1Structure());
-
- gen.addOtherRevocationInfo(CMSObjectIdentifiers.id_ri_ocsp_response, new CollectionStore(otherInfo));
-
- CMSSignedData s;
-
- s = gen.generate(msg, false);
-
- //
- // check version
- //
- assertEquals(5, s.getVersion());
-
- //
- // compute expected content digest
- //
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
-
- verifySignatures(s, md.digest("Hello world!".getBytes()));
-
- Store dataOtherInfo = s.getOtherRevocationInfo(CMSObjectIdentifiers.id_ri_ocsp_response);
-
- assertEquals(1, dataOtherInfo.getMatches(null).size());
-
- OCSPResp dataResponse = new OCSPResp(OCSPResponse.getInstance(dataOtherInfo.getMatches(null).iterator().next()));
-
- assertEquals(response, dataResponse);
- }
-
- public void testSHA1WithRSAAndAttributeTableSimple()
- throws Exception
- {
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello world!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- Attribute attr = new Attribute(CMSAttributes.messageDigest,
- new DERSet(
- new DEROctetString(
- md.digest("Hello world!".getBytes()))));
-
- ASN1EncodableVector v = new ASN1EncodableVector();
-
- v.add(attr);
-
- JcaSimpleSignerInfoGeneratorBuilder builder = new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BC).setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(new AttributeTable(v)));
-
- gen.addSignerInfoGenerator(builder.build("SHA1withRSA", _origKP.getPrivate(), _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData s = gen.generate(new CMSAbsentContent(), false);
-
- //
- // the signature is detached, so need to add msg before passing on
- //
- s = new CMSSignedData(msg, s.getEncoded());
- //
- // compute expected content digest
- //
-
- verifySignatures(s, md.digest("Hello world!".getBytes()));
- verifyRSASignatures(s, md.digest("Hello world!".getBytes()));
- }
-
- public void testSHA1WithRSAAndAttributeTable()
- throws Exception
- {
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello world!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- Attribute attr = new Attribute(CMSAttributes.messageDigest,
- new DERSet(
- new DEROctetString(
- md.digest("Hello world!".getBytes()))));
-
- ASN1EncodableVector v = new ASN1EncodableVector();
-
- v.add(attr);
-
- JcaSignerInfoGeneratorBuilder builder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build());
-
- builder.setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(new AttributeTable(v)));
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(builder.build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData s = gen.generate(new CMSAbsentContent(), false);
-
- //
- // the signature is detached, so need to add msg before passing on
- //
- s = new CMSSignedData(msg, s.getEncoded());
- //
- // compute expected content digest
- //
-
- verifySignatures(s, md.digest("Hello world!".getBytes()));
- verifyRSASignatures(s, md.digest("Hello world!".getBytes()));
- }
-
- public void testLwSHA1WithRSAAndAttributeTable()
- throws Exception
- {
- MessageDigest md = MessageDigest.getInstance("SHA1", BC);
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello world!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- Attribute attr = new Attribute(CMSAttributes.messageDigest,
- new DERSet(
- new DEROctetString(
- md.digest("Hello world!".getBytes()))));
-
- ASN1EncodableVector v = new ASN1EncodableVector();
-
- v.add(attr);
-
- AsymmetricKeyParameter privKey = PrivateKeyFactory.createKey(_origKP.getPrivate().getEncoded());
-
- AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
- AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
-
- BcContentSignerBuilder contentSignerBuilder = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);
-
- gen.addSignerInfoGenerator(
- new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider())
- .setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(new AttributeTable(v)))
- .build(contentSignerBuilder.build(privKey), new JcaX509CertificateHolder(_origCert)));
-
- gen.addCertificates(certs);
-
- CMSSignedData s = gen.generate(new CMSAbsentContent(), false);
-
- //
- // the signature is detached, so need to add msg before passing on
- //
- s = new CMSSignedData(msg, s.getEncoded());
- //
- // compute expected content digest
- //
-
- verifySignatures(s, md.digest("Hello world!".getBytes()));
- verifyRSASignatures(s, md.digest("Hello world!".getBytes()));
- }
-
- public void testSHA1WithRSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signKP, _signCert, "SHA1withRSA");
- }
-
- public void testSHA1WithRSAEncapsulatedSubjectKeyID()
- throws Exception
- {
- subjectKeyIDTest(_signKP, _signCert, "SHA1withRSA");
- }
-
- public void testSHA1WithRSAPSS()
- throws Exception
- {
- rsaPSSTest("SHA1withRSAandMGF1");
- }
-
- public void testSHA224WithRSAPSS()
- throws Exception
- {
- rsaPSSTest("SHA224withRSAandMGF1");
- }
-
- public void testSHA256WithRSAPSS()
- throws Exception
- {
- rsaPSSTest("SHA256withRSAandMGF1");
- }
-
- public void testSHA384WithRSAPSS()
- throws Exception
- {
- rsaPSSTest("SHA384withRSAandMGF1");
- }
-
- public void testSHA224WithRSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signKP, _signCert, "SHA224withRSA");
- }
-
- public void testSHA256WithRSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signKP, _signCert, "SHA256withRSA");
- }
-
- public void testRIPEMD128WithRSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signKP, _signCert, "RIPEMD128withRSA");
- }
-
- public void testRIPEMD160WithRSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signKP, _signCert, "RIPEMD160withRSA");
- }
-
- public void testRIPEMD256WithRSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signKP, _signCert, "RIPEMD256withRSA");
- }
-
- public void testECDSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signEcDsaKP, _signEcDsaCert, "SHA1withECDSA");
- }
-
- public void testECDSAEncapsulatedSubjectKeyID()
- throws Exception
- {
- subjectKeyIDTest(_signEcDsaKP, _signEcDsaCert, "SHA1withECDSA");
- }
-
- public void testECDSASHA224Encapsulated()
- throws Exception
- {
- encapsulatedTest(_signEcDsaKP, _signEcDsaCert, "SHA224withECDSA");
- }
-
- public void testECDSASHA256Encapsulated()
- throws Exception
- {
- encapsulatedTest(_signEcDsaKP, _signEcDsaCert, "SHA256withECDSA");
- }
-
- public void testECDSASHA384Encapsulated()
- throws Exception
- {
- encapsulatedTest(_signEcDsaKP, _signEcDsaCert, "SHA384withECDSA");
- }
-
- public void testECDSASHA512Encapsulated()
- throws Exception
- {
- encapsulatedTest(_signEcDsaKP, _signEcDsaCert, "SHA512withECDSA");
- }
-
- public void testECDSASHA512EncapsulatedWithKeyFactoryAsEC()
- throws Exception
- {
- X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(_signEcDsaKP.getPublic().getEncoded());
- PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(_signEcDsaKP.getPrivate().getEncoded());
- KeyFactory keyFact = KeyFactory.getInstance("EC", BC);
- KeyPair kp = new KeyPair(keyFact.generatePublic(pubSpec), keyFact.generatePrivate(privSpec));
-
- encapsulatedTest(kp, _signEcDsaCert, "SHA512withECDSA");
- }
-
- public void testDSAEncapsulated()
- throws Exception
- {
- encapsulatedTest(_signDsaKP, _signDsaCert, "SHA1withDSA");
- }
-
- public void testDSAEncapsulatedSubjectKeyID()
- throws Exception
- {
- subjectKeyIDTest(_signDsaKP, _signDsaCert, "SHA1withDSA");
- }
-
- public void testGOST3411WithGOST3410Encapsulated()
- throws Exception
- {
- encapsulatedTest(_signGostKP, _signGostCert, "GOST3411withGOST3410");
- }
-
- public void testGOST3411WithECGOST3410Encapsulated()
- throws Exception
- {
- encapsulatedTest(_signEcGostKP, _signEcGostCert, "GOST3411withECGOST3410");
- }
-
- public void testGostNoAttributesEncapsulated()
- throws Exception
- {
- CMSSignedData data = new CMSSignedData(rawGost);
-
- Store certStore = data.getCertificates();
- SignerInformationStore signers = data.getSignerInfos();
-
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certStore.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert)));
- }
- }
-
- public void testSHA1WithRSACounterSignature()
- throws Exception
- {
- List certList = new ArrayList();
- List crlList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
- certList.add(_signCert);
- certList.add(_origCert);
-
- crlList.add(_signCrl);
-
- Store certStore = new JcaCertStore(certList);
- Store crlStore = new JcaCRLStore(crlList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_signKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _signCert));
-
- gen.addCertificates(certStore);
- gen.addCRLs(crlStore);
-
- CMSSignedData s = gen.generate(msg, true);
- SignerInformation origSigner = (SignerInformation)s.getSignerInfos().getSigners().toArray()[0];
- SignerInformationStore counterSigners1 = gen.generateCounterSigners(origSigner);
- SignerInformationStore counterSigners2 = gen.generateCounterSigners(origSigner);
-
- SignerInformation signer1 = SignerInformation.addCounterSigners(origSigner, counterSigners1);
- SignerInformation signer2 = SignerInformation.addCounterSigners(signer1, counterSigners2);
-
- SignerInformationStore cs = signer2.getCounterSignatures();
- Collection csSigners = cs.getSigners();
- assertEquals(2, csSigners.size());
-
- Iterator it = csSigners.iterator();
- while (it.hasNext())
- {
- SignerInformation cSigner = (SignerInformation)it.next();
- Collection certCollection = certStore.getMatches(cSigner.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertTrue(cSigner.isCounterSignature());
- assertNull(cSigner.getSignedAttributes().get(PKCSObjectIdentifiers.pkcs_9_at_contentType));
- assertEquals(true, cSigner.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
- }
- }
-
- public void testSHA1WithRSACounterSignatureAndVerifierProvider()
- throws Exception
- {
- List certList = new ArrayList();
- List crlList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
- certList.add(_signCert);
- certList.add(_origCert);
-
- crlList.add(_signCrl);
-
- Store certStore = new JcaCertStore(certList);
- Store crlStore = new JcaCRLStore(crlList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_signKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _signCert));
-
- gen.addCertificates(certStore);
- gen.addCRLs(crlStore);
-
- CMSSignedData s = gen.generate(msg, true);
-
- SignerInformationVerifierProvider vProv = new SignerInformationVerifierProvider()
- {
- public SignerInformationVerifier get(SignerId signerId)
- throws OperatorCreationException
- {
- return new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(_signCert);
- }
- };
-
- assertTrue(s.verifySignatures(vProv));
-
- SignerInformation origSigner = (SignerInformation)s.getSignerInfos().getSigners().toArray()[0];
-
- gen = new CMSSignedDataGenerator();
-
- sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- SignerInformationStore counterSigners = gen.generateCounterSigners(origSigner);
-
- SignerInformation signer1 = SignerInformation.addCounterSigners(origSigner, counterSigners);
-
- List signers = new ArrayList();
-
- signers.add(signer1);
-
- s = CMSSignedData.replaceSigners(s, new SignerInformationStore(signers));
-
- assertTrue(s.verifySignatures(vProv, true));
-
- // provider can't handle counter sig
- assertFalse(s.verifySignatures(vProv, false));
-
- vProv = new SignerInformationVerifierProvider()
- {
- public SignerInformationVerifier get(SignerId signerId)
- throws OperatorCreationException
- {
- if (_signCert.getSerialNumber().equals(signerId.getSerialNumber()))
- {
- return new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(_signCert);
- }
- else
- {
- return new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(_origCert);
- }
- }
- };
-
- // verify sig and counter sig.
- assertFalse(s.verifySignatures(vProv, false));
- }
-
- private void rsaPSSTest(String signatureAlgorithmName)
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello world!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithmName).setProvider(BC).build(_origKP.getPrivate());
-
- JcaSignerInfoGeneratorBuilder siBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build());
-
- siBuilder.setDirectSignature(true);
-
- gen.addSignerInfoGenerator(siBuilder.build(contentSigner, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData s = gen.generate(msg, false);
-
- //
- // compute expected content digest
- //
- String digestName = signatureAlgorithmName.substring(0, signatureAlgorithmName.indexOf('w'));
- MessageDigest md = MessageDigest.getInstance(digestName, BC);
-
- verifySignatures(s, md.digest("Hello world!".getBytes()));
- }
-
- private void subjectKeyIDTest(
- KeyPair signaturePair,
- X509Certificate signatureCert,
- String signatureAlgorithm)
- throws Exception
- {
- List certList = new ArrayList();
- List crlList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
- certList.add(signatureCert);
- certList.add(_origCert);
-
- crlList.add(_signCrl);
-
- Store certStore = new JcaCertStore(certList);
- Store crlStore = new JcaCRLStore(crlList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).setProvider(BC).build(signaturePair.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(contentSigner, CMSTestUtil.createSubjectKeyId(signatureCert.getPublicKey()).getKeyIdentifier()));
-
- gen.addCertificates(certStore);
- gen.addCRLs(crlStore);
-
- CMSSignedData s = gen.generate(msg, true);
-
- assertEquals(3, s.getVersion());
-
- ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded());
- ASN1InputStream aIn = new ASN1InputStream(bIn);
-
- s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
-
- certStore = s.getCertificates();
-
- SignerInformationStore signers = s.getSignerInfos();
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certStore.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
- }
-
- //
- // check for CRLs
- //
- Collection crls = crlStore.getMatches(null);
-
- assertEquals(1, crls.size());
-
- assertTrue(crls.contains(new JcaX509CRLHolder(_signCrl)));
-
- //
- // try using existing signer
- //
-
- gen = new CMSSignedDataGenerator();
-
- gen.addSigners(s.getSignerInfos());
-
- gen.addCertificates(s.getCertificates());
-
- s = gen.generate(msg, true);
-
- bIn = new ByteArrayInputStream(s.getEncoded());
- aIn = new ASN1InputStream(bIn);
-
- s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
-
- certStore = s.getCertificates();
-
- signers = s.getSignerInfos();
- c = signers.getSigners();
- it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certStore.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
- }
-
- checkSignerStoreReplacement(s, signers);
- }
-
- private void encapsulatedTest(
- KeyPair signaturePair,
- X509Certificate signatureCert,
- String signatureAlgorithm)
- throws Exception
- {
- List certList = new ArrayList();
- List crlList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
- certList.add(signatureCert);
- certList.add(_origCert);
-
- crlList.add(_signCrl);
-
- Store certs = new JcaCertStore(certList);
- Store crlStore = new JcaCRLStore(crlList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).setProvider(BC).build(signaturePair.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(contentSigner, signatureCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData s = gen.generate(msg, true);
-
- ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded());
- ASN1InputStream aIn = new ASN1InputStream(bIn);
-
- s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
-
- certs = s.getCertificates();
-
- SignerInformationStore signers = s.getSignerInfos();
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certs.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
- }
-
- //
- // check signer information lookup
- //
-
- SignerId sid = new JcaSignerId(signatureCert);
-
- Collection collection = signers.getSigners(sid);
-
- assertEquals(1, collection.size());
- assertTrue(collection.iterator().next() instanceof SignerInformation);
-
- //
- // check for CRLs
- //
- Collection crls = crlStore.getMatches(null);
-
- assertEquals(1, crls.size());
-
- assertTrue(crls.contains(new JcaX509CRLHolder(_signCrl)));
-
- //
- // try using existing signer
- //
-
- gen = new CMSSignedDataGenerator();
-
- gen.addSigners(s.getSignerInfos());
-
- gen.addCertificates(s.getCertificates());
-
- s = gen.generate(msg, true);
-
- bIn = new ByteArrayInputStream(s.getEncoded());
- aIn = new ASN1InputStream(bIn);
-
- s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
-
- certs = s.getCertificates();
-
- signers = s.getSignerInfos();
- c = signers.getSigners();
- it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certs.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
- }
-
- checkSignerStoreReplacement(s, signers);
- }
-
- //
- // signerInformation store replacement test.
- //
- private void checkSignerStoreReplacement(
- CMSSignedData orig,
- SignerInformationStore signers)
- throws Exception
- {
- CMSSignedData s = CMSSignedData.replaceSigners(orig, signers);
-
- Store certs = s.getCertificates();
-
- signers = s.getSignerInfos();
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certs.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
- }
- }
-
- public void testUnsortedAttributes()
- throws Exception
- {
- CMSSignedData s = new CMSSignedData(new CMSProcessableByteArray(disorderedMessage), disorderedSet);
-
- Store certs = s.getCertificates();
-
- SignerInformationStore signers = s.getSignerInfos();
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certs.getMatches(signer.getSID());
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
- }
- }
-
- public void testNullContentWithSigner()
- throws Exception
- {
- List certList = new ArrayList();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData s = gen.generate(new CMSAbsentContent(), false);
-
- ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded());
- ASN1InputStream aIn = new ASN1InputStream(bIn);
-
- s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
-
- verifySignatures(s);
- }
-
- public void testWithAttributeCertificate()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
-
- certList.add(_signDsaCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- JcaSignerInfoGeneratorBuilder builder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build());
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(builder.build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- X509AttributeCertificateHolder attrCert = CMSTestUtil.getAttributeCertificate();
- List attrList = new ArrayList();
-
- attrList.add(new X509AttributeCertificateHolder(attrCert.getEncoded()));
-
- Store store = new CollectionStore(attrList);
-
- gen.addAttributeCertificates(store);
-
- CMSSignedData sd = gen.generate(msg);
-
- assertEquals(4, sd.getVersion());
-
- store = sd.getAttributeCertificates();
-
- Collection coll = store.getMatches(null);
-
- assertEquals(1, coll.size());
-
- assertTrue(coll.contains(new X509AttributeCertificateHolder(attrCert.getEncoded())));
-
- //
- // create new certstore
- //
- certList = new ArrayList();
- certList.add(_origCert);
- certList.add(_signCert);
-
- certs = new JcaCertStore(certList);
-
-
- //
- // replace certs
- //
- sd = CMSSignedData.replaceCertificatesAndCRLs(sd, certs, null, null);
-
- verifySignatures(sd);
- }
-
- public void testCertStoreReplacement()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
-
- certList.add(_signDsaCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData sd = gen.generate(msg);
-
- //
- // create new certstore
- //
- certList = new ArrayList();
- certList.add(_origCert);
- certList.add(_signCert);
-
- certs = new JcaCertStore(certList);
-
- //
- // replace certs
- //
- sd = CMSSignedData.replaceCertificatesAndCRLs(sd, certs, null, null);
-
- verifySignatures(sd);
- }
-
- public void testEncapsulatedCertStoreReplacement()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
-
- certList.add(_signDsaCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData sd = gen.generate(msg, true);
-
- //
- // create new certstore
- //
- certList = new ArrayList();
- certList.add(_origCert);
- certList.add(_signCert);
-
- certs = new JcaCertStore(certList);
-
-
- //
- // replace certs
- //
- sd = CMSSignedData.replaceCertificatesAndCRLs(sd, certs, null, null);
-
- verifySignatures(sd);
- }
-
- public void testCertOrdering1()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
- certList.add(_signDsaCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData sd = gen.generate(msg, true);
-
- certs = sd.getCertificates();
- Iterator it = certs.getMatches(null).iterator();
-
- assertEquals(new JcaX509CertificateHolder(_origCert), it.next());
- assertEquals(new JcaX509CertificateHolder(_signCert), it.next());
- assertEquals(new JcaX509CertificateHolder(_signDsaCert), it.next());
- }
-
- public void testCertOrdering2()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
- certList.add(_signCert);
- certList.add(_signDsaCert);
- certList.add(_origCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData sd = gen.generate(msg, true);
-
- certs = sd.getCertificates();
- Iterator it = certs.getMatches(null).iterator();
-
- assertEquals(new JcaX509CertificateHolder(_signCert), it.next());
- assertEquals(new JcaX509CertificateHolder(_signDsaCert), it.next());
- assertEquals(new JcaX509CertificateHolder(_origCert), it.next());
- }
-
- public void testSignerStoreReplacement()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray("Hello World!".getBytes());
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha1Signer, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData original = gen.generate(msg, true);
-
- //
- // create new Signer
- //
- gen = new CMSSignedDataGenerator();
-
- ContentSigner sha224Signer = new JcaContentSignerBuilder("SHA224withRSA").setProvider(BC).build(_origKP.getPrivate());
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build()).build(sha224Signer, _origCert));
-
- gen.addCertificates(certs);
-
- CMSSignedData newSD = gen.generate(msg, true);
-
- //
- // replace signer
- //
- CMSSignedData sd = CMSSignedData.replaceSigners(original, newSD.getSignerInfos());
-
- SignerInformation signer = (SignerInformation)sd.getSignerInfos().getSigners().iterator().next();
-
- assertEquals(CMSAlgorithm.SHA224.getId(), signer.getDigestAlgOID());
-
- // we use a parser here as it requires the digests to be correct in the digest set, if it
- // isn't we'll get a NullPointerException
- CMSSignedDataParser sp = new CMSSignedDataParser(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build(), sd.getEncoded());
-
- sp.getSignedContent().drain();
-
- verifySignatures(sp);
- }
-
- public void testEncapsulatedSamples()
- throws Exception
- {
- testSample("PSSSignDataSHA1Enc.sig");
- testSample("PSSSignDataSHA256Enc.sig");
- testSample("PSSSignDataSHA512Enc.sig");
- }
-
- public void testSamples()
- throws Exception
- {
- testSample("PSSSignData.data", "PSSSignDataSHA1.sig");
- testSample("PSSSignData.data", "PSSSignDataSHA256.sig");
- testSample("PSSSignData.data", "PSSSignDataSHA512.sig");
- }
-
- public void testNoAttrEncapsulatedSample()
- throws Exception
- {
- CMSSignedData s = new CMSSignedData(noAttrEncData);
-
- Store certStore = s.getCertificates();
-
- assertNotNull(certStore);
-
- SignerInformationStore signers = s.getSignerInfos();
-
- assertNotNull(signers);
-
- Collection c = signers.getSigners();
-
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certStore.getMatches(signer.getSID());
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- if (!signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)))
- {
- fail("Verification FAILED! ");
- }
- }
- }
-
- public void testCounterSig()
- throws Exception
- {
- CMSSignedData sig = new CMSSignedData(getInput("counterSig.p7m"));
-
- SignerInformationStore ss = sig.getSignerInfos();
- Collection signers = ss.getSigners();
-
- SignerInformationStore cs = ((SignerInformation)signers.iterator().next()).getCounterSignatures();
- Collection csSigners = cs.getSigners();
- assertEquals(1, csSigners.size());
-
- Iterator it = csSigners.iterator();
- while (it.hasNext())
- {
- SignerInformation cSigner = (SignerInformation)it.next();
- Collection certCollection = sig.getCertificates().getMatches(cSigner.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertTrue(cSigner.isCounterSignature());
- assertNull(cSigner.getSignedAttributes().get(PKCSObjectIdentifiers.pkcs_9_at_contentType));
- assertEquals(true, cSigner.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
- }
-
- verifySignatures(sig);
- }
-
- public void testCertificateManagement()
- throws Exception
- {
- CMSSignedDataGenerator sGen = new CMSSignedDataGenerator();
-
- List certList = new ArrayList();
-
- certList.add(_origCert);
- certList.add(_signCert);
-
- Store certs = new JcaCertStore(certList);
-
- sGen.addCertificates(certs);
-
- CMSSignedData sData = sGen.generate(new CMSAbsentContent(), true);
-
- CMSSignedData rsData = new CMSSignedData(sData.getEncoded());
-
- assertEquals(2, rsData.getCertificates().getMatches(null).size());
- }
-
- private void testSample(String sigName)
- throws Exception
- {
- CMSSignedData sig = new CMSSignedData(getInput(sigName));
-
- verifySignatures(sig);
- }
-
- private void testSample(String messageName, String sigName)
- throws Exception
- {
- CMSSignedData sig = new CMSSignedData(new CMSProcessableByteArray(getInput(messageName)), getInput(sigName));
-
- verifySignatures(sig);
- }
-
- private byte[] getInput(String name)
- throws IOException
- {
- return Streams.readAll(getClass().getResourceAsStream(name));
- }
-
- public void testForMultipleCounterSignatures()
- throws Exception
- {
- CMSSignedData sd = new CMSSignedData(xtraCounterSig);
-
- for (Iterator sI = sd.getSignerInfos().getSigners().iterator(); sI.hasNext();)
- {
- SignerInformation sigI = (SignerInformation)sI.next();
-
- SignerInformationStore counter = sigI.getCounterSignatures();
- List sigs = new ArrayList(counter.getSigners());
-
- assertEquals(2, sigs.size());
- }
- }
-
- private void verifySignatures(CMSSignedDataParser sp)
- throws Exception
- {
- Store certs = sp.getCertificates();
- SignerInformationStore signers = sp.getSignerInfos();
-
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certs.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert)));
- }
- }
-
- private class TestCMSSignatureAlgorithmNameGenerator
- extends DefaultCMSSignatureAlgorithmNameGenerator
- {
- void setDigestAlgorithmMapping(ASN1ObjectIdentifier oid, String algName)
- {
- super.setSigningDigestAlgorithmMapping(oid, algName);
- }
-
- void setEncryptionAlgorithmMapping(ASN1ObjectIdentifier oid, String algName)
- {
- super.setSigningEncryptionAlgorithmMapping(oid, algName);
- }
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/NullProviderTest.java b/pkix/src/test/java/org/bouncycastle/cms/test/NullProviderTest.java
deleted file mode 100644
index a97b21c6..00000000
--- a/pkix/src/test/java/org/bouncycastle/cms/test/NullProviderTest.java
+++ /dev/null
@@ -1,281 +0,0 @@
-package org.bouncycastle.cms.test;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Date;
-import java.util.Iterator;
-import java.util.List;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.X509Name;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cms.CMSEnvelopedData;
-import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
-import org.bouncycastle.cms.CMSProcessableByteArray;
-import org.bouncycastle.cms.CMSSignedData;
-import org.bouncycastle.cms.CMSSignedDataGenerator;
-import org.bouncycastle.cms.CMSSignedDataParser;
-import org.bouncycastle.cms.CMSSignedDataStreamGenerator;
-import org.bouncycastle.cms.CMSTypedData;
-import org.bouncycastle.cms.CMSTypedStream;
-import org.bouncycastle.cms.RecipientInformation;
-import org.bouncycastle.cms.RecipientInformationStore;
-import org.bouncycastle.cms.SignerInformation;
-import org.bouncycastle.cms.SignerInformationStore;
-import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
-import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
-import org.bouncycastle.cms.jcajce.JcaX509CertSelectorConverter;
-import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
-import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
-import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
-import org.bouncycastle.util.CollectionStore;
-import org.bouncycastle.util.Store;
-import org.bouncycastle.x509.X509V3CertificateGenerator;
-
-public class NullProviderTest
- extends TestCase
-{
- static KeyPair keyPair;
- static X509Certificate keyCert;
- private static final String TEST_MESSAGE = "Hello World!";
-
- private JcaX509CertSelectorConverter selectorConverter = new JcaX509CertSelectorConverter();
-
- static
- {
- try
- {
- keyPair = generateKeyPair();
- String origDN = "O=Bouncy Castle, C=AU";
- keyCert = makeCertificate(keyPair, origDN, keyPair, origDN);
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
- }
-
- public void testSHA1WithRSAEncapsulated()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray(TEST_MESSAGE.getBytes());
-
- certList.add(new X509CertificateHolder(keyCert.getEncoded()));
-
- DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().build();
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(digCalcProv).build(new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate()), keyCert));
-
- gen.addCertificates(new CollectionStore(certList));
-
- CMSSignedData s = gen.generate(msg, true);
-
- ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded());
- ASN1InputStream aIn = new ASN1InputStream(bIn);
-
- s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
-
- Store certsAndCrls = s.getCertificates();
-
- SignerInformationStore signers = s.getSignerInfos();
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certsAndCrls.getMatches(signer.getSID());
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(cert)));
- }
- }
-
- public void testSHA1WithRSAStream()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(new X509CertificateHolder(keyCert.getEncoded()));
-
- DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().build();
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(digCalcProv).build(new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate()), keyCert));
-
- gen.addCertificates(new CollectionStore(certList));
-
- OutputStream sigOut = gen.open(bOut);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- CMSSignedDataParser sp = new CMSSignedDataParser(digCalcProv,
- new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), bOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- //
- // compute expected content digest
- //
- MessageDigest md = MessageDigest.getInstance("SHA1");
-
- byte[] contentDigest = md.digest(TEST_MESSAGE.getBytes());
- Store certStore = sp.getCertificates();
- SignerInformationStore signers = sp.getSignerInfos();
-
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certStore.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().build(cert)));
-
- if (contentDigest != null)
- {
- assertTrue(MessageDigest.isEqual(contentDigest, signer.getContentDigest()));
- }
- }
- }
-
- public void testKeyTransDES()
- throws Exception
- {
- testKeyTrans(CMSEnvelopedDataGenerator.DES_EDE3_CBC);
- }
-
- public void testKeyTransAES128()
- throws Exception
- {
- testKeyTrans(CMSEnvelopedDataGenerator.AES128_CBC);
- }
-
- public void testKeyTransAES192()
- throws Exception
- {
- testKeyTrans(CMSEnvelopedDataGenerator.AES192_CBC);
- }
-
- public void testKeyTransAES256()
- throws Exception
- {
- testKeyTrans(CMSEnvelopedDataGenerator.AES256_CBC);
- }
-
- private void testKeyTrans(String algorithm)
- throws Exception
- {
- byte[] data = "WallaWallaWashington".getBytes();
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(keyCert));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(algorithm)).build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
- assertEquals(ed.getEncryptionAlgOID(), algorithm);
-
- Collection c = recipients.getRecipients();
-
- assertEquals(1, c.size());
-
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(keyPair.getPrivate()));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
- }
-
- private static KeyPair generateKeyPair()
- throws NoSuchProviderException, NoSuchAlgorithmException
- {
- KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "SunRsaSign");
-
- kpg.initialize(512, new SecureRandom());
-
- return kpg.generateKeyPair();
- }
-
- private static X509Certificate makeCertificate(KeyPair subKP, String _subDN, KeyPair issKP, String _issDN)
- throws GeneralSecurityException, IOException
- {
-
- PublicKey subPub = subKP.getPublic();
- PrivateKey issPriv = issKP.getPrivate();
- PublicKey issPub = issKP.getPublic();
-
- X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
-
- v3CertGen.reset();
- v3CertGen.setSerialNumber(BigInteger.valueOf(1));
- v3CertGen.setIssuerDN(new X509Name(_issDN));
- v3CertGen.setNotBefore(new Date(System.currentTimeMillis()));
- v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)));
- v3CertGen.setSubjectDN(new X509Name(_subDN));
- v3CertGen.setPublicKey(subPub);
-
- v3CertGen.setSignatureAlgorithm("SHA1WithRSA");
-
- X509Certificate _cert = v3CertGen.generate(issPriv, "SunRsaSign");
-
- _cert.checkValidity(new Date());
- _cert.verify(issPub);
-
- return _cert;
- }
-
- public static Test suite()
- throws Exception
- {
- return new TestSuite(NullProviderTest.class);
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/Rfc4134Test.java b/pkix/src/test/java/org/bouncycastle/cms/test/Rfc4134Test.java
deleted file mode 100644
index 2f597024..00000000
--- a/pkix/src/test/java/org/bouncycastle/cms/test/Rfc4134Test.java
+++ /dev/null
@@ -1,445 +0,0 @@
-package org.bouncycastle.cms.test;
-
-import java.io.ByteArrayInputStream;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.security.KeyFactory;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.Security;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.security.interfaces.DSAParams;
-import java.security.interfaces.DSAPublicKey;
-import java.security.spec.DSAPublicKeySpec;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Iterator;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.DERUTF8String;
-import org.bouncycastle.asn1.cms.Attribute;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.cms.CMSAttributes;
-import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
-import org.bouncycastle.cms.CMSEnvelopedData;
-import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
-import org.bouncycastle.cms.CMSEnvelopedDataParser;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.CMSProcessableByteArray;
-import org.bouncycastle.cms.CMSSignedData;
-import org.bouncycastle.cms.CMSSignedDataParser;
-import org.bouncycastle.cms.CMSTypedStream;
-import org.bouncycastle.cms.RecipientInformation;
-import org.bouncycastle.cms.RecipientInformationStore;
-import org.bouncycastle.cms.SignerInformation;
-import org.bouncycastle.cms.SignerInformationStore;
-import org.bouncycastle.cms.jcajce.JcaSignerInfoVerifierBuilder;
-import org.bouncycastle.cms.jcajce.JcaX509CertSelectorConverter;
-import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
-import org.bouncycastle.util.Store;
-import org.bouncycastle.util.encoders.Hex;
-import org.bouncycastle.util.io.Streams;
-
-public class Rfc4134Test
- extends TestCase
-{
- private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
- private static final String TEST_DATA_HOME = "bc.test.data.home";
-
- private static byte[] exContent = getRfc4134Data("ExContent.bin");
- private static byte[] sha1 = Hex.decode("406aec085279ba6e16022d9e0629c0229687dd48");
-
- private static final JcaX509CertSelectorConverter selectorConverter = new JcaX509CertSelectorConverter();
- private static final DigestCalculatorProvider digCalcProv;
-
- static
- {
- try
- {
- digCalcProv = new JcaDigestCalculatorProviderBuilder().build();
- }
- catch (OperatorCreationException e)
- {
- throw new IllegalStateException("can't create default provider!!!");
- }
- }
-
- public Rfc4134Test(String name)
- {
- super(name);
- }
-
- public static void main(String args[])
- {
- Security.addProvider(new BouncyCastleProvider());
-
- junit.textui.TestRunner.run(Rfc4134Test.class);
- }
-
- public static Test suite()
- throws Exception
- {
- return new CMSTestSetup(new TestSuite(Rfc4134Test.class));
- }
-
- public void test4_1()
- throws Exception
- {
- byte[] data = getRfc4134Data("4.1.bin");
- CMSSignedData signedData = new CMSSignedData(data);
-
- verifySignatures(signedData);
-
- CMSSignedDataParser parser = new CMSSignedDataParser(digCalcProv, data);
-
- verifySignatures(parser);
- }
-
- public void test4_2()
- throws Exception
- {
- byte[] data = getRfc4134Data("4.2.bin");
- CMSSignedData signedData = new CMSSignedData(data);
-
- verifySignatures(signedData);
-
- CMSSignedDataParser parser = new CMSSignedDataParser(digCalcProv, data);
-
- verifySignatures(parser);
- }
-
- public void testRfc4_3()
- throws Exception
- {
- byte[] data = getRfc4134Data("4.3.bin");
- CMSSignedData signedData = new CMSSignedData(new CMSProcessableByteArray(exContent), data);
-
- verifySignatures(signedData, sha1);
-
- CMSSignedDataParser parser = new CMSSignedDataParser(digCalcProv,
- new CMSTypedStream(new ByteArrayInputStream(exContent)),
- data);
-
- verifySignatures(parser);
- }
-
- public void test4_4()
- throws Exception
- {
- byte[] data = getRfc4134Data("4.4.bin");
- byte[] counterSigCert = getRfc4134Data("AliceRSASignByCarl.cer");
- CMSSignedData signedData = new CMSSignedData(data);
-
- verifySignatures(signedData, sha1);
-
- verifySignerInfo4_4(getFirstSignerInfo(signedData.getSignerInfos()), counterSigCert);
-
- CMSSignedDataParser parser = new CMSSignedDataParser(digCalcProv, data);
-
- verifySignatures(parser);
-
- verifySignerInfo4_4(getFirstSignerInfo(parser.getSignerInfos()), counterSigCert);
- }
-
- public void test4_5()
- throws Exception
- {
- byte[] data = getRfc4134Data("4.5.bin");
- CMSSignedData signedData = new CMSSignedData(data);
-
- verifySignatures(signedData);
-
- CMSSignedDataParser parser = new CMSSignedDataParser(digCalcProv, data);
-
- verifySignatures(parser);
- }
-
- public void test4_6()
- throws Exception
- {
- byte[] data = getRfc4134Data("4.6.bin");
- CMSSignedData signedData = new CMSSignedData(data);
-
- verifySignatures(signedData);
-
- CMSSignedDataParser parser = new CMSSignedDataParser(digCalcProv, data);
-
- verifySignatures(parser);
- }
-
- public void test4_7()
- throws Exception
- {
- byte[] data = getRfc4134Data("4.7.bin");
- CMSSignedData signedData = new CMSSignedData(data);
-
- verifySignatures(signedData);
-
- CMSSignedDataParser parser = new CMSSignedDataParser(digCalcProv, data);
-
- verifySignatures(parser);
- }
-
- public void test5_1()
- throws Exception
- {
- byte[] data = getRfc4134Data("5.1.bin");
- CMSEnvelopedData envelopedData = new CMSEnvelopedData(data);
-
- verifyEnvelopedData(envelopedData, CMSEnvelopedDataGenerator.DES_EDE3_CBC);
-
- CMSEnvelopedDataParser envelopedParser = new CMSEnvelopedDataParser(data);
-
- verifyEnvelopedData(envelopedParser, CMSEnvelopedDataGenerator.DES_EDE3_CBC);
- }
-
- public void test5_2()
- throws Exception
- {
- byte[] data = getRfc4134Data("5.2.bin");
- CMSEnvelopedData envelopedData = new CMSEnvelopedData(data);
-
- verifyEnvelopedData(envelopedData, CMSEnvelopedDataGenerator.RC2_CBC);
-
- CMSEnvelopedDataParser envelopedParser = new CMSEnvelopedDataParser(data);
-
- verifyEnvelopedData(envelopedParser, CMSEnvelopedDataGenerator.RC2_CBC);
- }
-
- private void verifyEnvelopedData(CMSEnvelopedData envelopedData, String symAlgorithmOID)
- throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException, CMSException
- {
- byte[] privKeyData = getRfc4134Data("BobPrivRSAEncrypt.pri");
- PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privKeyData);
- KeyFactory keyFact = KeyFactory.getInstance("RSA", BC);
- PrivateKey privKey = keyFact.generatePrivate(keySpec);
-
- RecipientInformationStore recipients = envelopedData.getRecipientInfos();
-
- assertEquals(envelopedData.getEncryptionAlgOID(), symAlgorithmOID);
-
- Collection c = recipients.getRecipients();
- assertTrue(c.size() >= 1 && c.size() <= 2);
-
- Iterator it = c.iterator();
- verifyRecipient((RecipientInformation)it.next(), privKey);
-
- if (c.size() == 2)
- {
- RecipientInformation recInfo = (RecipientInformation)it.next();
-
- assertEquals(PKCSObjectIdentifiers.id_alg_CMSRC2wrap.getId(), recInfo.getKeyEncryptionAlgOID());
- }
- }
-
- private void verifyEnvelopedData(CMSEnvelopedDataParser envelopedParser, String symAlgorithmOID)
- throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException, CMSException
- {
- byte[] privKeyData = getRfc4134Data("BobPrivRSAEncrypt.pri");
- PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privKeyData);
- KeyFactory keyFact = KeyFactory.getInstance("RSA", BC);
- PrivateKey privKey = keyFact.generatePrivate(keySpec);
-
- RecipientInformationStore recipients = envelopedParser.getRecipientInfos();
-
- assertEquals(envelopedParser.getEncryptionAlgOID(), symAlgorithmOID);
-
- Collection c = recipients.getRecipients();
- assertTrue(c.size() >= 1 && c.size() <= 2);
-
- Iterator it = c.iterator();
- verifyRecipient((RecipientInformation)it.next(), privKey);
-
- if (c.size() == 2)
- {
- RecipientInformation recInfo = (RecipientInformation)it.next();
-
- assertEquals(PKCSObjectIdentifiers.id_alg_CMSRC2wrap.getId(), recInfo.getKeyEncryptionAlgOID());
- }
- }
-
- private void verifyRecipient(RecipientInformation recipient, PrivateKey privKey)
- throws CMSException, NoSuchProviderException
- {
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(privKey).setProvider(BC));
-
- assertEquals(true, Arrays.equals(exContent, recData));
- }
-
- private void verifySignerInfo4_4(SignerInformation signerInfo, byte[] counterSigCert)
- throws Exception
- {
- verifyCounterSignature(signerInfo, counterSigCert);
-
- verifyContentHint(signerInfo);
- }
-
- private SignerInformation getFirstSignerInfo(SignerInformationStore store)
- {
- return (SignerInformation)store.getSigners().iterator().next();
- }
-
- private void verifyCounterSignature(SignerInformation signInfo, byte[] certificate)
- throws Exception
- {
- SignerInformation csi = (SignerInformation)signInfo.getCounterSignatures().getSigners().iterator().next();
-
- CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC);
- X509Certificate cert = (X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(certificate));
-
- assertTrue(csi.verify(new JcaSignerInfoVerifierBuilder(digCalcProv).setProvider(BC).build(cert)));
- }
-
- private void verifyContentHint(SignerInformation signInfo)
- {
- AttributeTable attrTable = signInfo.getUnsignedAttributes();
-
- Attribute attr = attrTable.get(CMSAttributes.contentHint);
-
- assertEquals(1, attr.getAttrValues().size());
-
- ASN1EncodableVector v = new ASN1EncodableVector();
-
- v.add(new DERUTF8String("Content Hints Description Buffer"));
- v.add(CMSObjectIdentifiers.data);
-
- assertTrue(attr.getAttrValues().getObjectAt(0).equals(new DERSequence(v)));
- }
-
- private void verifySignatures(CMSSignedData s, byte[] contentDigest)
- throws Exception
- {
- Store certStore = s.getCertificates();
- SignerInformationStore signers = s.getSignerInfos();
-
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certStore.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- verifySigner(signer, cert);
-
- if (contentDigest != null)
- {
- assertTrue(MessageDigest.isEqual(contentDigest, signer.getContentDigest()));
- }
- }
- }
-
- private void verifySignatures(CMSSignedData s)
- throws Exception
- {
- verifySignatures(s, null);
- }
-
- private void verifySignatures(CMSSignedDataParser sp)
- throws Exception
- {
- CMSTypedStream sc = sp.getSignedContent();
- if (sc != null)
- {
- sc.drain();
- }
-
- Store certs = sp.getCertificates();
- SignerInformationStore signers = sp.getSignerInfos();
-
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certs.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- verifySigner(signer, cert);
- }
- }
-
- private void verifySigner(SignerInformation signer, X509CertificateHolder certHolder)
- throws Exception
- {
- X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certHolder);
- if (cert.getPublicKey() instanceof DSAPublicKey)
- {
- DSAPublicKey key = (DSAPublicKey)cert.getPublicKey();
-
- if (key.getParams() == null)
- {
- assertEquals(true, signer.verify(new JcaSignerInfoVerifierBuilder(digCalcProv).setProvider(BC).build(getInheritedKey(key))));
- }
- else
- {
- assertEquals(true, signer.verify(new JcaSignerInfoVerifierBuilder(digCalcProv).setProvider(BC).build(cert)));
- }
- }
- else
- {
- assertEquals(true, signer.verify(new JcaSignerInfoVerifierBuilder(digCalcProv).setProvider(BC).build(cert)));
- }
- }
-
- private PublicKey getInheritedKey(DSAPublicKey key)
- throws Exception
- {
- CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC);
-
- X509Certificate cert = (X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(getRfc4134Data("CarlDSSSelf.cer")));
-
- DSAParams dsaParams = ((DSAPublicKey)cert.getPublicKey()).getParams();
-
- DSAPublicKeySpec dsaPubKeySpec = new DSAPublicKeySpec(
- key.getY(), dsaParams.getP(), dsaParams.getQ(), dsaParams.getG());
-
- KeyFactory keyFactory = KeyFactory.getInstance("DSA", BC);
-
- return keyFactory.generatePublic(dsaPubKeySpec);
- }
-
- private static byte[] getRfc4134Data(String name)
- {
- String dataHome = System.getProperty(TEST_DATA_HOME);
-
- if (dataHome == null)
- {
- throw new IllegalStateException(TEST_DATA_HOME + " property not set");
- }
-
- try
- {
- return Streams.readAll(new FileInputStream(dataHome + "/rfc4134/" + name));
- }
- catch (IOException e)
- {
- throw new RuntimeException(e.toString());
- }
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/SHA1DigestCalculator.java b/pkix/src/test/java/org/bouncycastle/cms/test/SHA1DigestCalculator.java
deleted file mode 100644
index 934bfcff..00000000
--- a/pkix/src/test/java/org/bouncycastle/cms/test/SHA1DigestCalculator.java
+++ /dev/null
@@ -1,44 +0,0 @@
-package org.bouncycastle.cms.test;
-
-import java.io.ByteArrayOutputStream;
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.operator.DigestCalculator;
-
-
-class SHA1DigestCalculator
- implements DigestCalculator
-{
- private ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- public AlgorithmIdentifier getAlgorithmIdentifier()
- {
- return new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1);
- }
-
- public OutputStream getOutputStream()
- {
- return bOut;
- }
-
- public byte[] getDigest()
- {
- byte[] bytes = bOut.toByteArray();
-
- bOut.reset();
-
- Digest sha1 = new SHA1Digest();
-
- sha1.update(bytes, 0, bytes.length);
-
- byte[] digest = new byte[sha1.getDigestSize()];
-
- sha1.doFinal(digest, 0);
-
- return digest;
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/cms/test/SunProviderTest.java b/pkix/src/test/java/org/bouncycastle/cms/test/SunProviderTest.java
deleted file mode 100644
index 3ec8c5ae..00000000
--- a/pkix/src/test/java/org/bouncycastle/cms/test/SunProviderTest.java
+++ /dev/null
@@ -1,284 +0,0 @@
-package org.bouncycastle.cms.test;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Date;
-import java.util.Iterator;
-import java.util.List;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x509.X509Name;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
-import org.bouncycastle.cms.CMSEnvelopedData;
-import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
-import org.bouncycastle.cms.CMSProcessableByteArray;
-import org.bouncycastle.cms.CMSSignedData;
-import org.bouncycastle.cms.CMSSignedDataGenerator;
-import org.bouncycastle.cms.CMSSignedDataParser;
-import org.bouncycastle.cms.CMSSignedDataStreamGenerator;
-import org.bouncycastle.cms.CMSTypedData;
-import org.bouncycastle.cms.CMSTypedStream;
-import org.bouncycastle.cms.RecipientInformation;
-import org.bouncycastle.cms.RecipientInformationStore;
-import org.bouncycastle.cms.SignerInformation;
-import org.bouncycastle.cms.SignerInformationStore;
-import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
-import org.bouncycastle.cms.jcajce.JcaSignerInfoVerifierBuilder;
-import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
-import org.bouncycastle.cms.jcajce.JcaX509CertSelectorConverter;
-import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
-import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
-import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
-import org.bouncycastle.util.CollectionStore;
-import org.bouncycastle.util.Store;
-import org.bouncycastle.x509.X509V3CertificateGenerator;
-
-public class SunProviderTest
- extends TestCase
-{
- static KeyPair keyPair;
- static X509Certificate keyCert;
- private static final String TEST_MESSAGE = "Hello World!";
- private static final JcaX509CertSelectorConverter selectorConverter = new JcaX509CertSelectorConverter();
-
- static
- {
- try
- {
- keyPair = generateKeyPair();
- String origDN = "O=Bouncy Castle, C=AU";
- keyCert = makeCertificate(keyPair, origDN, keyPair, origDN);
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
- }
-
- public void testSHA1WithRSAEncapsulated()
- throws Exception
- {
- List certList = new ArrayList();
- CMSTypedData msg = new CMSProcessableByteArray(TEST_MESSAGE.getBytes());
-
- certList.add(new X509CertificateHolder(keyCert.getEncoded()));
-
- DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().build();
-
- CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(digCalcProv).build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("SunRsaSign").build(keyPair.getPrivate()), keyCert));
-
- gen.addCertificates(new CollectionStore(certList));
-
- CMSSignedData s = gen.generate(msg, true);
-
- ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded());
- ASN1InputStream aIn = new ASN1InputStream(bIn);
-
- s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
-
- Store certsAndCrls = s.getCertificates();
-
- SignerInformationStore signers = s.getSignerInfos();
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certsAndCrls.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509Certificate cert = new JcaX509CertificateConverter().getCertificate((X509CertificateHolder)certIt.next());
-
- assertEquals(true, signer.verify(new JcaSignerInfoVerifierBuilder(new JcaDigestCalculatorProviderBuilder().build()).setProvider("SunRsaSign").build(cert)));
- }
- }
-
- public void testSHA1WithRSAStream()
- throws Exception
- {
- List certList = new ArrayList();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- certList.add(new X509CertificateHolder(keyCert.getEncoded()));
-
- DigestCalculatorProvider digCalcProv = new JcaDigestCalculatorProviderBuilder().build();
-
- CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
-
- gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(digCalcProv).build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("SunRsaSign").build(keyPair.getPrivate()), keyCert));
-
- gen.addCertificates(new CollectionStore(certList));
-
- OutputStream sigOut = gen.open(bOut);
-
- sigOut.write(TEST_MESSAGE.getBytes());
-
- sigOut.close();
-
- CMSSignedDataParser sp = new CMSSignedDataParser(digCalcProv,
- new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), bOut.toByteArray());
-
- sp.getSignedContent().drain();
-
- //
- // compute expected content digest
- //
- MessageDigest md = MessageDigest.getInstance("SHA1", "SUN");
-
- byte[] contentDigest = md.digest(TEST_MESSAGE.getBytes());
- Store certStore = sp.getCertificates();
- SignerInformationStore signers = sp.getSignerInfos();
-
- Collection c = signers.getSigners();
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- SignerInformation signer = (SignerInformation)it.next();
- Collection certCollection = certStore.getMatches(signer.getSID());
-
- Iterator certIt = certCollection.iterator();
- X509CertificateHolder cert = (X509CertificateHolder)certIt.next();
-
- assertEquals(true, signer.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("SunRsaSign").build(new JcaX509CertificateConverter().getCertificate(cert))));
-
- if (contentDigest != null)
- {
- assertTrue(MessageDigest.isEqual(contentDigest, signer.getContentDigest()));
- }
- }
- }
-
- public void testKeyTransDES()
- throws Exception
- {
- testKeyTrans(CMSEnvelopedDataGenerator.DES_EDE3_CBC);
- }
-
- public void testKeyTransAES128()
- throws Exception
- {
- testKeyTrans(CMSEnvelopedDataGenerator.AES128_CBC);
- }
-
- public void testKeyTransAES192()
- throws Exception
- {
- testKeyTrans(CMSEnvelopedDataGenerator.AES192_CBC);
- }
-
- public void testKeyTransAES256()
- throws Exception
- {
- testKeyTrans(CMSEnvelopedDataGenerator.AES256_CBC);
- }
-
- private void testKeyTrans(String algorithm)
- throws Exception
- {
- byte[] data = "WallaWallaWashington".getBytes();
-
- CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
-
- edGen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(keyCert).setProvider("SunJCE"));
-
- CMSEnvelopedData ed = edGen.generate(
- new CMSProcessableByteArray(data),
- new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(algorithm)).setProvider("SunJCE").build());
-
- RecipientInformationStore recipients = ed.getRecipientInfos();
-
-
- assertEquals(ed.getEncryptionAlgOID(), algorithm);
-
- Collection c = recipients.getRecipients();
-
- assertEquals(1, c.size());
-
- Iterator it = c.iterator();
-
- while (it.hasNext())
- {
- RecipientInformation recipient = (RecipientInformation)it.next();
-
- assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId());
-
- byte[] recData = recipient.getContent(new JceKeyTransEnvelopedRecipient(keyPair.getPrivate()).setProvider("SunJCE"));
-
- assertEquals(true, Arrays.equals(data, recData));
- }
- }
-
- private static KeyPair generateKeyPair()
- throws NoSuchProviderException, NoSuchAlgorithmException
- {
- KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "SunRsaSign");
-
- kpg.initialize(512, new SecureRandom());
-
- return kpg.generateKeyPair();
- }
-
- private static X509Certificate makeCertificate(KeyPair subKP, String _subDN, KeyPair issKP, String _issDN)
- throws GeneralSecurityException, IOException
- {
-
- PublicKey subPub = subKP.getPublic();
- PrivateKey issPriv = issKP.getPrivate();
- PublicKey issPub = issKP.getPublic();
-
- X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
-
- v3CertGen.reset();
- v3CertGen.setSerialNumber(BigInteger.valueOf(1));
- v3CertGen.setIssuerDN(new X509Name(_issDN));
- v3CertGen.setNotBefore(new Date(System.currentTimeMillis()));
- v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)));
- v3CertGen.setSubjectDN(new X509Name(_subDN));
- v3CertGen.setPublicKey(subPub);
-
- v3CertGen.setSignatureAlgorithm("SHA1WithRSA");
-
- X509Certificate _cert = v3CertGen.generate(issPriv, "SunRsaSign");
-
- _cert.checkValidity(new Date());
- _cert.verify(issPub);
-
- return _cert;
- }
-
- public static Test suite()
- throws Exception
- {
- return new TestSuite(SunProviderTest.class);
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/dvcs/test/AllTests.java b/pkix/src/test/java/org/bouncycastle/dvcs/test/AllTests.java
deleted file mode 100644
index 3cfeefea..00000000
--- a/pkix/src/test/java/org/bouncycastle/dvcs/test/AllTests.java
+++ /dev/null
@@ -1,239 +0,0 @@
-package org.bouncycastle.dvcs.test;
-
-import java.io.IOException;
-import java.security.KeyPair;
-import java.security.Security;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.asn1.dvcs.CertEtcToken;
-import org.bouncycastle.asn1.dvcs.TargetEtcChain;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
-import org.bouncycastle.cms.CMSSignedData;
-import org.bouncycastle.cms.CMSSignedDataGenerator;
-import org.bouncycastle.cms.SignerId;
-import org.bouncycastle.cms.SignerInformationVerifier;
-import org.bouncycastle.cms.SignerInformationVerifierProvider;
-import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
-import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
-import org.bouncycastle.cms.test.CMSTestUtil;
-import org.bouncycastle.dvcs.CCPDRequestBuilder;
-import org.bouncycastle.dvcs.CCPDRequestData;
-import org.bouncycastle.dvcs.CPDRequestBuilder;
-import org.bouncycastle.dvcs.CPDRequestData;
-import org.bouncycastle.dvcs.DVCSException;
-import org.bouncycastle.dvcs.DVCSRequest;
-import org.bouncycastle.dvcs.MessageImprint;
-import org.bouncycastle.dvcs.MessageImprintBuilder;
-import org.bouncycastle.dvcs.SignedDVCSMessageGenerator;
-import org.bouncycastle.dvcs.TargetChain;
-import org.bouncycastle.dvcs.VPKCRequestBuilder;
-import org.bouncycastle.dvcs.VPKCRequestData;
-import org.bouncycastle.dvcs.VSDRequestBuilder;
-import org.bouncycastle.dvcs.VSDRequestData;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.io.Streams;
-
-public class AllTests
- extends TestCase
-{
- private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
-
- private static boolean initialised = false;
-
- private static String origDN;
- private static KeyPair origKP;
- private static X509Certificate origCert;
-
- private static String signDN;
- private static KeyPair signKP;
- private static X509Certificate signCert;
-
- private static void init()
- throws Exception
- {
- if (!initialised)
- {
- initialised = true;
-
- if (Security.getProvider(BC) == null)
- {
- Security.addProvider(new BouncyCastleProvider());
- }
- origDN = "O=Bouncy Castle, C=AU";
- origKP = CMSTestUtil.makeKeyPair();
- origCert = CMSTestUtil.makeCertificate(origKP, origDN, origKP, origDN);
-
- signDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU";
- signKP = CMSTestUtil.makeKeyPair();
- signCert = CMSTestUtil.makeCertificate(signKP, signDN, origKP, origDN);
- }
- }
-
- public void setUp()
- throws Exception
- {
- init();
- }
-
- private byte[] getInput(String name)
- throws IOException
- {
- return Streams.readAll(getClass().getResourceAsStream(name));
- }
-
- public void testCCPDRequest()
- throws Exception
- {
- SignedDVCSMessageGenerator gen = getSignedDVCSMessageGenerator();
-
- CCPDRequestBuilder reqBuilder = new CCPDRequestBuilder();
-
- MessageImprintBuilder imprintBuilder = new MessageImprintBuilder(new SHA1DigestCalculator());
-
- MessageImprint messageImprint = imprintBuilder.build(new byte[100]);
-
- CMSSignedData reqMsg = gen.build(reqBuilder.build(messageImprint));
-
- assertTrue(reqMsg.verifySignatures(new SignerInformationVerifierProvider()
- {
- public SignerInformationVerifier get(SignerId sid)
- throws OperatorCreationException
- {
- return new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(signCert);
- }
- }));
-
- DVCSRequest request = new DVCSRequest(reqMsg);
-
- CCPDRequestData reqData = (CCPDRequestData)request.getData();
-
- assertEquals(messageImprint, reqData.getMessageImprint());
- }
-
- private CMSSignedData getWrappedCPDRequest()
- throws OperatorCreationException, CertificateEncodingException, DVCSException, IOException
- {
- SignedDVCSMessageGenerator gen = getSignedDVCSMessageGenerator();
-
- CPDRequestBuilder reqBuilder = new CPDRequestBuilder();
-
- return gen.build(reqBuilder.build(new byte[100]));
- }
-
- public void testCPDRequest()
- throws Exception
- {
- CMSSignedData reqMsg = getWrappedCPDRequest();
-
- assertTrue(reqMsg.verifySignatures(new SignerInformationVerifierProvider()
- {
- public SignerInformationVerifier get(SignerId sid)
- throws OperatorCreationException
- {
- return new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(signCert);
- }
- }));
-
- DVCSRequest request = new DVCSRequest(reqMsg);
-
- CPDRequestData reqData = (CPDRequestData)request.getData();
-
- assertTrue(Arrays.areEqual(new byte[100], reqData.getMessage()));
- }
-
- public void testVPKCRequest()
- throws Exception
- {
- SignedDVCSMessageGenerator gen = getSignedDVCSMessageGenerator();
-
- VPKCRequestBuilder reqBuilder = new VPKCRequestBuilder();
-
- reqBuilder.addTargetChain(new JcaX509CertificateHolder(signCert));
-
- CMSSignedData reqMsg = gen.build(reqBuilder.build());
-
- assertTrue(reqMsg.verifySignatures(new SignerInformationVerifierProvider()
- {
- public SignerInformationVerifier get(SignerId sid)
- throws OperatorCreationException
- {
- return new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(signCert);
- }
- }));
-
- DVCSRequest request = new DVCSRequest(reqMsg);
-
- VPKCRequestData reqData = (VPKCRequestData)request.getData();
-
- assertEquals(new TargetEtcChain(new CertEtcToken(CertEtcToken.TAG_CERTIFICATE, new JcaX509CertificateHolder(signCert).toASN1Structure())), ((TargetChain)reqData.getCerts().get(0)).toASN1Structure());
- }
-
- public void testVSDRequest()
- throws Exception
- {
- CMSSignedData message = getWrappedCPDRequest();
-
- SignedDVCSMessageGenerator gen = getSignedDVCSMessageGenerator();
-
- VSDRequestBuilder reqBuilder = new VSDRequestBuilder();
-
- CMSSignedData reqMsg = gen.build(reqBuilder.build(message));
-
- assertTrue(reqMsg.verifySignatures(new SignerInformationVerifierProvider()
- {
- public SignerInformationVerifier get(SignerId sid)
- throws OperatorCreationException
- {
- return new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(signCert);
- }
- }));
-
- DVCSRequest request = new DVCSRequest(reqMsg);
-
- VSDRequestData reqData = (VSDRequestData)request.getData();
-
- assertEquals(message.toASN1Structure().getContentType(), reqData.getParsedMessage().toASN1Structure().getContentType());
- }
-
- private SignedDVCSMessageGenerator getSignedDVCSMessageGenerator()
- throws OperatorCreationException, CertificateEncodingException
- {
- CMSSignedDataGenerator sigDataGen = new CMSSignedDataGenerator();
-
- JcaDigestCalculatorProviderBuilder calculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder().setProvider(BC);
-
- ContentSigner contentSigner = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(signKP.getPrivate());
-
- sigDataGen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(calculatorProviderBuilder.build()).build(contentSigner, signCert));
-
- return new SignedDVCSMessageGenerator(sigDataGen);
- }
-
- public static void main(String[] args)
- throws Exception
- {
- Security.addProvider(new BouncyCastleProvider());
-
- junit.textui.TestRunner.run(suite());
- }
-
- public static Test suite()
- throws Exception
- {
- TestSuite suite= new TestSuite("EAC tests");
-
- suite.addTestSuite(AllTests.class);
- suite.addTestSuite(DVCSParseTest.class);
-
- return new DVCSTestSetup(suite);
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/dvcs/test/DVCSParseTest.java b/pkix/src/test/java/org/bouncycastle/dvcs/test/DVCSParseTest.java
deleted file mode 100644
index 90a46b4e..00000000
--- a/pkix/src/test/java/org/bouncycastle/dvcs/test/DVCSParseTest.java
+++ /dev/null
@@ -1,390 +0,0 @@
-package org.bouncycastle.dvcs.test;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-import junit.framework.TestCase;
-import org.bouncycastle.asn1.ASN1GeneralizedTime;
-import org.bouncycastle.asn1.ASN1Integer;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.cmp.PKIStatus;
-import org.bouncycastle.asn1.cmp.PKIStatusInfo;
-import org.bouncycastle.asn1.dvcs.CertEtcToken;
-import org.bouncycastle.asn1.dvcs.DVCSCertInfo;
-import org.bouncycastle.asn1.dvcs.DVCSCertInfoBuilder;
-import org.bouncycastle.asn1.dvcs.DVCSErrorNotice;
-import org.bouncycastle.asn1.dvcs.DVCSRequest;
-import org.bouncycastle.asn1.dvcs.DVCSRequestInformation;
-import org.bouncycastle.asn1.dvcs.DVCSRequestInformationBuilder;
-import org.bouncycastle.asn1.dvcs.DVCSResponse;
-import org.bouncycastle.asn1.dvcs.DVCSTime;
-import org.bouncycastle.asn1.dvcs.Data;
-import org.bouncycastle.asn1.dvcs.ServiceType;
-import org.bouncycastle.asn1.dvcs.TargetEtcChain;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.Certificate;
-import org.bouncycastle.asn1.x509.DigestInfo;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.PolicyInformation;
-import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.cms.CMSSignedData;
-import org.bouncycastle.dvcs.DVCSException;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.encoders.Hex;
-
-public class DVCSParseTest
- extends TestCase
-{
-
- // Clepsydre requests and responses
- private static final String REQUEST_CCPD_CLEPSYDRE = "MIICRgYJKoZIhvcNAQcCoIICNzCCAjMCAQMxCzAJBgUrDgMCGgUAMIGZBgsqhkiG9w0BCRABB6CBiQSBhjCBgzBgCgEEoE2kSzBJMQswCQYDVQQGEwJGUjEOMAwGA1UEBxMFUGFyaXMxEDAOBgNVBAoTB0VkZWxXZWIxGDAWBgNVBAMTD1BldGVyIFN5bHZlc3RlcqEMBgorBgEEAak9AQIBMB8wBwYFKw4DAhoEFHW2ha9viUZ96AcVJR5Fl4/NH6VmMYIBgzCCAX8CAQEwfDBwMQswCQYDVQQGEwJGUjEVMBMGA1UEChMMRWRlbFdlYiBTLkEuMSgwJgYDVQQLEx9DbGVwc3lkcmUgRGVtb25zdHJhdGlvbiBTZXJ2aWNlMSAwHgYDVQQDExdUaW1lIFN0YW1waW5nIEF1dGhvcml0eQIIAJSIFyE0N3YwCQYFKw4DAhoFAKBfMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBzAcBgkqhkiG9w0BCQUxDxcNMDAwNDE3MTcxNDU3WjAjBgkqhkiG9w0BCQQxFgQUTajC0s58DQRBL0QTM3XbL1st+dwwDQYJKoZIhvcNAQEBBQAEgYBuew429QhfFjwxeyi7C8LGF2emtVTxmOJviZYODJnmy0DBm43Y147TK0H3FiZbtwi/5pWy2QFs/rEsUsFa0jHzjsrdEaFyBSlBat0oQKpcd8adHYBT22+cTKWjj5KLGD/VOq0Bh2nD/dPYw9DKa+YNTlNuUCCZfJTCRCUbBsCZlg==";
- private static final String RESPONSE_CCPD_CLEPSYDRE = "MIIH9wYJKoZIhvcNAQcCoIIH6DCCB+QCAQMxCzAJBgUrDgMCGgUAMIIBLQYLKoZIhvcNAQkQAQigggEcBIIBGDCCARQwgdYKAQSgTaRLMEkxCzAJBgNVBAYTAkZSMQ4wDAYDVQQHEwVQYXJpczEQMA4GA1UEChMHRWRlbFdlYjEYMBYGA1UEAxMPUGV0ZXIgU3lsdmVzdGVyoQwGCisGAQQBqT0BAgGidKRyMHAxCzAJBgNVBAYTAkZSMRUwEwYDVQQKEwxFZGVsV2ViIFMuQS4xKDAmBgNVBAsTH0NsZXBzeWRyZSBEZW1vbnN0cmF0aW9uIFNlcnZpY2UxIDAeBgNVBAMTF1RpbWUgU3RhbXBpbmcgQXV0aG9yaXR5MB8wBwYFKw4DAhoEFHW2ha9viUZ96AcVJR5Fl4/NH6VmAgcBeAoeyogjGA8yMDAwMDQxNzE3MTYxN1qgggPgMIID3DCCAsSgAwIBAgIIAJSIFxdkNzIwDQYJKoZIhvcNAQEEBQAwcDELMAkGA1UEBhMCRlIxFTATBgNVBAoTDEVkZWxXZWIgUy5BLjEoMCYGA1UECxMfQ2xlcHN5ZHJlIERlbW9uc3RyYXRpb24gU2VydmljZTEgMB4GA1UEAxMXVGltZSBTdGFtcGluZyBBdXRob3JpdHkwHhcNMDAwMTI1MTYxOTM4WhcNMjAwMTIwMTYxOTM4WjBwMQswCQYDVQQGEwJGUjEVMBMGA1UEChMMRWRlbFdlYiBTLkEuMSgwJgYDVQQLEx9DbGVwc3lkcmUgRGVtb25zdHJhdGlvbiBTZXJ2aWNlMSAwHgYDVQQDExdUaW1lIFN0YW1waW5nIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPrDF67rt53rq70FfjlDbQRFWHQFpczzbC+Mjnd+wp8SEVx9274jKJqQ0qvGorq9o36ZppkhpdiQuc+nI06gVqDBCkaJjjyRZzf9m6tJF/xKpfLkTG7jahySlwRvfwxc+3TLlX5Mw1gS6KnW8N0SRBXniy6vUcAMX6hl/EehyZgf1OHqvBwaJ7uLVvESVRD0jtifGZwegffbY92INz9xeVuW4l+C1RIZBQ3hPaVtZuQsHu3HTLjfqjjIFWquJX1GKgf5g3fEUe6Q3AXQw/DxX+jU7V00cJGdnwhVfVvljV81WYNOchm7nIjRevwjpYSZtBeKTWyd0KY1gF/K+ySLVB0CAwEAAaN6MHgwDwYDVR0TBAgwBgEB/wIBADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCjBNBggrBgEFBQcBAQEB/wQ+MDwwOgYIKwYBBQUHMASGLmh0dHBzOi8vY2xlcHN5ZHJlLmVkZWx3ZWIuZnIvZHZjcy9zZXJ2aWNlLWNjcGQwDQYJKoZIhvcNAQEEBQADggEBAAjar1sJOWbTvoAd13K1LKME+0b4BfW/g/NtbTIoHEbuD+owYYoeigNOmIFgH5cXU9FUcz9ymEXTEJrTd7h0DpqQKY6spOvSJG32IR0/Uoss5pLnUsZUk5G8V3QhODl1zTBJVBOUbP7xZDgfX3274D6o8Sgc8dko+jIeO0i/XHAhKe++ciTaDflRev7X9f/owurGTEUUUVP9ANVbzGcqI5QxnsKQOJuw3/neZwxXXNew/PJylsTRep2g5lEkmZ6Jxjn5cnpE/S0/vN/HJSeUobV9ugZ1ZxyVbL0sdEE+zc05XC6cw8MJ43nV64Xo8XIpgPbGbmEbWPyHPtnhUxDgsQUxggK7MIICtwIBATB8MHAxCzAJBgNVBAYTAkZSMRUwEwYDVQQKEwxFZGVsV2ViIFMuQS4xKDAmBgNVBAsTH0NsZXBzeWRyZSBEZW1vbnN0cmF0aW9uIFNlcnZpY2UxIDAeBgNVBAMTF1RpbWUgU3RhbXBpbmcgQXV0aG9yaXR5AggAlIglcjUnUDAJBgUrDgMCGgUAoIIBFDAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQgwHAYJKoZIhvcNAQkFMQ8XDTAwMDQxNzE3MTYxOVowIwYJKoZIhvcNAQkEMRYEFGhQ3JAgLsLwVRV/d6mmDDTMEwb6MIGyBgsqhkiG9w0BCRACDDGBojCBnzCBnDCBmQQUXPEY80rKtGfW2Of4O0rZejKlQ6UwgYAwdKRyMHAxCzAJBgNVBAYTAkZSMRUwEwYDVQQKEwxFZGVsV2ViIFMuQS4xKDAmBgNVBAsTH0NsZXBzeWRyZSBEZW1vbnN0cmF0aW9uIFNlcnZpY2UxIDAeBgNVBAMTF1RpbWUgU3RhbXBpbmcgQXV0aG9yaXR5AggAlIglcjUnUDANBgkqhkiG9w0BAQEFAASCAQAucJ9WXgFWqeFHgRI1ISkJFnrtRflaou3k/p0s5NoSZmIUWWGLUHsBgj29fuY40KigN5h5EyY5KcZyIKmVcedTf3l3mO8jAk65vZCbrAWicI86QjacLLCUsSsLNpQOeA6w0QkgY7z/zTLxWtOrn5OcWqNYmaAoEeCATU0edwT0UAfVi1SgIzL/ppziurjbVUfJyLoH75AUSKi2xXzVqSB0HFbvjxuz/IdtgfHUbxqHMJJHaeB54LwQmc9NNkw2A1Fy0VumHi2G8R8K6L/rOPnOGuywj1GuKjtGhL9NjJ/uH+/FNaNjvjjAA3w6XrjPOxgQiNu7T3j2++QcjdT4++tQ";
- // Top-Cross requests and responses
- private static final String REQUEST_CPD_TOMSK = "MIIJWgYJKoZIhvcNAQcCoIIJSzCCCUcCAQMxDDAKBgYqhQMCAgkFADCCBFwGCyqGSIb3DQEJEAEHoIIESwSCBEcwggRDMAkKAQECBA33L7cEggQcMIIEGDCCA8WgAwIBAgIKTOD69wAAAAA80DAKBgYqhQMCAgMFADCB5zEbMBkGCSqGSIb3DQEJARYMdWRjc0B1ZGNzLnJ1MQswCQYDVQQGEwJSVTEXMBUGA1UECB4OBCIEPgQ8BEEEOgQwBE8xEzARBgNVBAceCgQiBD4EPARBBDoxRzBFBgNVBAoTPlRvbXNrIFN0YXRlIFVuaXZlcnNpdHkgb2YgQ29udHJvbCBTeXN0ZW1zIGFuZCBSYWRpb2VsZWN0cm9uaWNzMScwJQYDVQQLHh4EJgQiBBEAIAAtACAEIwQmACAEIQQ4BDEEOARABDgxGzAZBgNVBAMTElVEQyBTaWJpcmlhIFRTVUNTUjAeFw0xMjExMTIwMzI4MDBaFw0xMzAzMDMwNjE5MDBaMIHRMSgwJgYJKoZIhvcNAQkBFhl0ZXN0X3VkY3NAY3RiLnJrLnR1c3VyLnJ1MQswCQYDVQQGEwJSVTETMBEGA1UEBwwK0KLQvtC80YHQujE9MDsGA1UECgw00KPQtNC+0YHRgtC+0LLQtdGA0Y/RjtGJ0LjQuSDQptC10L3RgtGAINCh0LjQsdC40YDQuDFEMEIGA1UEAww70KLQtdGB0YLQvtCy0YvQuSDQn9C+0LvRjNC30L7QstCw0YLQtdC70Ywg0KPQpiDQodC40LHQuNGA0LgwYzAcBgYqhQMCAhMwEgYHKoUDAgIkAAYHKoUDAgIeAQNDAARAR01H5PIXecUsIknQwHuiDRSy5k4uNezKe7zETWfhPb9Bm0+djzJkEc13t2IeMwLHXVOla91gFoSbhfWRYp07WKOCAWEwggFdMA4GA1UdDwEB/wQEAwIE8DAmBgNVHSUEHzAdBggrBgEFBQcDBAYHKoUDAgIiBgYIKwYBBQUHAwIwHQYDVR0OBBYEFOJVTSiR/zqkOU0HtBcR1AtX2CU9MB8GA1UdIwQYMBaAFLkeioDYZtqO5B8ojEBYjFzq1uciMFoGA1UdHwRTMFEwT6BNoEuGI2h0dHA6Ly93d3cudWRjcy5ydS9jZXJ0c3J2L3VkY3MuY3JshiRodHRwOi8vd3d3Mi51ZGNzLnJ1L2NlcnRzcnYvdWRjcy5jcmwwcQYIKwYBBQUHAQEEZTBjMC8GCCsGAQUFBzAChiNodHRwOi8vd3d3LnVkY3MucnUvY2VydHNydi91ZGNzLmNlcjAwBggrBgEFBQcwAoYkaHR0cDovL3d3dzIudWRjcy5ydS9jZXJ0c3J2L3VkY3MuY2VyMBQGA1UdIAQNMAswCQYHKoUDAxMCBDAKBgYqhQMCAgMFAANBABGJw/oHPHm0aRdmKW8LHcITCO7sA0BrAxzZQlV0USmZGS5VKPCgnpdoPQbsW4ynnxTivDfh8ZAJGcKVZ9kiD/SgFgYLKoUDAhUBAQIBAwKgBwIFAIW6DUGgggN0MIIDcDCCAx2gAwIBAgIKJjs9ewAAAAA3FDAKBgYqhQMCAgMFADCB5zEbMBkGCSqGSIb3DQEJARYMdWRjc0B1ZGNzLnJ1MQswCQYDVQQGEwJSVTEXMBUGA1UECB4OBCIEPgQ8BEEEOgQwBE8xEzARBgNVBAceCgQiBD4EPARBBDoxRzBFBgNVBAoTPlRvbXNrIFN0YXRlIFVuaXZlcnNpdHkgb2YgQ29udHJvbCBTeXN0ZW1zIGFuZCBSYWRpb2VsZWN0cm9uaWNzMScwJQYDVQQLHh4EJgQiBBEAIAAtACAEIwQmACAEIQQ4BDEEOARABDgxGzAZBgNVBAMTElVEQyBTaWJpcmlhIFRTVUNTUjAeFw0xMTEyMDcwNDI0MDBaFw0xMjEyMDcwNDMzMDBaMB8xHTAbBgNVBAMeFABSAEMAQQBJAFIAXwB0AGUAYwBoMGMwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwICHgEDQwAEQLgMQUEkI9li1pn4dHHEWv5SSCjI77W6wfG3mSzEKw0vd3qQUTd86xZGAEwVC2dxJIdiQlSuMtyog6vSau3FriKjggFsMIIBaDAOBgNVHQ8BAf8EBAMCBPAwMAYDVR0lBCkwJwYIKwYBBQUHAwQGCCqFAwMTAgUCBgcqhQMCAiIGBggrBgEFBQcDAjAdBgNVHQ4EFgQU/hZ+9/9Tt/94ckUhTWabJMCegqQwHwYDVR0jBBgwFoAUuR6KgNhm2o7kHyiMQFiMXOrW5yIwWgYDVR0fBFMwUTBPoE2gS4YjaHR0cDovL3d3dy51ZGNzLnJ1L2NlcnRzcnYvdWRjcy5jcmyGJGh0dHA6Ly93d3cyLnVkY3MucnUvY2VydHNydi91ZGNzLmNybDBxBggrBgEFBQcBAQRlMGMwLwYIKwYBBQUHMAKGI2h0dHA6Ly93d3cudWRjcy5ydS9jZXJ0c3J2L3VkY3MuY2VyMDAGCCsGAQUFBzAChiRodHRwOi8vd3d3Mi51ZGNzLnJ1L2NlcnRzcnYvdWRjcy5jZXIwFQYDVR0gBA4wDDAKBggqhQMDEwIFATAKBgYqhQMCAgMFAANBALCWVdYVTPSLtijWd6utGC/rtl0mGvU3UjyaHC2jbFovDwyRpx13BseqbcsxBA+aNabeH2WuEQMirhVt7lpV4jMxggFaMIIBVgIBATCB9jCB5zEbMBkGCSqGSIb3DQEJARYMdWRjc0B1ZGNzLnJ1MQswCQYDVQQGEwJSVTEXMBUGA1UECB4OBCIEPgQ8BEEEOgQwBE8xEzARBgNVBAceCgQiBD4EPARBBDoxRzBFBgNVBAoTPlRvbXNrIFN0YXRlIFVuaXZlcnNpdHkgb2YgQ29udHJvbCBTeXN0ZW1zIGFuZCBSYWRpb2VsZWN0cm9uaWNzMScwJQYDVQQLHh4EJgQiBBEAIAAtACAEIwQmACAEIQQ4BDEEOARABDgxGzAZBgNVBAMTElVEQyBTaWJpcmlhIFRTVUNTUgIKJjs9ewAAAAA3FDAKBgYqhQMCAgkFADAKBgYqhQMCAhMFAARAMdcEVUhDQ9XZl5Pu2N9At4a2y34fQY0uCQvIq47gOk0MBAXmTfT+7sJsTk1RMTMoeopDd+W7r3qO7isleghpgQ==";
- private static final String RESPONSE_CPD_TOMSK = "MIIGuQYJKoZIhvcNAQcCoIIGqjCCBqYCAQMxDDAKBgYqhQMCAgkFADBvBgsqhkiG9w0BCRABCKBgBF4wXDAJCgEBAgR0q0Q5MDUwEQYGKoUDAgIJBgcqhQMCAh4BBCC+uAKu1Kom7NbBYTtd6VC/RwHvV6FxeSH86KR7Oq+XVgICGLkYDzIwMTIxMjA1MDY1NzIwWqADAgEAoIIEczCCBG8wggQcoAMCAQICCjBVmIkAAAAANVowCgYGKoUDAgIDBQAwgecxGzAZBgkqhkiG9w0BCQEWDHVkY3NAdWRjcy5ydTELMAkGA1UEBhMCUlUxFzAVBgNVBAgeDgQiBD4EPARBBDoEMARPMRMwEQYDVQQHHgoEIgQ+BDwEQQQ6MUcwRQYDVQQKEz5Ub21zayBTdGF0ZSBVbml2ZXJzaXR5IG9mIENvbnRyb2wgU3lzdGVtcyBhbmQgUmFkaW9lbGVjdHJvbmljczEnMCUGA1UECx4eBCYEIgQRACAALQAgBCMEJgAgBCEEOAQxBDgEQAQ4MRswGQYDVQQDExJVREMgU2liaXJpYSBUU1VDU1IwHhcNMTExMDIwMTAyNzAwWhcNMTMwMTIwMTAzNjAwWjCCATgxCzAJBgNVBAYTAlJVMRMwEQYDVQQHHgoEIgQeBBwEIQQaMUMwQQYDVQQKHjoEEAQ0BDwEOAQ9BDgEQQRCBEAEMARGBDgETwAgBCIEPgQ8BEEEOgQ+BDkAIAQ+BDEEOwQwBEEEQgQ4MYGBMH8GA1UECx54BBoEPgQ8BDgEQgQ1BEIAIAQ4BD0ERAQ+BEAEPAQwBEIEOAQ3BDAERgQ4BDgAIAQ4ACAEQQQyBE8ENwQ4ACAEEAQ0BDwEOAQ9BDgEQQRCBEAEMARGBDgEOAAgBCIEPgQ8BEEEOgQ+BDkAIAQ+BDEEOwQwBEEEQgQ4MUswSQYDVQQDHkIELQQbBBUEGgQiBCAEHgQdBB0EKwQZACAEHQQeBCIEEAQgBBgEEAQiACAAKABEAFYAQwBTACwAIABPAEMAUwBQACkwYzAcBgYqhQMCAhMwEgYHKoUDAgIkAAYHKoUDAgIeAQNDAARAijmkemSx9EYvcgxb7/O1AHd5r4mH6V6L97UyX/GGg9geywTqm/sPuq/wuVicW82f/f7huHHlIlUf5ejTwpH53aOCAVAwggFMMB0GA1UdJQQWMBQGCCsGAQUFBwMJBggrBgEFBQcDCjALBgNVHQ8EBAMCBsAwDwYJKwYBBQUHMAEFBAIFADAdBgNVHQ4EFgQUX5qI5TV4fjSwaGkElbHRedmg2NgwHwYDVR0jBBgwFoAUuR6KgNhm2o7kHyiMQFiMXOrW5yIwWgYDVR0fBFMwUTBPoE2gS4YjaHR0cDovL3d3dy51ZGNzLnJ1L2NlcnRzcnYvdWRjcy5jcmyGJGh0dHA6Ly93d3cyLnVkY3MucnUvY2VydHNydi91ZGNzLmNybDBxBggrBgEFBQcBAQRlMGMwLwYIKwYBBQUHMAKGI2h0dHA6Ly93d3cudWRjcy5ydS9jZXJ0c3J2L3VkY3MuY2VyMDAGCCsGAQUFBzAChiRodHRwOi8vd3d3Mi51ZGNzLnJ1L2NlcnRzcnYvdWRjcy5jZXIwCgYGKoUDAgIDBQADQQAw+l6X2T9zF2FtGiTvssRq0RGNaJ9d9P07qSt+gJ9gnveOnD4o8pVqCM+IgXfUrmh9IHRJ+u2LnhkDo8bUbOpIMYIBqTCCAaUCAQEwgfYwgecxGzAZBgkqhkiG9w0BCQEWDHVkY3NAdWRjcy5ydTELMAkGA1UEBhMCUlUxFzAVBgNVBAgeDgQiBD4EPARBBDoEMARPMRMwEQYDVQQHHgoEIgQ+BDwEQQQ6MUcwRQYDVQQKEz5Ub21zayBTdGF0ZSBVbml2ZXJzaXR5IG9mIENvbnRyb2wgU3lzdGVtcyBhbmQgUmFkaW9lbGVjdHJvbmljczEnMCUGA1UECx4eBCYEIgQRACAALQAgBCMEJgAgBCEEOAQxBDgEQAQ4MRswGQYDVQQDExJVREMgU2liaXJpYSBUU1VDU1ICCjBVmIkAAAAANVowCgYGKoUDAgIJBQCgTTAvBgkqhkiG9w0BCQQxIgQgm+Q/Zv0Y8bLGF6nUo1K6Tvdwda2tAOQIoJPeCOR4IfIwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEIMAoGBiqFAwICEwUABECBRv1CPSBsCsV1eczuPz3w3+Px1xfbZCWVUyJJ+mcfo4B9UxeBEuQxMXSS2B+r1162ZDcnn3ZHAJ8M1rwH4mms";
- // private static final String REQUEST_VSD_TOMSK = "";
-// private static final String RESPONSE_VSD_TOMSK = "";
- private static final String REQUEST_VPKC_TOMSK = "MIIJXwYJKoZIhvcNAQcCoIIJUDCCCUwCAQMxDDAKBgYqhQMCAgkFADCCBGEGCyqGSIb3DQEJEAEHoIIEUASCBEwwggRIMAoKAQMCBQDT+FBRoIIEIDCCBBygggQYMIIDxaADAgECAgpM4Pr3AAAAADzQMAoGBiqFAwICAwUAMIHnMRswGQYJKoZIhvcNAQkBFgx1ZGNzQHVkY3MucnUxCzAJBgNVBAYTAlJVMRcwFQYDVQQIHg4EIgQ+BDwEQQQ6BDAETzETMBEGA1UEBx4KBCIEPgQ8BEEEOjFHMEUGA1UEChM+VG9tc2sgU3RhdGUgVW5pdmVyc2l0eSBvZiBDb250cm9sIFN5c3RlbXMgYW5kIFJhZGlvZWxlY3Ryb25pY3MxJzAlBgNVBAseHgQmBCIEEQAgAC0AIAQjBCYAIAQhBDgEMQQ4BEAEODEbMBkGA1UEAxMSVURDIFNpYmlyaWEgVFNVQ1NSMB4XDTEyMTExMjAzMjgwMFoXDTEzMDMwMzA2MTkwMFowgdExKDAmBgkqhkiG9w0BCQEWGXRlc3RfdWRjc0BjdGIucmsudHVzdXIucnUxCzAJBgNVBAYTAlJVMRMwEQYDVQQHDArQotC+0LzRgdC6MT0wOwYDVQQKDDTQo9C00L7RgdGC0L7QstC10YDRj9GO0YnQuNC5INCm0LXQvdGC0YAg0KHQuNCx0LjRgNC4MUQwQgYDVQQDDDvQotC10YHRgtC+0LLRi9C5INCf0L7Qu9GM0LfQvtCy0LDRgtC10LvRjCDQo9CmINCh0LjQsdC40YDQuDBjMBwGBiqFAwICEzASBgcqhQMCAiQABgcqhQMCAh4BA0MABEBHTUfk8hd5xSwiSdDAe6INFLLmTi417Mp7vMRNZ+E9v0GbT52PMmQRzXe3Yh4zAsddU6Vr3WAWhJuF9ZFinTtYo4IBYTCCAV0wDgYDVR0PAQH/BAQDAgTwMCYGA1UdJQQfMB0GCCsGAQUFBwMEBgcqhQMCAiIGBggrBgEFBQcDAjAdBgNVHQ4EFgQU4lVNKJH/OqQ5TQe0FxHUC1fYJT0wHwYDVR0jBBgwFoAUuR6KgNhm2o7kHyiMQFiMXOrW5yIwWgYDVR0fBFMwUTBPoE2gS4YjaHR0cDovL3d3dy51ZGNzLnJ1L2NlcnRzcnYvdWRjcy5jcmyGJGh0dHA6Ly93d3cyLnVkY3MucnUvY2VydHNydi91ZGNzLmNybDBxBggrBgEFBQcBAQRlMGMwLwYIKwYBBQUHMAKGI2h0dHA6Ly93d3cudWRjcy5ydS9jZXJ0c3J2L3VkY3MuY2VyMDAGCCsGAQUFBzAChiRodHRwOi8vd3d3Mi51ZGNzLnJ1L2NlcnRzcnYvdWRjcy5jZXIwFAYDVR0gBA0wCzAJBgcqhQMDEwIEMAoGBiqFAwICAwUAA0EAEYnD+gc8ebRpF2YpbwsdwhMI7uwDQGsDHNlCVXRRKZkZLlUo8KCel2g9BuxbjKefFOK8N+HxkAkZwpVn2SIP9KAWBgsqhQMCFQEBAgEDAqAHAgUArjROZKCCA3QwggNwMIIDHaADAgECAgomOz17AAAAADcUMAoGBiqFAwICAwUAMIHnMRswGQYJKoZIhvcNAQkBFgx1ZGNzQHVkY3MucnUxCzAJBgNVBAYTAlJVMRcwFQYDVQQIHg4EIgQ+BDwEQQQ6BDAETzETMBEGA1UEBx4KBCIEPgQ8BEEEOjFHMEUGA1UEChM+VG9tc2sgU3RhdGUgVW5pdmVyc2l0eSBvZiBDb250cm9sIFN5c3RlbXMgYW5kIFJhZGlvZWxlY3Ryb25pY3MxJzAlBgNVBAseHgQmBCIEEQAgAC0AIAQjBCYAIAQhBDgEMQQ4BEAEODEbMBkGA1UEAxMSVURDIFNpYmlyaWEgVFNVQ1NSMB4XDTExMTIwNzA0MjQwMFoXDTEyMTIwNzA0MzMwMFowHzEdMBsGA1UEAx4UAFIAQwBBAEkAUgBfAHQAZQBjAGgwYzAcBgYqhQMCAhMwEgYHKoUDAgIkAAYHKoUDAgIeAQNDAARAuAxBQSQj2WLWmfh0ccRa/lJIKMjvtbrB8beZLMQrDS93epBRN3zrFkYATBULZ3Ekh2JCVK4y3KiDq9Jq7cWuIqOCAWwwggFoMA4GA1UdDwEB/wQEAwIE8DAwBgNVHSUEKTAnBggrBgEFBQcDBAYIKoUDAxMCBQIGByqFAwICIgYGCCsGAQUFBwMCMB0GA1UdDgQWBBT+Fn73/1O3/3hyRSFNZpskwJ6CpDAfBgNVHSMEGDAWgBS5HoqA2GbajuQfKIxAWIxc6tbnIjBaBgNVHR8EUzBRME+gTaBLhiNodHRwOi8vd3d3LnVkY3MucnUvY2VydHNydi91ZGNzLmNybIYkaHR0cDovL3d3dzIudWRjcy5ydS9jZXJ0c3J2L3VkY3MuY3JsMHEGCCsGAQUFBwEBBGUwYzAvBggrBgEFBQcwAoYjaHR0cDovL3d3dy51ZGNzLnJ1L2NlcnRzcnYvdWRjcy5jZXIwMAYIKwYBBQUHMAKGJGh0dHA6Ly93d3cyLnVkY3MucnUvY2VydHNydi91ZGNzLmNlcjAVBgNVHSAEDjAMMAoGCCqFAwMTAgUBMAoGBiqFAwICAwUAA0EAsJZV1hVM9Iu2KNZ3q60YL+u2XSYa9TdSPJocLaNsWi8PDJGnHXcGx6ptyzEED5o1pt4fZa4RAyKuFW3uWlXiMzGCAVowggFWAgEBMIH2MIHnMRswGQYJKoZIhvcNAQkBFgx1ZGNzQHVkY3MucnUxCzAJBgNVBAYTAlJVMRcwFQYDVQQIHg4EIgQ+BDwEQQQ6BDAETzETMBEGA1UEBx4KBCIEPgQ8BEEEOjFHMEUGA1UEChM+VG9tc2sgU3RhdGUgVW5pdmVyc2l0eSBvZiBDb250cm9sIFN5c3RlbXMgYW5kIFJhZGlvZWxlY3Ryb25pY3MxJzAlBgNVBAseHgQmBCIEEQAgAC0AIAQjBCYAIAQhBDgEMQQ4BEAEODEbMBkGA1UEAxMSVURDIFNpYmlyaWEgVFNVQ1NSAgomOz17AAAAADcUMAoGBiqFAwICCQUAMAoGBiqFAwICEwUABEAk1zo3ySf6aEM4r58ECqQckUfZIdKXX6+eZusE2pNLcpL9u+x4igzroaZ29u3Tan1t//ehxYk4TFGJ9GCyWkG9";
- private static final String RESPONSE_VPKC_TOMSK = "MIIhoQYJKoZIhvcNAQcCoIIhkjCCIY4CAQMxDDAKBgYqhQMCAgkFADCCFzkGCyqGSIb3DQEJEAEIoIIXKASCFyQwghcgMAoKAQMCBQDT+FBRMDUwEQYGKoUDAgIJBgcqhQMCAh4BBCD9l6MZHJXSrXM8Eavg5q6wga+HNRd/UPawjCnTqv6N5wICGHEYDzIwMTIxMjA0MDQwNzUzWqADAgEAo4IWvzCCFrugggQYMIIDxaADAgECAgpM4Pr3AAAAADzQMAoGBiqFAwICAwUAMIHnMRswGQYJKoZIhvcNAQkBFgx1ZGNzQHVkY3MucnUxCzAJBgNVBAYTAlJVMRcwFQYDVQQIHg4EIgQ+BDwEQQQ6BDAETzETMBEGA1UEBx4KBCIEPgQ8BEEEOjFHMEUGA1UEChM+VG9tc2sgU3RhdGUgVW5pdmVyc2l0eSBvZiBDb250cm9sIFN5c3RlbXMgYW5kIFJhZGlvZWxlY3Ryb25pY3MxJzAlBgNVBAseHgQmBCIEEQAgAC0AIAQjBCYAIAQhBDgEMQQ4BEAEODEbMBkGA1UEAxMSVURDIFNpYmlyaWEgVFNVQ1NSMB4XDTEyMTExMjAzMjgwMFoXDTEzMDMwMzA2MTkwMFowgdExKDAmBgkqhkiG9w0BCQEWGXRlc3RfdWRjc0BjdGIucmsudHVzdXIucnUxCzAJBgNVBAYTAlJVMRMwEQYDVQQHDArQotC+0LzRgdC6MT0wOwYDVQQKDDTQo9C00L7RgdGC0L7QstC10YDRj9GO0YnQuNC5INCm0LXQvdGC0YAg0KHQuNCx0LjRgNC4MUQwQgYDVQQDDDvQotC10YHRgtC+0LLRi9C5INCf0L7Qu9GM0LfQvtCy0LDRgtC10LvRjCDQo9CmINCh0LjQsdC40YDQuDBjMBwGBiqFAwICEzASBgcqhQMCAiQABgcqhQMCAh4BA0MABEBHTUfk8hd5xSwiSdDAe6INFLLmTi417Mp7vMRNZ+E9v0GbT52PMmQRzXe3Yh4zAsddU6Vr3WAWhJuF9ZFinTtYo4IBYTCCAV0wDgYDVR0PAQH/BAQDAgTwMCYGA1UdJQQfMB0GCCsGAQUFBwMEBgcqhQMCAiIGBggrBgEFBQcDAjAdBgNVHQ4EFgQU4lVNKJH/OqQ5TQe0FxHUC1fYJT0wHwYDVR0jBBgwFoAUuR6KgNhm2o7kHyiMQFiMXOrW5yIwWgYDVR0fBFMwUTBPoE2gS4YjaHR0cDovL3d3dy51ZGNzLnJ1L2NlcnRzcnYvdWRjcy5jcmyGJGh0dHA6Ly93d3cyLnVkY3MucnUvY2VydHNydi91ZGNzLmNybDBxBggrBgEFBQcBAQRlMGMwLwYIKwYBBQUHMAKGI2h0dHA6Ly93d3cudWRjcy5ydS9jZXJ0c3J2L3VkY3MuY2VyMDAGCCsGAQUFBzAChiRodHRwOi8vd3d3Mi51ZGNzLnJ1L2NlcnRzcnYvdWRjcy5jZXIwFAYDVR0gBA0wCzAJBgcqhQMDEwIEMAoGBiqFAwICAwUAA0EAEYnD+gc8ebRpF2YpbwsdwhMI7uwDQGsDHNlCVXRRKZkZLlUo8KCel2g9BuxbjKefFOK8N+HxkAkZwpVn2SIP9DCCEpukghKSMIISPwIBATAKBgYqhQMCAgMFADCB5zEbMBkGCSqGSIb3DQEJARYMdWRjc0B1ZGNzLnJ1MQswCQYDVQQGEwJSVTEXMBUGA1UECB4OBCIEPgQ8BEEEOgQwBE8xEzARBgNVBAceCgQiBD4EPARBBDoxRzBFBgNVBAoTPlRvbXNrIFN0YXRlIFVuaXZlcnNpdHkgb2YgQ29udHJvbCBTeXN0ZW1zIGFuZCBSYWRpb2VsZWN0cm9uaWNzMScwJQYDVQQLHh4EJgQiBBEAIAAtACAEIwQmACAEIQQ4BDEEOARABDgxGzAZBgNVBAMTElVEQyBTaWJpcmlhIFRTVUNTUhcNMTIxMjAzMjMxNDQyWhcNMTIxMjA0MTEzNDQyWjCCEMIwKQIKY9ERPQAAAAA39BcNMTIwNTI5MDU0MTQyWjAMMAoGA1UdFQQDCgEFMCkCClMQVqAAAAAAPJ0XDTEyMDUwNDA2NDAwN1owDDAKBgNVHRUEAwoBBTApAgpzVc4NAAAAADhZFw0xMjA1MDIwNTM4MDdaMAwwCgYDVR0VBAMKAQUwKQIKSug0MAAAAAA3rBcNMTIwNDA1MTAwMTA4WjAMMAoGA1UdFQQDCgEFMCkCClm0GYoAAAAAPLAXDTEyMDMwMjA4MTY1OVowDDAKBgNVHRUEAwoBBjApAgoYJJymAAAAADiyFw0xMjAzMDEwODQ4MzdaMAwwCgYDVR0VBAMKAQUwKQIKber2EgAAAAA4JBcNMTIwMjI3MTEwNDMzWjAMMAoGA1UdFQQDCgEFMBsCCjnR3koAAAAAPIcXDTEyMDIyNDA1MzQzMlowKQIKRET0xAAAAAA7oRcNMTIwMjIyMDczNjUxWjAMMAoGA1UdFQQDCgEGMCkCCkNiUHEAAAAAO44XDTEyMDIxNzAzNDMzOVowDDAKBgNVHRUEAwoBBjApAgpDGzBQAAAAADuCFw0xMjAyMTcwMzM5NTNaMAwwCgYDVR0VBAMKAQYwKQIKZDO2iQAAAAA3/BcNMTIwMjE3MDI1OTU5WjAMMAoGA1UdFQQDCgEGMBsCChxb9AQAAAAAPEsXDTEyMDIxNjA5NDkxMFowKQIKHPY0WgAAAAA29RcNMTIwMjE2MDg1NzI2WjAMMAoGA1UdFQQDCgEGMCkCCm2GTwEAAAAAPAQXDTEyMDIxNDA5MDk1N1owDDAKBgNVHRUEAwoBBjAbAgoWLVhPAAAAADwsFw0xMjAyMTQwNzQ3MjNaMBsCChbo/oUAAAAAPDEXDTEyMDIxNDA3NDcwOVowKQIKcsSY7AAAAAA8GRcNMTIwMjEwMTAwMTU5WjAMMAoGA1UdFQQDCgEGMCkCChT6NkoAAAAAOt4XDTEyMDIwNjEwMTM0NFowDDAKBgNVHRUEAwoBBjApAgpDGCUzAAAAADuBFw0xMjAyMDYwNDI5MTdaMAwwCgYDVR0VBAMKAQYwKQIKQxUI/wAAAAA7gBcNMTIwMjA2MDI1MjA1WjAMMAoGA1UdFQQDCgEGMCkCCkMSDtkAAAAAO38XDTEyMDIwNjAyNDYwMVowDDAKBgNVHRUEAwoBBjApAgpDDnP/AAAAADt+Fw0xMjAyMDYwMjQyMjZaMAwwCgYDVR0VBAMKAQYwKQIKQwYdSwAAAAA7fBcNMTIwMjAzMDUxMDI2WjAMMAoGA1UdFQQDCgEGMCkCCkL++I8AAAAAO3oXDTEyMDIwMjEwMjQ1NlowDDAKBgNVHRUEAwoBBjApAgpDCsDbAAAAADt9Fw0xMjAyMDEwNzIxMjZaMAwwCgYDVR0VBAMKAQYwKQIKQwK02wAAAAA7excNMTIwMjAxMDMyNjU0WjAMMAoGA1UdFQQDCgEGMCkCCj3Mu7oAAAAAO2MXDTEyMDEzMTAzMTAwMVowDDAKBgNVHRUEAwoBBjApAgoqQD8LAAAAADsyFw0xMjAxMzAwODQ5MjJaMAwwCgYDVR0VBAMKAQYwKQIKOWQy4QAAAAA7QxcNMTIwMTMwMDYzNzA1WjAMMAoGA1UdFQQDCgEGMCkCCknsIyMAAAAAN6IXDTEyMDEzMDA1NTIzOVowDDAKBgNVHRUEAwoBBjApAgpgtCuYAAAAADmsFw0xMjAxMjcwNzU5NTRaMAwwCgYDVR0VBAMKAQYwGwIKJVQHUgAAAAA7HBcNMTIwMTI2MTA1ODEwWjApAgphN+VDAAAAADq3Fw0xMjAxMjYwNDQwNDNaMAwwCgYDVR0VBAMKAQYwKQIKYS3NlgAAAAA6thcNMTIwMTI2MDQzNTE5WjAMMAoGA1UdFQQDCgEGMCkCCmDDA5UAAAAAOa4XDTEyMDEyNjA0MjYyNlowDDAKBgNVHRUEAwoBBjAbAgokOfuWAAAAADsCFw0xMjAxMjYwNDEwNTVaMCkCCjCuCiMAAAAAN20XDTEyMDEyNTEwMTkzMFowDDAKBgNVHRUEAwoBBjApAgor/6fDAAAAADdWFw0xMjAxMjUxMDA0MjdaMAwwCgYDVR0VBAMKAQYwKQIKG7cchQAAAAA6JhcNMTIwMTI1MTAwMTUxWjAMMAoGA1UdFQQDCgEGMCkCCivPIFwAAAAANzsXDTEyMDEyNTEwMDEwMlowDDAKBgNVHRUEAwoBBjApAgor8Dn+AAAAADdLFw0xMjAxMjUxMDAwMTlaMAwwCgYDVR0VBAMKAQYwKQIKHwmcLgAAAAA6dxcNMTIwMTI1MDk1OTQwWjAMMAoGA1UdFQQDCgEGMCkCCivHoyAAAAAANzYXDTEyMDEyNTA5NTkwMFowDDAKBgNVHRUEAwoBBjApAgor+9gdAAAAADdTFw0xMjAxMjUwOTU4MzhaMAwwCgYDVR0VBAMKAQYwKQIKK9SEuwAAAAA3PRcNMTIwMTI1MDk1ODE1WjAMMAoGA1UdFQQDCgEGMCkCCiv0m4QAAAAAN04XDTEyMDEyNTA5NTc1M1owDDAKBgNVHRUEAwoBBjApAgosANWVAAAAADdXFw0xMjAxMjUwOTU3MDNaMAwwCgYDVR0VBAMKAQYwKQIKK7wKAgAAAAA3MBcNMTIwMTI1MDk1NjAxWjAMMAoGA1UdFQQDCgEGMCkCCivrl5gAAAAAN0gXDTEyMDEyNTA5NTUzNVowDDAKBgNVHRUEAwoBBjApAgor2rWiAAAAADdBFw0xMjAxMjUwOTU0MTVaMAwwCgYDVR0VBAMKAQYwKQIKLAkPigAAAAA3WRcNMTIwMTI1MDk1MzMwWjAMMAoGA1UdFQQDCgEGMCkCCiv3lhYAAAAAN1AXDTEyMDEyNTA5NTIxMlowDDAKBgNVHRUEAwoBBjApAgor7rNPAAAAADdKFw0xMjAxMjUwOTUxMDhaMAwwCgYDVR0VBAMKAQYwKQIKK/Z1sgAAAAA3TxcNMTIwMTI1MDk1MDQyWjAMMAoGA1UdFQQDCgEGMCkCCivWDJQAAAAANz4XDTEyMDEyNTA5NDkyNFowDDAKBgNVHRUEAwoBBjApAgor15vfAAAAADc/Fw0xMjAxMjUwOTAxMDhaMAwwCgYDVR0VBAMKAQYwKQIKK/1MTwAAAAA3VBcNMTIwMTI1MDkwMDQzWjAMMAoGA1UdFQQDCgEGMCkCCm8dIG0AAAAAOEkXDTEyMDEyNTA4NTcwNFowDDAKBgNVHRUEAwoBBjApAgor+TrOAAAAADdRFw0xMjAxMjUwODU0NDhaMAwwCgYDVR0VBAMKAQYwKQIKK91HCwAAAAA3QxcNMTIwMTI1MDg1NDE2WjAMMAoGA1UdFQQDCgEGMCkCCivhXOEAAAAAN0YXDTEyMDEyNTA4NTEyNFowDDAKBgNVHRUEAwoBBjApAgor3oavAAAAADdEFw0xMjAxMjUwODUwNTFaMAwwCgYDVR0VBAMKAQYwKQIKK/qgKgAAAAA3UhcNMTIwMTI1MDg1MDIzWjAMMAoGA1UdFQQDCgEGMCkCCivInW4AAAAANzcXDTEyMDEyNTA4NDk1NVowDDAKBgNVHRUEAwoBBjApAgor2NfKAAAAADdAFw0xMjAxMjUwODQ5MjlaMAwwCgYDVR0VBAMKAQYwKQIKK9FDTAAAAAA3PBcNMTIwMTI1MDg0OTA1WjAMMAoGA1UdFQQDCgEGMCkCCivKj7gAAAAANzgXDTEyMDEyNTA4NDg0MlowDDAKBgNVHRUEAwoBBjApAgob10E4AAAAADorFw0xMjAxMjUwODQ3MzBaMAwwCgYDVR0VBAMKAQYwKQIKG8RtwwAAAAA6JxcNMTIwMTI1MDg0NDUyWjAMMAoGA1UdFQQDCgEGMCkCCjGytWcAAAAAN3AXDTEyMDEyNTA4NDMxMFowDDAKBgNVHRUEAwoBBjApAgoeuuXKAAAAADpqFw0xMjAxMjMwODQ0MTVaMAwwCgYDVR0VBAMKAQYwKQIKFlB0AwAAAAA6zRcNMTIwMTIwMDgzNjEyWjAMMAoGA1UdFQQDCgEGMBsCChEz1ZoAAAAAOsAXDTEyMDExOTA4NTg1M1owGwIKVOxrrAAAAAA5HxcNMTIwMTE5MDg0NzI0WjApAgpWLsAnAAAAADk9Fw0xMjAxMTkwODA4NDFaMAwwCgYDVR0VBAMKAQYwKQIKE+YW2gAAAAA6jRcNMTIwMTE3MDgzNDEzWjAMMAoGA1UdFQQDCgEGMCkCCivgIWMAAAAAN0UXDTEyMDExNjA5NTIzNFowDDAKBgNVHRUEAwoBBjApAgorvndoAAAAADcxFw0xMjAxMTYwNzU4MzhaMAwwCgYDVR0VBAMKAQYwKQIKK/GkqgAAAAA3TBcNMTIwMTE2MDc1NDAzWjAMMAoGA1UdFQQDCgEGMBsCCh3sMrEAAAAAOksXDTEyMDExNjA0NDgxNFowKQIKG/ZSaAAAAAA6MhcNMTIwMTE1MTkzMjUzWjAMMAoGA1UdFQQDCgEGMCkCCivD4PcAAAAANzMXDTEyMDExNTE4MTQzMVowDDAKBgNVHRUEAwoBBjApAgphBr7eAAAAADnkFw0xMjAxMTMwOTE4MjlaMAwwCgYDVR0VBAMKAQYwKQIKVcRrawAAAAA36BcNMTIwMTEzMDIyNDAwWjAMMAoGA1UdFQQDCgEGMCkCClr+ASQAAAAAOWcXDTEyMDExMTA2NTgxMVowDDAKBgNVHRUEAwoBBjApAgohQuc4AAAAADcFFw0xMjAxMTEwNTUwMDFaMAwwCgYDVR0VBAMKAQYwGwIKVovg+QAAAAA5RBcNMTIwMTEwMTAyMDI0WjAbAgoSlRTAAAAAADjlFw0xMTEyMzAwNjIwMzRaMBsCChKowuUAAAAAOOYXDTExMTIzMDA2MTkzMFowGwIKF1KCJAAAAAA5ChcNMTExMjI5MDMzNzM3WjApAgoTN65cAAAAADjtFw0xMTEyMjkwMzE1MjJaMAwwCgYDVR0VBAMKAQYwKQIKHku/ZAAAAAA40xcNMTExMjI3MDk0MzAxWjAMMAoGA1UdFQQDCgEEMCkCCh5IkncAAAAAONIXDTExMTIyNzA5NDIwM1owDDAKBgNVHRUEAwoBBDApAgp5B70xAAAAADiPFw0xMTEyMjMwNjI2MDFaMAwwCgYDVR0VBAMKAQYwKQIKKxMM5gAAAAA3IRcNMTExMjIxMDgyOTU0WjAMMAoGA1UdFQQDCgEGMCkCCivB5A4AAAAANzIXDTExMTIyMTA0NTcwN1owDDAKBgNVHRUEAwoBBjApAgpp1jH9AAAAADgaFw0xMTEyMjAwNzQzMDRaMAwwCgYDVR0VBAMKAQYwKQIKQGK3qAAAAAA3excNMTExMjEyMDYyNzM4WjAMMAoGA1UdFQQDCgEEMCkCCjHUWwwAAAAAN3EXDTExMTIxMjA0MzczM1owDDAKBgNVHRUEAwoBBjApAgowaQhuAAAAADdqFw0xMTEyMDkwNDAzMzhaMAwwCgYDVR0VBAMKAQQwKQIKLAIhfQAAAAA3WBcNMTExMjA4MDcyOTA1WjAMMAoGA1UdFQQDCgEEMCkCCitrXO8AAAAANysXDTExMTIwODA1MzIyMVowDDAKBgNVHRUEAwoBBDApAgoh0ZweAAAAADcJFw0xMTEyMDYwNzU5NTdaMAwwCgYDVR0VBAMKAQagYDBeMB8GA1UdIwQYMBaAFLkeioDYZtqO5B8ojEBYjFzq1uciMBAGCSsGAQQBgjcVAQQDAgEAMAsGA1UdFAQEAgIJ4DAcBgkrBgEEAYI3FQQEDxcNMTIxMjA0MDUyNDQyWjAKBgYqhQMCAgMFAANBAG2cPM2e+xfFuw+OpA+vYvnHpXZdFj4nCvyZivcB1/mE9a9JS5Y9p2R2ONLD4lLVwuAOp13otcGkBfaS0gaWGzqiAwIBAKCCCI8wggQYMIIDxaADAgECAgpM4Pr3AAAAADzQMAoGBiqFAwICAwUAMIHnMRswGQYJKoZIhvcNAQkBFgx1ZGNzQHVkY3MucnUxCzAJBgNVBAYTAlJVMRcwFQYDVQQIHg4EIgQ+BDwEQQQ6BDAETzETMBEGA1UEBx4KBCIEPgQ8BEEEOjFHMEUGA1UEChM+VG9tc2sgU3RhdGUgVW5pdmVyc2l0eSBvZiBDb250cm9sIFN5c3RlbXMgYW5kIFJhZGlvZWxlY3Ryb25pY3MxJzAlBgNVBAseHgQmBCIEEQAgAC0AIAQjBCYAIAQhBDgEMQQ4BEAEODEbMBkGA1UEAxMSVURDIFNpYmlyaWEgVFNVQ1NSMB4XDTEyMTExMjAzMjgwMFoXDTEzMDMwMzA2MTkwMFowgdExKDAmBgkqhkiG9w0BCQEWGXRlc3RfdWRjc0BjdGIucmsudHVzdXIucnUxCzAJBgNVBAYTAlJVMRMwEQYDVQQHDArQotC+0LzRgdC6MT0wOwYDVQQKDDTQo9C00L7RgdGC0L7QstC10YDRj9GO0YnQuNC5INCm0LXQvdGC0YAg0KHQuNCx0LjRgNC4MUQwQgYDVQQDDDvQotC10YHRgtC+0LLRi9C5INCf0L7Qu9GM0LfQvtCy0LDRgtC10LvRjCDQo9CmINCh0LjQsdC40YDQuDBjMBwGBiqFAwICEzASBgcqhQMCAiQABgcqhQMCAh4BA0MABEBHTUfk8hd5xSwiSdDAe6INFLLmTi417Mp7vMRNZ+E9v0GbT52PMmQRzXe3Yh4zAsddU6Vr3WAWhJuF9ZFinTtYo4IBYTCCAV0wDgYDVR0PAQH/BAQDAgTwMCYGA1UdJQQfMB0GCCsGAQUFBwMEBgcqhQMCAiIGBggrBgEFBQcDAjAdBgNVHQ4EFgQU4lVNKJH/OqQ5TQe0FxHUC1fYJT0wHwYDVR0jBBgwFoAUuR6KgNhm2o7kHyiMQFiMXOrW5yIwWgYDVR0fBFMwUTBPoE2gS4YjaHR0cDovL3d3dy51ZGNzLnJ1L2NlcnRzcnYvdWRjcy5jcmyGJGh0dHA6Ly93d3cyLnVkY3MucnUvY2VydHNydi91ZGNzLmNybDBxBggrBgEFBQcBAQRlMGMwLwYIKwYBBQUHMAKGI2h0dHA6Ly93d3cudWRjcy5ydS9jZXJ0c3J2L3VkY3MuY2VyMDAGCCsGAQUFBzAChiRodHRwOi8vd3d3Mi51ZGNzLnJ1L2NlcnRzcnYvdWRjcy5jZXIwFAYDVR0gBA0wCzAJBgcqhQMDEwIEMAoGBiqFAwICAwUAA0EAEYnD+gc8ebRpF2YpbwsdwhMI7uwDQGsDHNlCVXRRKZkZLlUo8KCel2g9BuxbjKefFOK8N+HxkAkZwpVn2SIP9DCCBG8wggQcoAMCAQICCjBVmIkAAAAANVowCgYGKoUDAgIDBQAwgecxGzAZBgkqhkiG9w0BCQEWDHVkY3NAdWRjcy5ydTELMAkGA1UEBhMCUlUxFzAVBgNVBAgeDgQiBD4EPARBBDoEMARPMRMwEQYDVQQHHgoEIgQ+BDwEQQQ6MUcwRQYDVQQKEz5Ub21zayBTdGF0ZSBVbml2ZXJzaXR5IG9mIENvbnRyb2wgU3lzdGVtcyBhbmQgUmFkaW9lbGVjdHJvbmljczEnMCUGA1UECx4eBCYEIgQRACAALQAgBCMEJgAgBCEEOAQxBDgEQAQ4MRswGQYDVQQDExJVREMgU2liaXJpYSBUU1VDU1IwHhcNMTExMDIwMTAyNzAwWhcNMTMwMTIwMTAzNjAwWjCCATgxCzAJBgNVBAYTAlJVMRMwEQYDVQQHHgoEIgQeBBwEIQQaMUMwQQYDVQQKHjoEEAQ0BDwEOAQ9BDgEQQRCBEAEMARGBDgETwAgBCIEPgQ8BEEEOgQ+BDkAIAQ+BDEEOwQwBEEEQgQ4MYGBMH8GA1UECx54BBoEPgQ8BDgEQgQ1BEIAIAQ4BD0ERAQ+BEAEPAQwBEIEOAQ3BDAERgQ4BDgAIAQ4ACAEQQQyBE8ENwQ4ACAEEAQ0BDwEOAQ9BDgEQQRCBEAEMARGBDgEOAAgBCIEPgQ8BEEEOgQ+BDkAIAQ+BDEEOwQwBEEEQgQ4MUswSQYDVQQDHkIELQQbBBUEGgQiBCAEHgQdBB0EKwQZACAEHQQeBCIEEAQgBBgEEAQiACAAKABEAFYAQwBTACwAIABPAEMAUwBQACkwYzAcBgYqhQMCAhMwEgYHKoUDAgIkAAYHKoUDAgIeAQNDAARAijmkemSx9EYvcgxb7/O1AHd5r4mH6V6L97UyX/GGg9geywTqm/sPuq/wuVicW82f/f7huHHlIlUf5ejTwpH53aOCAVAwggFMMB0GA1UdJQQWMBQGCCsGAQUFBwMJBggrBgEFBQcDCjALBgNVHQ8EBAMCBsAwDwYJKwYBBQUHMAEFBAIFADAdBgNVHQ4EFgQUX5qI5TV4fjSwaGkElbHRedmg2NgwHwYDVR0jBBgwFoAUuR6KgNhm2o7kHyiMQFiMXOrW5yIwWgYDVR0fBFMwUTBPoE2gS4YjaHR0cDovL3d3dy51ZGNzLnJ1L2NlcnRzcnYvdWRjcy5jcmyGJGh0dHA6Ly93d3cyLnVkY3MucnUvY2VydHNydi91ZGNzLmNybDBxBggrBgEFBQcBAQRlMGMwLwYIKwYBBQUHMAKGI2h0dHA6Ly93d3cudWRjcy5ydS9jZXJ0c3J2L3VkY3MuY2VyMDAGCCsGAQUFBzAChiRodHRwOi8vd3d3Mi51ZGNzLnJ1L2NlcnRzcnYvdWRjcy5jZXIwCgYGKoUDAgIDBQADQQAw+l6X2T9zF2FtGiTvssRq0RGNaJ9d9P07qSt+gJ9gnveOnD4o8pVqCM+IgXfUrmh9IHRJ+u2LnhkDo8bUbOpIMYIBqTCCAaUCAQEwgfYwgecxGzAZBgkqhkiG9w0BCQEWDHVkY3NAdWRjcy5ydTELMAkGA1UEBhMCUlUxFzAVBgNVBAgeDgQiBD4EPARBBDoEMARPMRMwEQYDVQQHHgoEIgQ+BDwEQQQ6MUcwRQYDVQQKEz5Ub21zayBTdGF0ZSBVbml2ZXJzaXR5IG9mIENvbnRyb2wgU3lzdGVtcyBhbmQgUmFkaW9lbGVjdHJvbmljczEnMCUGA1UECx4eBCYEIgQRACAALQAgBCMEJgAgBCEEOAQxBDgEQAQ4MRswGQYDVQQDExJVREMgU2liaXJpYSBUU1VDU1ICCjBVmIkAAAAANVowCgYGKoUDAgIJBQCgTTAvBgkqhkiG9w0BCQQxIgQg4BFH+uPjI3T5F7Tr2QodH7RYWZYVWLtqaJMvXB44iy0wGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEIMAoGBiqFAwICEwUABEB+KdP1VDfB3CM6cVHW2KodvfW8NilYhJ8aq6mMKSHRoZ94KCNBI3OfZvBVFCnIPeGSGmnTwHPVXbih/PFnUcp8";
- private static final String REQUEST_CCPD_TOMSK = "MIIFagYJKoZIhvcNAQcCoIIFWzCCBVcCAQMxDDAKBgYqhQMCAgkFADBuBgsqhkiG9w0BCRABB6BfBF0wWzAKCgEEAgUAwDELHDA1MBEGBiqFAwICCQYHKoUDAgIeAQQgvrgCrtSqJuzWwWE7XelQv0cB71ehcXkh/Oikezqvl1agFgYLKoUDAhUBAQIBAwKgBwIFAJ7ldeKgggN0MIIDcDCCAx2gAwIBAgIKJjs9ewAAAAA3FDAKBgYqhQMCAgMFADCB5zEbMBkGCSqGSIb3DQEJARYMdWRjc0B1ZGNzLnJ1MQswCQYDVQQGEwJSVTEXMBUGA1UECB4OBCIEPgQ8BEEEOgQwBE8xEzARBgNVBAceCgQiBD4EPARBBDoxRzBFBgNVBAoTPlRvbXNrIFN0YXRlIFVuaXZlcnNpdHkgb2YgQ29udHJvbCBTeXN0ZW1zIGFuZCBSYWRpb2VsZWN0cm9uaWNzMScwJQYDVQQLHh4EJgQiBBEAIAAtACAEIwQmACAEIQQ4BDEEOARABDgxGzAZBgNVBAMTElVEQyBTaWJpcmlhIFRTVUNTUjAeFw0xMTEyMDcwNDI0MDBaFw0xMjEyMDcwNDMzMDBaMB8xHTAbBgNVBAMeFABSAEMAQQBJAFIAXwB0AGUAYwBoMGMwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwICHgEDQwAEQLgMQUEkI9li1pn4dHHEWv5SSCjI77W6wfG3mSzEKw0vd3qQUTd86xZGAEwVC2dxJIdiQlSuMtyog6vSau3FriKjggFsMIIBaDAOBgNVHQ8BAf8EBAMCBPAwMAYDVR0lBCkwJwYIKwYBBQUHAwQGCCqFAwMTAgUCBgcqhQMCAiIGBggrBgEFBQcDAjAdBgNVHQ4EFgQU/hZ+9/9Tt/94ckUhTWabJMCegqQwHwYDVR0jBBgwFoAUuR6KgNhm2o7kHyiMQFiMXOrW5yIwWgYDVR0fBFMwUTBPoE2gS4YjaHR0cDovL3d3dy51ZGNzLnJ1L2NlcnRzcnYvdWRjcy5jcmyGJGh0dHA6Ly93d3cyLnVkY3MucnUvY2VydHNydi91ZGNzLmNybDBxBggrBgEFBQcBAQRlMGMwLwYIKwYBBQUHMAKGI2h0dHA6Ly93d3cudWRjcy5ydS9jZXJ0c3J2L3VkY3MuY2VyMDAGCCsGAQUFBzAChiRodHRwOi8vd3d3Mi51ZGNzLnJ1L2NlcnRzcnYvdWRjcy5jZXIwFQYDVR0gBA4wDDAKBggqhQMDEwIFATAKBgYqhQMCAgMFAANBALCWVdYVTPSLtijWd6utGC/rtl0mGvU3UjyaHC2jbFovDwyRpx13BseqbcsxBA+aNabeH2WuEQMirhVt7lpV4jMxggFaMIIBVgIBATCB9jCB5zEbMBkGCSqGSIb3DQEJARYMdWRjc0B1ZGNzLnJ1MQswCQYDVQQGEwJSVTEXMBUGA1UECB4OBCIEPgQ8BEEEOgQwBE8xEzARBgNVBAceCgQiBD4EPARBBDoxRzBFBgNVBAoTPlRvbXNrIFN0YXRlIFVuaXZlcnNpdHkgb2YgQ29udHJvbCBTeXN0ZW1zIGFuZCBSYWRpb2VsZWN0cm9uaWNzMScwJQYDVQQLHh4EJgQiBBEAIAAtACAEIwQmACAEIQQ4BDEEOARABDgxGzAZBgNVBAMTElVEQyBTaWJpcmlhIFRTVUNTUgIKJjs9ewAAAAA3FDAKBgYqhQMCAgkFADAKBgYqhQMCAhMFAARAl0/LMiXMPCJIkAgCI6x3/8wPBDTR8P5GGs40Xzbz1rdvxcBTPEsyp8kNYMzxmQNegTOFemy15KKnQq8e4Fja6w==";
- private static final String RESPONSE_CCPD_TOMSK = "MIIGugYJKoZIhvcNAQcCoIIGqzCCBqcCAQMxDDAKBgYqhQMCAgkFADBwBgsqhkiG9w0BCRABCKBhBF8wXTAKCgEEAgUAwDELHDA1MBEGBiqFAwICCQYHKoUDAgIeAQQgvrgCrtSqJuzWwWE7XelQv0cB71ehcXkh/Oikezqvl1YCAhhwGA8yMDEyMTIwNDA0MDY0M1qgAwIBAKCCBHMwggRvMIIEHKADAgECAgowVZiJAAAAADVaMAoGBiqFAwICAwUAMIHnMRswGQYJKoZIhvcNAQkBFgx1ZGNzQHVkY3MucnUxCzAJBgNVBAYTAlJVMRcwFQYDVQQIHg4EIgQ+BDwEQQQ6BDAETzETMBEGA1UEBx4KBCIEPgQ8BEEEOjFHMEUGA1UEChM+VG9tc2sgU3RhdGUgVW5pdmVyc2l0eSBvZiBDb250cm9sIFN5c3RlbXMgYW5kIFJhZGlvZWxlY3Ryb25pY3MxJzAlBgNVBAseHgQmBCIEEQAgAC0AIAQjBCYAIAQhBDgEMQQ4BEAEODEbMBkGA1UEAxMSVURDIFNpYmlyaWEgVFNVQ1NSMB4XDTExMTAyMDEwMjcwMFoXDTEzMDEyMDEwMzYwMFowggE4MQswCQYDVQQGEwJSVTETMBEGA1UEBx4KBCIEHgQcBCEEGjFDMEEGA1UECh46BBAENAQ8BDgEPQQ4BEEEQgRABDAERgQ4BE8AIAQiBD4EPARBBDoEPgQ5ACAEPgQxBDsEMARBBEIEODGBgTB/BgNVBAseeAQaBD4EPAQ4BEIENQRCACAEOAQ9BEQEPgRABDwEMARCBDgENwQwBEYEOAQ4ACAEOAAgBEEEMgRPBDcEOAAgBBAENAQ8BDgEPQQ4BEEEQgRABDAERgQ4BDgAIAQiBD4EPARBBDoEPgQ5ACAEPgQxBDsEMARBBEIEODFLMEkGA1UEAx5CBC0EGwQVBBoEIgQgBB4EHQQdBCsEGQAgBB0EHgQiBBAEIAQYBBAEIgAgACgARABWAEMAUwAsACAATwBDAFMAUAApMGMwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwICHgEDQwAEQIo5pHpksfRGL3IMW+/ztQB3ea+Jh+lei/e1Ml/xhoPYHssE6pv7D7qv8LlYnFvNn/3+4bhx5SJVH+Xo08KR+d2jggFQMIIBTDAdBgNVHSUEFjAUBggrBgEFBQcDCQYIKwYBBQUHAwowCwYDVR0PBAQDAgbAMA8GCSsGAQUFBzABBQQCBQAwHQYDVR0OBBYEFF+aiOU1eH40sGhpBJWx0XnZoNjYMB8GA1UdIwQYMBaAFLkeioDYZtqO5B8ojEBYjFzq1uciMFoGA1UdHwRTMFEwT6BNoEuGI2h0dHA6Ly93d3cudWRjcy5ydS9jZXJ0c3J2L3VkY3MuY3JshiRodHRwOi8vd3d3Mi51ZGNzLnJ1L2NlcnRzcnYvdWRjcy5jcmwwcQYIKwYBBQUHAQEEZTBjMC8GCCsGAQUFBzAChiNodHRwOi8vd3d3LnVkY3MucnUvY2VydHNydi91ZGNzLmNlcjAwBggrBgEFBQcwAoYkaHR0cDovL3d3dzIudWRjcy5ydS9jZXJ0c3J2L3VkY3MuY2VyMAoGBiqFAwICAwUAA0EAMPpel9k/cxdhbRok77LEatERjWifXfT9O6krfoCfYJ73jpw+KPKVagjPiIF31K5ofSB0Sfrti54ZA6PG1GzqSDGCAakwggGlAgEBMIH2MIHnMRswGQYJKoZIhvcNAQkBFgx1ZGNzQHVkY3MucnUxCzAJBgNVBAYTAlJVMRcwFQYDVQQIHg4EIgQ+BDwEQQQ6BDAETzETMBEGA1UEBx4KBCIEPgQ8BEEEOjFHMEUGA1UEChM+VG9tc2sgU3RhdGUgVW5pdmVyc2l0eSBvZiBDb250cm9sIFN5c3RlbXMgYW5kIFJhZGlvZWxlY3Ryb25pY3MxJzAlBgNVBAseHgQmBCIEEQAgAC0AIAQjBCYAIAQhBDgEMQQ4BEAEODEbMBkGA1UEAxMSVURDIFNpYmlyaWEgVFNVQ1NSAgowVZiJAAAAADVaMAoGBiqFAwICCQUAoE0wLwYJKoZIhvcNAQkEMSIEINO9R6CnEfi/gJi+AWp3FDKG0HZ5Fq94JvwCoRpXze93MBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABCDAKBgYqhQMCAhMFAARAIVnBio5IT1m+Dkzxktb9BRoElW5au5SO8T/+wGXnWD86CsBF25F5jvN6a2l83XzD0YDrC0wuMsY/dyThotWwvw==";
- // expected info initialization:
- private static final DVCSRequest REQ_CCPD_CLEPSYDRE, REQ_CCPD_TOMSK, REQ_CPD_TOMSK, REQ_VPKC_TOMSK;
- private static final DVCSResponse RES_CCPD_CLEPSYDRE, RES_CCPD_TOMSK, RES_CPD_TOMSK, RES_VPKC_TOMSK;
- private static List requests = new ArrayList();
- private static List responses = new ArrayList();
-
- static
- {
- GeneralName CLEPSYDRE_REQUESTER = GeneralName.getInstance(Hex.decode("A44B3049310B3009060355040613024652310E300C0603550407130550617269733110300E060355040A13074564656C576562311830160603550403130F50657465722053796C766573746572"));
- GeneralName CLEPSYDRE_RESPONDER = GeneralName.getInstance(Hex.decode("A4723070310B300906035504061302465231153013060355040A130C4564656C57656220532E412E31283026060355040B131F436C657073796472652044656D6F6E7374726174696F6E20536572766963653120301E0603550403131754696D65205374616D70696E6720417574686F72697479"));
- PolicyInformation CLEPSYDRE_POLICY = new PolicyInformation(new ASN1ObjectIdentifier("1.3.6.1.4.1.5309.1.2.1"));
-
- DVCSRequestInformationBuilder INFO_CCPD_CLEPSYDRE = new DVCSRequestInformationBuilder(ServiceType.CCPD);
- INFO_CCPD_CLEPSYDRE.setRequester(CLEPSYDRE_REQUESTER);
- INFO_CCPD_CLEPSYDRE.setRequestPolicy(CLEPSYDRE_POLICY);
-
- DigestInfo DIGEST_CCPD_CLEPSYDRE = new DigestInfo(new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.14.3.2.26")), Hex.decode("75B685AF6F89467DE80715251E45978FCD1FA566"));
-
- DVCSRequestInformationBuilder INFO_CCPD_CLEPSYDRE2 = new DVCSRequestInformationBuilder(ServiceType.CCPD);
- INFO_CCPD_CLEPSYDRE2.setRequester(CLEPSYDRE_REQUESTER);
- INFO_CCPD_CLEPSYDRE2.setRequestPolicy(CLEPSYDRE_POLICY);
- INFO_CCPD_CLEPSYDRE2.setDVCS(CLEPSYDRE_RESPONDER);
-
- REQ_CCPD_CLEPSYDRE = new DVCSRequest(INFO_CCPD_CLEPSYDRE.build(), new Data(DIGEST_CCPD_CLEPSYDRE));
- RES_CCPD_CLEPSYDRE = new DVCSResponse(new DVCSCertInfo(INFO_CCPD_CLEPSYDRE2.build(), DIGEST_CCPD_CLEPSYDRE, new ASN1Integer(new BigInteger(Hex.decode("01780A1ECA8823"))), new DVCSTime(new ASN1GeneralizedTime("20000417171617Z"))));
-
- DVCSRequestInformationBuilder INFO_CCPD_TOMSK = new DVCSRequestInformationBuilder(ServiceType.CCPD);
- INFO_CCPD_TOMSK.setNonce(new BigInteger(Hex.decode("00C0310B1C")));
-
- DigestInfo DIGEST_CCPD_TOMSK = new DigestInfo(new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.643.2.2.9"), new ASN1ObjectIdentifier("1.2.643.2.2.30.1")), Hex.decode("BEB802AED4AA26ECD6C1613B5DE950BF4701EF57A1717921FCE8A47B3AAF9756"));
- GeneralName ID_CCPD_TOMSK = GeneralName.getInstance(Hex.decode("A016060B2A85030215010102010302A0070205009EE575E2"));
-
- REQ_CCPD_TOMSK = new DVCSRequest(INFO_CCPD_TOMSK.build(), new Data(DIGEST_CCPD_TOMSK), ID_CCPD_TOMSK);
-
- DVCSCertInfoBuilder certInfoBldr = new DVCSCertInfoBuilder(INFO_CCPD_TOMSK.build(), DIGEST_CCPD_TOMSK, new ASN1Integer(6256), new DVCSTime(new ASN1GeneralizedTime("20121204040643Z")));
- certInfoBldr.setDvStatus(new PKIStatusInfo(PKIStatus.granted));
- RES_CCPD_TOMSK = new DVCSResponse(certInfoBldr.build());
-
-
- DVCSRequestInformationBuilder INFO_CPD_TOMSK = new DVCSRequestInformationBuilder(ServiceType.CPD);
- INFO_CPD_TOMSK.setNonce(new BigInteger("234303415"));
-
- DVCSRequestInformationBuilder INFO_CPD_TOMSK2 = new DVCSRequestInformationBuilder(ServiceType.CPD);
- INFO_CPD_TOMSK2.setNonce(new BigInteger("1957381177"));
-
- String CPD_DATA_TOMSK = "30820418308203C5A003020102020A4CE0FAF7000000003CD0300A06062A850302020305003081E7311B301906092A864886F70D010901160C7564637340756463732E7275310B30090603550406130252553117301506035504081E0E0422043E043C0441043A0430044F3113301106035504071E0A0422043E043C0441043A31473045060355040A133E546F6D736B20537461746520556E6976657273697479206F6620436F6E74726F6C2053797374656D7320616E6420526164696F656C656374726F6E69637331273025060355040B1E1E0426042204110020002D0020042304260020042104380431043804400438311B301906035504031312554443205369626972696120545355435352301E170D3132313131323033323830305A170D3133303330333036313930305A3081D13128302606092A864886F70D0109011619746573745F75646373406374622E726B2E74757375722E7275310B30090603550406130252553113301106035504070C0AD0A2D0BED0BCD181D0BA313D303B060355040A0C34D0A3D0B4D0BED181D182D0BED0B2D0B5D180D18FD18ED189D0B8D0B920D0A6D0B5D0BDD182D18020D0A1D0B8D0B1D0B8D180D0B83144304206035504030C3BD0A2D0B5D181D182D0BED0B2D18BD0B920D09FD0BED0BBD18CD0B7D0BED0B2D0B0D182D0B5D0BBD18C20D0A3D0A620D0A1D0B8D0B1D0B8D180D0B83063301C06062A8503020213301206072A85030202240006072A850302021E010343000440474D47E4F21779C52C2249D0C07BA20D14B2E64E2E35ECCA7BBCC44D67E13DBF419B4F9D8F326411CD77B7621E3302C75D53A56BDD6016849B85F591629D3B58A38201613082015D300E0603551D0F0101FF0404030204F030260603551D25041F301D06082B0601050507030406072A85030202220606082B06010505070302301D0603551D0E04160414E2554D2891FF3AA4394D07B41711D40B57D8253D301F0603551D23041830168014B91E8A80D866DA8EE41F288C40588C5CEAD6E722305A0603551D1F04533051304FA04DA04B8623687474703A2F2F7777772E756463732E72752F636572747372762F756463732E63726C8624687474703A2F2F777777322E756463732E72752F636572747372762F756463732E63726C307106082B0601050507010104653063302F06082B060105050730028623687474703A2F2F7777772E756463732E72752F636572747372762F756463732E636572303006082B060105050730028624687474703A2F2F777777322E756463732E72752F636572747372762F756463732E63657230140603551D20040D300B300906072A850303130204300A06062A850302020305000341001189C3FA073C79B4691766296F0B1DC21308EEEC03406B031CD9425574512999192E5528F0A09E97683D06EC5B8CA79F14E2BC37E1F1900919C29567D9220FF4";
- DigestInfo DIGEST_CPD_TOMSK = DIGEST_CCPD_TOMSK;
- GeneralName ID_CPD_TOMSK = GeneralName.getInstance(Hex.decode("A016060B2A85030215010102010302A00702050085BA0D41"));
-
- REQ_CPD_TOMSK = new DVCSRequest(INFO_CPD_TOMSK.build(), new Data(Hex.decode(CPD_DATA_TOMSK)), ID_CPD_TOMSK);
-
- certInfoBldr = new DVCSCertInfoBuilder(INFO_CPD_TOMSK2.build(), DIGEST_CPD_TOMSK, new ASN1Integer(6329), new DVCSTime(new ASN1GeneralizedTime("20121205065720Z")));
- certInfoBldr.setDvStatus(new PKIStatusInfo(PKIStatus.granted));
- RES_CPD_TOMSK = new DVCSResponse(certInfoBldr.build());
-
-
- DVCSRequestInformationBuilder INFO_VPKC_TOMSK = new DVCSRequestInformationBuilder(ServiceType.VPKC);
- INFO_VPKC_TOMSK.setNonce(new BigInteger(Hex.decode("00D3F85051")));
-
- String VPKC_DATA_TOMSK = CPD_DATA_TOMSK;
- DigestInfo DIGEST_VPKC_TOMSK = new DigestInfo(new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.643.2.2.9"), new ASN1ObjectIdentifier("1.2.643.2.2.30.1")), Hex.decode("FD97A3191C95D2AD733C11ABE0E6AEB081AF8735177F50F6B08C29D3AAFE8DE7"));
- GeneralName ID_VPKC_TOMSK = GeneralName.getInstance(Hex.decode("A016060B2A85030215010102010302A007020500AE344E64"));
-
- CertEtcToken target = new CertEtcToken(CertEtcToken.TAG_CERTIFICATE, Certificate.getInstance(Hex.decode(VPKC_DATA_TOMSK)));
- TargetEtcChain REQ_CERTS = new TargetEtcChain(target);
-
- TargetEtcChain[] RES_CERTS = TargetEtcChain.arrayFromSequence(new DERSequence(ASN1Sequence.getInstance(Hex.decode("308216BBA0820418308203C5A003020102020A4CE0FAF7000000003CD0300A06062A850302020305003081E7311B301906092A864886F70D010901160C7564637340756463732E7275310B30090603550406130252553117301506035504081E0E0422043E043C0441043A0430044F3113301106035504071E0A0422043E043C0441043A31473045060355040A133E546F6D736B20537461746520556E6976657273697479206F6620436F6E74726F6C2053797374656D7320616E6420526164696F656C656374726F6E69637331273025060355040B1E1E0426042204110020002D0020042304260020042104380431043804400438311B301906035504031312554443205369626972696120545355435352301E170D3132313131323033323830305A170D3133303330333036313930305A3081D13128302606092A864886F70D0109011619746573745F75646373406374622E726B2E74757375722E7275310B30090603550406130252553113301106035504070C0AD0A2D0BED0BCD181D0BA313D303B060355040A0C34D0A3D0B4D0BED181D182D0BED0B2D0B5D180D18FD18ED189D0B8D0B920D0A6D0B5D0BDD182D18020D0A1D0B8D0B1D0B8D180D0B83144304206035504030C3BD0A2D0B5D181D182D0BED0B2D18BD0B920D09FD0BED0BBD18CD0B7D0BED0B2D0B0D182D0B5D0BBD18C20D0A3D0A620D0A1D0B8D0B1D0B8D180D0B83063301C06062A8503020213301206072A85030202240006072A850302021E010343000440474D47E4F21779C52C2249D0C07BA20D14B2E64E2E35ECCA7BBCC44D67E13DBF419B4F9D8F326411CD77B7621E3302C75D53A56BDD6016849B85F591629D3B58A38201613082015D300E0603551D0F0101FF0404030204F030260603551D25041F301D06082B0601050507030406072A85030202220606082B06010505070302301D0603551D0E04160414E2554D2891FF3AA4394D07B41711D40B57D8253D301F0603551D23041830168014B91E8A80D866DA8EE41F288C40588C5CEAD6E722305A0603551D1F04533051304FA04DA04B8623687474703A2F2F7777772E756463732E72752F636572747372762F756463732E63726C8624687474703A2F2F777777322E756463732E72752F636572747372762F756463732E63726C307106082B0601050507010104653063302F06082B060105050730028623687474703A2F2F7777772E756463732E72752F636572747372762F756463732E636572303006082B060105050730028624687474703A2F2F777777322E756463732E72752F636572747372762F756463732E63657230140603551D20040D300B300906072A850303130204300A06062A850302020305000341001189C3FA073C79B4691766296F0B1DC21308EEEC03406B031CD9425574512999192E5528F0A09E97683D06EC5B8CA79F14E2BC37E1F1900919C29567D9220FF43082129BA48212923082123F020101300A06062A850302020305003081E7311B301906092A864886F70D010901160C7564637340756463732E7275310B30090603550406130252553117301506035504081E0E0422043E043C0441043A0430044F3113301106035504071E0A0422043E043C0441043A31473045060355040A133E546F6D736B20537461746520556E6976657273697479206F6620436F6E74726F6C2053797374656D7320616E6420526164696F656C656374726F6E69637331273025060355040B1E1E0426042204110020002D0020042304260020042104380431043804400438311B301906035504031312554443205369626972696120545355435352170D3132313230333233313434325A170D3132313230343131333434325A308210C23029020A63D1113D0000000037F4170D3132303532393035343134325A300C300A0603551D1504030A01053029020A531056A0000000003C9D170D3132303530343036343030375A300C300A0603551D1504030A01053029020A7355CE0D000000003859170D3132303530323035333830375A300C300A0603551D1504030A01053029020A4AE834300000000037AC170D3132303430353130303130385A300C300A0603551D1504030A01053029020A59B4198A000000003CB0170D3132303330323038313635395A300C300A0603551D1504030A01063029020A18249CA60000000038B2170D3132303330313038343833375A300C300A0603551D1504030A01053029020A6DEAF612000000003824170D3132303232373131303433335A300C300A0603551D1504030A0105301B020A39D1DE4A000000003C87170D3132303232343035333433325A3029020A4444F4C4000000003BA1170D3132303232323037333635315A300C300A0603551D1504030A01063029020A43625071000000003B8E170D3132303231373033343333395A300C300A0603551D1504030A01063029020A431B3050000000003B82170D3132303231373033333935335A300C300A0603551D1504030A01063029020A6433B6890000000037FC170D3132303231373032353935395A300C300A0603551D1504030A0106301B020A1C5BF404000000003C4B170D3132303231363039343931305A3029020A1CF6345A0000000036F5170D3132303231363038353732365A300C300A0603551D1504030A01063029020A6D864F01000000003C04170D3132303231343039303935375A300C300A0603551D1504030A0106301B020A162D584F000000003C2C170D3132303231343037343732335A301B020A16E8FE85000000003C31170D3132303231343037343730395A3029020A72C498EC000000003C19170D3132303231303130303135395A300C300A0603551D1504030A01063029020A14FA364A000000003ADE170D3132303230363130313334345A300C300A0603551D1504030A01063029020A43182533000000003B81170D3132303230363034323931375A300C300A0603551D1504030A01063029020A431508FF000000003B80170D3132303230363032353230355A300C300A0603551D1504030A01063029020A43120ED9000000003B7F170D3132303230363032343630315A300C300A0603551D1504030A01063029020A430E73FF000000003B7E170D3132303230363032343232365A300C300A0603551D1504030A01063029020A43061D4B000000003B7C170D3132303230333035313032365A300C300A0603551D1504030A01063029020A42FEF88F000000003B7A170D3132303230323130323435365A300C300A0603551D1504030A01063029020A430AC0DB000000003B7D170D3132303230313037323132365A300C300A0603551D1504030A01063029020A4302B4DB000000003B7B170D3132303230313033323635345A300C300A0603551D1504030A01063029020A3DCCBBBA000000003B63170D3132303133313033313030315A300C300A0603551D1504030A01063029020A2A403F0B000000003B32170D3132303133303038343932325A300C300A0603551D1504030A01063029020A396432E1000000003B43170D3132303133303036333730355A300C300A0603551D1504030A01063029020A49EC23230000000037A2170D3132303133303035353233395A300C300A0603551D1504030A01063029020A60B42B980000000039AC170D3132303132373037353935345A300C300A0603551D1504030A0106301B020A25540752000000003B1C170D3132303132363130353831305A3029020A6137E543000000003AB7170D3132303132363034343034335A300C300A0603551D1504030A01063029020A612DCD96000000003AB6170D3132303132363034333531395A300C300A0603551D1504030A01063029020A60C303950000000039AE170D3132303132363034323632365A300C300A0603551D1504030A0106301B020A2439FB96000000003B02170D3132303132363034313035355A3029020A30AE0A2300000000376D170D3132303132353130313933305A300C300A0603551D1504030A01063029020A2BFFA7C3000000003756170D3132303132353130303432375A300C300A0603551D1504030A01063029020A1BB71C85000000003A26170D3132303132353130303135315A300C300A0603551D1504030A01063029020A2BCF205C00000000373B170D3132303132353130303130325A300C300A0603551D1504030A01063029020A2BF039FE00000000374B170D3132303132353130303031395A300C300A0603551D1504030A01063029020A1F099C2E000000003A77170D3132303132353039353934305A300C300A0603551D1504030A01063029020A2BC7A320000000003736170D3132303132353039353930305A300C300A0603551D1504030A01063029020A2BFBD81D000000003753170D3132303132353039353833385A300C300A0603551D1504030A01063029020A2BD484BB00000000373D170D3132303132353039353831355A300C300A0603551D1504030A01063029020A2BF49B8400000000374E170D3132303132353039353735335A300C300A0603551D1504030A01063029020A2C00D595000000003757170D3132303132353039353730335A300C300A0603551D1504030A01063029020A2BBC0A02000000003730170D3132303132353039353630315A300C300A0603551D1504030A01063029020A2BEB9798000000003748170D3132303132353039353533355A300C300A0603551D1504030A01063029020A2BDAB5A2000000003741170D3132303132353039353431355A300C300A0603551D1504030A01063029020A2C090F8A000000003759170D3132303132353039353333305A300C300A0603551D1504030A01063029020A2BF79616000000003750170D3132303132353039353231325A300C300A0603551D1504030A01063029020A2BEEB34F00000000374A170D3132303132353039353130385A300C300A0603551D1504030A01063029020A2BF675B200000000374F170D3132303132353039353034325A300C300A0603551D1504030A01063029020A2BD60C9400000000373E170D3132303132353039343932345A300C300A0603551D1504030A01063029020A2BD79BDF00000000373F170D3132303132353039303130385A300C300A0603551D1504030A01063029020A2BFD4C4F000000003754170D3132303132353039303034335A300C300A0603551D1504030A01063029020A6F1D206D000000003849170D3132303132353038353730345A300C300A0603551D1504030A01063029020A2BF93ACE000000003751170D3132303132353038353434385A300C300A0603551D1504030A01063029020A2BDD470B000000003743170D3132303132353038353431365A300C300A0603551D1504030A01063029020A2BE15CE1000000003746170D3132303132353038353132345A300C300A0603551D1504030A01063029020A2BDE86AF000000003744170D3132303132353038353035315A300C300A0603551D1504030A01063029020A2BFAA02A000000003752170D3132303132353038353032335A300C300A0603551D1504030A01063029020A2BC89D6E000000003737170D3132303132353038343935355A300C300A0603551D1504030A01063029020A2BD8D7CA000000003740170D3132303132353038343932395A300C300A0603551D1504030A01063029020A2BD1434C00000000373C170D3132303132353038343930355A300C300A0603551D1504030A01063029020A2BCA8FB8000000003738170D3132303132353038343834325A300C300A0603551D1504030A01063029020A1BD74138000000003A2B170D3132303132353038343733305A300C300A0603551D1504030A01063029020A1BC46DC3000000003A27170D3132303132353038343435325A300C300A0603551D1504030A01063029020A31B2B567000000003770170D3132303132353038343331305A300C300A0603551D1504030A01063029020A1EBAE5CA000000003A6A170D3132303132333038343431355A300C300A0603551D1504030A01063029020A16507403000000003ACD170D3132303132303038333631325A300C300A0603551D1504030A0106301B020A1133D59A000000003AC0170D3132303131393038353835335A301B020A54EC6BAC00000000391F170D3132303131393038343732345A3029020A562EC02700000000393D170D3132303131393038303834315A300C300A0603551D1504030A01063029020A13E616DA000000003A8D170D3132303131373038333431335A300C300A0603551D1504030A01063029020A2BE02163000000003745170D3132303131363039353233345A300C300A0603551D1504030A01063029020A2BBE7768000000003731170D3132303131363037353833385A300C300A0603551D1504030A01063029020A2BF1A4AA00000000374C170D3132303131363037353430335A300C300A0603551D1504030A0106301B020A1DEC32B1000000003A4B170D3132303131363034343831345A3029020A1BF65268000000003A32170D3132303131353139333235335A300C300A0603551D1504030A01063029020A2BC3E0F7000000003733170D3132303131353138313433315A300C300A0603551D1504030A01063029020A6106BEDE0000000039E4170D3132303131333039313832395A300C300A0603551D1504030A01063029020A55C46B6B0000000037E8170D3132303131333032323430305A300C300A0603551D1504030A01063029020A5AFE0124000000003967170D3132303131313036353831315A300C300A0603551D1504030A01063029020A2142E738000000003705170D3132303131313035353030315A300C300A0603551D1504030A0106301B020A568BE0F9000000003944170D3132303131303130323032345A301B020A129514C00000000038E5170D3131313233303036323033345A301B020A12A8C2E50000000038E6170D3131313233303036313933305A301B020A1752822400000000390A170D3131313232393033333733375A3029020A1337AE5C0000000038ED170D3131313232393033313532325A300C300A0603551D1504030A01063029020A1E4BBF640000000038D3170D3131313232373039343330315A300C300A0603551D1504030A01043029020A1E4892770000000038D2170D3131313232373039343230335A300C300A0603551D1504030A01043029020A7907BD3100000000388F170D3131313232333036323630315A300C300A0603551D1504030A01063029020A2B130CE6000000003721170D3131313232313038323935345A300C300A0603551D1504030A01063029020A2BC1E40E000000003732170D3131313232313034353730375A300C300A0603551D1504030A01063029020A69D631FD00000000381A170D3131313232303037343330345A300C300A0603551D1504030A01063029020A4062B7A800000000377B170D3131313231323036323733385A300C300A0603551D1504030A01043029020A31D45B0C000000003771170D3131313231323034333733335A300C300A0603551D1504030A01063029020A3069086E00000000376A170D3131313230393034303333385A300C300A0603551D1504030A01043029020A2C02217D000000003758170D3131313230383037323930355A300C300A0603551D1504030A01043029020A2B6B5CEF00000000372B170D3131313230383035333232315A300C300A0603551D1504030A01043029020A21D19C1E000000003709170D3131313230363037353935375A300C300A0603551D1504030A0106A060305E301F0603551D23041830168014B91E8A80D866DA8EE41F288C40588C5CEAD6E722301006092B06010401823715010403020100300B0603551D140404020209E0301C06092B0601040182371504040F170D3132313230343035323434325A300A06062A850302020305000341006D9C3CCD9EFB17C5BB0F8EA40FAF62F9C7A5765D163E270AFC998AF701D7F984F5AF494B963DA7647638D2C3E252D5C2E00EA75DE8B5C1A405F692D206961B3AA203020100"))));
-
- REQ_VPKC_TOMSK = new DVCSRequest(INFO_VPKC_TOMSK.build(), new Data(REQ_CERTS), ID_VPKC_TOMSK);
-
- certInfoBldr = new DVCSCertInfoBuilder(INFO_VPKC_TOMSK.build(), DIGEST_VPKC_TOMSK, new ASN1Integer(6257), new DVCSTime(new ASN1GeneralizedTime("20121204040753Z")));
-
- certInfoBldr.setDvStatus(new PKIStatusInfo(PKIStatus.granted));
- certInfoBldr.setCerts(RES_CERTS);
-
- RES_VPKC_TOMSK = new DVCSResponse(certInfoBldr.build());
-
- requests.add(new Info("req_ccpd_clepsydre", REQUEST_CCPD_CLEPSYDRE, REQ_CCPD_CLEPSYDRE));
- requests.add(new Info("req_ccpd_tomsk", REQUEST_CCPD_TOMSK, REQ_CCPD_TOMSK));
- requests.add(new Info("req_cpd_tomsk", REQUEST_CPD_TOMSK, REQ_CPD_TOMSK));
- requests.add(new Info("req_vpkc_tomsk", REQUEST_VPKC_TOMSK, REQ_VPKC_TOMSK));
-
- responses.add(new Info("res_ccpd_clepsydre", RESPONSE_CCPD_CLEPSYDRE, RES_CCPD_CLEPSYDRE));
- responses.add(new Info("res_ccpd_tomsk", RESPONSE_CCPD_TOMSK, RES_CCPD_TOMSK));
- responses.add(new Info("res_cpd_tomsk", RESPONSE_CPD_TOMSK, RES_CPD_TOMSK));
- responses.add(new Info("res_vpkc_tomsk", RESPONSE_VPKC_TOMSK, RES_VPKC_TOMSK));
-
- }
-
- private static boolean areNull(String type, Object result, Object expected)
- {
- if (result == null && expected == null)
- {
- return true;
- }
- if (result == null && expected != null)
- {
- fail("Result '" + type + "' is null, whereas expected '" + type + "' is not null");
- }
- if (result != null && expected == null)
- {
- fail("Result '" + type + "' is not null, whereas expected '" + type + "' is null");
- }
- return false;
- }
-
- ////////////////////////////////////////////////////
- // PARSE TESTS //
- ////////////////////////////////////////////////////
-
- private static void validate(String type, Object result, Object expected)
- {
- if (areNull(type, result, expected))
- {
- return;
- }
-
- if (!result.equals(expected))
- {
- fail("Different " + type + ": " + result + " while expected: " + expected);
- }
- }
-
- private static void validateArray(String type, Object[] result, Object[] expected)
- {
- if (areNull(type, result, expected))
- {
- return;
- }
-
- if (result.length != expected.length)
- {
- fail("Different " + type + ": " + result + " while expected: " + expected);
- }
- for (int i = 0; i != result.length; i++)
- {
- if (!result[i].equals(expected[i]))
- {
- fail("Different " + type + ": " + result[i] + " while expected: " + expected[i]);
- }
- }
- }
-
- public void testParseRequests()
- throws IOException, DVCSException, CMSException
- {
- for (Iterator it = requests.iterator(); it.hasNext();)
- {
- Info info = (Info)it.next();
- testParseRequest(info.name, info.base64, (DVCSRequest)info.expected);
- }
- }
-
- private void testParseRequest(String name, String base64request, DVCSRequest expected)
- throws DVCSException, IOException, CMSException
- {
- byte[] requestBytes = Base64.decode(base64request);
-
- org.bouncycastle.dvcs.DVCSRequest request = new org.bouncycastle.dvcs.DVCSRequest(new CMSSignedData(requestBytes));
-
- validate(name, request.getContent(), expected);
- }
-
- public void testParseResponses()
- throws IOException, DVCSException, CMSException
- {
- for (Iterator it = responses.iterator(); it.hasNext();)
- {
- Info info = (Info)it.next();
- testParseResponse(info.name, info.base64, (DVCSResponse)info.expected);
- }
- }
-
- ////////////////////////////////////////////////////
- // VALIDATIONS //
- ////////////////////////////////////////////////////
-
- private void testParseResponse(String name, String base64response, DVCSResponse expected)
- throws DVCSException, IOException, CMSException
- {
- byte[] responseBytes = Base64.decode(base64response);
- org.bouncycastle.dvcs.DVCSResponse response = new org.bouncycastle.dvcs.DVCSResponse(new CMSSignedData(responseBytes));
-
- validate(name, response.getContent(), expected);
- }
-
- /*
- DVCSRequest ::= SEQUENCE {
- requestInformation DVCSRequestInformation,
- data Data,
- transactionIdentifier GeneralName OPTIONAL
- }
- */
- private void validate(String name, DVCSRequest result, DVCSRequest expected)
- {
- validate(name + ".requestInformation", result.getRequestInformation(), expected.getRequestInformation());
- validate(name + ".data", result.getData(), expected.getData());
- validate(name + ".transactionIdentifier", result.getTransactionIdentifier(), expected.getTransactionIdentifier());
- }
-
- /*
- DVCSRequestInformation ::= SEQUENCE {
- version INTEGER DEFAULT 1 ,
- service ServiceType,
- nonce Nonce OPTIONAL,
- requestTime DVCSTime OPTIONAL,
- requester [0] GeneralNames OPTIONAL,
- requestPolicy [1] PolicyInformation OPTIONAL,
- dvcs [2] GeneralNames OPTIONAL,
- dataLocations [3] GeneralNames OPTIONAL,
- extensions [4] IMPLICIT Extensions OPTIONAL
- }
- */
- private void validate(String name, DVCSRequestInformation info, DVCSRequestInformation expected)
- {
- validate(name + ".version", new Integer(info.getVersion()), new Integer(expected.getVersion()));
- validate(name + ".service", info.getService().getValue(), expected.getService().getValue());
- validate(name + ".nonce", info.getNonce(), expected.getNonce());
- validate(name + ".requestTime", info.getRequestTime(), expected.getRequestTime());
- validate(name + ".requester", info.getRequester(), expected.getRequester());
- validate(name + ".requestPolicy", info.getRequestPolicy(), expected.getRequestPolicy());
- validate(name + ".dvcs", info.getDVCS(), expected.getDVCS());
- validate(name + ".dataLocations", info.getDataLocations(), expected.getDataLocations());
- validate(name + ".extensions", info.getExtensions(), expected.getExtensions());
- }
-
- /*
- DVCSTime ::= CHOICE {
- genTime GeneralizedTime,
- timeStampToken ContentInfo
- }
- */
- private void validate(String name, DVCSTime result, DVCSTime expected)
- {
- if (areNull(name, result, expected))
- {
- return;
- }
- validate(name + ".genTime", result.getGenTime(), expected.getGenTime());
- validate(name + ".timeStampToken", result.getTimeStampToken(), expected.getTimeStampToken());
- }
-
- /*
- Data ::= CHOICE {
- message OCTET STRING ,
- messageImprint DigestInfo,
- certs SEQUENCE SIZE (1..MAX) OF
- TargetEtcChain
- }
- */
- private void validate(String name, Data result, Data expected)
- {
- validate(name + ".message", result.getMessage(), expected.getMessage());
- validate(name + ".messageImprint", result.getMessageImprint(), expected.getMessageImprint());
- validateArray(name + ".certs", result.getCerts(), expected.getCerts());
- }
-
- /*
- DVCSResponse ::= CHOICE
- {
- dvCertInfo DVCSCertInfo ,
- dvErrorNote [0] DVCSErrorNotice
- }
- */
- private void validate(String name, DVCSResponse result, DVCSResponse expected)
- {
- validate(name + ".dvCertInfo", result.getCertInfo(), expected.getCertInfo());
- validate(name + ".dvErrorNote", result.getErrorNotice(), expected.getErrorNotice());
- }
-
- /*
- DVCSCertInfo::= SEQUENCE {
- version Integer DEFAULT 1 ,
- dvReqInfo DVCSRequestInformation,
- messageImprint DigestInfo,
- serialNumber Integer,
- responseTime DVCSTime,
- dvStatus [0] PKIStatusInfo OPTIONAL,
- policy [1] PolicyInformation OPTIONAL,
- reqSignature [2] SignerInfos OPTIONAL,
- certs [3] SEQUENCE SIZE (1..MAX) OF
- TargetEtcChain OPTIONAL,
- extensions Extensions OPTIONAL
- }
- */
- private void validate(String name, DVCSCertInfo result, DVCSCertInfo expected)
- {
- if (areNull(name, result, expected))
- {
- return;
- }
- validate(name + ".version", new Integer(result.getVersion()), new Integer(expected.getVersion()));
- validate(name + ".dvReqInfo", result.getDvReqInfo(), expected.getDvReqInfo());
- validate(name + ".messageImprint", result.getMessageImprint(), expected.getMessageImprint());
- validate(name + ".serialNumber", result.getSerialNumber(), expected.getSerialNumber());
- validate(name + ".responseTime", result.getResponseTime(), expected.getResponseTime());
- validate(name + ".dvStatus", result.getDvStatus(), expected.getDvStatus());
- validate(name + ".policy", result.getPolicy(), expected.getPolicy());
- validate(name + ".reqSignature", result.getReqSignature(), expected.getReqSignature());
- validateArray(name + ".certs", result.getCerts(), expected.getCerts());
- validateArray(name + ".certs", result.getCerts(), expected.getCerts());
- validate(name + ".extensions", result.getExtensions(), expected.getExtensions());
- }
-
- /*
- DVCSErrorNotice ::= SEQUENCE {
- transactionStatus PKIStatusInfo ,
- transactionIdentifier GeneralName OPTIONAL
- }
- */
- private void validate(String name, DVCSErrorNotice result, DVCSErrorNotice expected)
- {
- if (areNull(name, result, expected))
- {
- return;
- }
- validate(name + ".transactionStatus", result.getTransactionStatus(), expected.getTransactionStatus());
- validate(name + ".transactionIdentifier", result.getTransactionIdentifier(), expected.getTransactionIdentifier());
- }
-
- private static class Info
- {
- public String name;
- public String base64;
- public Object expected;
-
- public Info(String name, String base64, Object expected)
- {
- this.name = name;
- this.base64 = base64;
- this.expected = expected;
- }
- }
-
-}
diff --git a/pkix/src/test/java/org/bouncycastle/dvcs/test/DVCSTestSetup.java b/pkix/src/test/java/org/bouncycastle/dvcs/test/DVCSTestSetup.java
deleted file mode 100644
index 3d86191e..00000000
--- a/pkix/src/test/java/org/bouncycastle/dvcs/test/DVCSTestSetup.java
+++ /dev/null
@@ -1,28 +0,0 @@
-
-package org.bouncycastle.dvcs.test;
-
-import java.security.Security;
-
-import junit.extensions.TestSetup;
-import junit.framework.Test;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
-class DVCSTestSetup
- extends TestSetup
-{
- public DVCSTestSetup(Test test)
- {
- super(test);
- }
-
- protected void setUp()
- {
- Security.addProvider(new BouncyCastleProvider());
- }
-
- protected void tearDown()
- {
- Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
- }
-
-}
diff --git a/pkix/src/test/java/org/bouncycastle/dvcs/test/SHA1DigestCalculator.java b/pkix/src/test/java/org/bouncycastle/dvcs/test/SHA1DigestCalculator.java
deleted file mode 100644
index 82f30164..00000000
--- a/pkix/src/test/java/org/bouncycastle/dvcs/test/SHA1DigestCalculator.java
+++ /dev/null
@@ -1,44 +0,0 @@
-package org.bouncycastle.dvcs.test;
-
-import java.io.ByteArrayOutputStream;
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.operator.DigestCalculator;
-
-
-class SHA1DigestCalculator
- implements DigestCalculator
-{
- private ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- public AlgorithmIdentifier getAlgorithmIdentifier()
- {
- return new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1);
- }
-
- public OutputStream getOutputStream()
- {
- return bOut;
- }
-
- public byte[] getDigest()
- {
- byte[] bytes = bOut.toByteArray();
-
- bOut.reset();
-
- Digest sha1 = new SHA1Digest();
-
- sha1.update(bytes, 0, bytes.length);
-
- byte[] digest = new byte[sha1.getDigestSize()];
-
- sha1.doFinal(digest, 0);
-
- return digest;
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/eac/test/AllTests.java b/pkix/src/test/java/org/bouncycastle/eac/test/AllTests.java
deleted file mode 100644
index f8198556..00000000
--- a/pkix/src/test/java/org/bouncycastle/eac/test/AllTests.java
+++ /dev/null
@@ -1,201 +0,0 @@
-package org.bouncycastle.eac.test;
-
-import java.io.IOException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.Security;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.asn1.eac.CertificateHolderAuthorization;
-import org.bouncycastle.asn1.eac.CertificateHolderReference;
-import org.bouncycastle.asn1.eac.CertificationAuthorityReference;
-import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
-import org.bouncycastle.asn1.eac.PackedDate;
-import org.bouncycastle.eac.EACCertificateBuilder;
-import org.bouncycastle.eac.EACCertificateHolder;
-import org.bouncycastle.eac.EACCertificateRequestHolder;
-import org.bouncycastle.eac.jcajce.JcaPublicKeyConverter;
-import org.bouncycastle.eac.operator.EACSignatureVerifier;
-import org.bouncycastle.eac.operator.EACSigner;
-import org.bouncycastle.eac.operator.jcajce.JcaEACSignatureVerifierBuilder;
-import org.bouncycastle.eac.operator.jcajce.JcaEACSignerBuilder;
-import org.bouncycastle.jce.ECNamedCurveTable;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.jce.spec.ECParameterSpec;
-import org.bouncycastle.util.io.Streams;
-
-public class AllTests
- extends TestCase
-{
- private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
-
- public void setUp()
- {
- if (Security.getProvider(BC) != null)
- {
- Security.addProvider(new BouncyCastleProvider());
- }
- }
-
- public void testLoadCertificate() throws Exception
- {
- EACCertificateHolder certHolder = new EACCertificateHolder(getInput("Belgique CVCA-02032010.7816.cvcert"));
-
- PublicKey pubKey = new JcaPublicKeyConverter().setProvider(BC).getKey(certHolder.getPublicKeyDataObject());
- EACSignatureVerifier verifier = new JcaEACSignatureVerifierBuilder().build(certHolder.getPublicKeyDataObject().getUsage(), pubKey);
-
- if (!certHolder.isSignatureValid(verifier))
- {
- fail("signature test failed");
- }
- }
-
- private byte[] getInput(String name)
- throws IOException
- {
- return Streams.readAll(getClass().getResourceAsStream(name));
- }
-
- public void testLoadInvalidRequest() throws Exception
- {
- // this request contains invalid unsigned integers (see D 2.1.1)
- EACCertificateRequestHolder requestHolder = new EACCertificateRequestHolder(getInput("REQ_18102010.csr"));
-
- PublicKey pubKey = new JcaPublicKeyConverter().setProvider(BC).getKey(requestHolder.getPublicKeyDataObject());
- EACSignatureVerifier verifier = new JcaEACSignatureVerifierBuilder().build(requestHolder.getPublicKeyDataObject().getUsage(), pubKey);
-
- if (requestHolder.isInnerSignatureValid(verifier))
- {
- fail("signature test failed");
- }
- }
-
- public void testLoadRefCert() throws Exception
- {
- EACCertificateHolder certHolder = new EACCertificateHolder(getInput("at_cert_19a.cvcert"));
-
-
- }
-
- public void testGenerateEC()
- throws Exception
- {
- ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec("prime256v1");
- KeyPair kp = generateECKeyPair(ecSpec);
-
- JcaEACSignerBuilder signerBuilder = new JcaEACSignerBuilder().setProvider(BC);
-
- EACSigner signer = signerBuilder.build("SHA256withECDSA", kp.getPrivate());
-
- int role = CertificateHolderAuthorization.CVCA;
- int rights = CertificateHolderAuthorization.RADG3 | CertificateHolderAuthorization.RADG4;
-
- EACCertificateBuilder certBuilder = new EACCertificateBuilder(
- new CertificationAuthorityReference("AU", "BC TEST", "12345"),
- new JcaPublicKeyConverter().getPublicKeyDataObject(signer.getUsageIdentifier(), kp.getPublic()),
- new CertificateHolderReference("AU", "BC TEST", "12345"),
- new CertificateHolderAuthorization(EACObjectIdentifiers.id_EAC_ePassport, role | rights),
- new PackedDate("110101"),
- new PackedDate("120101"));
-
- EACCertificateHolder certHolder = certBuilder.build(signer);
-
- EACSignatureVerifier verifier = new JcaEACSignatureVerifierBuilder().build(certHolder.getPublicKeyDataObject().getUsage(), kp.getPublic());
-
- if (!certHolder.isSignatureValid(verifier))
- {
- fail("first signature test failed");
- }
-
- PublicKey pubKey = new JcaPublicKeyConverter().setProvider(BC).getKey(certHolder.getPublicKeyDataObject());
- verifier = new JcaEACSignatureVerifierBuilder().build(certHolder.getPublicKeyDataObject().getUsage(), pubKey);
-
- if (!certHolder.isSignatureValid(verifier))
- {
- fail("second signature test failed");
- }
- }
-
- public void testGenerateRSA()
- throws Exception
- {
- KeyPair kp = generateRSAKeyPair();
-
- JcaEACSignerBuilder signerBuilder = new JcaEACSignerBuilder().setProvider(BC);
-
- EACSigner signer = signerBuilder.build("SHA256withRSA", kp.getPrivate());
-
- int role = CertificateHolderAuthorization.CVCA;
- int rights = CertificateHolderAuthorization.RADG3 | CertificateHolderAuthorization.RADG4;
-
- EACCertificateBuilder certBuilder = new EACCertificateBuilder(
- new CertificationAuthorityReference("AU", "BC TEST", "12345"),
- new JcaPublicKeyConverter().getPublicKeyDataObject(signer.getUsageIdentifier(), kp.getPublic()),
- new CertificateHolderReference("AU", "BC TEST", "12345"),
- new CertificateHolderAuthorization(EACObjectIdentifiers.id_EAC_ePassport, role | rights),
- new PackedDate("110101"),
- new PackedDate("120101"));
-
- EACCertificateHolder certHolder = certBuilder.build(signer);
-
- EACSignatureVerifier verifier = new JcaEACSignatureVerifierBuilder().build(certHolder.getPublicKeyDataObject().getUsage(), kp.getPublic());
-
- if (!certHolder.isSignatureValid(verifier))
- {
- fail("first signature test failed");
- }
-
- PublicKey pubKey = new JcaPublicKeyConverter().setProvider(BC).getKey(certHolder.getPublicKeyDataObject());
- verifier = new JcaEACSignatureVerifierBuilder().build(certHolder.getPublicKeyDataObject().getUsage(), pubKey);
-
- if (!certHolder.isSignatureValid(verifier))
- {
- fail("second signature test failed");
- }
- }
-
- private KeyPair generateECKeyPair(ECParameterSpec spec) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException
- {
- KeyPairGenerator gen = KeyPairGenerator.getInstance("ECDSA",BC);
-
- gen.initialize(spec, new SecureRandom());
-
- KeyPair generatedKeyPair = gen.generateKeyPair();
- return generatedKeyPair;
- }
-
- private KeyPair generateRSAKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException
- {
- KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA",BC);
-
- gen.initialize(1024, new SecureRandom());
-
- KeyPair generatedKeyPair = gen.generateKeyPair();
- return generatedKeyPair;
- }
-
- public static void main(String[] args)
- throws Exception
- {
- Security.addProvider(new BouncyCastleProvider());
-
- junit.textui.TestRunner.run(suite());
- }
-
- public static Test suite()
- throws Exception
- {
- TestSuite suite = new TestSuite("EAC tests");
-
- suite.addTestSuite(AllTests.class);
-
- return new EACTestSetup(suite);
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/eac/test/EACTestSetup.java b/pkix/src/test/java/org/bouncycastle/eac/test/EACTestSetup.java
deleted file mode 100644
index 92f884c0..00000000
--- a/pkix/src/test/java/org/bouncycastle/eac/test/EACTestSetup.java
+++ /dev/null
@@ -1,28 +0,0 @@
-
-package org.bouncycastle.eac.test;
-
-import java.security.Security;
-
-import junit.extensions.TestSetup;
-import junit.framework.Test;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
-class EACTestSetup
- extends TestSetup
-{
- public EACTestSetup(Test test)
- {
- super(test);
- }
-
- protected void setUp()
- {
- Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
- }
-
- protected void tearDown()
- {
- Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
- }
-
-}
diff --git a/pkix/src/test/java/org/bouncycastle/mozilla/test/AllTests.java b/pkix/src/test/java/org/bouncycastle/mozilla/test/AllTests.java
deleted file mode 100644
index 3c0dcc60..00000000
--- a/pkix/src/test/java/org/bouncycastle/mozilla/test/AllTests.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package org.bouncycastle.mozilla.test;
-
-import java.security.Security;
-
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.util.test.SimpleTestResult;
-
-import junit.framework.*;
-
-public class AllTests
- extends TestCase
-{
- public void testMozilla()
- {
- Security.addProvider(new BouncyCastleProvider());
-
- org.bouncycastle.util.test.Test[] tests = new org.bouncycastle.util.test.Test[] { new SPKACTest() };
-
- for (int i = 0; i != tests.length; i++)
- {
- SimpleTestResult result = (SimpleTestResult)tests[i].perform();
-
- if (!result.isSuccessful())
- {
- fail(result.toString());
- }
- }
- }
-
- public static void main (String[] args)
- {
- junit.textui.TestRunner.run(suite());
- }
-
- public static Test suite()
- {
- TestSuite suite = new TestSuite("Mozilla Tests");
-
- suite.addTestSuite(AllTests.class);
-
- return suite;
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/mozilla/test/SPKACTest.java b/pkix/src/test/java/org/bouncycastle/mozilla/test/SPKACTest.java
deleted file mode 100644
index 192bfd86..00000000
--- a/pkix/src/test/java/org/bouncycastle/mozilla/test/SPKACTest.java
+++ /dev/null
@@ -1,113 +0,0 @@
-package org.bouncycastle.mozilla.test;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.security.PublicKey;
-import java.security.Security;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Primitive;
-import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.DEROutputStream;
-import org.bouncycastle.asn1.mozilla.PublicKeyAndChallenge;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.mozilla.SignedPublicKeyAndChallenge;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.test.SimpleTest;
-
-public class SPKACTest
- extends SimpleTest
-{
- byte[] spkac = Base64.decode(
- "MIIBOjCBpDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApne7ti0ibPhV8Iht"+
- "7Pws5iRckM7x4mtZYxEpeX5/IO8tDsBFdY86ewuY2f2KCca0oMWr43kdkZbPyzf4"+
- "CSV+0fZm9MJyNMywygZjoOCC+rS8kr0Ef31iHChhYsyejJnjw116Jnn96syhdHY6"+
- "lVD1rK0nn5ZkHjxU74gjoZu6BJMCAwEAARYAMA0GCSqGSIb3DQEBBAUAA4GBAKFL"+
- "g/luv0C7gMTI8ZKfFoSyi7Q7kiSQcmSj1WJgT56ouIRJO5NdvB/1n4GNik8VOAU0"+
- "NRztvGy3ZGqgbSav7lrxcNEvXH+dLbtS97s7yiaozpsOcEHqsBribpLOTRzYa8ci"+
- "CwkPmIiYqcby11diKLpd+W9RFYNme2v0rrbM2CyV");
-
-
- public String getName()
- {
- return "SignedPubicKeyAndChallenge";
- }
-
- public void spkacTest(String testName, byte[] req)
- throws Exception
- {
- SignedPublicKeyAndChallenge spkac;
-
- spkac = new SignedPublicKeyAndChallenge(req);
-
- PublicKeyAndChallenge pkac = spkac.getPublicKeyAndChallenge();
- PublicKey pubKey = spkac.getPublicKey("BC");
- ASN1Primitive obj = pkac.toASN1Primitive();
- if (obj == null)
- {
- fail("Error - " + testName + " PKAC ASN1Primitive was null.");
- }
-
- obj = spkac.toASN1Primitive();
- if (obj == null)
- {
- fail("Error - "+testName+ " SPKAC ASN1Primitive was null.");
- }
-
- SubjectPublicKeyInfo spki = pkac.getSubjectPublicKeyInfo();
- if (spki == null)
- {
- fail("Error - "+testName + " SubjectPublicKeyInfo was null.");
- }
-
- DERIA5String challenge = pkac.getChallenge();
- // Most cases this will be a string of length zero.
- if (challenge == null)
- {
- fail(":Error - "+testName+ " challenge was null.");
- }
-
- ByteArrayInputStream bIn = new ByteArrayInputStream(req);
- ASN1InputStream dIn = new ASN1InputStream(bIn);
-
-
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- DEROutputStream dOut = new DEROutputStream(bOut);
-
- dOut.writeObject(spkac.toASN1Primitive());
-
- byte[] bytes = bOut.toByteArray();
-
- if (bytes.length != req.length)
- {
- fail(testName + " failed length test");
- }
-
- for (int i = 0; i != req.length; i++)
- {
- if (bytes[i] != req[i])
- {
- fail(testName + " failed comparison test");
- }
- }
-
- if (!spkac.verify("BC"))
- {
- fail(testName + " verification failed");
- }
- }
-
- public void performTest()
- throws Exception
- {
- spkacTest("spkac", spkac);
- }
-
- public static void main(String[] args)
- {
- Security.addProvider(new BouncyCastleProvider());
-
- runTest(new SPKACTest());
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/openssl/test/AllTests.java b/pkix/src/test/java/org/bouncycastle/openssl/test/AllTests.java
deleted file mode 100644
index faae18e8..00000000
--- a/pkix/src/test/java/org/bouncycastle/openssl/test/AllTests.java
+++ /dev/null
@@ -1,151 +0,0 @@
-package org.bouncycastle.openssl.test;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.io.OutputStreamWriter;
-import java.security.KeyPairGenerator;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Security;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.openssl.PEMParser;
-import org.bouncycastle.openssl.PEMWriter;
-import org.bouncycastle.openssl.PKCS8Generator;
-import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
-import org.bouncycastle.openssl.jcajce.JcaPKCS8Generator;
-import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
-import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8EncryptorBuilder;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
-import org.bouncycastle.pkcs.PKCSException;
-import org.bouncycastle.util.test.SimpleTestResult;
-
-public class
- AllTests
- extends TestCase
-{
- public void testOpenSSL()
- {
- if (Security.getProvider("BC") == null)
- {
- Security.addProvider(new BouncyCastleProvider());
- }
-
- org.bouncycastle.util.test.Test[] tests = new org.bouncycastle.util.test.Test[]
- {
- new WriterTest(),
- new ParserTest()
- };
-
- for (int i = 0; i != tests.length; i++)
- {
- SimpleTestResult result = (SimpleTestResult)tests[i].perform();
-
- if (!result.isSuccessful())
- {
- fail(result.toString());
- }
- }
- }
-
- public void testPKCS8Encrypted()
- throws Exception
- {
- if (Security.getProvider("BC") == null)
- {
- Security.addProvider(new BouncyCastleProvider());
- }
-
- KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
-
- kpGen.initialize(1024);
-
- PrivateKey key = kpGen.generateKeyPair().getPrivate();
-
- encryptedTestNew(key, PKCS8Generator.AES_256_CBC);
- encryptedTestNew(key, PKCS8Generator.DES3_CBC);
- encryptedTestNew(key, PKCS8Generator.PBE_SHA1_3DES);
- }
-
- private void encryptedTestNew(PrivateKey key, ASN1ObjectIdentifier algorithm)
- throws NoSuchProviderException, NoSuchAlgorithmException, IOException, OperatorCreationException, PKCSException
- {
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- PEMWriter pWrt = new PEMWriter(new OutputStreamWriter(bOut));
-
- JceOpenSSLPKCS8EncryptorBuilder encryptorBuilder = new JceOpenSSLPKCS8EncryptorBuilder(algorithm);
-
- encryptorBuilder.setProvider("BC");
- encryptorBuilder.setPasssword("hello".toCharArray());
-
- PKCS8Generator pkcs8 = new JcaPKCS8Generator(key, encryptorBuilder.build());
-
- pWrt.writeObject(pkcs8);
-
- pWrt.close();
-
- PEMParser pRd = new PEMParser(new InputStreamReader(new ByteArrayInputStream(bOut.toByteArray())));
-
- PKCS8EncryptedPrivateKeyInfo pInfo = (PKCS8EncryptedPrivateKeyInfo)pRd.readObject();
-
- PrivateKey rdKey = new JcaPEMKeyConverter().setProvider("BC").getPrivateKey(pInfo.decryptPrivateKeyInfo(new JceOpenSSLPKCS8DecryptorProviderBuilder().setProvider("BC").build("hello".toCharArray())));
-
-
- assertEquals(key, rdKey);
- }
-
- public void testPKCS8PlainNew()
- throws Exception
- {
- if (Security.getProvider("BC") == null)
- {
- Security.addProvider(new BouncyCastleProvider());
- }
-
- KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
-
- kpGen.initialize(1024);
-
- PrivateKey key = kpGen.generateKeyPair().getPrivate();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- PEMWriter pWrt = new PEMWriter(new OutputStreamWriter(bOut));
- PKCS8Generator pkcs8 = new JcaPKCS8Generator(key, null);
-
- pWrt.writeObject(pkcs8);
-
- pWrt.close();
-
- PEMParser pRd = new PEMParser(new InputStreamReader(new ByteArrayInputStream(bOut.toByteArray())));
-
- PrivateKeyInfo kp = (PrivateKeyInfo)pRd.readObject();
-
- PrivateKey rdKey = new JcaPEMKeyConverter().setProvider("BC").getPrivateKey(kp);
-
- assertEquals(key, rdKey);
- }
-
- public static void main (String[] args)
- {
- Security.addProvider(new BouncyCastleProvider());
-
- junit.textui.TestRunner.run(suite());
- }
-
- public static Test suite()
- {
- TestSuite suite = new TestSuite("OpenSSL Tests");
-
- suite.addTestSuite(AllTests.class);
-
- return suite;
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/openssl/test/ParserTest.java b/pkix/src/test/java/org/bouncycastle/openssl/test/ParserTest.java
deleted file mode 100644
index 521106b1..00000000
--- a/pkix/src/test/java/org/bouncycastle/openssl/test/ParserTest.java
+++ /dev/null
@@ -1,500 +0,0 @@
-package org.bouncycastle.openssl.test;
-
-import java.io.BufferedReader;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.OutputStreamWriter;
-import java.io.Reader;
-import java.math.BigInteger;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.Security;
-import java.security.Signature;
-import java.security.interfaces.DSAPrivateKey;
-import java.security.interfaces.RSAPrivateCrtKey;
-import java.security.interfaces.RSAPrivateKey;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-import org.bouncycastle.asn1.cms.ContentInfo;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x9.ECNamedCurveTable;
-import org.bouncycastle.asn1.x9.X9ECParameters;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.openssl.PEMDecryptorProvider;
-import org.bouncycastle.openssl.PEMEncryptedKeyPair;
-import org.bouncycastle.openssl.PEMKeyPair;
-import org.bouncycastle.openssl.PEMParser;
-import org.bouncycastle.openssl.PEMWriter;
-import org.bouncycastle.openssl.PasswordFinder;
-import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
-import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
-import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
-import org.bouncycastle.operator.InputDecryptorProvider;
-import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
-import org.bouncycastle.util.test.SimpleTest;
-
-/**
- * basic class for reading test.pem - the password is "secret"
- */
-public class ParserTest
- extends SimpleTest
-{
- private static class Password
- implements PasswordFinder
- {
- char[] password;
-
- Password(
- char[] word)
- {
- this.password = word;
- }
-
- public char[] getPassword()
- {
- return password;
- }
- }
-
- public String getName()
- {
- return "PEMParserTest";
- }
-
- private PEMParser openPEMResource(
- String fileName)
- {
- InputStream res = this.getClass().getResourceAsStream(fileName);
- Reader fRd = new BufferedReader(new InputStreamReader(res));
- return new PEMParser(fRd);
- }
-
- public void performTest()
- throws Exception
- {
- PEMParser pemRd = openPEMResource("test.pem");
- Object o;
- PEMKeyPair pemPair;
- KeyPair pair;
-
- while ((o = pemRd.readObject()) != null)
- {
- if (o instanceof KeyPair)
- {
- //pair = (KeyPair)o;
-
- //System.out.println(pair.getPublic());
- //System.out.println(pair.getPrivate());
- }
- else
- {
- //System.out.println(o.toString());
- }
- }
-
- // test bogus lines before begin are ignored.
- pemRd = openPEMResource("extratest.pem");
-
- while ((o = pemRd.readObject()) != null)
- {
- if (!(o instanceof X509CertificateHolder))
- {
- fail("wrong object found");
- }
- }
-
- //
- // pkcs 7 data
- //
- pemRd = openPEMResource("pkcs7.pem");
- ContentInfo d = (ContentInfo)pemRd.readObject();
-
- if (!d.getContentType().equals(CMSObjectIdentifiers.envelopedData))
- {
- fail("failed envelopedData check");
- }
-
- //
- // ECKey
- //
- pemRd = openPEMResource("eckey.pem");
- ASN1ObjectIdentifier ecOID = (ASN1ObjectIdentifier)pemRd.readObject();
- X9ECParameters ecSpec = ECNamedCurveTable.getByOID(ecOID);
-
- if (ecSpec == null)
- {
- fail("ecSpec not found for named curve");
- }
-
- pemPair = (PEMKeyPair)pemRd.readObject();
-
- pair = new JcaPEMKeyConverter().setProvider("BC").getKeyPair(pemPair);
-
- Signature sgr = Signature.getInstance("ECDSA", "BC");
-
- sgr.initSign(pair.getPrivate());
-
- byte[] message = new byte[] { (byte)'a', (byte)'b', (byte)'c' };
-
- sgr.update(message);
-
- byte[] sigBytes = sgr.sign();
-
- sgr.initVerify(pair.getPublic());
-
- sgr.update(message);
-
- if (!sgr.verify(sigBytes))
- {
- fail("EC verification failed");
- }
-
- if (!pair.getPublic().getAlgorithm().equals("ECDSA"))
- {
- fail("wrong algorithm name on public got: " + pair.getPublic().getAlgorithm());
- }
-
- if (!pair.getPrivate().getAlgorithm().equals("ECDSA"))
- {
- fail("wrong algorithm name on private");
- }
-
- //
- // ECKey -- explicit parameters
- //
- pemRd = openPEMResource("ecexpparam.pem");
- ecSpec = (X9ECParameters)pemRd.readObject();
-
- pemPair = (PEMKeyPair)pemRd.readObject();
-
- pair = new JcaPEMKeyConverter().setProvider("BC").getKeyPair(pemPair);
-
- sgr = Signature.getInstance("ECDSA", "BC");
-
- sgr.initSign(pair.getPrivate());
-
- message = new byte[] { (byte)'a', (byte)'b', (byte)'c' };
-
- sgr.update(message);
-
- sigBytes = sgr.sign();
-
- sgr.initVerify(pair.getPublic());
-
- sgr.update(message);
-
- if (!sgr.verify(sigBytes))
- {
- fail("EC verification failed");
- }
-
- if (!pair.getPublic().getAlgorithm().equals("ECDSA"))
- {
- fail("wrong algorithm name on public got: " + pair.getPublic().getAlgorithm());
- }
-
- if (!pair.getPrivate().getAlgorithm().equals("ECDSA"))
- {
- fail("wrong algorithm name on private");
- }
-
- //
- // writer/parser test
- //
- KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
-
- pair = kpGen.generateKeyPair();
-
- keyPairTest("RSA", pair);
-
- kpGen = KeyPairGenerator.getInstance("DSA", "BC");
- kpGen.initialize(512, new SecureRandom());
- pair = kpGen.generateKeyPair();
-
- keyPairTest("DSA", pair);
-
- //
- // PKCS7
- //
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- PEMWriter pWrt = new PEMWriter(new OutputStreamWriter(bOut));
-
- pWrt.writeObject(d);
-
- pWrt.close();
-
- pemRd = new PEMParser(new InputStreamReader(new ByteArrayInputStream(bOut.toByteArray())));
- d = (ContentInfo)pemRd.readObject();
-
- if (!d.getContentType().equals(CMSObjectIdentifiers.envelopedData))
- {
- fail("failed envelopedData recode check");
- }
-
-
- // OpenSSL test cases (as embedded resources)
- doOpenSslDsaTest("unencrypted");
- doOpenSslRsaTest("unencrypted");
-
- doOpenSslTests("aes128");
- doOpenSslTests("aes192");
- doOpenSslTests("aes256");
- doOpenSslTests("blowfish");
- doOpenSslTests("des1");
- doOpenSslTests("des2");
- doOpenSslTests("des3");
- doOpenSslTests("rc2_128");
-
- doOpenSslDsaTest("rc2_40_cbc");
- doOpenSslRsaTest("rc2_40_cbc");
- doOpenSslDsaTest("rc2_64_cbc");
- doOpenSslRsaTest("rc2_64_cbc");
-
- doDudPasswordTest("7fd98", 0, "corrupted stream - out of bounds length found");
- doDudPasswordTest("ef677", 1, "corrupted stream - out of bounds length found");
- doDudPasswordTest("800ce", 2, "unknown tag 26 encountered");
- doDudPasswordTest("b6cd8", 3, "DEF length 81 object truncated by 56");
- doDudPasswordTest("28ce09", 4, "DEF length 110 object truncated by 28");
- doDudPasswordTest("2ac3b9", 5, "DER length more than 4 bytes: 11");
- doDudPasswordTest("2cba96", 6, "DEF length 100 object truncated by 35");
- doDudPasswordTest("2e3354", 7, "DEF length 42 object truncated by 9");
- doDudPasswordTest("2f4142", 8, "DER length more than 4 bytes: 14");
- doDudPasswordTest("2fe9bb", 9, "DER length more than 4 bytes: 65");
- doDudPasswordTest("3ee7a8", 10, "DER length more than 4 bytes: 57");
- doDudPasswordTest("41af75", 11, "unknown tag 16 encountered");
- doDudPasswordTest("1704a5", 12, "corrupted stream detected");
- doDudPasswordTest("1c5822", 13, "unknown object in getInstance: org.bouncycastle.asn1.DERUTF8String");
- doDudPasswordTest("5a3d16", 14, "corrupted stream detected");
- doDudPasswordTest("8d0c97", 15, "corrupted stream detected");
- doDudPasswordTest("bc0daf", 16, "corrupted stream detected");
- doDudPasswordTest("aaf9c4d",17, "corrupted stream - out of bounds length found");
-
- doNoPasswordTest();
-
- // encrypted private key test
- InputDecryptorProvider pkcs8Prov = new JceOpenSSLPKCS8DecryptorProviderBuilder().build("password".toCharArray());
- pemRd = openPEMResource("enckey.pem");
-
- PKCS8EncryptedPrivateKeyInfo encPrivKeyInfo = (PKCS8EncryptedPrivateKeyInfo)pemRd.readObject();
- JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
-
- RSAPrivateCrtKey privKey = (RSAPrivateCrtKey)converter.getPrivateKey(encPrivKeyInfo.decryptPrivateKeyInfo(pkcs8Prov));
-
- if (!privKey.getPublicExponent().equals(new BigInteger("10001", 16)))
- {
- fail("decryption of private key data check failed");
- }
-
- // general PKCS8 test
-
- pemRd = openPEMResource("pkcs8test.pem");
-
- Object privInfo;
-
- while ((privInfo = pemRd.readObject()) != null)
- {
- if (privInfo instanceof PrivateKeyInfo)
- {
- privKey = (RSAPrivateCrtKey)converter.getPrivateKey(PrivateKeyInfo.getInstance(privInfo));
- }
- else
- {
- privKey = (RSAPrivateCrtKey)converter.getPrivateKey(((PKCS8EncryptedPrivateKeyInfo)privInfo).decryptPrivateKeyInfo(pkcs8Prov));
- }
- if (!privKey.getPublicExponent().equals(new BigInteger("10001", 16)))
- {
- fail("decryption of private key data check failed");
- }
- }
- }
-
- private void keyPairTest(
- String name,
- KeyPair pair)
- throws IOException
- {
- PEMParser pemRd;
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- PEMWriter pWrt = new PEMWriter(new OutputStreamWriter(bOut));
-
- pWrt.writeObject(pair.getPublic());
-
- pWrt.close();
-
- pemRd = new PEMParser(new InputStreamReader(new ByteArrayInputStream(bOut.toByteArray())));
-
- SubjectPublicKeyInfo pub = SubjectPublicKeyInfo.getInstance(pemRd.readObject());
- JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
-
- PublicKey k = converter.getPublicKey(pub);
-
- if (!k.equals(pair.getPublic()))
- {
- fail("Failed public key read: " + name);
- }
-
- bOut = new ByteArrayOutputStream();
- pWrt = new PEMWriter(new OutputStreamWriter(bOut));
-
- pWrt.writeObject(pair.getPrivate());
-
- pWrt.close();
-
- pemRd = new PEMParser(new InputStreamReader(new ByteArrayInputStream(bOut.toByteArray())));
-
- KeyPair kPair = converter.getKeyPair((PEMKeyPair)pemRd.readObject());
- if (!kPair.getPrivate().equals(pair.getPrivate()))
- {
- fail("Failed private key read: " + name);
- }
-
- if (!kPair.getPublic().equals(pair.getPublic()))
- {
- fail("Failed private key public read: " + name);
- }
- }
-
- private void doOpenSslTests(
- String baseName)
- throws IOException
- {
- doOpenSslDsaModesTest(baseName);
- doOpenSslRsaModesTest(baseName);
- }
-
- private void doOpenSslDsaModesTest(
- String baseName)
- throws IOException
- {
- doOpenSslDsaTest(baseName + "_cbc");
- doOpenSslDsaTest(baseName + "_cfb");
- doOpenSslDsaTest(baseName + "_ecb");
- doOpenSslDsaTest(baseName + "_ofb");
- }
-
- private void doOpenSslRsaModesTest(
- String baseName)
- throws IOException
- {
- doOpenSslRsaTest(baseName + "_cbc");
- doOpenSslRsaTest(baseName + "_cfb");
- doOpenSslRsaTest(baseName + "_ecb");
- doOpenSslRsaTest(baseName + "_ofb");
- }
-
- private void doOpenSslDsaTest(
- String name)
- throws IOException
- {
- String fileName = "dsa/openssl_dsa_" + name + ".pem";
-
- doOpenSslTestFile(fileName, DSAPrivateKey.class);
- }
-
- private void doOpenSslRsaTest(
- String name)
- throws IOException
- {
- String fileName = "rsa/openssl_rsa_" + name + ".pem";
-
- doOpenSslTestFile(fileName, RSAPrivateKey.class);
- }
-
- private void doOpenSslTestFile(
- String fileName,
- Class expectedPrivKeyClass)
- throws IOException
- {
- JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
- PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().setProvider("BC").build("changeit".toCharArray());
- PEMParser pr = openPEMResource("data/" + fileName);
- Object o = pr.readObject();
-
- if (o == null || !((o instanceof PEMKeyPair) || (o instanceof PEMEncryptedKeyPair)))
- {
- fail("Didn't find OpenSSL key");
- }
-
- KeyPair kp = (o instanceof PEMEncryptedKeyPair) ?
- converter.getKeyPair(((PEMEncryptedKeyPair)o).decryptKeyPair(decProv)) : converter.getKeyPair((PEMKeyPair)o);
-
- PrivateKey privKey = kp.getPrivate();
-
- if (!expectedPrivKeyClass.isInstance(privKey))
- {
- fail("Returned key not of correct type");
- }
- }
-
- private void doDudPasswordTest(String password, int index, String message)
- {
- // illegal state exception check - in this case the wrong password will
- // cause an underlying class cast exception.
- try
- {
- PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().setProvider("BC").build(password.toCharArray());
-
- PEMParser pemRd = openPEMResource("test.pem");
- Object o;
-
- while ((o = pemRd.readObject()) != null)
- {
- if (o instanceof PEMEncryptedKeyPair)
- {
- ((PEMEncryptedKeyPair)o).decryptKeyPair(decProv);
- }
- }
-
- fail("issue not detected: " + index);
- }
- catch (IOException e)
- {
- if (e.getCause() != null && !e.getCause().getMessage().endsWith(message))
- {
- fail("issue " + index + " exception thrown, but wrong message");
- }
- else if (e.getCause() == null && !e.getMessage().equals(message))
- {
- e.printStackTrace();
- fail("issue " + index + " exception thrown, but wrong message");
- }
- }
- }
-
- private void doNoPasswordTest()
- throws IOException
- {
- PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().setProvider("BC").build("".toCharArray());
-
- PEMParser pemRd = openPEMResource("smimenopw.pem");
- Object o;
- PrivateKeyInfo key = null;
-
- while ((o = pemRd.readObject()) != null)
- {
- key = (PrivateKeyInfo)o;
- }
-
- if (key == null)
- {
- fail("private key not detected");
- }
- }
-
- public static void main(
- String[] args)
- {
- Security.addProvider(new BouncyCastleProvider());
-
- runTest(new ParserTest());
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/openssl/test/WriterTest.java b/pkix/src/test/java/org/bouncycastle/openssl/test/WriterTest.java
deleted file mode 100644
index e41efd6f..00000000
--- a/pkix/src/test/java/org/bouncycastle/openssl/test/WriterTest.java
+++ /dev/null
@@ -1,248 +0,0 @@
-package org.bouncycastle.openssl.test;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.OutputStreamWriter;
-import java.io.StringReader;
-import java.io.StringWriter;
-import java.math.BigInteger;
-import java.security.KeyFactory;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.PrivateKey;
-import java.security.SecureRandom;
-import java.security.Security;
-import java.security.spec.DSAParameterSpec;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.security.spec.RSAPrivateCrtKeySpec;
-import java.util.List;
-
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.openssl.PEMEncryptedKeyPair;
-import org.bouncycastle.openssl.PEMKeyPair;
-import org.bouncycastle.openssl.PEMParser;
-import org.bouncycastle.openssl.PEMWriter;
-import org.bouncycastle.openssl.PasswordFinder;
-import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator;
-import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
-import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
-import org.bouncycastle.openssl.jcajce.JcePEMEncryptorBuilder;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.util.io.pem.PemHeader;
-import org.bouncycastle.util.io.pem.PemObject;
-import org.bouncycastle.util.test.SimpleTest;
-
-public class WriterTest
- extends SimpleTest
-{
- private static final SecureRandom random = new SecureRandom();
-
- // TODO Replace with a randomly generated key each test run?
- private static final RSAPrivateCrtKeySpec testRsaKeySpec = new RSAPrivateCrtKeySpec(
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16),
- new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
- new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
- new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
- new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
- new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
- new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
-
- private static final DSAParameterSpec testDsaParams = new DSAParameterSpec(
- new BigInteger("7434410770759874867539421675728577177024889699586189000788950934679315164676852047058354758883833299702695428196962057871264685291775577130504050839126673"),
- new BigInteger("1138656671590261728308283492178581223478058193247"),
- new BigInteger("4182906737723181805517018315469082619513954319976782448649747742951189003482834321192692620856488639629011570381138542789803819092529658402611668375788410"));
-
- private static final PKCS8EncodedKeySpec testEcDsaKeySpec = new PKCS8EncodedKeySpec(
- Base64.decode("MIG/AgEAMBAGByqGSM49AgEGBSuBBAAiBIGnMIGkAgEBBDCSBU3vo7ieeKs0ABQamy/ynxlde7Ylr8HmyfLaNnMr" +
- "jAwPp9R+KMUEhB7zxSAXv9KgBwYFK4EEACKhZANiAQQyyolMpg+TyB4o9kPWqafHIOe8o9K1glus+w2sY8OIPQQWGb5i5LdAyi" +
- "/SscwU24rZM0yiL3BHodp9ccwyhLrFYgXJUOQcCN2dno1GMols5497in5gL5+zn0yMsRtyv5o=")
- );
-
- private static final char[] testPassword = "bouncy".toCharArray();
-
- private static final String[] algorithms = new String[]
- {
- "AES-128-CBC", "AES-128-CFB", "AES-128-ECB", "AES-128-OFB",
- "AES-192-CBC", "AES-192-CFB", "AES-192-ECB", "AES-192-OFB",
- "AES-256-CBC", "AES-256-CFB", "AES-256-ECB", "AES-256-OFB",
- "BF-CBC", "BF-CFB", "BF-ECB", "BF-OFB",
- "DES-CBC", "DES-CFB", "DES-ECB", "DES-OFB",
- "DES-EDE", "DES-EDE-CBC", "DES-EDE-CFB", "DES-EDE-ECB", "DES-EDE-OFB",
- "DES-EDE3", "DES-EDE3-CBC", "DES-EDE3-CFB", "DES-EDE3-ECB", "DES-EDE3-OFB",
- "RC2-CBC", "RC2-CFB", "RC2-ECB", "RC2-OFB",
- "RC2-40-CBC",
- "RC2-64-CBC",
- };
-
- private class Password
- implements PasswordFinder
- {
- private final char[] password;
-
- public Password(
- char[] word)
- {
- this.password = (char[]) word.clone();
- }
-
- public char[] getPassword()
- {
- return (char[]) password.clone();
- }
- }
-
- public String getName()
- {
- return "PEMWriterTest";
- }
-
- public void performTest()
- throws Exception
- {
- final String provider = "BC";
-
- KeyPairGenerator dsaKpg = KeyPairGenerator.getInstance("DSA", provider);
- dsaKpg.initialize(testDsaParams, random);
-
- KeyPair dsaKp = dsaKpg.generateKeyPair();
- PrivateKey testDsaKey = dsaKp.getPrivate();
-
- doWriteReadTest(testDsaKey, provider);
- doWriteReadTests(testDsaKey, provider, algorithms);
-
- KeyFactory fact = KeyFactory.getInstance("RSA", provider);
- PrivateKey testRsaKey = fact.generatePrivate(testRsaKeySpec);
-
- doWriteReadTest(testRsaKey, provider);
- doWriteReadTests(testRsaKey, provider, algorithms);
-
- fact = KeyFactory.getInstance("ECDSA", provider);
- PrivateKey testEcDsaKey = fact.generatePrivate(testEcDsaKeySpec);
-
- doWriteReadTest(testEcDsaKey, provider);
- doWriteReadTests(testEcDsaKey, provider, algorithms);
-
- KeyPairGenerator kpGen = KeyPairGenerator.getInstance("ECDSA", "BC");
-
- kpGen.initialize(239);
-
- PrivateKey privKey = kpGen.generateKeyPair().getPrivate();
-
- doWriteReadTest(privKey, provider);
- doWriteReadTests(privKey, "BC", algorithms);
-
- // override test
- PEMWriter pWrt = new PEMWriter(new OutputStreamWriter(new ByteArrayOutputStream()));
-
- Object o = new PemObject("FRED", new byte[100]);
- pWrt.writeObject(o);
-
- pWrt.close();
- }
-
- private void doWriteReadTests(
- PrivateKey akp,
- String provider,
- String[] algorithms)
- throws IOException
- {
- for (int i = 0; i < algorithms.length; ++i)
- {
- doWriteReadTest(akp, provider, algorithms[i]);
- }
- }
-
- private void doWriteReadTest(
- PrivateKey akp,
- String provider)
- throws IOException
- {
- StringWriter sw = new StringWriter();
- PEMWriter pw = new PEMWriter(sw);
-
- pw.writeObject(akp);
- pw.close();
-
- String data = sw.toString();
-
- PEMParser pr = new PEMParser(new StringReader(data));
-
- Object o = pr.readObject();
-
- if (o == null || !(o instanceof PEMKeyPair))
- {
- fail("Didn't find OpenSSL key");
- }
-
- KeyPair kp = new JcaPEMKeyConverter().setProvider("BC").getKeyPair((PEMKeyPair)o);
- PrivateKey privKey = kp.getPrivate();
-
- if (!akp.equals(privKey))
- {
- fail("Failed to read back test");
- }
- }
-
- private void doWriteReadTest(
- PrivateKey akp,
- String provider,
- String algorithm)
- throws IOException
- {
- StringWriter sw = new StringWriter();
- PEMWriter pw = new PEMWriter(sw);
-
- pw.writeObject(new JcaMiscPEMGenerator(akp, new JcePEMEncryptorBuilder(algorithm).setSecureRandom(random).build(testPassword)));
- pw.close();
-
- String data = sw.toString();
-
- PEMParser pRaw = new PEMParser(new StringReader(data));
- PemObject pemObject = pRaw.readPemObject();
-
- List headers = pemObject.getHeaders();
-
- for (int i = 0; i != headers.size(); i++)
- {
- PemHeader pemH = (PemHeader)headers.get(i);
-
- if (pemH.getName().equals("DEK-Info"))
- {
- String v = pemH.getValue();
- for (int j = 0; j != v.length(); j++)
- {
- if (v.charAt(j) >= 'a' && v.charAt(j) <= 'f')
- {
- fail("lower case detected in DEK-Info: " + v);
- }
- }
- }
- }
-
- PEMParser pr = new PEMParser(new StringReader(data));
-
- Object o = pr.readObject();
-
- if (o == null || !(o instanceof PEMEncryptedKeyPair))
- {
- fail("Didn't find OpenSSL key");
- }
-
- KeyPair kp = new JcaPEMKeyConverter().setProvider("BC").getKeyPair(((PEMEncryptedKeyPair)o).decryptKeyPair(new JcePEMDecryptorProviderBuilder().setProvider("BC").build(testPassword)));
- PrivateKey privKey = kp.getPrivate();
-
- if (!akp.equals(privKey))
- {
- fail("Failed to read back test key encoded with: " + algorithm);
- }
- }
-
- public static void main(
- String[] args)
- {
- Security.addProvider(new BouncyCastleProvider());
-
- runTest(new WriterTest());
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/pkcs/test/AllTests.java b/pkix/src/test/java/org/bouncycastle/pkcs/test/AllTests.java
deleted file mode 100644
index 809c5c54..00000000
--- a/pkix/src/test/java/org/bouncycastle/pkcs/test/AllTests.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package org.bouncycastle.pkcs.test;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-public class AllTests
- extends TestCase
-{
- public static void main (String[] args)
- {
- junit.textui.TestRunner.run(suite());
- }
-
- public static Test suite()
- {
- TestSuite suite = new TestSuite("PKCS Tests");
-
- suite.addTestSuite(PfxPduTest.class);
- suite.addTestSuite(PKCS10Test.class);
-
- return new BCTestSetup(suite);
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/pkcs/test/BCTestSetup.java b/pkix/src/test/java/org/bouncycastle/pkcs/test/BCTestSetup.java
deleted file mode 100644
index 7a13561a..00000000
--- a/pkix/src/test/java/org/bouncycastle/pkcs/test/BCTestSetup.java
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright (c) 2005 The Legion Of The Bouncy Castle (http://www.bouncycastle.org)
-package org.bouncycastle.pkcs.test;
-
-import java.security.Security;
-
-import junit.extensions.TestSetup;
-import junit.framework.Test;
-
-class BCTestSetup
- extends TestSetup
-{
- public BCTestSetup(Test test)
- {
- super(test);
- }
-
- protected void setUp()
- {
- Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
- }
-
- protected void tearDown()
- {
- Security.removeProvider("BC");
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/pkcs/test/PKCS10Test.java b/pkix/src/test/java/org/bouncycastle/pkcs/test/PKCS10Test.java
deleted file mode 100644
index a0c13d22..00000000
--- a/pkix/src/test/java/org/bouncycastle/pkcs/test/PKCS10Test.java
+++ /dev/null
@@ -1,78 +0,0 @@
-package org.bouncycastle.pkcs.test;
-
-import java.math.BigInteger;
-import java.security.KeyFactory;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.spec.RSAPrivateCrtKeySpec;
-import java.security.spec.RSAPublicKeySpec;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.asn1.pkcs.CertificationRequest;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.pkcs.PKCS10CertificationRequest;
-import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
-import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
-
-public class PKCS10Test
- extends TestCase
-{
- //
- // personal keys
- //
- private static final RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16));
-
- private static final RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16),
- new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
- new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
- new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
- new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
- new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
- new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
-
- public void testLeaveOffEmpty()
- throws Exception
- {
- KeyFactory keyFact = KeyFactory.getInstance("RSA", "BC");
- PublicKey pubKey = keyFact.generatePublic(pubKeySpec);
- PrivateKey privKey = keyFact.generatePrivate(privKeySpec);
-
- PKCS10CertificationRequestBuilder pkcs10Builder = new JcaPKCS10CertificationRequestBuilder(new X500Name("CN=Test"), pubKey);
-
- PKCS10CertificationRequest request = pkcs10Builder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privKey));
-
- assertEquals(0, request.getAttributes().length);
- assertNotNull(CertificationRequest.getInstance(request.getEncoded()).getCertificationRequestInfo().getAttributes());
-
- pkcs10Builder.setLeaveOffEmptyAttributes(true);
-
- request = pkcs10Builder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privKey));
-
- assertEquals(0, request.getAttributes().length);
- assertNull(CertificationRequest.getInstance(request.getEncoded()).getCertificationRequestInfo().getAttributes());
-
- pkcs10Builder.setLeaveOffEmptyAttributes(false);
-
- request = pkcs10Builder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privKey));
-
- assertEquals(0, request.getAttributes().length);
- assertNotNull(CertificationRequest.getInstance(request.getEncoded()).getCertificationRequestInfo().getAttributes());
- }
-
- public static void main(String args[])
- {
- junit.textui.TestRunner.run(suite());
- }
-
- public static Test suite()
- {
- return new BCTestSetup(new TestSuite(PKCS10Test.class));
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/pkcs/test/PfxPduTest.java b/pkix/src/test/java/org/bouncycastle/pkcs/test/PfxPduTest.java
deleted file mode 100644
index 931ed128..00000000
--- a/pkix/src/test/java/org/bouncycastle/pkcs/test/PfxPduTest.java
+++ /dev/null
@@ -1,1255 +0,0 @@
-package org.bouncycastle.pkcs.test;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.*;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.security.spec.RSAPrivateCrtKeySpec;
-import java.security.spec.RSAPublicKeySpec;
-import java.util.Date;
-
-import junit.framework.TestCase;
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1Encoding;
-import org.bouncycastle.asn1.DERBMPString;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.Attribute;
-import org.bouncycastle.asn1.pkcs.ContentInfo;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x500.X500NameBuilder;
-import org.bouncycastle.asn1.x500.style.BCStyle;
-import org.bouncycastle.asn1.x509.BasicConstraints;
-import org.bouncycastle.asn1.x509.Extension;
-import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.X509v1CertificateBuilder;
-import org.bouncycastle.cert.X509v3CertificateBuilder;
-import org.bouncycastle.cert.jcajce.JcaX500NameUtil;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
-import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
-import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder;
-import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
-import org.bouncycastle.crypto.engines.DESedeEngine;
-import org.bouncycastle.crypto.engines.RC2Engine;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.InputDecryptorProvider;
-import org.bouncycastle.operator.OutputEncryptor;
-import org.bouncycastle.operator.bc.BcDefaultDigestProvider;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.pkcs.PKCS12PfxPdu;
-import org.bouncycastle.pkcs.PKCS12PfxPduBuilder;
-import org.bouncycastle.pkcs.PKCS12SafeBag;
-import org.bouncycastle.pkcs.PKCS12SafeBagBuilder;
-import org.bouncycastle.pkcs.PKCS12SafeBagFactory;
-import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
-import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfoBuilder;
-import org.bouncycastle.pkcs.PKCSException;
-import org.bouncycastle.pkcs.bc.BcPKCS12MacCalculatorBuilder;
-import org.bouncycastle.pkcs.bc.BcPKCS12MacCalculatorBuilderProvider;
-import org.bouncycastle.pkcs.bc.BcPKCS12PBEInputDecryptorProviderBuilder;
-import org.bouncycastle.pkcs.bc.BcPKCS12PBEOutputEncryptorBuilder;
-import org.bouncycastle.pkcs.jcajce.JcaPKCS12SafeBagBuilder;
-import org.bouncycastle.pkcs.jcajce.JcaPKCS8EncryptedPrivateKeyInfoBuilder;
-import org.bouncycastle.pkcs.jcajce.JcePKCS12MacCalculatorBuilder;
-import org.bouncycastle.pkcs.jcajce.JcePKCS12MacCalculatorBuilderProvider;
-import org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder;
-import org.bouncycastle.pkcs.jcajce.JcePKCSPBEOutputEncryptorBuilder;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.encoders.Base64;
-
-public class PfxPduTest
- extends TestCase
-{
- private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
- private static final char[] passwd = {'h', 'e', 'l', 'l', 'o', ' ', 'w', 'o', 'r', 'l', 'd'};
-
- //
- // personal keys
- //
- private static final RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16));
-
- private static final RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
- new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
- new BigInteger("11", 16),
- new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
- new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
- new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
- new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
- new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
- new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
-
- //
- // intermediate keys.
- //
- private static final RSAPublicKeySpec intPubKeySpec = new RSAPublicKeySpec(
- new BigInteger("8de0d113c5e736969c8d2b047a243f8fe18edad64cde9e842d3669230ca486f7cfdde1f8eec54d1905fff04acc85e61093e180cadc6cea407f193d44bb0e9449b8dbb49784cd9e36260c39e06a947299978c6ed8300724e887198cfede20f3fbde658fa2bd078be946a392bd349f2b49c486e20c405588e306706c9017308e69", 16),
- new BigInteger("ffff", 16));
-
-
- private static final RSAPrivateCrtKeySpec intPrivKeySpec = new RSAPrivateCrtKeySpec(
- new BigInteger("8de0d113c5e736969c8d2b047a243f8fe18edad64cde9e842d3669230ca486f7cfdde1f8eec54d1905fff04acc85e61093e180cadc6cea407f193d44bb0e9449b8dbb49784cd9e36260c39e06a947299978c6ed8300724e887198cfede20f3fbde658fa2bd078be946a392bd349f2b49c486e20c405588e306706c9017308e69", 16),
- new BigInteger("ffff", 16),
- new BigInteger("7deb1b194a85bcfd29cf871411468adbc987650903e3bacc8338c449ca7b32efd39ffc33bc84412fcd7df18d23ce9d7c25ea910b1ae9985373e0273b4dca7f2e0db3b7314056ac67fd277f8f89cf2fd73c34c6ca69f9ba477143d2b0e2445548aa0b4a8473095182631da46844c356f5e5c7522eb54b5a33f11d730ead9c0cff", 16),
- new BigInteger("ef4cede573cea47f83699b814de4302edb60eefe426c52e17bd7870ec7c6b7a24fe55282ebb73775f369157726fcfb988def2b40350bdca9e5b418340288f649", 16),
- new BigInteger("97c7737d1b9a0088c3c7b528539247fd2a1593e7e01cef18848755be82f4a45aa093276cb0cbf118cb41117540a78f3fc471ba5d69f0042274defc9161265721", 16),
- new BigInteger("6c641094e24d172728b8da3c2777e69adfd0839085be7e38c7c4a2dd00b1ae969f2ec9d23e7e37090fcd449a40af0ed463fe1c612d6810d6b4f58b7bfa31eb5f", 16),
- new BigInteger("70b7123e8e69dfa76feb1236d0a686144b00e9232ed52b73847e74ef3af71fb45ccb24261f40d27f98101e230cf27b977a5d5f1f15f6cf48d5cb1da2a3a3b87f", 16),
- new BigInteger("e38f5750d97e270996a286df2e653fd26c242106436f5bab0f4c7a9e654ce02665d5a281f2c412456f2d1fa26586ef04a9adac9004ca7f913162cb28e13bf40d", 16));
-
- //
- // ca keys
- //
- private static final RSAPublicKeySpec caPubKeySpec = new RSAPublicKeySpec(
- new BigInteger("b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5", 16),
- new BigInteger("11", 16));
-
- private static final RSAPrivateCrtKeySpec caPrivKeySpec = new RSAPrivateCrtKeySpec(
- new BigInteger("b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5", 16),
- new BigInteger("11", 16),
- new BigInteger("92e08f83cc9920746989ca5034dcb384a094fb9c5a6288fcc4304424ab8f56388f72652d8fafc65a4b9020896f2cde297080f2a540e7b7ce5af0b3446e1258d1dd7f245cf54124b4c6e17da21b90a0ebd22605e6f45c9f136d7a13eaac1c0f7487de8bd6d924972408ebb58af71e76fd7b012a8d0e165f3ae2e5077a8648e619", 16),
- new BigInteger("f75e80839b9b9379f1cf1128f321639757dba514642c206bbbd99f9a4846208b3e93fbbe5e0527cc59b1d4b929d9555853004c7c8b30ee6a213c3d1bb7415d03", 16),
- new BigInteger("b892d9ebdbfc37e397256dd8a5d3123534d1f03726284743ddc6be3a709edb696fc40c7d902ed804c6eee730eee3d5b20bf6bd8d87a296813c87d3b3cc9d7947", 16),
- new BigInteger("1d1a2d3ca8e52068b3094d501c9a842fec37f54db16e9a67070a8b3f53cc03d4257ad252a1a640eadd603724d7bf3737914b544ae332eedf4f34436cac25ceb5", 16),
- new BigInteger("6c929e4e81672fef49d9c825163fec97c4b7ba7acb26c0824638ac22605d7201c94625770984f78a56e6e25904fe7db407099cad9b14588841b94f5ab498dded", 16),
- new BigInteger("dae7651ee69ad1d081ec5e7188ae126f6004ff39556bde90e0b870962fa7b926d070686d8244fe5a9aa709a95686a104614834b0ada4b10f53197a5cb4c97339", 16));
-
- //
- // pkcs-12 pfx-pdu
- //
- private String pkcs12Pass = "hello world";
-
- private byte[] pkcs12 = Base64.decode(
- "MIACAQMwgAYJKoZIhvcNAQcBoIAkgAQBMAQBgAQBMAQBgAQBBgQBCQQJKoZI"
- + "hvcNAQcBBAGgBAGABAEkBAGABAEEBAEBBAEwBAEEBAEDBAOCAzQEAQQEAQEE"
- + "ATAEAQQEAQMEA4IDMAQBBAQBAQQBBgQBBAQBAQQBCwQBBAQBCwQLKoZIhvcN"
- + "AQwKAQIEAQQEAQEEAaAEAQQEAQMEA4ICpQQBBAQBAQQBMAQBBAQBAwQDggKh"
- + "BAEEBAEBBAEwBAEEBAEBBAEbBAEEBAEBBAEGBAEEBAEBBAEKBAEEBAEKBAoq"
- + "hkiG9w0BDAEDBAEEBAEPBA8wDQQIoagiwNZPJR4CAQEEAQQEAQEEAQQEAQQE"
- + "AQMEA4ICgAQBBAQDggKABIICgEPG0XlhMFyrs4ZWDrvEzl51ICfXd6K2ql2l"
- + "nnxhszUbigtSj6x49VEx4PfOB9fQFeidc5L5An+nKp646NBMIY0UwXGs8BLQ"
- + "au59jtOs987+l7QYIvl6fdGUIuLPhVSnZZDyqD+HQjU/0/ccKFHRif4tlEQq"
- + "aErvZbFeH0pg4ijf1HfgX6gBJGRKdO+msa4qKGnZdHCSLZehyyxvxAmURetg"
- + "yhtEl7RmedTB+4TDs7atekqxkNlD9tfwDUX6sb0IH6qbEA6P/DlVMdaD54Cl"
- + "QDxRzOfIIjklZhv5OMFWtPK0aYPcqyxzLpw1qRAyoTVXpidkj/hpIpgCVBP/"
- + "k5s2+WdGbLgA/4/zSrF6feRCE5llzM2IGxiHVq4oPzzngl3R+Fi5VCPDMcuW"
- + "NRuIOzJA+RNV2NPOE/P3knThDnwiImq+rfxmvZ1u6T06s20RmWK6cxp7fTEw"
- + "lQ9BOsv+mmyV8dr6cYJq4IlRzHdFOyEUBDwfHThyribNKKobO50xh2f93xYj"
- + "Rn5UMOQBJIe3b7OKZt5HOIMrJSZO02IZgvImi9yQWi96PnWa419D1cAsLWvM"
- + "xiN0HqZMbDFfxVM2BZmsxiexLhkHWKwLqfQDzRjJfmVww8fnXpWZhFXKyut9"
- + "gMGEyCNoba4RU3QI/wHKWYaK74qtJpsucuLWBH6UcsHsCry6VZkwRxWwC0lb"
- + "/F3Bm5UKHax5n9JHJ2amQm9zW3WJ0S5stpPObfmg5ArhbPY+pVOsTqBRlop1"
- + "bYJLD/X8Qbs468Bwzej0FhoEU59ZxFrbjLSBsMUYrVrwD83JE9kEazMLVchc"
- + "uCB9WT1g0hxYb7VA0BhOrWhL8F5ZH72RMCYLPI0EAQQEAQEEATEEAQQEAQEE"
- + "AXgEAQQEAQEEATAEAQQEAQEEAVEEAQQEAQEEAQYEAQQEAQEEAQkEAQQEAQkE"
- + "CSqGSIb3DQEJFAQBBAQBAQQBMQQBBAQBAQQBRAQBBAQBAQQBHgQBBAQBAQQB"
- + "QgQBBAQBQgRCAEQAYQB2AGkAZAAgAEcALgAgAEgAbwBvAGsAJwBzACAAVgBl"
- + "AHIAaQBTAGkAZwBuACwAIABJAG4AYwAuACAASQBEBAEEBAEBBAEwBAEEBAEB"
- + "BAEjBAEEBAEBBAEGBAEEBAEBBAEJBAEEBAEJBAkqhkiG9w0BCRUEAQQEAQEE"
- + "ATEEAQQEAQEEARYEAQQEAQEEAQQEAQQEAQEEARQEAQQEARQEFKEcMJ798oZL"
- + "FkH0OnpbUBnrTLgWBAIAAAQCAAAEAgAABAEwBAGABAEGBAEJBAkqhkiG9w0B"
- + "BwYEAaAEAYAEATAEAYAEAQIEAQEEAQAEATAEAYAEAQYEAQkECSqGSIb3DQEH"
- + "AQQBMAQBGwQBBgQBCgQKKoZIhvcNAQwBBgQPMA0ECEE7euvmxxwYAgEBBAGg"
- + "BAGABAEEBAEIBAgQIWDGlBWxnwQBBAQBCAQI2WsMhavhSCcEAQQEAQgECPol"
- + "uHJy9bm/BAEEBAEQBBCiRxtllKXkJS2anKD2q3FHBAEEBAEIBAjKy6BRFysf"
- + "7gQBBAQDggMwBIIDMJWRGu2ZLZild3oz7UBdpBDUVMOA6eSoWiRIfVTo4++l"
- + "RUBm8TpmmGrVkV32PEoLkoV+reqlyWCvqqSjRzi3epQiVwPQ6PV+ccLqxDhV"
- + "pGWDRQ5UttDBC2+u4fUQVZi2Z1i1g2tsk6SzB3MKUCrjoWKvaDUUwXo5k9Vz"
- + "qSLWCLTZCjs3RaY+jg3NbLZYtfMDdYovhCU2jMYV9adJ8MxxmJRz+zPWAJph"
- + "LH8hhfkKG+wJOSszqk9BqGZUa/mnZyzeQSMTEFga1ZB/kt2e8SZFWrTZEBgJ"
- + "oszsL5MObbwMDowNurnZsnS+Mf7xi01LeG0VT1fjd6rn9BzVwuMwhoqyoCNo"
- + "ziUqSUyLEwnGTYYpvXLxzhNiYzW8546KdoEKDkEjhfYsc4XqSjm9NYy/BW/M"
- + "qR+aL92j8hqnkrWkrWyvocUe3mWaiqt7/oOzNZiMTcV2dgjjh9HfnjSHjFGe"
- + "CVhnEWzV7dQIVyc/qvNzOuND8X5IyJ28xb6a/i1vScwGuo/UDgPAaMjGw28f"
- + "siOZBShzde0Kj82y8NilfYLHHeIGRW+N/grUFWhW25mAcBReXDd5JwOqM/eF"
- + "y+4+zBzlO84ws88T1pkSifwtMldglN0APwr4hvUH0swfiqQOWtwyeM4t+bHd"
- + "5buAlXOkSeF5rrLzZ2/Lx+JJmI2pJ/CQx3ej3bxPlx/BmarUGAxaI4le5go4"
- + "KNfs4GV8U+dbEHQz+yDYL+ksYNs1eb+DjI2khbl28jhoeAFKBtu2gGOL5M9M"
- + "CIP/JDOCHimu1YZRuOTAf6WISnG/0Ri3pYZsgQ0i4cXj+WfYwYVjhKX5AcDj"
- + "UKnc4/Cxp+TbbgZqEKRcYVb2q0kOAxkeaNo3WCm+qvUYrwAmKp4nVB+/24rK"
- + "khHiyYJQsETxtOEyvJkVxAS01djY4amuJ4jL0sYnXIhW3Ag93eavbzksGT7W"
- + "Fg1ywpr1x1xpXWIIuVt1k4e+g9fy7Yx7rx0IK1qCSjNwU3QPWbaef1rp0Q/X"
- + "P9IVXYkqo1g/T3SyXqrbZLO+sDjiG4IT3z3fJJqt81sRSVT0QN1ND8l93BG4"
- + "QKzghYw8sZ4FwKPtLky1dDcVTgQBBAQBCAQIK/85VMKWDWYEAQQEAQgECGsO"
- + "Q85CcFwPBAEEBAEIBAhaup6ot9XnQAQBBAQCgaAEgaCeCMadSm5fkLfhErYQ"
- + "DgePZl/rrjP9FQ3VJZ13XrjTSjTRknAbXi0DEu2tvAbmCf0sdoVNuZIZ92W0"
- + "iyaa2/A3RHA2RLPNQz5meTi1RE2N361yR0q181dC3ztkkJ8PLyd74nCtgPUX"
- + "0JlsvLRrdSjPBpBQ14GiM8VjqeIY7EVFy3vte6IbPzodxaviuSc70iXM4Yko"
- + "fQq6oaSjNBFRqkHrBAEEBAEIBAjlIvOf8SnfugQBBAQBCAQIutCF3Jovvl0E"
- + "AQQEAQgECO7jxbucdp/3BAEEBAEIBAidxK3XDLj+BwQBBAQBCAQI3m/HMbd3"
- + "TwwEAQQEA4ICOASCAjgtoCiMfTkjpCRuMhF5gNLRBiNv+xjg6GvZftR12qiJ"
- + "dLeCERI5bvXbh9GD6U+DjTUfhEab/37TbiI7VOFzsI/R137sYy9Tbnu7qkSx"
- + "u0bTvyXSSmio6sMRiWIcakmDbv+TDWR/xgtj7+7C6p+1jfUGXn/RjB3vlyjL"
- + "Q9lFe5F84qkZjnADo66p9gor2a48fgGm/nkABIUeyzFWCiTp9v6FEzuBfeuP"
- + "T9qoKSnCitaXRCru5qekF6L5LJHLNXLtIMSrbO0bS3hZK58FZAUVMaqawesJ"
- + "e/sVfQip9x/aFQ6U3KlSpJkmZK4TAqp9jIfxBC8CclbuwmoXPMomiCH57ykr"
- + "vkFHOGcxRcCxax5HySCwSyPDr8I4+6Kocty61i/1Xr4xJjb+3oyFStIpB24x"
- + "+ALb0Mz6mUa1ls76o+iQv0VM2YFwnx+TC8KC1+O4cNOE/gKeh0ircenVX83h"
- + "GNez8C5Ltg81g6p9HqZPc2pkwsneX2sJ4jMsjDhewV7TyyS3x3Uy3vTpZPek"
- + "VdjYeVIcgAz8VLJOpsIjyHMB57AyT7Yj87hVVy//VODnE1T88tRXZb+D+fCg"
- + "lj2weQ/bZtFzDX0ReiEQP6+yklGah59omeklIy9wctGV1o9GNZnGBSLvQ5NI"
- + "61e9zmQTJD2iDjihvQA/6+edKswCjGRX6rMjRWXT5Jv436l75DVoUj09tgR9"
- + "ytXSathCjQUL9MNXzUMtr7mgEUPETjM/kYBR7CNrsc+gWTWHYaSWuqKVBAEE"
- + "BAEIBAh6slfZ6iqkqwQBBAQBCAQI9McJKl5a+UwEAQQEATgEOBelrmiYMay3"
- + "q0OW2x2a8QQodYqdUs1TCUU4JhfFGFRy+g3yU1cP/9ZSI8gcI4skdPc31cFG"
- + "grP7BAEEBAEIBAhzv/wSV+RBJQQBBAQBCAQI837ImVqqlr4EAQQEAQgECGeU"
- + "gjULLnylBAEEBAEIBAjD3P4hlSBCvQQBBAQBCAQISP/qivIzf50EAQQEAQgE"
- + "CKIDMX9PKxICBAEEBAOCBOgEggTocP5VVT1vWvpAV6koZupKN1btJ3C01dR6"
- + "16g1zJ5FK5xL1PTdA0r6iAwVtgYdxQYnU8tht3bkNXdPJC1BdsC9oTkBg9Nr"
- + "dqlF5cCzXWIezcR3ObjGLpXu49SAHvChH4emT5rytv81MYxZ7bGmlQfp8BNa"
- + "0cMZz05A56LXw//WWDEzZcbKSk4tCsfMXBdGk/ngs7aILZ4FGM620PBPtD92"
- + "pz2Ui/tUZqtQ0WKdLzwga1E/rl02a/x78/OdlVRNeaIYWJWLmLavX98w0PhY"
- + "ha3Tbj/fqq+H3ua6Vv2Ff4VeXazkXpp4tTiqUxhc6aAGiRYckwZaP7OPSbos"
- + "RKFlRLVofSGu1IVSKO+7faxV4IrVaAAzqRwLGkpJZLV7NkzkU1BwgvsAZAI4"
- + "WClPDF228ygbhLwrSN2NK0s+5bKhTCNAR/LCUf3k7uip3ZSe18IwEkUMWiaZ"
- + "ayktcTYn2ZjmfIfV7wIxHgWPkP1DeB+RMS7VZe9zEgJKOA16L+9SNBwJSSs9"
- + "5Sb1+nmhquZmnAltsXMgwOrR12JLIgdfyyqGcNq997U0/KuHybqBVDVu0Fyr"
- + "6O+q5oRmQZq6rju7h+Hb/ZUqRxRoTTSPjGD4Cu9vUqkoNVgwYOT+88FIMYun"
- + "g9eChhio2kwPYwU/9BNGGzh+hAvAKcUpO016mGLImYin+FpQxodJXfpNCFpG"
- + "4v4HhIwKh71OOfL6ocM/518dYwuU4Ds2/JrDhYYFsn+KprLftjrnTBnSsfYS"
- + "t68b+Xr16qv9r6sseEkXbsaNbrGiZAhfHEVBOxQ4lchHrMp4zpduxG4crmpc"
- + "+Jy4SadvS0uaJvADgI03DpsDYffUdriECUqAfOg/Hr7HHyr6Q9XMo1GfIarz"
- + "eUHBgi1Ny0nDTWkdb7I3bIajG+Unr3KfK6dZz5Lb3g5NeclU5zintB1045Jr"
- + "j9fvGGk0/2lG0n17QViBiOzGs2poTlhn7YxmiskwlkRKVafxPZNPxKILpN9s"
- + "YaWGz93qER/pGMJarGJxu8sFi3+yt6FZ4pVPkvKE8JZMEPBBrmH41batS3sw"
- + "sfnJ5CicAkwd8bluQpoc6qQd81HdNpS6u7djaRSDwPtYnZWu/8Hhj4DXisje"
- + "FJBAjQdn2nK4MV7WKVwr+mNcVgOdc5IuOZbRLOfc3Sff6kYVuQFfcCGgAFpd"
- + "nbprF/FnYXR/rghWE7fT1gfzSMNv+z5UjZ5Rtg1S/IQfUM/P7t0UqQ01/w58"
- + "bTlMGihTxHiJ4Qf3o5GUzNmAyryLvID+nOFqxpr5es6kqSN4GPRHsmUIpB9t"
- + "f9Nw952vhsXI9uVkhQap3JvmdAKJaIyDz6Qi7JBZvhxpghVIDh73BQTaAFP9"
- + "5GUcPbYOYJzKaU5MeYEsorGoanSqPDeKDeZxjxJD4xFsqJCoutyssqIxnXUN"
- + "Y3Uojbz26IJOhqIBLaUn6QVFX79buWYjJ5ZkDS7D8kq6DZeqZclt5711AO5U"
- + "uz/eDSrx3d4iVHR+kSeopxFKsrK+KCH3CbBUMIFGX/GE9WPhDWCtjjNKEe8W"
- + "PinQtxvv8MlqGXtv3v7ObJ2BmfIfLD0rh3EB5WuRNKL7Ssxaq14KZGEBvc7G"
- + "Fx7jXLOW6ZV3SH+C3deJGlKM2kVhDdIVjjODvQzD8qw8a/ZKqDO5hGGKUTGD"
- + "Psdd7O/k/Wfn+XdE+YuKIhcEAQQEAQgECJJCZNJdIshRBAEEBAEIBAiGGrlG"
- + "HlKwrAQBBAQBCAQIkdvKinJYjJcEAQQEAUAEQBGiIgN/s1bvPQr+p1aQNh/X"
- + "UQFmay6Vm5HIvPhoNrX86gmMjr6/sg28/WCRtSfyuYjwQkK91n7MwFLOBaU3"
- + "RrsEAQQEAQgECLRqESFR50+zBAEEBAEIBAguqbAEWMTiPwQBBAQBGAQYKzUv"
- + "EetQEAe3cXEGlSsY4a/MNTbzu1WbBAEEBAEIBAiVpOv1dOWZ1AQCAAAEAgAA"
- + "BAIAAAQCAAAEAgAABAIAAAAAAAAAADA1MCEwCQYFKw4DAhoFAAQUvMkeVqe6"
- + "D4UmMHGEQwcb8O7ZwhgEEGiX9DeqtRwQnVi+iY/6Re8AAA==");
-
- private String sha256Pass = "D317F8D5191F2602C527F8E6E0E8855C4517EC9512F7A06A7A588ACF0B3A6325";
-
- private byte[] sha256Pfx = Base64.decode(
- "MIIFvwIBAzCCBXEGCSqGSIb3DQEHAaCCBWIEggVeMIIFWjCCBVYGCSqGSIb3"
- + "DQEHAaCCBUcEggVDMIIFPzCCBTsGCyqGSIb3DQEMCgECoIIFKjCCBSYwUAYJ"
- + "KoZIhvcNAQUNMEMwIgYJKoZIhvcNAQUMMBUEEFEZik5RaSrwXtrWCnaLzAQC"
- + "AQEwHQYJYIZIAWUDBAEqBBBTqY5oFOjZxnBBtWchzf0TBIIE0Pcvwtwthm8d"
- + "yR16f5yqtofxGzJ0aAbCF7JJ+XsL9QhNuqndTtnXits+E2WgNwwm24XyRhPA"
- + "obAwqz+DvH+gdUbKoN/gCEp+/6xhlwMQZyjyqi5ePznwLQ/bJueqmXZDT+pO"
- + "zTIeMXMF0YaSjcZZ4FJnZtBX7XQDEAPmialrknhcSZI5RoLjOzFv51FgYd9+"
- + "nWdtWlRINS9LrGCVL+y8wwHp55tWEoCR2/o9YWFMYNrUkVUUzImHCN1fkbIH"
- + "XQxPp5fUqP00kwYY4288JZrzHGWGmSVYm54ok5YRLpCs0yhB0ve//iH/fNNO"
- + "esShfBTUcRCc086skxgoCVWBZERyVJHWkKl/Q4RVzYt70k2/Qfq/xBNwVCrw"
- + "YiOB0TwSQJKpvRbtufPx2vODfAmhIKes08ZLJHsMJ+O3p99O2rWZslNY7nfx"
- + "1vWXYLVkHg0q79ThgbP4p0qQQziIVZoF9ViisJTJWzZbfJLdaKPeHcduvXsR"
- + "lRvfEpR6/lifcxvkloxjpYtM6JEjtvT1x442VRKJWZofkjCohpLSmEDt77FM"
- + "ENvra7B9ojlY+0DkwNV34FlSRrwi/nVl2XhebI11DfQFEUN+krNoZ3U4n5Sb"
- + "g0Heibg5mILPwVS5Zh2vEybXzFY6b1XPA7TlGQATm6xBaU+BNFiACp+7+6CZ"
- + "PxofFKKlWq0+Apx43JDATerwlPBKxLqxxgo0xTJUtL8OKnt6oSFX4P6O6AgX"
- + "D9Pz3dzdWW9ga65N2qEmqpeIsd6SB4eGRJ1Vf1ePDgdVBUD9DG/eWfpn8l1T"
- + "neg7wsQOGDrX00uDfio/WrjRBOw37IfToqJ/j6y/Ybggg5tldvCNoxq/42rC"
- + "RvP0GJH+LJAHgB9sOWbksR7tKizWeFEyHwrAQfYc8aIZocApObtsZp8O5nuI"
- + "MNcSCc77WZfVacrJzssKki1YHPoZeTYb9q4DRm0F6Rk+bqyvd7vs2DyLN7jT"
- + "bkWoSoyCw8PAOuc8Q/+X3jhs18RQGzsEpeTOHoYJWeTUxgPrPqDFNKNLhD+L"
- + "7mvDM7EvB08tVfLTSMeVBY+RUW6eFCbdlHfqszvp9pFZPNxQHtgbAYplwK6J"
- + "i24gCH2UMF+BNzdcN2Fw9vP3nao+mzjtY1HuYebDDNNxgBAEoUFS4jr1YLoa"
- + "+li3A9T/NqSf+J5OwASsSsp0YttAJQ+VU19amwJ141U+04kVc2bUIvSxEyxu"
- + "UzWfFs26J1FhKzacirtpNv21iH78NHWOgS3jlEZMirpCHtHDbwF0z3V0upJ7"
- + "cZzMwHJPQIGP4Nk8ei20dEogc/D2ijXHGRKdRjstzi89YXs4iLWjy2lEqhlK"
- + "IvmlbF/snra1He2En/TFYv7m1zMuEPtS/+DTcwzqoe10Lko+2bNlOikW58u/"
- + "OdAlteo1IissecMjL6743ttt8SAwx9gpAn6XHaIfFL1jiGKUQPJ5Mx9RUzfB"
- + "lsKzHLNWmrDCZtR4BC4A21aRUueDGgRbtiOCYLbVtoiTc2XWM5juahaWCNKm"
- + "4+ENQNOPrB4rJUeWJquNOj9+Brhe6pWWfi4EYVBuWlbTQB7u3uP9lnYvQHSo"
- + "nOjkhjwEhPZneaKctEqXx2LoYc8arY1LSSpaXORcOJc/LkgVCq3bBEDNCJrZ"
- + "DBOUpcPXDj43MEUwMTANBglghkgBZQMEAgEFAAQgdWQUVEirOjgax8qJhjqC"
- + "bArDHuZQQvCmtrjqyhWbI4MEENBoJ4T1+xY5fmdiwmoXPPM=");
-
- private String pkcs5Pass = "hello";
-
- private byte[] pkcs5Aes128Pfx = Base64.decode(
- "MIIFsQIBAzCCBXcGCSqGSIb3DQEHAaCCBWgEggVkMIIFYDCCAxcGCSqGSIb3"
- + "DQEHBqCCAwgwggMEAgEAMIIC/QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYw"
- + "DgQIBumPBl/jV0kCAggAgIIC0Dd2zn5WPPxgqdZg0a4zB10ErQnNlRUd1EOw"
- + "kodoXH7Vt3/zVgssPDmuUJo6OlneBaYXjjjrqaDbmuc+1JTpB3GPsCAdDvAd"
- + "m3IQR9oJJOqX0RYFKw4rFQ2xmzkybHiXWvt24lKr1A7MSfSWc+xO3xupNzQt"
- + "z8dLGx0VJejJe8KSM+ST6JTXaHWcijPo/pADjyTWp2xwZaEfBDUOLgCPTlHY"
- + "95cfqB0FlwfT+jGqrQjVXex9hL1MmANFwZ0bqxx+9yfdcDY8K/87NYZ4LJdA"
- + "L7qAJg5Ziduhe+NMugzOMQijUGHX9g21kMmU96CUbUNyc0JWXyDJqwh0aAvV"
- + "QVbLW9F+qzWPCMlV/5u30WNZ0gdVulCdQ9wIO1vt3oa3wUUdO1LCaEGyqO+h"
- + "x5iPGH3f5WTeJK2BoOKtUXhZtfp7GvYYFcI8BeoTo5poT/uqLdZmaPgBXc5O"
- + "kyRQCpvQJipNcwD+R8FPbTExUxTWnbxbx3f7n0v8vMFPqb26BrFzCN+JTFRw"
- + "bN0dRaysOGgzMeBjk0TGpHHj5/g5DUvIxVjN6wY7HO+849g64a+Z/wHWB1vp"
- + "fALen3hGVdYIgWXGWn3bBMXT5peWc1omPXJdoltpiFRGku3JFCBJEQ6LzqZD"
- + "ApVqVgE6WbfTQXgsEE9+J5zJJx/yTGvFjxXNNUMSdo2zQtHJVj0karXHVLxu"
- + "phGb8Eg23obEOZj6Y6cZviWeiEeBjinGh4M1RD4HuYnczDF3FWZbi9aRku9r"
- + "a1VgUbftiXeqmRpIWtZhfB40IELadTbEMTOi4pQ2cPcjZRAKAZwnijTfXEA5"
- + "XwBQYdPvORlP6PJJv2Ai6Zc2XrevvOYLnSXSU+2ZpVuTTaX7xcQFi4APexyc"
- + "Csfhpcpmb2K8jek3XN0jnOti9rU6Rlab9U5bPMLuOqoISsQ/x2ho3M0uYZIh"
- + "9nGPixL1lxKgNDXfh0sZ7u7/AzCCAkEGCSqGSIb3DQEHAaCCAjIEggIuMIIC"
- + "KjCCAiYGCyqGSIb3DQEMCgECoIIBszCCAa8wSQYJKoZIhvcNAQUNMDwwGwYJ"
- + "KoZIhvcNAQUMMA4ECDD2zGfoVExtAgIIADAdBglghkgBZQMEAQIEEFER8VTx"
- + "Owq7+dXKJn8zEMwEggFgpsQbBZJ1/NCAv5G05MsoujT6jNmhUI5RyHlKVqBD"
- + "odvw/wS13qmWqUA3gL0/sJz/uf9/DJ7ur5XbkW56Y5qlqXBc8xvZ22Mabfy4"
- + "hBzBuL+A6gfEQZNuZPiev0w02fEuVAtceDgsnJfMaawK06PUjxTUP3n/Bczc"
- + "rhYYaGHwTtX+N6C3Q0Zn/W3zoIsoSruN6jc9x2DCAc3cdv5zaXxvZv6GhQou"
- + "kcibQhRnTqQVRRWsF2zX3ZgPLJrQcB4NPGoEecHceD8jB6JnKqgGUpWybrjK"
- + "7Mwwl2wB8Ffd2XpTTw2beiNSZXhCp+IxqgggwK3L1RGWhRoQE3esAVlCDhkz"
- + "sk/ngnpqaauE9NVcrZEY0x6++/MOJssQZZ8X+Ci/zJuyH1dpUQii3kuw4F/O"
- + "8nHiHClR0IA/xrVM+h0NC1/o2jCjeKXPf67j2Wp95o40apldtqlHyTm3TM2O"
- + "uXrT5ExzcjFgMCMGCSqGSIb3DQEJFTEWBBSpuRoBZ82LWCyE2mXmT5Gmk1xv"
- + "+DA5BgkqhkiG9w0BCRQxLB4qAHQAZQBzAHQAQABiAG8AdQBuAGMAeQBjAGEA"
- + "cwB0AGwAZQAuAG8AcgBnMDEwITAJBgUrDgMCGgUABBQRvdgo1LVPm68qJcVT"
- + "gw8dRrSS4gQISYYYgNAwxl0CAggA");
-
- private byte[] pkcs5Aes192Pfx = Base64.decode(
- "MIIFsQIBAzCCBXcGCSqGSIb3DQEHAaCCBWgEggVkMIIFYDCCAxcGCSqGSIb3"
- + "DQEHBqCCAwgwggMEAgEAMIIC/QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYw"
- + "DgQImAP7SD16WkACAggAgIIC0MCS81oGaIY1yHwP6faAhe3eseR6gGMlezbx"
- + "r/7jmVQ8xe2jsZwqRVp/WCx716/9RHab17UFy+e3efbCrCGUJGUU5OrADf0l"
- + "6/S7v/C5hR5XeE12zukSe/c5mkGhPuM+for0daQpLP6zDQMNLENyp+mPVBsI"
- + "7IqFihwWUow7lvZEwaUOmsu+m978BOqhMRykZ7MbEjq4lMumZNvp37WqPRrh"
- + "eQ4tz7q47C+k5NkTjMz2s/2a9SZViW+FZWOvV0DXJj/BCpAARR0bQDpjqlQ8"
- + "HoSjoVgP+p5Y1pnLBvI/pFecS4ZwM1TyAdFZbjFpkNe8DREO/Py+89kOJpZa"
- + "aZoFKjxY5m7Z9ftJx615vih5d8D4t685tBJNAEiah9RFppNA41GpJc1winx1"
- + "CuqQQqStOmmMD/uk1BEgaQ4R4lR88Bms69shK8Nk2U4egVYKdbrruulKY5M0"
- + "dj5j2JChqYjE5dPxPyd1s0qYW9ABMeDT8l7gtiDTOfS4qZjVPWRW2vGbj80g"
- + "HnBnd6SAC2DdWkY1QuDRVRABQO5NJPPqGhL2LclX1dE1FS0puXpl/oyxbAMU"
- + "pCt+pnZZLPrMSZgZ6I3VWt+Dbg6jHtM4a+y3gsswL+uzdb4AnHqCcuFbnZDh"
- + "2hz6IFsyw4LgUeIBJNBAqgag3VeJLL7bpKm58XSd/6hC369HXn91F1NAkBOO"
- + "IZFZQPVgEufdryZck1/u0+zmyelAWG7Jq4SQF07C4v/dpgVH8U1OwR34+D0f"
- + "0fPA3qdBLGL5cKNBxnKCx5+Gu/+dDR33aY176qaDZu7OmZkCJ3qkhOif7/Qi"
- + "0s4NpG6ATLGD6TzSnmje3GwJze5KwOvMgAewWGScdqOE9KOh7iPC1kIDgwhE"
- + "eBM+yciGGfinStyeSik6fLRi2JPnVNIALIh74DIfK3QJVVRNi9vuQ0j0Dm8C"
- + "JSD/heWsebKIFrQSoeEAZCYPhzCCAkEGCSqGSIb3DQEHAaCCAjIEggIuMIIC"
- + "KjCCAiYGCyqGSIb3DQEMCgECoIIBszCCAa8wSQYJKoZIhvcNAQUNMDwwGwYJ"
- + "KoZIhvcNAQUMMA4ECBGQFSR+KZ2AAgIIADAdBglghkgBZQMEARYEEABRcxC7"
- + "xWHsYaX2UsUZ5JoEggFgyrYAZowHdclsxaAeoY/Ch1F+NBb64bXdDOp56OWh"
- + "HHu79vhLsjAOmbTYoMsmRZw8REen7ztBUv9h/f7WbfKs84FDI6LbM9EIaeun"
- + "jrqaUdmSADQhakd7hJQhWAw4h/Df5KNhwsVJ1+i9RCtMzY1nFk1Pjg6yL/5E"
- + "rWVvNRkconjrDbUwLPA+TfDlhOMapttER4k8kOY0WMc7iWHmowkh1JHUNbvC"
- + "gEQvGwysXiFqoEcy/UbY7Wgke3h7HwoColAYorHhkV4/NBENmQbsiUdkxD/Z"
- + "6KrgOuAvvluGUY79M6SusH11PfVBwyJX7Wt1HmllrykrsmJuF6UuN1BavUrR"
- + "rr0Utm9T28iiqO6ky74V4XesmFdr7oObT2kLcGiFbWzXyVrWL3GM9N03CWXx"
- + "b1M5hXACRlwKVp79qxeyw5k+ccixnjCumsSX8MMttKYwRJ1ML2YL0v8XdE0i"
- + "LSkXsEoG5zFgMCMGCSqGSIb3DQEJFTEWBBSpuRoBZ82LWCyE2mXmT5Gmk1xv"
- + "+DA5BgkqhkiG9w0BCRQxLB4qAHQAZQBzAHQAQABiAG8AdQBuAGMAeQBjAGEA"
- + "cwB0AGwAZQAuAG8AcgBnMDEwITAJBgUrDgMCGgUABBQz1gLRjMDYVLIPGdsd"
- + "4EPgRMGPtQQItR+KgKM/oRMCAggA");
-
- private byte[] pkcs5Camellia128Pfx = Base64.decode(
- "MIIFswIBAzCCBXkGCSqGSIb3DQEHAaCCBWoEggVmMIIFYjCCAxcGCSqGSIb3"
- + "DQEHBqCCAwgwggMEAgEAMIIC/QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYw"
- + "DgQIq+wFOOOtSokCAggAgIIC0IWDRpk4L/tSSMfwWx0mN3ecbaL+m2XZWvN9"
- + "hK1K5PghAYquCs36l603cYSV9pypOkGC5rn1d2fyZCFhUMOObSC7V/mpkitr"
- + "OfOYpaW7tU1JJecpONgIHlbd8N4fbBtH73E7vdmi6X/tg4Tl7yJf40fruYVq"
- + "yzqfJCO2aGJIFv6JWsFivjCwehBa+6ppCHBnNcj4SsVlozj1y2B0Wl2TVi3r"
- + "joBIsK2RQ+RMjM55k3pS57mV+jXtd29wb2q9utDKogvpBCboTk8dPMFcFGWz"
- + "2D41onJoEJKizAEIgXiS7UvqHddhIL9O/rSZ68j2d2GcFi1Oxer1PyZoCI61"
- + "CpZdk2QeNeVaVFTPJ26We6J34w2ivZwHOhn+iUZ7q0Sm9gcYa1QRG79LA/AC"
- + "nE3Xxzl4nEjRRi5AKb6IOnMKBbr0povesS8tL323x91uPZc0jMctC6Q+vegX"
- + "tIZ7dZPuNxhqRHqb62LSm11cpYQWibj16rRQ0ulOFSQGIr514PvfbIig6oo8"
- + "niwHuefp/ey/Zvl/dAl+um2UkVdR9Mwn8vTM8oMF+ptJfpWyZEIrP785Rpu3"
- + "oyBMyEYA2djX7JsFvoCxKxGCC5VK3C/9EFv9xUGmiV0zrTPcHb1P4sK1AJyI"
- + "vhSY+Tgv+Fjq5KoPCa4ZXP+Y+vSzkttcP8u7x0wt9cblvgzdBy9Ee1xqCdJd"
- + "F67U6vbQ6ErDrdVAwtRqc0TsPKG1XH5NFtxTwILyCeh8XzdYMIaHkEnTuITQ"
- + "eeICaUJ2YPZrADLxXTNHI9e6dVcDvhjf/JfBXZfiiqFH8XmbCIMqyGSGTmQr"
- + "8uwb8cquLMS78RbXSHLNcv+f/DmPOClNjmWgVAYxaDuw5lZBaU+YDyZaKEy2"
- + "Mdjd+lR/g2LZhvAEfcM3V4bzr17s0GOSwJ5/5yzczPKZZ8auMwML+Bcmoggt"
- + "EJgubVFHg/3l11xVe2djfg78CTCCAkMGCSqGSIb3DQEHAaCCAjQEggIwMIIC"
- + "LDCCAigGCyqGSIb3DQEMCgECoIIBtTCCAbEwSwYJKoZIhvcNAQUNMD4wGwYJ"
- + "KoZIhvcNAQUMMA4ECInc03N3q5vSAgIIADAfBgsqgwiMmks9AQEBAgQQR+Uo"
- + "WVvmSL5AcwwRq6vtOQSCAWD0Ms1i2wHGaFi6qUWLqA5EnmYFwqwQQlfz5To+"
- + "FwVEpHQHrqd0pehOt1J9vyDVYwfjU8DUOJDovCiBIzRsopyf0Qp5hcZnaTDw"
- + "YJSNd3pIAYiEUAzfdtC7tQw2v0aLt5X/7zthEcoRtTe061dK8DhbV4fALWa9"
- + "VF2E91L35+wq52DblvpJHBw28PHTbuhfJZsNshXKO7qU7uk+UR6V/Pwc7rsp"
- + "x/TQ35fVfm7v53rapdHlMVyY4Bx/4fdEWV9aK1cV3qOfiBMByxt8WD0xBLoc"
- + "Yy3qo3+k/N7q6t4hqjus3LPVrmCbpgAe5S5EkDgnjy7Mpz19tf7hhzL957p2"
- + "ecWregvR9rQHoWZNOaxS2e2hdOiZUPSxIJ46nOJyCnoZQHG0CFVEwwJkGcWf"
- + "Thjz38U203IRzuCPgsO1f8wjSXXMp4xJQtJW2TqMm+5/aaDtuXAsUGqQzGiH"
- + "DQfUs4z/PCKyMWAwIwYJKoZIhvcNAQkVMRYEFKm5GgFnzYtYLITaZeZPkaaT"
- + "XG/4MDkGCSqGSIb3DQEJFDEsHioAdABlAHMAdABAAGIAbwB1AG4AYwB5AGMA"
- + "YQBzAHQAbABlAC4AbwByAGcwMTAhMAkGBSsOAwIaBQAEFHIzAiyzoVOmPvLE"
- + "XCD2HHG5MC23BAhhHlFnklHZYgICCAA=");
-
- private byte[] pkcs5Camellia256Pfx = Base64.decode(
- "MIIFswIBAzCCBXkGCSqGSIb3DQEHAaCCBWoEggVmMIIFYjCCAxcGCSqGSIb3"
- + "DQEHBqCCAwgwggMEAgEAMIIC/QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYw"
- + "DgQIq+wFOOOtSokCAggAgIIC0IWDRpk4L/tSSMfwWx0mN3ecbaL+m2XZWvN9"
- + "hK1K5PghAYquCs36l603cYSV9pypOkGC5rn1d2fyZCFhUMOObSC7V/mpkitr"
- + "OfOYpaW7tU1JJecpONgIHlbd8N4fbBtH73E7vdmi6X/tg4Tl7yJf40fruYVq"
- + "yzqfJCO2aGJIFv6JWsFivjCwehBa+6ppCHBnNcj4SsVlozj1y2B0Wl2TVi3r"
- + "joBIsK2RQ+RMjM55k3pS57mV+jXtd29wb2q9utDKogvpBCboTk8dPMFcFGWz"
- + "2D41onJoEJKizAEIgXiS7UvqHddhIL9O/rSZ68j2d2GcFi1Oxer1PyZoCI61"
- + "CpZdk2QeNeVaVFTPJ26We6J34w2ivZwHOhn+iUZ7q0Sm9gcYa1QRG79LA/AC"
- + "nE3Xxzl4nEjRRi5AKb6IOnMKBbr0povesS8tL323x91uPZc0jMctC6Q+vegX"
- + "tIZ7dZPuNxhqRHqb62LSm11cpYQWibj16rRQ0ulOFSQGIr514PvfbIig6oo8"
- + "niwHuefp/ey/Zvl/dAl+um2UkVdR9Mwn8vTM8oMF+ptJfpWyZEIrP785Rpu3"
- + "oyBMyEYA2djX7JsFvoCxKxGCC5VK3C/9EFv9xUGmiV0zrTPcHb1P4sK1AJyI"
- + "vhSY+Tgv+Fjq5KoPCa4ZXP+Y+vSzkttcP8u7x0wt9cblvgzdBy9Ee1xqCdJd"
- + "F67U6vbQ6ErDrdVAwtRqc0TsPKG1XH5NFtxTwILyCeh8XzdYMIaHkEnTuITQ"
- + "eeICaUJ2YPZrADLxXTNHI9e6dVcDvhjf/JfBXZfiiqFH8XmbCIMqyGSGTmQr"
- + "8uwb8cquLMS78RbXSHLNcv+f/DmPOClNjmWgVAYxaDuw5lZBaU+YDyZaKEy2"
- + "Mdjd+lR/g2LZhvAEfcM3V4bzr17s0GOSwJ5/5yzczPKZZ8auMwML+Bcmoggt"
- + "EJgubVFHg/3l11xVe2djfg78CTCCAkMGCSqGSIb3DQEHAaCCAjQEggIwMIIC"
- + "LDCCAigGCyqGSIb3DQEMCgECoIIBtTCCAbEwSwYJKoZIhvcNAQUNMD4wGwYJ"
- + "KoZIhvcNAQUMMA4ECInc03N3q5vSAgIIADAfBgsqgwiMmks9AQEBAgQQR+Uo"
- + "WVvmSL5AcwwRq6vtOQSCAWD0Ms1i2wHGaFi6qUWLqA5EnmYFwqwQQlfz5To+"
- + "FwVEpHQHrqd0pehOt1J9vyDVYwfjU8DUOJDovCiBIzRsopyf0Qp5hcZnaTDw"
- + "YJSNd3pIAYiEUAzfdtC7tQw2v0aLt5X/7zthEcoRtTe061dK8DhbV4fALWa9"
- + "VF2E91L35+wq52DblvpJHBw28PHTbuhfJZsNshXKO7qU7uk+UR6V/Pwc7rsp"
- + "x/TQ35fVfm7v53rapdHlMVyY4Bx/4fdEWV9aK1cV3qOfiBMByxt8WD0xBLoc"
- + "Yy3qo3+k/N7q6t4hqjus3LPVrmCbpgAe5S5EkDgnjy7Mpz19tf7hhzL957p2"
- + "ecWregvR9rQHoWZNOaxS2e2hdOiZUPSxIJ46nOJyCnoZQHG0CFVEwwJkGcWf"
- + "Thjz38U203IRzuCPgsO1f8wjSXXMp4xJQtJW2TqMm+5/aaDtuXAsUGqQzGiH"
- + "DQfUs4z/PCKyMWAwIwYJKoZIhvcNAQkVMRYEFKm5GgFnzYtYLITaZeZPkaaT"
- + "XG/4MDkGCSqGSIb3DQEJFDEsHioAdABlAHMAdABAAGIAbwB1AG4AYwB5AGMA"
- + "YQBzAHQAbABlAC4AbwByAGcwMTAhMAkGBSsOAwIaBQAEFHIzAiyzoVOmPvLE"
- + "XCD2HHG5MC23BAhhHlFnklHZYgICCAA=");
-
- private byte[] pkcs5Cast5Pfx = Base64.decode(
- "MIIFqQIBAzCCBW8GCSqGSIb3DQEHAaCCBWAEggVcMIIFWDCCAxcGCSqGSIb3"
- + "DQEHBqCCAwgwggMEAgEAMIIC/QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYw"
- + "DgQIkiiANhrORysCAggAgIIC0GDKlVmlIcRXqb1XoCIhnHcKRm1Sa/bCJc7j"
- + "ylp5Y8l2/ugimFeeM1yjZRke+KxTPXL0TO859j45NGUArL6hZipx8v6RzvH7"
- + "WqyJx5wuDwufItgoJT2DE4UFGZEi/pP/RWALxNEZysVB5zod56vw3dZu/+rR"
- + "gPIO7mOnWgqC2P1Pw4YLXOk4qNxaCCwIIp9aJlAdvCRfLBqPr8QjJFMGw5NQ"
- + "gcHLG3QRW846wUtOxZj2+/Qy9GNAvo+PV6qIR/IS/A+QUwQ3+7SRojUWMUhV"
- + "6N/L/+l2UyU551pA5oX8anPbKCU5bRa/MRIpfPvm+XJpEpbwhS164X7wBFIR"
- + "RSdoj83wEWcR0WFTCXijCRdJcniO+h13kiaR3ltBD0dETjM7xu1XvkbAb3EV"
- + "71PeRQC8kY6DPsJCI9DWDBCnJpVzO4q2atzYej4IAZNgF9PBAwA5isAzurVz"
- + "xxxS4SF930CnrFLb/CxF/IBuz6RBh0lreRMfCP5g5sZUp686kShMSeAKNb7s"
- + "xU2YshusTTShhK+2tK8Lf7z9O/P59P0yZOiFDStrDRUPo7IAfUD29+1EdWVQ"
- + "3LGBtN/t/YOedKGVxd+YXZ4YKFRoNBR9GHsL31wrOm14mmWNib6nbd5+6Zcj"
- + "j3xXLLXG7MT40KlmsmKDYCVeGhc7AfGU3b/HceX5u30RUWbgaC0ATiM/vJKX"
- + "djvCpEiB5pPy2YtpSNAc0bV9GsHorL85WjJDWnMlm3yoy+Bfiu/doNzMEytL"
- + "ycXq4LtaRl6EV8G4ak59lNJ7HdsABcsSa2fxEa595hbWYeYB1xgt0mHl+btx"
- + "E5hrfyZmjN74YDbkPSIWsAFktcCHF2eGrwK/2NTewKHdsE6FSzc1pAYDgnxT"
- + "aNnhxw/Nfb1XmwH0C3soolJuoTRKyMJxvMDVuCSB2WyoyEjq+BNQzUTkYYR6"
- + "Hijzd9ljvX84XUlicSucbTHHVDCCAjkGCSqGSIb3DQEHAaCCAioEggImMIIC"
- + "IjCCAh4GCyqGSIb3DQEMCgECoIIBqzCCAacwQQYJKoZIhvcNAQUNMDQwGwYJ"
- + "KoZIhvcNAQUMMA4ECCDJh37hrS+SAgIIADAVBgkqhkiG9n0HQgoECOXn7rhs"
- + "5ectBIIBYLiRI2Yb955K6WAeTBXOnb58hJxgsir3zsGCoIRWlGNhr5Ur0ebX"
- + "AnXyD5ER8HTaArSO2EtZlVI8Ff6OIcYg5sKliYJEgbI7TPKcaImD92Um4Qim"
- + "/8h4xkM3K4VQmT0H8zFM3Mm/86mnON+2UjVcFBrCxek9m06gMlkIrxbiSh8X"
- + "YAYfHGTKTTX4HtvkZsQTKkcxSVzavyfVZFw1QtRXShvvJDY6TUGplyycWvu/"
- + "+braWfuH1u2AGh30g1+SOx7vnJM78a0rZIwd3TP9rKczzqexDF/GwuGuZF+1"
- + "bMe8xxC1ZdMZ1Mnh27TNoGMuU5VVsqhs5NP0XehuuV8rHdzDDxdx/2buiA4+"
- + "8SrzW5LQAs6Z+U3pna3UsuH24tIPMm3OfDH7WSBU6+nvXub7d5XxA31OYHEk"
- + "nAsuo6p6iuosnedTObA9bX+mTU4nR3oaa87ZDIPxbQVTHKberFlYhDzmmwAx"
- + "YDAjBgkqhkiG9w0BCRUxFgQUqbkaAWfNi1gshNpl5k+RppNcb/gwOQYJKoZI"
- + "hvcNAQkUMSweKgB0AGUAcwB0AEAAYgBvAHUAbgBjAHkAYwBhAHMAdABsAGUA"
- + "LgBvAHIAZzAxMCEwCQYFKw4DAhoFAAQUc8hyg5aq/58lH3whwo66zJkWY28E"
- + "CKHZUIQsQX9hAgIIAA==");
-
- private byte[] gostPfx = Base64.decode(
- "MIIHEgIBAzCCBssGCSqGSIb3DQEHAaCCBrwEgga4MIIGtDCCBYEGCSqGSIb3"
- + "DQEHBqCCBXIwggVuAgEAMIIFZwYJKoZIhvcNAQcBMFUGCSqGSIb3DQEFDTBI"
- + "MCcGCSqGSIb3DQEFDDAaBAi114+lRrpkXAICCAAwCgYGKoUDAgIKBQAwHQYG"
- + "KoUDAgIVMBMECLEIQPMsz/ZZBgcqhQMCAh8BgIIFAbu13yJiW/BnSKYKbtv9"
- + "tDJoTv6l9BVpCCI4tvpzJnMeLBJyVZU4JevcJNii+R1LilVuuB+xc8e7/P4G"
- + "6TILWmnnispr9KPRAbYRfoCJOa59+TYJMur58wwDuYgMapQAFzsvpzyUWi62"
- + "o3uQbbLKO9hQCeJW2L+K9cbg8k33MjXMLpnblKpqmZbHTmBJDFR3xGw7IEjD"
- + "UNqruu7DlHY6jctiVJSii9UNEVetSo9AAzfROxRjROg38VsWxLyO9wEMBv/8"
- + "H8ur+zOtmQPGqirNXmN+pa08OvZin9kh7CgswW03xIbfsdGGGLRAWtvCnEwJ"
- + "mS2tEfH1SZcuVLpMomhq3FU/jsc12k+vq/jw4I2cmfDL41ieK72bwNj8xUXu"
- + "JHeoFSPGX4z+nsJUrFbFG4VBuDs2Y0SCWLyYZvdjvJwYjfqtyi/RoFSZjGHF"
- + "crstf9YNQ0vW0efCJ7pUBH44OrbnCx5ng2U5jFm1b3HBIKA2RX+Tlhv14MgT"
- + "KSftPZ67eSmgdsyPuQAdMu6fEdBMpVKMNZNRV565690sqi+1jOmH94TUX8XU"
- + "2pRQj6eGGLq6lgGnnDabcePUEPXW8zW2KYrDKYJ/1QZmVGldvlqnjZMNhIO+"
- + "Afsqax/P8RBjMduGqdilGdRzbN8PdhVaN0Ys+WzFxiS9gtaA2yPzcQuedWDN"
- + "T7sIrfIapgFYmmHRQ7ht4AKj+lmOyNadONYw+ww+8RzHB1d2Kk+iXeZCtvH0"
- + "XFWJZtuoGKSt/gkI0E2vpDfMbLaczaRC7ityO0iJs25ozP4JhZRBVvOmpxc9"
- + "YuIetbTnTf1TLJKXDgt1IwPZeugbofSeiNv117lx8VgtvMYFD4W+WQlB8HnO"
- + "C8NOYjkMPElc6PCMB9gGm0cIu1fKLvY8ycLav93JJjdDuC0kgKLb2+8mC5+2"
- + "DdMkcfgW6hy4c98xnJs8enCww3A4xkRbMU13zMq70liqmKHV2SSurg5hwUHM"
- + "ZthT8p988ZBrnqW24lXfMBqTK4YtIBMeMnvKocYBXr96ig3GfahI1Aj2Bw2e"
- + "bpZTVeayYUd+2xX8JJMdqna6Q61AL8/eUhJUETz5+fgQJtPjcKmdJfVHO6nB"
- + "vOk1t/rjK17eiXLxHCyvfP+Tw8lSFOhcvr4eIeG8WfsWNRu2eKKosOU7uash"
- + "QpnvQieqDeijuRxf+tbbJ5D86inwbJqdxra7wNuZXmiaB9gFDzNbNjhtL+6i"
- + "gUyX/iQHKi9bNK+PH6pdH/gkwnG/juhdgqoNY6GRty/LUOPgXD+r5e/ST16R"
- + "vnlwrlKp5FzRWBEkem+dhelj3rb+cxKEyvPe3TvIUFcmIlV1VCRQ1fBHtX18"
- + "eC3a3GprH8c40z3S/kdyk7GlFQ27DRLka+iDN05b+MP5jlgvfqYBKxwLfeNu"
- + "MpxWoCUvYWiQdMih86/l0H+0o5UB8SqRbpuvr6fY910JCk0hDaO1pgB3HlRz"
- + "k1vb46pg25heXQm3JmO+ghxjOGliYBWjl8p7AfRS9cjS8ca+X02Mv9Viv7Ce"
- + "3+Gz0MVwfK98viJ3CFxkaEBlM2LM0IeUQbkHG+YwYaTSfl4GYyrug4F0ZdrA"
- + "KeY9/kIxa/OJxjcIMs2H+2mSpxmrb7ylmHZ2RB8ITiduRVtO091hn/J7N+eT"
- + "h6BvLBKIFU+UFUdgjxoDNDk7ao++Mu9T3dQfceFBOYzW9vMQgX30yaPLSdan"
- + "ZMAP0VtiNjCCASsGCSqGSIb3DQEHAaCCARwEggEYMIIBFDCCARAGCyqGSIb3"
- + "DQEMCgECoIGyMIGvMFUGCSqGSIb3DQEFDTBIMCcGCSqGSIb3DQEFDDAaBAiQ"
- + "Owewo16xzQICCAAwCgYGKoUDAgIKBQAwHQYGKoUDAgIVMBMECHSCNJJcQ2VI"
- + "BgcqhQMCAh8BBFYCyRRpFtZgnsxeK7ZHT+aOyoVmzhtnLrqoBHgV4nJJW2/e"
- + "UcJjc2Rlbzfd+3L/GWcRGF8Bgn+MjiaAqE64Rzaao9t2hc3myw1WrCfPnoEx"
- + "VI7OPBM5FzFMMCMGCSqGSIb3DQEJFTEWBBTV7LvI27QWRmHD45X2WKXYs3ct"
- + "AzAlBgkqhkiG9w0BCRQxGB4WAGMAcABfAGUAeABwAG8AcgB0AGUAZDA+MC4w"
- + "CgYGKoUDAgIJBQAEIJbGZorQsNM63+xozwEI561cTFVCbyHAEEpkvF3eijT8"
- + "BAgY5sDtkrVeBQICCAA=");
-
- private byte[] gostPfxFoo123 = Base64.decode(
- "MIID6gIBAzCCA6MGCSqGSIb3DQEHAaCCA5QEggOQMIIDjDCCApQGCSqGSIb3"
- + "DQEHBqCCAoUwggKBAgEAMIICegYJKoZIhvcNAQcBMFUGCSqGSIb3DQEFDTBI"
- + "MCcGCSqGSIb3DQEFDDAaBAhIVrbUVNoQ2wICCAAwCgYGKoUDAgIKBQAwHQYG"
- + "KoUDAgIVMBMECBLmAh+XCCYhBgcqhQMCAh8BgIICFP9hQLgDq5SORy2npOdo"
- + "1bvoGl9Qdga1kV9s2c1/Y1kTGpuiYKfm5Il+PurzYdE5t/Wi2+SxoePm/AKA"
- + "x1Ep5btK/002wnyRbUKdjgF1r7fMXRrd5Ioy8lYxB1v6qhHmzE5fz7FxY+iV"
- + "Z70dSRS0JkTasI8MRsFLkJJfDb9twgoch8lYGFfYirHLcVy4xxA3JO9VSHm2"
- + "8nuSWSnsmGN0ufPX14UpV2RFe3Rt0gZ0Jc8u2h2Mo0sIoVU6HVwdXzoe6LN7"
- + "1NPZdRuhVtjxEvjDAvNJ8WHXQnBQMai2nVAj87uNr6OHLRs+foEccEY9WpPQ"
- + "GPt4XbPt4MtmVctT2+Gsvf6Ws2UCx6hD4k8i28a6xS8lhTVam2g/2Z5cxtUV"
- + "HxYt7j13HjuQVsuSNdgtrUnw3l43LnBxRZhlFz0r2zrvTB04ynenS+lGdVuG"
- + "0TauIH+rdP1ubujw6lFdG9RNgUxWvS5IdwbFGX73a+ZrWiYJeERX11N/6r3g"
- + "0EqVFNH9t/ROsdAtCCe2FycQoOSb+VxPU6I+SHjwe7Oa7R8Xxazh/eWTsV59"
- + "QzPuLriUMbyYdQIf4xdclgcJoxFElopgl4orRfzH3XQsVbtTxN33lwjkE0j/"
- + "686VtcO+b+dU7+BEB7O5yDcx1tupgre0ha/0KOlYfPvmbogGdDf0r6MOwrS7"
- + "QFXxKlHfp8vn4mNwoy7pjrzjmjclkbkwgfEGCSqGSIb3DQEHAaCB4wSB4DCB"
- + "3TCB2gYLKoZIhvcNAQwKAQKggaMwgaAwVQYJKoZIhvcNAQUNMEgwJwYJKoZI"
- + "hvcNAQUMMBoECLD6Ld7TqurqAgIIADAKBgYqhQMCAgoFADAdBgYqhQMCAhUw"
- + "EwQIoYXV7LETOEAGByqFAwICHwEERyBQK9LuYnOO0ELrge+a6JFeAVwPL85V"
- + "ip2Kj/GfD3nzZR4tPzCwAt79RriKQklNqa3uCc9o0C9Zk5Qcj36SqiXxD1tz"
- + "Ea63MSUwIwYJKoZIhvcNAQkVMRYEFKjg5gKM+i+vFhSwaga8YGaZ5thVMD4w"
- + "LjAKBgYqhQMCAgkFAAQgIwD0CRCwva2Bjdlv5g970H2bCB1aafBNr/hxJLZE"
- + "Ey4ECAW3VYXJzJpYAgIIAA==");
-
- /**
- * we generate the CA's certificate
- */
- public static X509Certificate createMasterCert(
- PublicKey pubKey,
- PrivateKey privKey)
- throws Exception
- {
- //
- // signers name
- //
- String issuer = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate";
-
- //
- // subjects name - the same as we are self signed.
- //
- String subject = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate";
-
- //
- // create the certificate - version 1
- //
- X509v1CertificateBuilder v1CertBuilder = new JcaX509v1CertificateBuilder(
- new X500Name(issuer),
- BigInteger.valueOf(1),
- new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30),
- new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)),
- new X500Name(subject),
- pubKey);
-
- X509CertificateHolder cert = v1CertBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(privKey));
-
- return new JcaX509CertificateConverter().setProvider(BC).getCertificate(cert);
- }
-
- /**
- * we generate an intermediate certificate signed by our CA
- */
- public static X509Certificate createIntermediateCert(
- PublicKey pubKey,
- PrivateKey caPrivKey,
- X509Certificate caCert)
- throws Exception
- {
- //
- // subject name builder.
- //
- X500NameBuilder subjectBuilder = new X500NameBuilder(BCStyle.INSTANCE);
-
- subjectBuilder.addRDN(BCStyle.C, "AU");
- subjectBuilder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
- subjectBuilder.addRDN(BCStyle.OU, "Bouncy Intermediate Certificate");
- subjectBuilder.addRDN(BCStyle.EmailAddress, "feedback-crypto@bouncycastle.org");
-
- //
- // create the certificate - version 3
- //
- X509v3CertificateBuilder v3CertBuilder = new JcaX509v3CertificateBuilder(
- JcaX500NameUtil.getIssuer(caCert),
- BigInteger.valueOf(2),
- new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30),
- new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)),
- subjectBuilder.build(),
- pubKey);
-
-
- //
- // extensions
- //
- JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils();
-
- v3CertBuilder.addExtension(
- Extension.subjectKeyIdentifier,
- false,
- utils.createSubjectKeyIdentifier(pubKey));
-
- v3CertBuilder.addExtension(
- Extension.authorityKeyIdentifier,
- false,
- utils.createAuthorityKeyIdentifier(caCert));
-
- v3CertBuilder.addExtension(
- Extension.basicConstraints,
- true,
- new BasicConstraints(0));
-
- X509CertificateHolder cert = v3CertBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(caPrivKey));
-
- return new JcaX509CertificateConverter().setProvider(BC).getCertificate(cert);
- }
-
- /**
- * we generate a certificate signed by our CA's intermediate certficate
- */
- public static X509Certificate createCert(
- PublicKey pubKey,
- PrivateKey caPrivKey,
- PublicKey caPubKey)
- throws Exception
- {
- //
- // signer name builder.
- //
- X500NameBuilder issuerBuilder = new X500NameBuilder(BCStyle.INSTANCE);
-
- issuerBuilder.addRDN(BCStyle.C, "AU");
- issuerBuilder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
- issuerBuilder.addRDN(BCStyle.OU, "Bouncy Intermediate Certificate");
- issuerBuilder.addRDN(BCStyle.EmailAddress, "feedback-crypto@bouncycastle.org");
-
- //
- // subject name builder
- //
- X500NameBuilder subjectBuilder = new X500NameBuilder(BCStyle.INSTANCE);
-
- subjectBuilder.addRDN(BCStyle.C, "AU");
- subjectBuilder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
- subjectBuilder.addRDN(BCStyle.L, "Melbourne");
- subjectBuilder.addRDN(BCStyle.CN, "Eric H. Echidna");
- subjectBuilder.addRDN(BCStyle.EmailAddress, "feedback-crypto@bouncycastle.org");
-
- //
- // create the certificate - version 3
- //
- //
- // create the certificate - version 3
- //
- X509v3CertificateBuilder v3CertBuilder = new JcaX509v3CertificateBuilder(
- issuerBuilder.build(),
- BigInteger.valueOf(3),
- new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30),
- new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)),
- subjectBuilder.build(),
- pubKey);
-
-
- //
- // add the extensions
- //
- JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils();
-
- v3CertBuilder.addExtension(
- Extension.subjectKeyIdentifier,
- false,
- utils.createSubjectKeyIdentifier(pubKey));
-
- v3CertBuilder.addExtension(
- Extension.authorityKeyIdentifier,
- false,
- utils.createAuthorityKeyIdentifier(caPubKey));
-
- X509CertificateHolder cert = v3CertBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(caPrivKey));
-
- return new JcaX509CertificateConverter().setProvider(BC).getCertificate(cert);
- }
-
- public void setUp()
- {
- Security.addProvider(new BouncyCastleProvider());
- }
-
- public void testPfxPdu()
- throws Exception
- {
- //
- // set up the keys
- //
- KeyFactory fact = KeyFactory.getInstance("RSA", BC);
- PrivateKey privKey = fact.generatePrivate(privKeySpec);
- PublicKey pubKey = fact.generatePublic(pubKeySpec);
-
- X509Certificate[] chain = createCertChain(fact, pubKey);
-
- PKCS12PfxPdu pfx = createPfx(privKey, pubKey, chain);
-
- //
- // now try reading our object
- //
- KeyStore store = KeyStore.getInstance("PKCS12", "BC");
-
- store.load(new ByteArrayInputStream(pfx.toASN1Structure().getEncoded()), passwd);
-
- PrivateKey recPrivKey = (PrivateKey)store.getKey("Eric's Key", passwd);
-
- if (!privKey.equals(recPrivKey))
- {
- fail("private key extraction failed");
- }
-
- Certificate[] certChain = store.getCertificateChain("Eric's Key");
-
- for (int i = 0; i != certChain.length; i++)
- {
- if (!certChain[i].equals(chain[i]))
- {
- fail("certificate recovery failed");
- }
- }
- }
-
- public void testPfxPduMac()
- throws Exception
- {
- //
- // set up the keys
- //
- KeyFactory fact = KeyFactory.getInstance("RSA", BC);
- PrivateKey privKey = fact.generatePrivate(privKeySpec);
- PublicKey pubKey = fact.generatePublic(pubKeySpec);
-
- X509Certificate[] chain = createCertChain(fact, pubKey);
-
- PKCS12PfxPdu pfx = createPfx(privKey, pubKey, chain);
-
- assertTrue(pfx.hasMac());
- assertTrue(pfx.isMacValid(new BcPKCS12MacCalculatorBuilderProvider(BcDefaultDigestProvider.INSTANCE), passwd));
- assertFalse(pfx.isMacValid(new BcPKCS12MacCalculatorBuilderProvider(BcDefaultDigestProvider.INSTANCE), "not right".toCharArray()));
- }
-
- public void testBcEncryptedPrivateKeyInfo()
- throws Exception
- {
- KeyFactory fact = KeyFactory.getInstance("RSA", BC);
- PrivateKey privKey = fact.generatePrivate(privKeySpec);
-
- PKCS8EncryptedPrivateKeyInfoBuilder builder = new JcaPKCS8EncryptedPrivateKeyInfoBuilder(privKey);
-
- PKCS8EncryptedPrivateKeyInfo priv = builder.build(new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, new CBCBlockCipher(new DESedeEngine())).build(passwd));
-
- PrivateKeyInfo info = priv.decryptPrivateKeyInfo(new BcPKCS12PBEInputDecryptorProviderBuilder().build(passwd));
-
- assertTrue(Arrays.areEqual(info.getEncoded(), privKey.getEncoded()));
- }
-
- public void testEncryptedPrivateKeyInfo()
- throws Exception
- {
- KeyFactory fact = KeyFactory.getInstance("RSA", BC);
- PrivateKey privKey = fact.generatePrivate(privKeySpec);
-
- PKCS8EncryptedPrivateKeyInfoBuilder builder = new JcaPKCS8EncryptedPrivateKeyInfoBuilder(privKey);
-
- PKCS8EncryptedPrivateKeyInfo priv = builder.build(new JcePKCSPBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC).build(passwd));
-
- PrivateKeyInfo info = priv.decryptPrivateKeyInfo(new JcePKCSPBEInputDecryptorProviderBuilder().build(passwd));
-
- assertTrue(Arrays.areEqual(info.getEncoded(), privKey.getEncoded()));
- }
-
- public void testEncryptedPrivateKeyInfoPKCS5()
- throws Exception
- {
- KeyFactory fact = KeyFactory.getInstance("RSA", BC);
- PrivateKey privKey = fact.generatePrivate(privKeySpec);
-
- PKCS8EncryptedPrivateKeyInfoBuilder builder = new JcaPKCS8EncryptedPrivateKeyInfoBuilder(privKey);
-
- PKCS8EncryptedPrivateKeyInfo priv = builder.build(new JcePKCSPBEOutputEncryptorBuilder(NISTObjectIdentifiers.id_aes256_CBC).build(passwd));
-
- PrivateKeyInfo info = priv.decryptPrivateKeyInfo(new JcePKCSPBEInputDecryptorProviderBuilder().build(passwd));
-
- assertTrue(Arrays.areEqual(info.getEncoded(), privKey.getEncoded()));
- }
-
- public void testKeyBag()
- throws Exception
- {
- OutputEncryptor encOut = new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, new CBCBlockCipher(new DESedeEngine())).build(passwd);
- InputDecryptorProvider inputDecryptorProvider = new BcPKCS12PBEInputDecryptorProviderBuilder().build(passwd);
- KeyFactory fact = KeyFactory.getInstance("RSA", BC);
- PrivateKey privKey = fact.generatePrivate(privKeySpec);
- PKCS12SafeBagBuilder keyBagBuilder = new JcaPKCS12SafeBagBuilder(privKey);
-
- keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Eric's Key"));
-
- PKCS12PfxPduBuilder builder = new PKCS12PfxPduBuilder();
-
- builder.addEncryptedData(encOut, keyBagBuilder.build());
-
- PKCS12PfxPdu pfx = builder.build(new BcPKCS12MacCalculatorBuilder(), passwd);
- assertTrue(pfx.hasMac());
- assertTrue(pfx.isMacValid(new BcPKCS12MacCalculatorBuilderProvider(BcDefaultDigestProvider.INSTANCE), passwd));
-
- ContentInfo[] infos = pfx.getContentInfos();
-
- for (int i = 0; i != infos.length; i++)
- {
- if (infos[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData))
- {
- PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i], inputDecryptorProvider);
-
- PKCS12SafeBag[] bags = dataFact.getSafeBags();
-
- assertEquals(1, bags.length);
- assertEquals(PKCSObjectIdentifiers.keyBag, bags[0].getType());
-
- assertTrue(Arrays.areEqual(privKey.getEncoded(), ((PrivateKeyInfo)bags[0].getBagValue()).getEncoded()));
-
- Attribute[] attributes = bags[0].getAttributes();
-
- assertEquals(1, attributes.length);
-
- assertEquals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, attributes[0].getAttrType());
-
- ASN1Encodable[] attrValues = attributes[0].getAttributeValues();
-
- assertEquals(1, attrValues.length);
- assertEquals(new DERBMPString("Eric's Key"), attrValues[0]);
- }
- else
- {
- fail("unknown bag encountered");
- }
- }
- }
-
- public void testSafeBagRecovery()
- throws Exception
- {
- InputDecryptorProvider inputDecryptorProvider = new BcPKCS12PBEInputDecryptorProviderBuilder().build(passwd);
- KeyFactory fact = KeyFactory.getInstance("RSA", BC);
- PrivateKey privKey = fact.generatePrivate(privKeySpec);
- PublicKey pubKey = fact.generatePublic(pubKeySpec);
-
- X509Certificate[] chain = createCertChain(fact, pubKey);
-
- PKCS12PfxPdu pfx = createPfx(privKey, pubKey, chain);
-
- ContentInfo[] infos = pfx.getContentInfos();
-
- for (int i = 0; i != infos.length; i++)
- {
- if (infos[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData))
- {
- PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i], inputDecryptorProvider);
-
- PKCS12SafeBag[] bags = dataFact.getSafeBags();
-
- assertEquals(3, bags.length);
- assertEquals(PKCSObjectIdentifiers.certBag, bags[0].getType());
-
- for (int j = 0; j != bags.length; j++)
- {
- assertTrue(Arrays.areEqual(chain[j].getEncoded(), ((X509CertificateHolder)bags[j].getBagValue()).getEncoded()));
- }
- }
- else
- {
- PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i]);
-
- PKCS12SafeBag[] bags = dataFact.getSafeBags();
-
- assertEquals(1, bags.length);
- assertEquals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag, bags[0].getType());
-
- PKCS8EncryptedPrivateKeyInfo encInfo = (PKCS8EncryptedPrivateKeyInfo)bags[0].getBagValue();
- PrivateKeyInfo info = encInfo.decryptPrivateKeyInfo(inputDecryptorProvider);
-
- assertTrue(Arrays.areEqual(info.getEncoded(), privKey.getEncoded()));
- }
- }
- }
-
- public void testExceptions()
- throws Exception
- {
- PKCS12SafeBagFactory dataFact;
-
- try
- {
- dataFact = new PKCS12SafeBagFactory(new ContentInfo(PKCSObjectIdentifiers.data, new DERSequence()), null);
- }
- catch (IllegalArgumentException e)
- {
-
- }
-
- try
- {
- dataFact = new PKCS12SafeBagFactory(new ContentInfo(PKCSObjectIdentifiers.encryptedData, new DERSequence()));
- }
- catch (IllegalArgumentException e)
- {
-
- }
- }
-
- public void testBasicPKCS12()
- throws Exception
- {
- InputDecryptorProvider inputDecryptorProvider = new JcePKCSPBEInputDecryptorProviderBuilder()
- .setProvider("BC").build(pkcs12Pass.toCharArray());
- PKCS12PfxPdu pfx = new PKCS12PfxPdu(pkcs12);
-
- ContentInfo[] infos = pfx.getContentInfos();
-
- for (int i = 0; i != infos.length; i++)
- {
- if (infos[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData))
- {
- PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i], inputDecryptorProvider);
-
- PKCS12SafeBag[] bags = dataFact.getSafeBags();
-
- // TODO: finish!
-// assertEquals(3, bags.length);
-// assertEquals(PKCSObjectIdentifiers.certBag, bags[0].getType());
- }
- else
- {
- PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i]);
-
- PKCS12SafeBag[] bags = dataFact.getSafeBags();
-
- assertEquals(1, bags.length);
- assertEquals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag, bags[0].getType());
-
- PKCS8EncryptedPrivateKeyInfo encInfo = (PKCS8EncryptedPrivateKeyInfo)bags[0].getBagValue();
- PrivateKeyInfo info = encInfo.decryptPrivateKeyInfo(inputDecryptorProvider);
- }
- }
- }
-
- public void testSHA256withPKCS5()
- throws Exception
- {
- InputDecryptorProvider inputDecryptorProvider = new JcePKCSPBEInputDecryptorProviderBuilder()
- .setProvider("BC").build(sha256Pass.toCharArray());
- PKCS12PfxPdu pfx = new PKCS12PfxPdu(sha256Pfx);
-
- ContentInfo[] infos = pfx.getContentInfos();
-
- for (int i = 0; i != infos.length; i++)
- {
- if (infos[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData))
- {
- PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i], inputDecryptorProvider);
-
- PKCS12SafeBag[] bags = dataFact.getSafeBags();
-
- // TODO: finish!
-// assertEquals(3, bags.length);
-// assertEquals(PKCSObjectIdentifiers.certBag, bags[0].getType());
- }
- else
- {
- PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i]);
-
- PKCS12SafeBag[] bags = dataFact.getSafeBags();
-
- assertEquals(1, bags.length);
- assertEquals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag, bags[0].getType());
-
- PKCS8EncryptedPrivateKeyInfo encInfo = (PKCS8EncryptedPrivateKeyInfo)bags[0].getBagValue();
- PrivateKeyInfo info = encInfo.decryptPrivateKeyInfo(inputDecryptorProvider);
- }
- }
- }
-
- public void testCreateAES256andSHA256()
- throws Exception
- {
- OutputEncryptor encOut = new JcePKCSPBEOutputEncryptorBuilder(NISTObjectIdentifiers.id_aes256_CBC).setProvider("BC").build(passwd);
-
- KeyFactory fact = KeyFactory.getInstance("RSA", BC);
- PrivateKey privKey = fact.generatePrivate(privKeySpec);
- PublicKey pubKey = fact.generatePublic(pubKeySpec);
-
- X509Certificate[] chain = createCertChain(fact, pubKey);
-
- PKCS12SafeBagBuilder taCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[2]);
-
- taCertBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString("Bouncy Primary Certificate"));
-
- PKCS12SafeBagBuilder caCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[1]);
-
- caCertBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString("Bouncy Intermediate Certificate"));
-
- JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
- PKCS12SafeBagBuilder eeCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[0]);
-
- eeCertBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString("Eric's Key"));
- SubjectKeyIdentifier pubKeyId = extUtils.createSubjectKeyIdentifier(chain[0].getPublicKey());
- eeCertBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId);
-
- PKCS12SafeBagBuilder keyBagBuilder = new JcaPKCS12SafeBagBuilder(privKey, encOut);
-
- keyBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString("Eric's Key"));
- keyBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId);
-
- PKCS12PfxPduBuilder builder = new PKCS12PfxPduBuilder();
-
- builder.addData(keyBagBuilder.build());
-
- builder.addEncryptedData(new JcePKCSPBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC).setProvider("BC").build(passwd), new PKCS12SafeBag[] { eeCertBagBuilder.build(), caCertBagBuilder.build(), taCertBagBuilder.build() });
-
- PKCS12PfxPdu pfx = builder.build(new JcePKCS12MacCalculatorBuilder(NISTObjectIdentifiers.id_sha256), passwd);
-
- assertTrue(pfx.hasMac());
- assertTrue(pfx.isMacValid(new JcePKCS12MacCalculatorBuilderProvider().setProvider("BC"), passwd));
-
- InputDecryptorProvider inputDecryptorProvider = new JcePKCSPBEInputDecryptorProviderBuilder()
- .setProvider("BC").build(passwd);
-
- pfx = new PKCS12PfxPdu(pfx.toASN1Structure().getEncoded());
-
- ContentInfo[] infos = pfx.getContentInfos();
- boolean encDataFound = false;
- boolean pkcs8Found = false;
-
- for (int i = 0; i != infos.length; i++)
- {
- if (infos[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData))
- {
- encDataFound = true;
- PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i], inputDecryptorProvider);
-
- PKCS12SafeBag[] bags = dataFact.getSafeBags();
-
- assertEquals(3, bags.length);
- assertEquals(PKCSObjectIdentifiers.certBag, bags[0].getType());
- }
- else
- {
- pkcs8Found = true;
- PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i]);
-
- PKCS12SafeBag[] bags = dataFact.getSafeBags();
-
- assertEquals(1, bags.length);
- assertEquals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag, bags[0].getType());
-
- PKCS8EncryptedPrivateKeyInfo encInfo = (PKCS8EncryptedPrivateKeyInfo)bags[0].getBagValue();
- PrivateKeyInfo info = encInfo.decryptPrivateKeyInfo(inputDecryptorProvider);
- }
- }
-
- assertTrue(encDataFound);
- assertTrue(pkcs8Found);
-
- KeyStore ks = KeyStore.getInstance("PKCS12", "BC");
-
- ks.load(new ByteArrayInputStream(pfx.getEncoded(ASN1Encoding.DL)), passwd);
-
- assertTrue(ks.containsAlias("Eric's Key"));
- }
-
- public void testPKCS5()
- throws Exception
- {
- doPKCS5Test(pkcs5Aes128Pfx);
- doPKCS5Test(pkcs5Aes192Pfx);
- doPKCS5Test(pkcs5Camellia128Pfx);
- doPKCS5Test(pkcs5Camellia256Pfx);
- doPKCS5Test(pkcs5Cast5Pfx);
- }
-
- private void doPKCS5Test(byte[] keyStore)
- throws Exception
- {
- InputDecryptorProvider inputDecryptorProvider = new JcePKCSPBEInputDecryptorProviderBuilder()
- .setProvider("BC").build(pkcs5Pass.toCharArray());
- PKCS12PfxPdu pfx = new PKCS12PfxPdu(keyStore);
-
- ContentInfo[] infos = pfx.getContentInfos();
-
- for (int i = 0; i != infos.length; i++)
- {
- if (infos[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData))
- {
- PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i], inputDecryptorProvider);
-
- PKCS12SafeBag[] bags = dataFact.getSafeBags();
-
- // TODO: finish!
-// assertEquals(3, bags.length);
-// assertEquals(PKCSObjectIdentifiers.certBag, bags[0].getType());
- }
- else
- {
- PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i]);
-
- PKCS12SafeBag[] bags = dataFact.getSafeBags();
-
- assertEquals(1, bags.length);
- assertEquals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag, bags[0].getType());
-
- PKCS8EncryptedPrivateKeyInfo encInfo = (PKCS8EncryptedPrivateKeyInfo)bags[0].getBagValue();
- PrivateKeyInfo info = encInfo.decryptPrivateKeyInfo(inputDecryptorProvider);
- }
- }
- }
-
- public void testGOST1()
- throws Exception
- {
- char[] password = "1".toCharArray();
-
- InputDecryptorProvider inputDecryptorProvider = new JcePKCSPBEInputDecryptorProviderBuilder()
- .setProvider("BC").build(password);
- PKCS12PfxPdu pfx = new PKCS12PfxPdu(gostPfx);
-
- assertTrue(pfx.hasMac());
- assertTrue(pfx.isMacValid(new JcePKCS12MacCalculatorBuilderProvider().setProvider("BC"), password));
-
- ContentInfo[] infos = pfx.getContentInfos();
-
- for (int i = 0; i != infos.length; i++)
- {
- if (infos[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData))
- {
- PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i], inputDecryptorProvider);
-
- PKCS12SafeBag[] bags = dataFact.getSafeBags();
-
- // TODO: finish!
-// assertEquals(3, bags.length);
-// assertEquals(PKCSObjectIdentifiers.certBag, bags[0].getType());
- }
- else
- {
- PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i]);
-
- PKCS12SafeBag[] bags = dataFact.getSafeBags();
-
- assertEquals(1, bags.length);
- assertEquals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag, bags[0].getType());
-
- PKCS8EncryptedPrivateKeyInfo encInfo = (PKCS8EncryptedPrivateKeyInfo)bags[0].getBagValue();
- PrivateKeyInfo info = encInfo.decryptPrivateKeyInfo(inputDecryptorProvider);
- assertEquals(CryptoProObjectIdentifiers.gostR3410_2001, info.getPrivateKeyAlgorithm().getAlgorithm());
- }
- }
- }
-
- public void testGOST2()
- throws Exception
- {
- char[] password = "foo123".toCharArray();
-
- InputDecryptorProvider inputDecryptorProvider = new JcePKCSPBEInputDecryptorProviderBuilder()
- .setProvider("BC").build(password);
- PKCS12PfxPdu pfx = new PKCS12PfxPdu(gostPfxFoo123);
-
- assertTrue(pfx.hasMac());
- assertTrue(pfx.isMacValid(new JcePKCS12MacCalculatorBuilderProvider().setProvider("BC"), password));
-
- ContentInfo[] infos = pfx.getContentInfos();
-
- for (int i = 0; i != infos.length; i++)
- {
- if (infos[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData))
- {
- PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i], inputDecryptorProvider);
-
- PKCS12SafeBag[] bags = dataFact.getSafeBags();
-
- // TODO: finish!
-// assertEquals(3, bags.length);
-// assertEquals(PKCSObjectIdentifiers.certBag, bags[0].getType());
- }
- else
- {
- PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i]);
-
- PKCS12SafeBag[] bags = dataFact.getSafeBags();
-
- assertEquals(1, bags.length);
- assertEquals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag, bags[0].getType());
-
- PKCS8EncryptedPrivateKeyInfo encInfo = (PKCS8EncryptedPrivateKeyInfo)bags[0].getBagValue();
- PrivateKeyInfo info = encInfo.decryptPrivateKeyInfo(inputDecryptorProvider);
- assertEquals(CryptoProObjectIdentifiers.gostR3410_2001, info.getPrivateKeyAlgorithm().getAlgorithm());
- }
- }
- }
-
- private X509Certificate[] createCertChain(KeyFactory fact, PublicKey pubKey)
- throws Exception
- {
- PrivateKey caPrivKey = fact.generatePrivate(caPrivKeySpec);
- PublicKey caPubKey = fact.generatePublic(caPubKeySpec);
- PrivateKey intPrivKey = fact.generatePrivate(intPrivKeySpec);
- PublicKey intPubKey = fact.generatePublic(intPubKeySpec);
-
- X509Certificate[] chain = new X509Certificate[3];
-
- chain[2] = createMasterCert(caPubKey, caPrivKey);
- chain[1] = createIntermediateCert(intPubKey, caPrivKey, chain[2]);
- chain[0] = createCert(pubKey, intPrivKey, intPubKey);
- return chain;
- }
-
- private PKCS12PfxPdu createPfx(PrivateKey privKey, PublicKey pubKey, X509Certificate[] chain)
- throws NoSuchAlgorithmException, IOException, PKCSException
- {
- JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
-
- PKCS12SafeBagBuilder taCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[2]);
-
- taCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Bouncy Primary Certificate"));
-
- PKCS12SafeBagBuilder caCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[1]);
-
- caCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Bouncy Intermediate Certificate"));
-
- PKCS12SafeBagBuilder eeCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[0]);
-
- eeCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Eric's Key"));
- eeCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, extUtils.createSubjectKeyIdentifier(pubKey));
-
- PKCS12SafeBagBuilder keyBagBuilder = new JcaPKCS12SafeBagBuilder(privKey, new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, new CBCBlockCipher(new DESedeEngine())).build(passwd));
-
- keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Eric's Key"));
- keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, extUtils.createSubjectKeyIdentifier(pubKey));
-
- //
- // construct the actual key store
- //
- PKCS12PfxPduBuilder pfxPduBuilder = new PKCS12PfxPduBuilder();
-
- PKCS12SafeBag[] certs = new PKCS12SafeBag[3];
-
- certs[0] = eeCertBagBuilder.build();
- certs[1] = caCertBagBuilder.build();
- certs[2] = taCertBagBuilder.build();
-
- pfxPduBuilder.addEncryptedData(new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC, new CBCBlockCipher(new RC2Engine())).build(passwd), certs);
-
- pfxPduBuilder.addData(keyBagBuilder.build());
-
- return pfxPduBuilder.build(new BcPKCS12MacCalculatorBuilder(), passwd);
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/tsp/GenTimeAccuracyUnitTest.java b/pkix/src/test/java/org/bouncycastle/tsp/GenTimeAccuracyUnitTest.java
deleted file mode 100644
index 0090b30f..00000000
--- a/pkix/src/test/java/org/bouncycastle/tsp/GenTimeAccuracyUnitTest.java
+++ /dev/null
@@ -1,105 +0,0 @@
-package org.bouncycastle.tsp;
-
-import junit.framework.TestCase;
-import org.bouncycastle.asn1.ASN1Integer;
-import org.bouncycastle.asn1.tsp.Accuracy;
-
-public class GenTimeAccuracyUnitTest
- extends TestCase
-{
- private static final ASN1Integer ZERO_VALUE = new ASN1Integer(0);
- private static final ASN1Integer ONE_VALUE = new ASN1Integer(1);
- private static final ASN1Integer TWO_VALUE = new ASN1Integer(2);
- private static final ASN1Integer THREE_VALUE = new ASN1Integer(3);
-
- public void testOneTwoThree()
- {
- GenTimeAccuracy accuracy = new GenTimeAccuracy(new Accuracy(ONE_VALUE, TWO_VALUE, THREE_VALUE));
-
- checkValues(accuracy, ONE_VALUE, TWO_VALUE, THREE_VALUE);
-
- checkToString(accuracy, "1.002003");
- }
-
- public void testThreeTwoOne()
- {
- GenTimeAccuracy accuracy = new GenTimeAccuracy(new Accuracy(THREE_VALUE, TWO_VALUE, ONE_VALUE));
-
- checkValues(accuracy, THREE_VALUE, TWO_VALUE, ONE_VALUE);
-
- checkToString(accuracy, "3.002001");
- }
-
- public void testTwoThreeTwo()
- {
- GenTimeAccuracy accuracy = new GenTimeAccuracy(new Accuracy(TWO_VALUE, THREE_VALUE, TWO_VALUE));
-
- checkValues(accuracy, TWO_VALUE, THREE_VALUE, TWO_VALUE);
-
- checkToString(accuracy, "2.003002");
- }
-
-
- public void testZeroTwoThree()
- {
- GenTimeAccuracy accuracy = new GenTimeAccuracy(new Accuracy(ZERO_VALUE, TWO_VALUE, THREE_VALUE));
-
- checkValues(accuracy, ZERO_VALUE, TWO_VALUE, THREE_VALUE);
-
- checkToString(accuracy, "0.002003");
- }
-
- public void testThreeTwoNull()
- {
- GenTimeAccuracy accuracy = new GenTimeAccuracy(new Accuracy(THREE_VALUE, TWO_VALUE, null));
-
- checkValues(accuracy, THREE_VALUE, TWO_VALUE, ZERO_VALUE);
-
- checkToString(accuracy, "3.002000");
- }
-
- public void testOneNullOne()
- {
- GenTimeAccuracy accuracy = new GenTimeAccuracy(new Accuracy(ONE_VALUE, null, ONE_VALUE));
-
- checkValues(accuracy, ONE_VALUE, ZERO_VALUE, ONE_VALUE);
-
- checkToString(accuracy, "1.000001");
- }
-
- public void testZeroNullNull()
- {
- GenTimeAccuracy accuracy = new GenTimeAccuracy(new Accuracy(ZERO_VALUE, null, null));
-
- checkValues(accuracy, ZERO_VALUE, ZERO_VALUE, ZERO_VALUE);
-
- checkToString(accuracy, "0.000000");
- }
-
- public void testNullNullNull()
- {
- GenTimeAccuracy accuracy = new GenTimeAccuracy(new Accuracy(null, null, null));
-
- checkValues(accuracy, ZERO_VALUE, ZERO_VALUE, ZERO_VALUE);
-
- checkToString(accuracy, "0.000000");
- }
-
- private void checkValues(
- GenTimeAccuracy accuracy,
- ASN1Integer secs,
- ASN1Integer millis,
- ASN1Integer micros)
- {
- assertEquals(secs.getValue().intValue(), accuracy.getSeconds());
- assertEquals(millis.getValue().intValue(), accuracy.getMillis());
- assertEquals(micros.getValue().intValue(), accuracy.getMicros());
- }
-
- private void checkToString(
- GenTimeAccuracy accuracy,
- String expected)
- {
- assertEquals(expected, accuracy.toString());
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/tsp/TimeStampTokenInfoUnitTest.java b/pkix/src/test/java/org/bouncycastle/tsp/TimeStampTokenInfoUnitTest.java
deleted file mode 100644
index b6924a2b..00000000
--- a/pkix/src/test/java/org/bouncycastle/tsp/TimeStampTokenInfoUnitTest.java
+++ /dev/null
@@ -1,144 +0,0 @@
-package org.bouncycastle.tsp;
-
-import java.io.IOException;
-import java.math.BigInteger;
-
-import junit.framework.TestCase;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.tsp.TSTInfo;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.encoders.Hex;
-
-public class TimeStampTokenInfoUnitTest
- extends TestCase
-{
- private static final byte[] tstInfo1 = Hex.decode(
- "303e02010106022a033021300906052b0e03021a050004140000000000000000000000000000000000000000"
- + "020118180f32303035313130313038313732315a");
-
- private static final byte[] tstInfo2 = Hex.decode(
- "304c02010106022a033021300906052b0e03021a05000414ffffffffffffffffffffffffffffffffffffffff"
- + "020117180f32303035313130313038323934355a3009020103800101810102020164");
-
- private static final byte[] tstInfo3 = Hex.decode(
- "304f02010106022a033021300906052b0e03021a050004140000000000000000000000000000000000000000"
- + "020117180f32303035313130313038343733355a30090201038001018101020101ff020164");
-
- private static final byte[] tstInfoDudDate = Hex.decode(
- "303e02010106022a033021300906052b0e03021a050004140000000000000000000000000000000000000000"
- + "020118180f32303056313130313038313732315a");
-
- public void testTstInfo1()
- throws Exception
- {
- TimeStampTokenInfo tstInfo = getTimeStampTokenInfo(tstInfo1);
-
- //
- // verify
- //
- GenTimeAccuracy accuracy = tstInfo.getGenTimeAccuracy();
-
- assertNull(accuracy);
-
- assertEquals(new BigInteger("24"), tstInfo.getSerialNumber());
-
- assertEquals(1130833041000L, tstInfo.getGenTime().getTime());
-
- assertEquals("1.2.3", tstInfo.getPolicy().getId());
-
- assertEquals(false, tstInfo.isOrdered());
-
- assertNull(tstInfo.getNonce());
-
- assertEquals(TSPAlgorithms.SHA1, tstInfo.getMessageImprintAlgOID());
-
- assertTrue(Arrays.areEqual(new byte[20], tstInfo.getMessageImprintDigest()));
-
- assertTrue(Arrays.areEqual(tstInfo1, tstInfo.getEncoded()));
- }
-
- public void testTstInfo2()
- throws Exception
- {
- TimeStampTokenInfo tstInfo = getTimeStampTokenInfo(tstInfo2);
-
- //
- // verify
- //
- GenTimeAccuracy accuracy = tstInfo.getGenTimeAccuracy();
-
- assertEquals(3, accuracy.getSeconds());
- assertEquals(1, accuracy.getMillis());
- assertEquals(2, accuracy.getMicros());
-
- assertEquals(new BigInteger("23"), tstInfo.getSerialNumber());
-
- assertEquals(1130833785000L, tstInfo.getGenTime().getTime());
-
- assertEquals("1.2.3", tstInfo.getPolicy().getId());
-
- assertEquals(false, tstInfo.isOrdered());
-
- assertEquals(tstInfo.getNonce(), BigInteger.valueOf(100));
-
- assertTrue(Arrays.areEqual(Hex.decode("ffffffffffffffffffffffffffffffffffffffff"), tstInfo.getMessageImprintDigest()));
-
- assertTrue(Arrays.areEqual(tstInfo2, tstInfo.getEncoded()));
- }
-
- public void testTstInfo3()
- throws Exception
- {
- TimeStampTokenInfo tstInfo = getTimeStampTokenInfo(tstInfo3);
-
- //
- // verify
- //
- GenTimeAccuracy accuracy = tstInfo.getGenTimeAccuracy();
-
- assertEquals(3, accuracy.getSeconds());
- assertEquals(1, accuracy.getMillis());
- assertEquals(2, accuracy.getMicros());
-
- assertEquals(new BigInteger("23"), tstInfo.getSerialNumber());
-
- assertEquals(1130834855000L, tstInfo.getGenTime().getTime());
-
- assertEquals("1.2.3", tstInfo.getPolicy().getId());
-
- assertEquals(true, tstInfo.isOrdered());
-
- assertEquals(tstInfo.getNonce(), BigInteger.valueOf(100));
-
- assertEquals(TSPAlgorithms.SHA1, tstInfo.getMessageImprintAlgOID());
-
- assertTrue(Arrays.areEqual(new byte[20], tstInfo.getMessageImprintDigest()));
-
- assertTrue(Arrays.areEqual(tstInfo3, tstInfo.getEncoded()));
- }
-
- public void testTstInfoDudDate()
- throws Exception
- {
- try
- {
- getTimeStampTokenInfo(tstInfoDudDate);
-
- fail("dud date not detected.");
- }
- catch (TSPException e)
- {
- // expected
- }
- }
-
- private TimeStampTokenInfo getTimeStampTokenInfo(
- byte[] tstInfo)
- throws IOException, TSPException
- {
- ASN1InputStream aIn = new ASN1InputStream(tstInfo);
- TSTInfo info = TSTInfo.getInstance(aIn.readObject());
-
- return new TimeStampTokenInfo(info);
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/tsp/test/AllTests.java b/pkix/src/test/java/org/bouncycastle/tsp/test/AllTests.java
deleted file mode 100644
index 19fc664d..00000000
--- a/pkix/src/test/java/org/bouncycastle/tsp/test/AllTests.java
+++ /dev/null
@@ -1,32 +0,0 @@
-package org.bouncycastle.tsp.test;
-
-import java.security.Security;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
-public class AllTests
- extends TestCase
-{
- public static void main (String[] args)
- {
- junit.textui.TestRunner.run(suite());
- }
-
- public static Test suite()
- {
- Security.addProvider(new BouncyCastleProvider());
-
- TestSuite suite = new TestSuite("TSP Tests");
-
- suite.addTestSuite(ParseTest.class);
- suite.addTestSuite(NewTSPTest.class);
- suite.addTestSuite(CMSTimeStampedDataTest.class);
- suite.addTestSuite(CMSTimeStampedDataParserTest.class);
- suite.addTestSuite(CMSTimeStampedDataGeneratorTest.class);
-
- return suite;
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/tsp/test/CMSTimeStampedDataGeneratorTest.java b/pkix/src/test/java/org/bouncycastle/tsp/test/CMSTimeStampedDataGeneratorTest.java
deleted file mode 100644
index a9ab7db6..00000000
--- a/pkix/src/test/java/org/bouncycastle/tsp/test/CMSTimeStampedDataGeneratorTest.java
+++ /dev/null
@@ -1,309 +0,0 @@
-package org.bouncycastle.tsp.test;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.InputStream;
-import java.math.BigInteger;
-import java.security.KeyPair;
-import java.security.PrivateKey;
-import java.security.Security;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-
-import junit.framework.TestCase;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.cert.jcajce.JcaCertStore;
-import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.DigestCalculator;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
-import org.bouncycastle.tsp.TSPAlgorithms;
-import org.bouncycastle.tsp.TimeStampRequest;
-import org.bouncycastle.tsp.TimeStampRequestGenerator;
-import org.bouncycastle.tsp.TimeStampResponse;
-import org.bouncycastle.tsp.TimeStampResponseGenerator;
-import org.bouncycastle.tsp.TimeStampToken;
-import org.bouncycastle.tsp.TimeStampTokenGenerator;
-import org.bouncycastle.tsp.cms.CMSTimeStampedData;
-import org.bouncycastle.tsp.cms.CMSTimeStampedDataGenerator;
-import org.bouncycastle.tsp.cms.CMSTimeStampedDataParser;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.Store;
-import org.bouncycastle.util.io.Streams;
-
-public class CMSTimeStampedDataGeneratorTest
- extends TestCase
-{
-
- BouncyCastleProvider bouncyCastleProvider;
- CMSTimeStampedDataGenerator cmsTimeStampedDataGenerator = null;
- String fileInput = "FileDaFirmare.data";
- byte[] baseData;
-
- protected void setUp()
- throws Exception
- {
- bouncyCastleProvider = new BouncyCastleProvider();
- if (Security.getProvider(bouncyCastleProvider.getName()) == null)
- {
- Security.addProvider(bouncyCastleProvider);
- }
-
- cmsTimeStampedDataGenerator = new CMSTimeStampedDataGenerator();
- ByteArrayOutputStream origStream = new ByteArrayOutputStream();
- InputStream in = this.getClass().getResourceAsStream(fileInput);
- int ch;
-
- while ((ch = in.read()) >= 0)
- {
- origStream.write(ch);
- }
-
- origStream.close();
-
- this.baseData = origStream.toByteArray();
-
- }
-
- protected void tearDown()
- throws Exception
- {
- cmsTimeStampedDataGenerator = null;
- Security.removeProvider(bouncyCastleProvider.getName());
- }
-
- public void testGenerate()
- throws Exception
- {
- BcDigestCalculatorProvider calculatorProvider = new BcDigestCalculatorProvider();
- ASN1ObjectIdentifier algOID = new ASN1ObjectIdentifier("2.16.840.1.101.3.4.2.1"); // SHA-256
- DigestCalculator hashCalculator = calculatorProvider.get(new AlgorithmIdentifier(algOID));
-
- cmsTimeStampedDataGenerator.initialiseMessageImprintDigestCalculator(hashCalculator);
-
- hashCalculator.getOutputStream().write(baseData);
- hashCalculator.getOutputStream().close();
-
- TimeStampToken timeStampToken = createTimeStampToken(hashCalculator.getDigest(), NISTObjectIdentifiers.id_sha256);
- CMSTimeStampedData cmsTimeStampedData = cmsTimeStampedDataGenerator.generate(timeStampToken, baseData);
-
- for (int i = 0; i < 3; i++)
- {
- byte[] newRequestData = cmsTimeStampedData.calculateNextHash(hashCalculator);
- TimeStampToken newTimeStampToken = createTimeStampToken(newRequestData, NISTObjectIdentifiers.id_sha256);
- cmsTimeStampedData = cmsTimeStampedData.addTimeStamp(newTimeStampToken);
- }
- byte[] timeStampedData = cmsTimeStampedData.getEncoded();
-
- // verify
- DigestCalculatorProvider newCalculatorProvider = new BcDigestCalculatorProvider();
- DigestCalculator imprintCalculator = cmsTimeStampedData.getMessageImprintDigestCalculator(newCalculatorProvider);
- CMSTimeStampedData newCMSTimeStampedData = new CMSTimeStampedData(timeStampedData);
- byte[] newContent = newCMSTimeStampedData.getContent();
- assertEquals("Content expected and verified are different", true, Arrays.areEqual(newContent, baseData));
-
- imprintCalculator.getOutputStream().write(newContent);
-
- byte[] digest = imprintCalculator.getDigest();
-
- TimeStampToken[] tokens = cmsTimeStampedData.getTimeStampTokens();
- assertEquals("TimeStampToken expected and verified are different", 4, tokens.length);
- for (int i = 0; i < tokens.length; i++)
- {
- cmsTimeStampedData.validate(newCalculatorProvider, digest, tokens[i]);
- }
- }
-
- public void testGenerateWithMetadata()
- throws Exception
- {
- cmsTimeStampedDataGenerator.setMetaData(true, fileInput, "TXT");
-
- BcDigestCalculatorProvider calculatorProvider = new BcDigestCalculatorProvider();
- ASN1ObjectIdentifier algOID = new ASN1ObjectIdentifier("2.16.840.1.101.3.4.2.1"); // SHA-256
- DigestCalculator hashCalculator = calculatorProvider.get(new AlgorithmIdentifier(algOID));
-
- cmsTimeStampedDataGenerator.initialiseMessageImprintDigestCalculator(hashCalculator);
-
- hashCalculator.getOutputStream().write(baseData);
- hashCalculator.getOutputStream().close();
-
- TimeStampToken timeStampToken = createTimeStampToken(hashCalculator.getDigest(), NISTObjectIdentifiers.id_sha256);
- CMSTimeStampedData cmsTimeStampedData = cmsTimeStampedDataGenerator.generate(timeStampToken, baseData);
-
- for (int i = 0; i <= 3; i++)
- {
- byte[] newRequestData = cmsTimeStampedData.calculateNextHash(hashCalculator);
- TimeStampToken newTimeStampToken = createTimeStampToken(newRequestData, NISTObjectIdentifiers.id_sha256);
- cmsTimeStampedData = cmsTimeStampedData.addTimeStamp(newTimeStampToken);
- }
- byte[] timeStampedData = cmsTimeStampedData.getEncoded();
-
- metadataCheck(timeStampedData);
- metadataParserCheck(timeStampedData);
- }
-
- public void testGenerateWithMetadataAndDifferentAlgorithmIdentifier()
- throws Exception
- {
- cmsTimeStampedDataGenerator.setMetaData(true, fileInput, "TXT");
-
- BcDigestCalculatorProvider calculatorProvider = new BcDigestCalculatorProvider();
-
- ASN1ObjectIdentifier algIdentifier = NISTObjectIdentifiers.id_sha224;
-
- DigestCalculator hashCalculator = calculatorProvider.get(new AlgorithmIdentifier(algIdentifier));
- cmsTimeStampedDataGenerator.initialiseMessageImprintDigestCalculator(hashCalculator);
- hashCalculator.getOutputStream().write(baseData);
- hashCalculator.getOutputStream().close();
-
- byte[] requestData = hashCalculator.getDigest();
- TimeStampToken timeStampToken = createTimeStampToken(requestData, algIdentifier);
-
- CMSTimeStampedData cmsTimeStampedData = cmsTimeStampedDataGenerator.generate(timeStampToken, baseData);
-
- for (int i = 0; i <= 3; i++) {
- switch (i) {
- case 0:
- algIdentifier = NISTObjectIdentifiers.id_sha224;
- break;
- case 1:
- algIdentifier = NISTObjectIdentifiers.id_sha256;
- break;
- case 2:
- algIdentifier = NISTObjectIdentifiers.id_sha384;
- break;
- case 3:
- algIdentifier = NISTObjectIdentifiers.id_sha512;
- break;
- }
- hashCalculator = calculatorProvider.get(new AlgorithmIdentifier(algIdentifier));
- byte[] newRequestData = cmsTimeStampedData.calculateNextHash(hashCalculator);
- TimeStampToken newTimeStampToken = createTimeStampToken(newRequestData, algIdentifier);
- cmsTimeStampedData = cmsTimeStampedData.addTimeStamp(newTimeStampToken);
- }
- byte[] timeStampedData = cmsTimeStampedData.getEncoded();
-
- metadataCheck(timeStampedData);
- metadataParserCheck(timeStampedData);
-
- }
-
-
- private void metadataCheck(byte[] timeStampedData)
- throws Exception
- {
- CMSTimeStampedData cmsTspData = new CMSTimeStampedData(timeStampedData);
- DigestCalculatorProvider newCalculatorProvider = new BcDigestCalculatorProvider();
- DigestCalculator imprintCalculator = cmsTspData.getMessageImprintDigestCalculator(newCalculatorProvider);
-
- byte[] newContent = cmsTspData.getContent();
- assertEquals("Content expected and verified are different", true, Arrays.areEqual(newContent, baseData));
-
- imprintCalculator.getOutputStream().write(newContent);
-
- assertEquals(fileInput, cmsTspData.getFileName());
- assertEquals("TXT", cmsTspData.getMediaType());
-
- byte[] digest = imprintCalculator.getDigest();
-
- TimeStampToken[] tokens = cmsTspData.getTimeStampTokens();
- assertEquals("TimeStampToken expected and verified are different", 5, tokens.length);
- for (int i = 0; i < tokens.length; i++)
- {
- cmsTspData.validate(newCalculatorProvider, digest, tokens[i]);
- }
- }
-
- private void metadataParserCheck(byte[] timeStampedData)
- throws Exception
- {
- CMSTimeStampedDataParser cmsTspData = new CMSTimeStampedDataParser(timeStampedData);
- DigestCalculatorProvider newCalculatorProvider = new BcDigestCalculatorProvider();
-
- InputStream input = cmsTspData.getContent();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- Streams.pipeAll(input, bOut);
-
- assertEquals("Content expected and verified are different", true, Arrays.areEqual(bOut.toByteArray(), baseData));
-
- DigestCalculator imprintCalculator = cmsTspData.getMessageImprintDigestCalculator(newCalculatorProvider);
-
- Streams.pipeAll(new ByteArrayInputStream(bOut.toByteArray()), imprintCalculator.getOutputStream());
-
- assertEquals(fileInput, cmsTspData.getFileName());
- assertEquals("TXT", cmsTspData.getMediaType());
-
- byte[] digest = imprintCalculator.getDigest();
-
- TimeStampToken[] tokens = cmsTspData.getTimeStampTokens();
- assertEquals("TimeStampToken expected and verified are different", 5, tokens.length);
- for (int i = 0; i < tokens.length; i++)
- {
- cmsTspData.validate(newCalculatorProvider, digest, tokens[i]);
- }
- }
-
- private TimeStampToken createTimeStampToken(byte[] hash, ASN1ObjectIdentifier hashAlg)
- throws Exception
- {
- String algorithmName = null;
- if (hashAlg.equals(NISTObjectIdentifiers.id_sha224))
- {
- algorithmName = "SHA224withRSA";
- }
- else if (hashAlg.equals(NISTObjectIdentifiers.id_sha256))
- {
- algorithmName = "SHA256withRSA";
- }
- else if (hashAlg.equals(NISTObjectIdentifiers.id_sha384))
- {
- algorithmName = "SHA384withRSA";
- }
- else if (hashAlg.equals(NISTObjectIdentifiers.id_sha512))
- {
- algorithmName = "SHA512withRSA";
- }
-
- String signDN = "O=Bouncy Castle, C=AU";
- KeyPair signKP = TSPTestUtil.makeKeyPair();
- X509Certificate signCert = TSPTestUtil.makeCACertificate(signKP,
- signDN, signKP, signDN);
-
- String origDN = "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU";
- KeyPair origKP = TSPTestUtil.makeKeyPair();
- X509Certificate cert = TSPTestUtil.makeCertificate(origKP,
- origDN, signKP, signDN);
-
- PrivateKey privateKey = origKP.getPrivate();
-
- List certList = new ArrayList();
- certList.add(cert);
- certList.add(signCert);
-
- Store certs = new JcaCertStore(certList);
-
-
- TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
- new JcaSimpleSignerInfoGeneratorBuilder().build(algorithmName, privateKey, cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
-
- tsTokenGen.addCertificates(certs);
-
- TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
- TimeStampRequest request = reqGen.generate(hashAlg, hash);
-
- TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
-
- TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date());
-
- tsResp = new TimeStampResponse(tsResp.getEncoded());
-
- return tsResp.getTimeStampToken();
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/tsp/test/CMSTimeStampedDataParserTest.java b/pkix/src/test/java/org/bouncycastle/tsp/test/CMSTimeStampedDataParserTest.java
deleted file mode 100644
index 138e892b..00000000
--- a/pkix/src/test/java/org/bouncycastle/tsp/test/CMSTimeStampedDataParserTest.java
+++ /dev/null
@@ -1,91 +0,0 @@
-package org.bouncycastle.tsp.test;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.InputStream;
-
-import junit.framework.TestCase;
-import org.bouncycastle.operator.DigestCalculator;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
-import org.bouncycastle.tsp.TimeStampToken;
-import org.bouncycastle.tsp.cms.CMSTimeStampedDataParser;
-import org.bouncycastle.util.io.Streams;
-
-public class CMSTimeStampedDataParserTest
- extends TestCase
-{
-
- CMSTimeStampedDataParser cmsTimeStampedData = null;
- String fileInput = "FileDaFirmare.txt.tsd.der";
- private byte[] baseData;
-
- protected void setUp()
- throws Exception
- {
- ByteArrayOutputStream origStream = new ByteArrayOutputStream();
- InputStream in = this.getClass().getResourceAsStream(fileInput);
- int ch;
-
- while ((ch = in.read()) >= 0)
- {
- origStream.write(ch);
- }
-
- origStream.close();
-
- this.baseData = origStream.toByteArray();
-
- cmsTimeStampedData = new CMSTimeStampedDataParser(baseData);
- }
-
- protected void tearDown()
- throws Exception
- {
- cmsTimeStampedData = null;
- }
-
- public void testGetTimeStampTokens()
- throws Exception
- {
- TimeStampToken[] tokens = cmsTimeStampedData.getTimeStampTokens();
- assertEquals(3, tokens.length);
- }
-
- public void testValidateAllTokens()
- throws Exception
- {
- DigestCalculatorProvider digestCalculatorProvider = new BcDigestCalculatorProvider();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- Streams.pipeAll(cmsTimeStampedData.getContent(), bOut);
-
- DigestCalculator imprintCalculator = cmsTimeStampedData.getMessageImprintDigestCalculator(digestCalculatorProvider);
-
- Streams.pipeAll(new ByteArrayInputStream(bOut.toByteArray()), imprintCalculator.getOutputStream());
-
- byte[] digest = imprintCalculator.getDigest();
-
- TimeStampToken[] tokens = cmsTimeStampedData.getTimeStampTokens();
- for (int i = 0; i < tokens.length; i++)
- {
- cmsTimeStampedData.validate(digestCalculatorProvider, digest, tokens[i]);
- }
- }
-
- public void testValidate()
- throws Exception
- {
- DigestCalculatorProvider digestCalculatorProvider = new BcDigestCalculatorProvider();
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- Streams.pipeAll(cmsTimeStampedData.getContent(), bOut);
-
- DigestCalculator imprintCalculator = cmsTimeStampedData.getMessageImprintDigestCalculator(digestCalculatorProvider);
-
- Streams.pipeAll(new ByteArrayInputStream(bOut.toByteArray()), imprintCalculator.getOutputStream());
-
- cmsTimeStampedData.validate(digestCalculatorProvider, imprintCalculator.getDigest());
- }
-
-}
diff --git a/pkix/src/test/java/org/bouncycastle/tsp/test/CMSTimeStampedDataTest.java b/pkix/src/test/java/org/bouncycastle/tsp/test/CMSTimeStampedDataTest.java
deleted file mode 100644
index 0bfefaa6..00000000
--- a/pkix/src/test/java/org/bouncycastle/tsp/test/CMSTimeStampedDataTest.java
+++ /dev/null
@@ -1,84 +0,0 @@
-package org.bouncycastle.tsp.test;
-
-import java.io.ByteArrayOutputStream;
-import java.io.InputStream;
-
-import junit.framework.TestCase;
-import org.bouncycastle.operator.DigestCalculator;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
-import org.bouncycastle.tsp.TimeStampToken;
-import org.bouncycastle.tsp.cms.CMSTimeStampedData;
-
-public class CMSTimeStampedDataTest
- extends TestCase
-{
-
- CMSTimeStampedData cmsTimeStampedData = null;
- String fileInput = "FileDaFirmare.txt.tsd.der";
- String fileOutput = fileInput.substring(0, fileInput.indexOf(".tsd"));
- private byte[] baseData;
-
- protected void setUp()
- throws Exception
- {
- ByteArrayOutputStream origStream = new ByteArrayOutputStream();
- InputStream in = this.getClass().getResourceAsStream(fileInput);
- int ch;
-
- while ((ch = in.read()) >= 0)
- {
- origStream.write(ch);
- }
-
- origStream.close();
-
- this.baseData = origStream.toByteArray();
-
- cmsTimeStampedData = new CMSTimeStampedData(baseData);
- }
-
- protected void tearDown()
- throws Exception
- {
- cmsTimeStampedData = null;
- }
-
- public void testGetTimeStampTokens()
- throws Exception
- {
- TimeStampToken[] tokens = cmsTimeStampedData.getTimeStampTokens();
- assertEquals(3, tokens.length);
- }
-
- public void testValidateAllTokens()
- throws Exception
- {
- DigestCalculatorProvider digestCalculatorProvider = new BcDigestCalculatorProvider();
-
- DigestCalculator imprintCalculator = cmsTimeStampedData.getMessageImprintDigestCalculator(digestCalculatorProvider);
-
- imprintCalculator.getOutputStream().write(cmsTimeStampedData.getContent());
-
- byte[] digest = imprintCalculator.getDigest();
-
- TimeStampToken[] tokens = cmsTimeStampedData.getTimeStampTokens();
- for (int i = 0; i < tokens.length; i++)
- {
- cmsTimeStampedData.validate(digestCalculatorProvider, digest, tokens[i]);
- }
- }
-
- public void testValidate()
- throws Exception
- {
- DigestCalculatorProvider digestCalculatorProvider = new BcDigestCalculatorProvider();
-
- DigestCalculator imprintCalculator = cmsTimeStampedData.getMessageImprintDigestCalculator(digestCalculatorProvider);
-
- imprintCalculator.getOutputStream().write(cmsTimeStampedData.getContent());
-
- cmsTimeStampedData.validate(digestCalculatorProvider, imprintCalculator.getDigest());
- }
-
-}
diff --git a/pkix/src/test/java/org/bouncycastle/tsp/test/NewTSPTest.java b/pkix/src/test/java/org/bouncycastle/tsp/test/NewTSPTest.java
deleted file mode 100644
index 3aa3e97e..00000000
--- a/pkix/src/test/java/org/bouncycastle/tsp/test/NewTSPTest.java
+++ /dev/null
@@ -1,833 +0,0 @@
-package org.bouncycastle.tsp.test;
-
-import java.io.OutputStream;
-import java.math.BigInteger;
-import java.security.KeyPair;
-import java.security.PrivateKey;
-import java.security.Security;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-
-import junit.framework.TestCase;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.cmp.PKIFailureInfo;
-import org.bouncycastle.asn1.cmp.PKIStatus;
-import org.bouncycastle.asn1.cms.AttributeTable;
-import org.bouncycastle.asn1.ess.ESSCertID;
-import org.bouncycastle.asn1.ess.ESSCertIDv2;
-import org.bouncycastle.asn1.ess.SigningCertificate;
-import org.bouncycastle.asn1.ess.SigningCertificateV2;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
-import org.bouncycastle.asn1.x509.IssuerSerial;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.jcajce.JcaCertStore;
-import org.bouncycastle.cms.CMSAttributeTableGenerationException;
-import org.bouncycastle.cms.CMSAttributeTableGenerator;
-import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
-import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
-import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
-import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.DigestCalculator;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
-import org.bouncycastle.tsp.GenTimeAccuracy;
-import org.bouncycastle.tsp.TSPAlgorithms;
-import org.bouncycastle.tsp.TSPException;
-import org.bouncycastle.tsp.TSPValidationException;
-import org.bouncycastle.tsp.TimeStampRequest;
-import org.bouncycastle.tsp.TimeStampRequestGenerator;
-import org.bouncycastle.tsp.TimeStampResponse;
-import org.bouncycastle.tsp.TimeStampResponseGenerator;
-import org.bouncycastle.tsp.TimeStampToken;
-import org.bouncycastle.tsp.TimeStampTokenGenerator;
-import org.bouncycastle.tsp.TimeStampTokenInfo;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.Store;
-
-public class NewTSPTest
- extends TestCase
-{
- private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
-
- public void setUp()
- {
- Security.addProvider(new BouncyCastleProvider());
- }
-
- public void testGeneral()
- throws Exception
- {
- String signDN = "O=Bouncy Castle, C=AU";
- KeyPair signKP = TSPTestUtil.makeKeyPair();
- X509Certificate signCert = TSPTestUtil.makeCACertificate(signKP,
- signDN, signKP, signDN);
-
- String origDN = "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU";
- KeyPair origKP = TSPTestUtil.makeKeyPair();
- X509Certificate origCert = TSPTestUtil.makeCertificate(origKP,
- origDN, signKP, signDN);
-
-
-
- List certList = new ArrayList();
- certList.add(origCert);
- certList.add(signCert);
-
- Store certs = new JcaCertStore(certList);
-
- basicTest(origKP.getPrivate(), origCert, certs);
- basicSha256Test(origKP.getPrivate(), origCert, certs);
- basicTestWithTSA(origKP.getPrivate(), origCert, certs);
- overrideAttrsTest(origKP.getPrivate(), origCert, certs);
- responseValidationTest(origKP.getPrivate(), origCert, certs);
- incorrectHashTest(origKP.getPrivate(), origCert, certs);
- badAlgorithmTest(origKP.getPrivate(), origCert, certs);
- timeNotAvailableTest(origKP.getPrivate(), origCert, certs);
- badPolicyTest(origKP.getPrivate(), origCert, certs);
- tokenEncodingTest(origKP.getPrivate(), origCert, certs);
- certReqTest(origKP.getPrivate(), origCert, certs);
- testAccuracyZeroCerts(origKP.getPrivate(), origCert, certs);
- testAccuracyWithCertsAndOrdering(origKP.getPrivate(), origCert, certs);
- testNoNonse(origKP.getPrivate(), origCert, certs);
- }
-
- private void basicTest(
- PrivateKey privateKey,
- X509Certificate cert,
- Store certs)
- throws Exception
- {
- TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
- new JcaSimpleSignerInfoGeneratorBuilder().build("SHA1withRSA", privateKey, cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
-
- tsTokenGen.addCertificates(certs);
-
- TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
- TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100));
-
- TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
-
- TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date());
-
- tsResp = new TimeStampResponse(tsResp.getEncoded());
-
- TimeStampToken tsToken = tsResp.getTimeStampToken();
-
- tsToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert));
-
- AttributeTable table = tsToken.getSignedAttributes();
-
- assertNotNull("no signingCertificate attribute found", table.get(PKCSObjectIdentifiers.id_aa_signingCertificate));
- }
-
- private void basicSha256Test(
- PrivateKey privateKey,
- X509Certificate cert,
- Store certs)
- throws Exception
- {
- TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
- new JcaSimpleSignerInfoGeneratorBuilder().build("SHA256withRSA", privateKey, cert), new SHA256DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
-
- tsTokenGen.addCertificates(certs);
-
- TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
- TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA256, new byte[32], BigInteger.valueOf(100));
-
- TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
-
- TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date());
-
- assertEquals(PKIStatus.GRANTED, tsResp.getStatus());
-
- tsResp = new TimeStampResponse(tsResp.getEncoded());
-
- TimeStampToken tsToken = tsResp.getTimeStampToken();
-
- tsToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert));
-
- AttributeTable table = tsToken.getSignedAttributes();
-
- assertNotNull("no signingCertificate attribute found", table.get(PKCSObjectIdentifiers.id_aa_signingCertificateV2));
-
- DigestCalculator digCalc = new SHA256DigestCalculator();
-
- OutputStream dOut = digCalc.getOutputStream();
-
- dOut.write(cert.getEncoded());
-
- dOut.close();
-
- byte[] certHash = digCalc.getDigest();
-
- SigningCertificateV2 sigCertV2 = SigningCertificateV2.getInstance(table.get(PKCSObjectIdentifiers.id_aa_signingCertificateV2).getAttributeValues()[0]);
-
- assertTrue(Arrays.areEqual(certHash, sigCertV2.getCerts()[0].getCertHash()));
- }
-
- private void overrideAttrsTest(
- PrivateKey privateKey,
- X509Certificate cert,
- Store certs)
- throws Exception
- {
- JcaSimpleSignerInfoGeneratorBuilder signerInfoGenBuilder = new JcaSimpleSignerInfoGeneratorBuilder().setProvider("BC");
-
- IssuerSerial issuerSerial = new IssuerSerial(new GeneralNames(new GeneralName(new X509CertificateHolder(cert.getEncoded()).getIssuer())), cert.getSerialNumber());
-
- DigestCalculator digCalc = new SHA1DigestCalculator();
-
- OutputStream dOut = digCalc.getOutputStream();
-
- dOut.write(cert.getEncoded());
-
- dOut.close();
-
- byte[] certHash = digCalc.getDigest();
-
- digCalc = new SHA256DigestCalculator();
-
- dOut = digCalc.getOutputStream();
-
- dOut.write(cert.getEncoded());
-
- dOut.close();
-
- byte[] certHash256 = digCalc.getDigest();
-
- final ESSCertID essCertid = new ESSCertID(certHash, issuerSerial);
- final ESSCertIDv2 essCertidV2 = new ESSCertIDv2(certHash256, issuerSerial);
-
- signerInfoGenBuilder.setSignedAttributeGenerator(new CMSAttributeTableGenerator()
- {
- public AttributeTable getAttributes(Map parameters)
- throws CMSAttributeTableGenerationException
- {
- CMSAttributeTableGenerator attrGen = new DefaultSignedAttributeTableGenerator();
-
- AttributeTable table = attrGen.getAttributes(parameters);
- table = table.add(PKCSObjectIdentifiers.id_aa_signingCertificate, new SigningCertificate(essCertid));
- table = table.add(PKCSObjectIdentifiers.id_aa_signingCertificateV2, new SigningCertificateV2(new ESSCertIDv2[]{essCertidV2}));
-
- return table;
- }
- });
-
- TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(signerInfoGenBuilder.build("SHA1withRSA", privateKey, cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
-
- tsTokenGen.addCertificates(certs);
-
- TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
- TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100));
-
- TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
-
- TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date());
-
- tsResp = new TimeStampResponse(tsResp.getEncoded());
-
- TimeStampToken tsToken = tsResp.getTimeStampToken();
-
- tsToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert));
-
- AttributeTable table = tsToken.getSignedAttributes();
-
- assertNotNull("no signingCertificate attribute found", table.get(PKCSObjectIdentifiers.id_aa_signingCertificate));
- assertNotNull("no signingCertificateV2 attribute found", table.get(PKCSObjectIdentifiers.id_aa_signingCertificateV2));
-
- SigningCertificate sigCert = SigningCertificate.getInstance(table.get(PKCSObjectIdentifiers.id_aa_signingCertificate).getAttributeValues()[0]);
-
- assertEquals(new X509CertificateHolder(cert.getEncoded()).getIssuer(), sigCert.getCerts()[0].getIssuerSerial().getIssuer().getNames()[0].getName());
- assertEquals(cert.getSerialNumber(), sigCert.getCerts()[0].getIssuerSerial().getSerial().getValue());
- assertTrue(Arrays.areEqual(certHash, sigCert.getCerts()[0].getCertHash()));
-
- SigningCertificateV2 sigCertV2 = SigningCertificateV2.getInstance(table.get(PKCSObjectIdentifiers.id_aa_signingCertificateV2).getAttributeValues()[0]);
-
- assertEquals(new X509CertificateHolder(cert.getEncoded()).getIssuer(), sigCertV2.getCerts()[0].getIssuerSerial().getIssuer().getNames()[0].getName());
- assertEquals(cert.getSerialNumber(), sigCertV2.getCerts()[0].getIssuerSerial().getSerial().getValue());
- assertTrue(Arrays.areEqual(certHash256, sigCertV2.getCerts()[0].getCertHash()));
- }
-
- private void basicTestWithTSA(
- PrivateKey privateKey,
- X509Certificate cert,
- Store certs)
- throws Exception
- {
- TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
- new JcaSimpleSignerInfoGeneratorBuilder().build("SHA1withRSA", privateKey, cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
-
- tsTokenGen.addCertificates(certs);
- tsTokenGen.setTSA(new GeneralName(new X500Name("CN=Test")));
-
- TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
- TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100));
-
- TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
-
- TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date());
-
- tsResp = new TimeStampResponse(tsResp.getEncoded());
-
- TimeStampToken tsToken = tsResp.getTimeStampToken();
-
- tsToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert));
-
- AttributeTable table = tsToken.getSignedAttributes();
-
- assertNotNull("no signingCertificate attribute found", table.get(PKCSObjectIdentifiers.id_aa_signingCertificate));
- }
-
- private void responseValidationTest(
- PrivateKey privateKey,
- X509Certificate cert,
- Store certs)
- throws Exception
- {
- JcaSignerInfoGeneratorBuilder infoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build());
-
- TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
- infoGeneratorBuilder.build(new JcaContentSignerBuilder("MD5withRSA").setProvider(BC).build(privateKey), cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
-
- tsTokenGen.addCertificates(certs);
-
- TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
- TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100));
-
- TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
-
- TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date());
-
- tsResp = new TimeStampResponse(tsResp.getEncoded());
-
- TimeStampToken tsToken = tsResp.getTimeStampToken();
-
- tsToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert));
-
- //
- // check validation
- //
- tsResp.validate(request);
-
- try
- {
- request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(101));
-
- tsResp.validate(request);
-
- fail("response validation failed on invalid nonce.");
- }
- catch (TSPValidationException e)
- {
- // ignore
- }
-
- try
- {
- request = reqGen.generate(TSPAlgorithms.SHA1, new byte[22], BigInteger.valueOf(100));
-
- tsResp.validate(request);
-
- fail("response validation failed on wrong digest.");
- }
- catch (TSPValidationException e)
- {
- // ignore
- }
-
- try
- {
- request = reqGen.generate(TSPAlgorithms.MD5, new byte[20], BigInteger.valueOf(100));
-
- tsResp.validate(request);
-
- fail("response validation failed on wrong digest.");
- }
- catch (TSPValidationException e)
- {
- // ignore
- }
- }
-
- private void incorrectHashTest(
- PrivateKey privateKey,
- X509Certificate cert,
- Store certs)
- throws Exception
- {
- JcaSignerInfoGeneratorBuilder infoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build());
-
- TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(infoGeneratorBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(privateKey), cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
-
- tsTokenGen.addCertificates(certs);
-
- TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
- TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[16]);
-
- TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
-
- TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date());
-
- tsResp = new TimeStampResponse(tsResp.getEncoded());
-
- TimeStampToken tsToken = tsResp.getTimeStampToken();
-
- if (tsToken != null)
- {
- fail("incorrectHash - token not null.");
- }
-
- PKIFailureInfo failInfo = tsResp.getFailInfo();
-
- if (failInfo == null)
- {
- fail("incorrectHash - failInfo set to null.");
- }
-
- if (failInfo.intValue() != PKIFailureInfo.badDataFormat)
- {
- fail("incorrectHash - wrong failure info returned.");
- }
- }
-
- private void badAlgorithmTest(
- PrivateKey privateKey,
- X509Certificate cert,
- Store certs)
- throws Exception
- {
- JcaSimpleSignerInfoGeneratorBuilder infoGeneratorBuilder = new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BC);
-
- TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(infoGeneratorBuilder.build("SHA1withRSA", privateKey, cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
-
- tsTokenGen.addCertificates(certs);
-
- TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
- TimeStampRequest request = reqGen.generate(new ASN1ObjectIdentifier("1.2.3.4.5"), new byte[20]);
-
- TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
-
- TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date());
-
- tsResp = new TimeStampResponse(tsResp.getEncoded());
-
- TimeStampToken tsToken = tsResp.getTimeStampToken();
-
- if (tsToken != null)
- {
- fail("badAlgorithm - token not null.");
- }
-
- PKIFailureInfo failInfo = tsResp.getFailInfo();
-
- if (failInfo == null)
- {
- fail("badAlgorithm - failInfo set to null.");
- }
-
- if (failInfo.intValue() != PKIFailureInfo.badAlg)
- {
- fail("badAlgorithm - wrong failure info returned.");
- }
- }
-
- private void timeNotAvailableTest(
- PrivateKey privateKey,
- X509Certificate cert,
- Store certs)
- throws Exception
- {
- JcaSignerInfoGeneratorBuilder infoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build());
-
- TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(infoGeneratorBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(privateKey), cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
-
- tsTokenGen.addCertificates(certs);
-
- TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
- TimeStampRequest request = reqGen.generate(new ASN1ObjectIdentifier("1.2.3.4.5"), new byte[20]);
-
- TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
-
- TimeStampResponse tsResp;
-
- try
- {
- tsResp = tsRespGen.generateGrantedResponse(request, new BigInteger("23"), null);
- }
- catch (TSPException e)
- {
- tsResp = tsRespGen.generateRejectedResponse(e);
- }
-
- tsResp = new TimeStampResponse(tsResp.getEncoded());
-
- TimeStampToken tsToken = tsResp.getTimeStampToken();
-
- if (tsToken != null)
- {
- fail("timeNotAvailable - token not null.");
- }
-
- PKIFailureInfo failInfo = tsResp.getFailInfo();
-
- if (failInfo == null)
- {
- fail("timeNotAvailable - failInfo set to null.");
- }
-
- if (failInfo.intValue() != PKIFailureInfo.timeNotAvailable)
- {
- fail("timeNotAvailable - wrong failure info returned.");
- }
- }
-
- private void badPolicyTest(
- PrivateKey privateKey,
- X509Certificate cert,
- Store certs)
- throws Exception
- {
- JcaSignerInfoGeneratorBuilder infoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build());
-
- TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(infoGeneratorBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(privateKey), cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
-
- tsTokenGen.addCertificates(certs);
-
- TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
-
- reqGen.setReqPolicy(new ASN1ObjectIdentifier("1.1"));
-
- TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20]);
-
- TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED, new HashSet());
-
- TimeStampResponse tsResp;
-
- try
- {
- tsResp = tsRespGen.generateGrantedResponse(request, new BigInteger("23"), new Date());
- }
- catch (TSPException e)
- {
- tsResp = tsRespGen.generateRejectedResponse(e);
- }
-
- tsResp = new TimeStampResponse(tsResp.getEncoded());
-
- TimeStampToken tsToken = tsResp.getTimeStampToken();
-
- if (tsToken != null)
- {
- fail("badPolicy - token not null.");
- }
-
- PKIFailureInfo failInfo = tsResp.getFailInfo();
-
- if (failInfo == null)
- {
- fail("badPolicy - failInfo set to null.");
- }
-
- if (failInfo.intValue() != PKIFailureInfo.unacceptedPolicy)
- {
- fail("badPolicy - wrong failure info returned.");
- }
- }
-
- private void certReqTest(
- PrivateKey privateKey,
- X509Certificate cert,
- Store certs)
- throws Exception
- {
- JcaSignerInfoGeneratorBuilder infoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build());
-
- TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(infoGeneratorBuilder.build(new JcaContentSignerBuilder("MD5withRSA").setProvider(BC).build(privateKey), cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
-
- tsTokenGen.addCertificates(certs);
-
- TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
-
- //
- // request with certReq false
- //
- reqGen.setCertReq(false);
-
- TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100));
-
- TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
-
- TimeStampResponse tsResp = tsRespGen.generateGrantedResponse(request, new BigInteger("23"), new Date());
-
- tsResp = new TimeStampResponse(tsResp.getEncoded());
-
- TimeStampToken tsToken = tsResp.getTimeStampToken();
-
- assertNull(tsToken.getTimeStampInfo().getGenTimeAccuracy()); // check for abscence of accuracy
-
- assertEquals("1.2", tsToken.getTimeStampInfo().getPolicy().getId());
-
- try
- {
- tsToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(cert));
- }
- catch (TSPValidationException e)
- {
- fail("certReq(false) verification of token failed.");
- }
-
- Store respCerts = tsToken.getCertificates();
-
- Collection certsColl = respCerts.getMatches(null);
-
- if (!certsColl.isEmpty())
- {
- fail("certReq(false) found certificates in response.");
- }
- }
-
-
- private void tokenEncodingTest(
- PrivateKey privateKey,
- X509Certificate cert,
- Store certs)
- throws Exception
- {
- JcaSignerInfoGeneratorBuilder infoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build());
-
- TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(infoGeneratorBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(privateKey), cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2.3.4.5.6"));
-
- tsTokenGen.addCertificates(certs);
-
- TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
- TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100));
- TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
- TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date());
-
- tsResp = new TimeStampResponse(tsResp.getEncoded());
-
- TimeStampResponse tsResponse = new TimeStampResponse(tsResp.getEncoded());
-
- if (!Arrays.areEqual(tsResponse.getEncoded(), tsResp.getEncoded())
- || !Arrays.areEqual(tsResponse.getTimeStampToken().getEncoded(),
- tsResp.getTimeStampToken().getEncoded()))
- {
- fail();
- }
- }
-
- private void testAccuracyZeroCerts(
- PrivateKey privateKey,
- X509Certificate cert,
- Store certs)
- throws Exception
- {
- JcaSignerInfoGeneratorBuilder infoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build());
-
- TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(infoGeneratorBuilder.build(new JcaContentSignerBuilder("MD5withRSA").setProvider(BC).build(privateKey), cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
-
- tsTokenGen.addCertificates(certs);
-
- tsTokenGen.setAccuracySeconds(1);
- tsTokenGen.setAccuracyMillis(2);
- tsTokenGen.setAccuracyMicros(3);
-
- TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
- TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100));
-
- TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
-
- TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date());
-
- tsResp = new TimeStampResponse(tsResp.getEncoded());
-
- TimeStampToken tsToken = tsResp.getTimeStampToken();
-
- tsToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert));
-
- //
- // check validation
- //
- tsResp.validate(request);
-
- //
- // check tstInfo
- //
- TimeStampTokenInfo tstInfo = tsToken.getTimeStampInfo();
-
- //
- // check accuracy
- //
- GenTimeAccuracy accuracy = tstInfo.getGenTimeAccuracy();
-
- assertEquals(1, accuracy.getSeconds());
- assertEquals(2, accuracy.getMillis());
- assertEquals(3, accuracy.getMicros());
-
- assertEquals(new BigInteger("23"), tstInfo.getSerialNumber());
-
- assertEquals("1.2", tstInfo.getPolicy().getId());
-
- //
- // test certReq
- //
- Store store = tsToken.getCertificates();
-
- Collection certificates = store.getMatches(null);
-
- assertEquals(0, certificates.size());
- }
-
- private void testAccuracyWithCertsAndOrdering(
- PrivateKey privateKey,
- X509Certificate cert,
- Store certs)
- throws Exception
- {
- JcaSignerInfoGeneratorBuilder infoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build());
-
- TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(infoGeneratorBuilder.build(new JcaContentSignerBuilder("MD5withRSA").setProvider(BC).build(privateKey), cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2.3"));
-
- tsTokenGen.addCertificates(certs);
-
- tsTokenGen.setAccuracySeconds(3);
- tsTokenGen.setAccuracyMillis(1);
- tsTokenGen.setAccuracyMicros(2);
-
- tsTokenGen.setOrdering(true);
-
- TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
-
- reqGen.setCertReq(true);
-
- TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100));
-
- assertTrue(request.getCertReq());
-
- TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
-
- TimeStampResponse tsResp;
-
- try
- {
- tsResp = tsRespGen.generateGrantedResponse(request, new BigInteger("23"), new Date());
- }
- catch (TSPException e)
- {
- tsResp = tsRespGen.generateRejectedResponse(e);
- }
-
- tsResp = new TimeStampResponse(tsResp.getEncoded());
-
- TimeStampToken tsToken = tsResp.getTimeStampToken();
-
- tsToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert));
-
- //
- // check validation
- //
- tsResp.validate(request);
-
- //
- // check tstInfo
- //
- TimeStampTokenInfo tstInfo = tsToken.getTimeStampInfo();
-
- //
- // check accuracy
- //
- GenTimeAccuracy accuracy = tstInfo.getGenTimeAccuracy();
-
- assertEquals(3, accuracy.getSeconds());
- assertEquals(1, accuracy.getMillis());
- assertEquals(2, accuracy.getMicros());
-
- assertEquals(new BigInteger("23"), tstInfo.getSerialNumber());
-
- assertEquals("1.2.3", tstInfo.getPolicy().getId());
-
- assertEquals(true, tstInfo.isOrdered());
-
- assertEquals(tstInfo.getNonce(), BigInteger.valueOf(100));
-
- //
- // test certReq
- //
- Store store = tsToken.getCertificates();
-
- Collection certificates = store.getMatches(null);
-
- assertEquals(2, certificates.size());
- }
-
- private void testNoNonse(
- PrivateKey privateKey,
- X509Certificate cert,
- Store certs)
- throws Exception
- {
- JcaSignerInfoGeneratorBuilder infoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BC).build());
-
- TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(infoGeneratorBuilder.build(new JcaContentSignerBuilder("MD5withRSA").setProvider(BC).build(privateKey), cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2.3"));
-
- tsTokenGen.addCertificates(certs);
-
- TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
- TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20]);
-
- assertFalse(request.getCertReq());
-
- TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
-
- TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("24"), new Date());
-
- tsResp = new TimeStampResponse(tsResp.getEncoded());
-
- TimeStampToken tsToken = tsResp.getTimeStampToken();
-
- tsToken.validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert));
-
- //
- // check validation
- //
- tsResp.validate(request);
-
- //
- // check tstInfo
- //
- TimeStampTokenInfo tstInfo = tsToken.getTimeStampInfo();
-
- //
- // check accuracy
- //
- GenTimeAccuracy accuracy = tstInfo.getGenTimeAccuracy();
-
- assertNull(accuracy);
-
- assertEquals(new BigInteger("24"), tstInfo.getSerialNumber());
-
- assertEquals("1.2.3", tstInfo.getPolicy().getId());
-
- assertEquals(false, tstInfo.isOrdered());
-
- assertNull(tstInfo.getNonce());
-
- //
- // test certReq
- //
- Store store = tsToken.getCertificates();
-
- Collection certificates = store.getMatches(null);
-
- assertEquals(0, certificates.size());
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/tsp/test/ParseTest.java b/pkix/src/test/java/org/bouncycastle/tsp/test/ParseTest.java
deleted file mode 100644
index 46821d48..00000000
--- a/pkix/src/test/java/org/bouncycastle/tsp/test/ParseTest.java
+++ /dev/null
@@ -1,417 +0,0 @@
-package org.bouncycastle.tsp.test;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.security.Security;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-
-import junit.framework.TestCase;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.cmp.PKIFailureInfo;
-import org.bouncycastle.asn1.cmp.PKIStatus;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.tsp.TSPAlgorithms;
-import org.bouncycastle.tsp.TimeStampRequest;
-import org.bouncycastle.tsp.TimeStampResponse;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.Store;
-import org.bouncycastle.util.encoders.Base64;
-
-/**
- * Test Cases
- */
-public class ParseTest
- extends TestCase
-{
- private byte[] sha1Request = Base64.decode(
- "MDACAQEwITAJBgUrDgMCGgUABBT5UbEBmJssO3RxcQtOePxNvfoMpgIIC+Gv"
- + "YW2mtZQ=");
-
-
- private byte[] sha1noNonse = Base64.decode(
- "MCYCAQEwITAJBgUrDgMCGgUABBT5UbEBmJssO3RxcQtOePxNvfoMpg==");
-
- private byte[] md5Request = Base64.decode(
- "MDoCAQEwIDAMBggqhkiG9w0CBQUABBDIl9FBCvjyx0+6EbHbUR6eBgkrBgEE"
- + "AakHBQECCDQluayIxIzn");
-
- private byte[] ripemd160Request = Base64.decode(
- "MD8CAQEwITAJBgUrJAMCAQUABBSq03a/mk50Yd9lMF+BSqOp/RHGQQYJKwYB"
- + "BAGpBwUBAgkA4SZs9NfqISMBAf8=");
-
- private byte[] sha1Response = Base64.decode(
- "MIICbDADAgEAMIICYwYJKoZIhvcNAQcCoIICVDCCAlACAQMxCzAJBgUrDgMC"
- + "GgUAMIHaBgsqhkiG9w0BCRABBKCBygSBxzCBxAIBAQYEKgMEATAhMAkGBSsO"
- + "AwIaBQAEFPlRsQGYmyw7dHFxC054/E29+gymAgEEGA8yMDA0MTIwOTA3NTIw"
- + "NVowCgIBAYACAfSBAWQBAf8CCAvhr2FtprWUoGmkZzBlMRgwFgYDVQQDEw9F"
- + "cmljIEguIEVjaGlkbmExJDAiBgkqhkiG9w0BCQEWFWVyaWNAYm91bmN5Y2Fz"
- + "dGxlLm9yZzEWMBQGA1UEChMNQm91bmN5IENhc3RsZTELMAkGA1UEBhMCQVUx"
- + "ggFfMIIBWwIBATAqMCUxFjAUBgNVBAoTDUJvdW5jeSBDYXN0bGUxCzAJBgNV"
- + "BAYTAkFVAgECMAkGBSsOAwIaBQCggYwwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3"
- + "DQEJEAEEMBwGCSqGSIb3DQEJBTEPFw0wNDEyMDkwNzUyMDVaMCMGCSqGSIb3"
- + "DQEJBDEWBBTGR1cbm94tWbcpDWrH+bD8UYePsTArBgsqhkiG9w0BCRACDDEc"
- + "MBowGDAWBBS37aLzFcheqeJ5cla0gjNWHGKbRzANBgkqhkiG9w0BAQEFAASB"
- + "gBrc9CJ3xlcTQuWQXJUqPEn6f6vfJAINKsn22z8LIfS/2p/CTFU6+W/bz8j8"
- + "j+8uWEJe8okTsI0FflljIsspqOPTB/RrnXteajbkuk/rLmz1B2g/qWBGAzPI"
- + "D214raBc1a7Bpd76PkvSSdjqrEaaskd+7JJiPr9l9yeSoh1AIt0N");
-
- private byte[] sha1noNonseResponse = Base64.decode(
- "MIICYjADAgEAMIICWQYJKoZIhvcNAQcCoIICSjCCAkYCAQMxCzAJBgUrDgMC"
- + "GgUAMIHQBgsqhkiG9w0BCRABBKCBwASBvTCBugIBAQYEKgMEATAhMAkGBSsO"
- + "AwIaBQAEFPlRsQGYmyw7dHFxC054/E29+gymAgECGA8yMDA0MTIwOTA3MzQx"
- + "MlowCgIBAYACAfSBAWQBAf+gaaRnMGUxGDAWBgNVBAMTD0VyaWMgSC4gRWNo"
- + "aWRuYTEkMCIGCSqGSIb3DQEJARYVZXJpY0Bib3VuY3ljYXN0bGUub3JnMRYw"
- + "FAYDVQQKEw1Cb3VuY3kgQ2FzdGxlMQswCQYDVQQGEwJBVTGCAV8wggFbAgEB"
- + "MCowJTEWMBQGA1UEChMNQm91bmN5IENhc3RsZTELMAkGA1UEBhMCQVUCAQIw"
- + "CQYFKw4DAhoFAKCBjDAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJ"
- + "KoZIhvcNAQkFMQ8XDTA0MTIwOTA3MzQxMlowIwYJKoZIhvcNAQkEMRYEFMNA"
- + "xlscHYiByHL9DIEh3FewIhgSMCsGCyqGSIb3DQEJEAIMMRwwGjAYMBYEFLft"
- + "ovMVyF6p4nlyVrSCM1YcYptHMA0GCSqGSIb3DQEBAQUABIGAaj46Tarrg7V7"
- + "z13bbetrGv+xy159eE8kmIW9nPegru3DuK/GmbMx9W3l0ydx0zdXRwYi6NZc"
- + "nNqbEZQZ2L1biJVTflgWq4Nxu4gPGjH/BGHKdH/LyW4eDcXZR39AkNBMnDAK"
- + "EmhhJo1/Tc+S/WkV9lnHJCPIn+TAijBUO6EiTik=");
-
- private byte[] md5Response = Base64.decode(
- "MIICcDADAgEAMIICZwYJKoZIhvcNAQcCoIICWDCCAlQCAQMxCzAJBgUrDgMC"
- + "GgUAMIHeBgsqhkiG9w0BCRABBKCBzgSByzCByAIBAQYJKwYBBAGpBwUBMCAw"
- + "DAYIKoZIhvcNAgUFAAQQyJfRQQr48sdPuhGx21EengIBAxgPMjAwNDEyMDkw"
- + "NzQ2MTZaMAoCAQGAAgH0gQFkAQH/Agg0JbmsiMSM56BppGcwZTEYMBYGA1UE"
- + "AxMPRXJpYyBILiBFY2hpZG5hMSQwIgYJKoZIhvcNAQkBFhVlcmljQGJvdW5j"
- + "eWNhc3RsZS5vcmcxFjAUBgNVBAoTDUJvdW5jeSBDYXN0bGUxCzAJBgNVBAYT"
- + "AkFVMYIBXzCCAVsCAQEwKjAlMRYwFAYDVQQKEw1Cb3VuY3kgQ2FzdGxlMQsw"
- + "CQYDVQQGEwJBVQIBAjAJBgUrDgMCGgUAoIGMMBoGCSqGSIb3DQEJAzENBgsq"
- + "hkiG9w0BCRABBDAcBgkqhkiG9w0BCQUxDxcNMDQxMjA5MDc0NjE2WjAjBgkq"
- + "hkiG9w0BCQQxFgQUFpRpaiRUUjiY7EbefbWLKDIY0XMwKwYLKoZIhvcNAQkQ"
- + "AgwxHDAaMBgwFgQUt+2i8xXIXqnieXJWtIIzVhxim0cwDQYJKoZIhvcNAQEB"
- + "BQAEgYBTwKsLLrQm+bvKV7Jwto/cMQh0KsVB5RoEeGn5CI9XyF2Bm+JRcvQL"
- + "Nm7SgSOBVt4A90TqujxirNeyQnXRiSnFvXd09Wet9WIQNpwpiGlE7lCrAhuq"
- + "/TAUe79VIpoQZDtyhbh0Vzxl24yRoechabC0zuPpOWOzrA4YC3Hv1J2tAA==");
-
- private byte[] signingCert = Base64.decode(
- "MIICWjCCAcOgAwIBAgIBAjANBgkqhkiG9w0BAQQFADAlMRYwFAYDVQQKEw1Cb3Vu"
- + "Y3kgQ2FzdGxlMQswCQYDVQQGEwJBVTAeFw0wNDEyMDkwNzEzMTRaFw0wNTAzMTkw"
- + "NzEzMTRaMGUxGDAWBgNVBAMTD0VyaWMgSC4gRWNoaWRuYTEkMCIGCSqGSIb3DQEJ"
- + "ARYVZXJpY0Bib3VuY3ljYXN0bGUub3JnMRYwFAYDVQQKEw1Cb3VuY3kgQ2FzdGxl"
- + "MQswCQYDVQQGEwJBVTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqGAFO3dK"
- + "jB7Ca7u5Z3CabsbGr2Exg+3sztSPiRCIba03es4295EhtDF5bXQvrW2R1Bg72vED"
- + "5tWaQjVDetvDfCzVC3ErHLTVk3OgpLIP1gf2T0LcOH2pTh2LP9c5Ceta+uggK8zK"
- + "9sYUUnzGPSAZxrqHIIAlPIgqk0BMV+KApyECAwEAAaNaMFgwHQYDVR0OBBYEFO4F"
- + "YoqogtB9MjD0NB5x5HN3TrGUMB8GA1UdIwQYMBaAFPXAecuwLqNkCxYVLE/ngFQR"
- + "7RLIMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMA0GCSqGSIb3DQEBBAUAA4GBADGi"
- + "D5/qmGvcBgswEM/z2dF4lOxbTNKUW31ZHiU8CXlN0IkFtNbBLBTbJOQIAUnNEabL"
- + "T7aYgj813OZKUbJTx4MuGChhot/TEP7hKo/xz9OnXLsqYDKbqbo8iLOode+SI7II"
- + "+yYghOtqvx32cL2Qmffi1LaMbhJP+8NbsIxowdRC");
-
- private byte[] unacceptablePolicy = Base64.decode(
- "MDAwLgIBAjAkDCJSZXF1ZXN0ZWQgcG9saWN5IGlzIG5vdCBzdXBwb3J0ZWQu"
- + "AwMAAAE=");
-
- private byte[] generalizedTime = Base64.decode(
- "MIIKPTADAgEAMIIKNAYJKoZIhvcNAQcCoIIKJTCCCiECAQMxCzAJBgUrDgMC"
- + "GgUAMIIBGwYLKoZIhvcNAQkQAQSgggEKBIIBBjCCAQICAQEGCisGAQQBhFkK"
- + "AwEwITAJBgUrDgMCGgUABBQAAAAAAAAAAAAAAAAAAAAAAAAAAAICUC8YEzIw"
- + "MDUwMzEwMTA1ODQzLjkzM1owBIACAfQBAf8CAWSggaikgaUwgaIxCzAJBgNV"
- + "BAYTAkdCMRcwFQYDVQQIEw5DYW1icmlkZ2VzaGlyZTESMBAGA1UEBxMJQ2Ft"
- + "YnJpZGdlMSQwIgYDVQQKExtuQ2lwaGVyIENvcnBvcmF0aW9uIExpbWl0ZWQx"
- + "JzAlBgNVBAsTHm5DaXBoZXIgRFNFIEVTTjozMjJBLUI1REQtNzI1QjEXMBUG"
- + "A1UEAxMOZGVtby1kc2UyMDAtMDGgggaFMIID2TCCA0KgAwIBAgICAIswDQYJ"
- + "KoZIhvcNAQEFBQAwgYwxCzAJBgNVBAYTAkdCMRcwFQYDVQQIEw5DYW1icmlk"
- + "Z2VzaGlyZTESMBAGA1UEBxMJQ2FtYnJpZGdlMSQwIgYDVQQKExtuQ2lwaGVy"
- + "IENvcnBvcmF0aW9uIExpbWl0ZWQxGDAWBgNVBAsTD1Byb2R1Y3Rpb24gVEVT"
- + "VDEQMA4GA1UEAxMHVEVTVCBDQTAeFw0wNDA2MTQxNDIzNTlaFw0wNTA2MTQx"
- + "NDIzNTlaMIGiMQswCQYDVQQGEwJHQjEXMBUGA1UECBMOQ2FtYnJpZGdlc2hp"
- + "cmUxEjAQBgNVBAcTCUNhbWJyaWRnZTEkMCIGA1UEChMbbkNpcGhlciBDb3Jw"
- + "b3JhdGlvbiBMaW1pdGVkMScwJQYDVQQLEx5uQ2lwaGVyIERTRSBFU046MzIy"
- + "QS1CNURELTcyNUIxFzAVBgNVBAMTDmRlbW8tZHNlMjAwLTAxMIGfMA0GCSqG"
- + "SIb3DQEBAQUAA4GNADCBiQKBgQC7zUamCeLIApddx1etW5YEFrL1WXnlCd7j"
- + "mMFI6RpSq056LBkF1z5LgucLY+e/c3u2Nw+XJuS3a2fKuBD7I1s/6IkVtIb/"
- + "KLDjjafOnottKhprH8K41siJUeuK3PRzfZ5kF0vwB3rNvWPCBJmp7kHtUQw3"
- + "RhIsJTYs7Wy8oVFHVwIDAQABo4IBMDCCASwwCQYDVR0TBAIwADAWBgNVHSUB"
- + "Af8EDDAKBggrBgEFBQcDCDAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5l"
- + "cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFDlEe9Pd0WwQrtnEmFRI2Vmt"
- + "b+lCMIG5BgNVHSMEgbEwga6AFNy1VPweOQLC65bs6/0RcUYB19vJoYGSpIGP"
- + "MIGMMQswCQYDVQQGEwJHQjEXMBUGA1UECBMOQ2FtYnJpZGdlc2hpcmUxEjAQ"
- + "BgNVBAcTCUNhbWJyaWRnZTEkMCIGA1UEChMbbkNpcGhlciBDb3Jwb3JhdGlv"
- + "biBMaW1pdGVkMRgwFgYDVQQLEw9Qcm9kdWN0aW9uIFRFU1QxEDAOBgNVBAMT"
- + "B1RFU1QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADgYEASEMlrpRE1RYZPxP3530e"
- + "hOYUDjgQbw0dwpPjQtLWkeJrePMzDBAbuWwpRI8dOzKP3Rnrm5rxJ7oLY2S0"
- + "A9ZfV+iwFKagEHFytfnPm2Y9AeNR7a3ladKd7NFMw+5Tbk7Asbetbb+NJfCl"
- + "9YzHwxLGiQbpKxgc+zYOjq74eGLKtcKhggKkMIICDQIBATCB0qGBqKSBpTCB"
- + "ojELMAkGA1UEBhMCR0IxFzAVBgNVBAgTDkNhbWJyaWRnZXNoaXJlMRIwEAYD"
- + "VQQHEwlDYW1icmlkZ2UxJDAiBgNVBAoTG25DaXBoZXIgQ29ycG9yYXRpb24g"
- + "TGltaXRlZDEnMCUGA1UECxMebkNpcGhlciBEU0UgRVNOOjMyMkEtQjVERC03"
- + "MjVCMRcwFQYDVQQDEw5kZW1vLWRzZTIwMC0wMaIlCgEBMAkGBSsOAwIaBQAD"
- + "FQDaLe88TQvM+iMKmIXMmDSyPCZ/+KBmMGSkYjBgMQswCQYDVQQGEwJVUzEk"
- + "MCIGA1UEChMbbkNpcGhlciBDb3Jwb3JhdGlvbiBMaW1pdGVkMRgwFgYDVQQL"
- + "Ew9Qcm9kdWN0aW9uIFRlc3QxETAPBgNVBAMTCFRlc3QgVE1DMA0GCSqGSIb3"
- + "DQEBBQUAAgjF2jVbAAAAADAiGA8yMDA1MDMxMDAyNTQxOVoYDzIwMDUwMzEz"
- + "MDI1NDE5WjCBjTBLBgorBgEEAYRZCgQBMT0wOzAMAgTF2jVbAgQAAAAAMA8C"
- + "BAAAAAACBAAAaLkCAf8wDAIEAAAAAAIEAAKV/DAMAgTF3inbAgQAAAAAMD4G"
- + "CisGAQQBhFkKBAIxMDAuMAwGCisGAQQBhFkKAwGgDjAMAgQAAAAAAgQAB6Eg"
- + "oQ4wDAIEAAAAAAIEAAPQkDANBgkqhkiG9w0BAQUFAAOBgQB1q4d3GNWk7oAT"
- + "WkpYmZaTFvapMhTwAmAtSGgFmNOZhs21iHWl/X990/HEBsduwxohfrd8Pz64"
- + "hV/a76rpeJCVUfUNmbRIrsurFx6uKwe2HUHKW8grZWeCD1L8Y1pKQdrD41gu"
- + "v0msfOXzLWW+xe5BcJguKclN8HmT7s2odtgiMTGCAmUwggJhAgEBMIGTMIGM"
- + "MQswCQYDVQQGEwJHQjEXMBUGA1UECBMOQ2FtYnJpZGdlc2hpcmUxEjAQBgNV"
- + "BAcTCUNhbWJyaWRnZTEkMCIGA1UEChMbbkNpcGhlciBDb3Jwb3JhdGlvbiBM"
- + "aW1pdGVkMRgwFgYDVQQLEw9Qcm9kdWN0aW9uIFRFU1QxEDAOBgNVBAMTB1RF"
- + "U1QgQ0ECAgCLMAkGBSsOAwIaBQCgggEnMBoGCSqGSIb3DQEJAzENBgsqhkiG"
- + "9w0BCRABBDAjBgkqhkiG9w0BCQQxFgQUi1iYx5H3ACnvngWZTPfdxGswkSkw"
- + "geMGCyqGSIb3DQEJEAIMMYHTMIHQMIHNMIGyBBTaLe88TQvM+iMKmIXMmDSy"
- + "PCZ/+DCBmTCBkqSBjzCBjDELMAkGA1UEBhMCR0IxFzAVBgNVBAgTDkNhbWJy"
- + "aWRnZXNoaXJlMRIwEAYDVQQHEwlDYW1icmlkZ2UxJDAiBgNVBAoTG25DaXBo"
- + "ZXIgQ29ycG9yYXRpb24gTGltaXRlZDEYMBYGA1UECxMPUHJvZHVjdGlvbiBU"
- + "RVNUMRAwDgYDVQQDEwdURVNUIENBAgIAizAWBBSpS/lH6bN/wf3E2z2X29vF"
- + "2U7YHTANBgkqhkiG9w0BAQUFAASBgGvDVsgsG5I5WKjEDVHvdRwUx+8Cp10l"
- + "zGF8o1h7aK5O3zQ4jLayYHea54E5+df35gG7Z3eoOy8E350J7BvHiwDLTqe8"
- + "SoRlGs9VhL6LMmCcERfGSlSn61Aa15iXZ8eHMSc5JTeJl+kqy4I3FPP4m2ai"
- + "8wy2fQhn7hUM8Ntg7Y2s");
-
- private byte[] v2SigningCertResponse = Base64.decode(
- "MIIPPTADAgEAMIIPNAYJKoZIhvcNAQcCoIIPJTCCDyECAQMxDzANBglghkgBZQMEAgEFADCB6QYL"
- + "KoZIhvcNAQkQAQSggdkEgdYwgdMCAQEGBgQAj2cBATAxMA0GCWCGSAFlAwQCAQUABCBcU0GN08TA"
- + "LUFi7AAwQwVkSXqGu9tAzvJ7EXW7SMXHHQIRAM7Fa7g6tMvZI3dgllwMfpcYDzIwMDcxMjExMTAy"
- + "MTU5WjADAgEBAgYBFsi5OlmgYqRgMF4xCzAJBgNVBAYTAkRFMSQwIgYDVQQKDBtEZXV0c2NoZSBS"
- + "ZW50ZW52ZXJzaWNoZXJ1bmcxEzARBgNVBAsMClFDIFJvb3QgQ0ExFDASBgNVBAMMC1FDIFJvb3Qg"
- + "VFNQoIILQjCCBwkwggXxoAMCAQICAwN1pjANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJERTEk"
- + "MCIGA1UECgwbRGV1dHNjaGUgUmVudGVudmVyc2ljaGVydW5nMRMwEQYDVQQLDApRQyBSb290IENB"
- + "MB4XDTA3MTEyMDE2MDcyMFoXDTEyMDcyNzIwMjExMVowXjELMAkGA1UEBhMCREUxJDAiBgNVBAoM"
- + "G0RldXRzY2hlIFJlbnRlbnZlcnNpY2hlcnVuZzETMBEGA1UECwwKUUMgUm9vdCBDQTEUMBIGA1UE"
- + "AwwLUUMgUm9vdCBUU1AwggEkMA0GCSqGSIb3DQEBAQUAA4IBEQAwggEMAoIBAQCv1vO+EtGnJNs0"
- + "atv76BAJXs4bmO8yzVwe3RUtgeu5z9iefh8P46i1g3EL2CD15NcTfoHksr5KudNY30olfjHG7lIu"
- + "MO3R5sAcrGDPP7riZJnaI6VD/e6kVR569VBid5z105fJAB7mID7+Bn7pdRwDW3Fy2CzfofXGuvrO"
- + "GPNEWq8x8kqqf75DB5nAs5QP8H41obkdkap2ttHkkPZCiMghTs8iHfpJ0STn47MKq+QrUmuATMZi"
- + "XrdEfb7f3TBMjO0UVJF64Mh+kC9GtUEHlcm0Tq2Pk5XIUxWEyL94rZ4UWcVdSVE7IjggV2MifMNx"
- + "geZO3SwsDZk71AhDBy30CSzBAgUAx3HB5aOCA+IwggPeMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMI"
- + "MBMGA1UdIwQMMAqACECefuBmflfeMBgGCCsGAQUFBwEDBAwwCjAIBgYEAI5GAQEwUAYIKwYBBQUH"
- + "AQEERDBCMEAGCCsGAQUFBzABhjRodHRwOi8vb2NzcC1yb290cWMudGMuZGV1dHNjaGUtcmVudGVu"
- + "dmVyc2ljaGVydW5nLmRlMHcGA1UdIARwMG4wbAYNKwYBBAGBrTwBCAEBAzBbMFkGCCsGAQUFBwIB"
- + "Fk1odHRwOi8vd3d3LmRldXRzY2hlLXJlbnRlbnZlcnNpY2hlcnVuZy1idW5kLmRlL3N0YXRpYy90"
- + "cnVzdGNlbnRlci9wb2xpY3kuaHRtbDCCATwGA1UdHwSCATMwggEvMHygeqB4hnZsZGFwOi8vZGly"
- + "LnRjLmRldXRzY2hlLXJlbnRlbnZlcnNpY2hlcnVuZy5kZS9vdT1RQyUyMFJvb3QlMjBDQSxjbj1Q"
- + "dWJsaWMsbz1EUlYsYz1ERT9hdHRybmFtZT1jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0MIGuoIGr"
- + "oIGohoGlaHR0cDovL2Rpci50Yy5kZXV0c2NoZS1yZW50ZW52ZXJzaWNoZXJ1bmcuZGU6ODA4OS9z"
- + "ZXJ2bGV0L0Rpclh3ZWIvQ2EveC5jcmw/ZG49b3UlM0RRQyUyMFJvb3QlMjBDQSUyQ2NuJTNEUHVi"
- + "bGljJTJDbyUzRERSViUyQ2MlM0RERSZhdHRybmFtZT1jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0"
- + "MIIBLQYDVR0SBIIBJDCCASCGdGxkYXA6Ly9kaXIudGMuZGV1dHNjaGUtcmVudGVudmVyc2ljaGVy"
- + "dW5nLmRlL2NuPTE0NTUxOCxvdT1RQyUyMFJvb3QlMjBDQSxjbj1QdWJsaWMsbz1EUlYsYz1ERT9h"
- + "dHRybmFtZT1jQUNlcnRpZmljYXRlhoGnaHR0cDovL2Rpci50Yy5kZXV0c2NoZS1yZW50ZW52ZXJz"
- + "aWNoZXJ1bmcuZGU6ODA4OS9zZXJ2bGV0L0Rpclh3ZWIvQ2EveC5jZXI/ZG49Y24lM0QxNDU1MTgl"
- + "MkNvdSUzRFFDJTIwUm9vdCUyMENBJTJDY24lM0RQdWJsaWMlMkNvJTNERFJWJTJDYyUzRERFJmF0"
- + "dHJuYW1lPWNBQ2VydGlmaWNhdGUwDgYDVR0PAQH/BAQDAgZAMDsGA1UdCQQ0MDIwMAYDVQQDMSkT"
- + "J1FDIFRTUCBEZXV0c2NoZSBSZW50ZW52ZXJzaWNoZXJ1bmcgMTpQTjAMBgNVHRMBAf8EAjAAMA0G"
- + "CSqGSIb3DQEBCwUAA4IBAQCCrWe3Pd3ioX7d8phXvVAa859Rvgf0k3pZ6R4GMj8h/k6MNjNIrdAs"
- + "wgUVkBbXMLLBk0smsvTdFIVtTBdp1urb9l7vXjDA4MckXBOXPcz4fN8Oswk92d+fM9XU1jKVPsFG"
- + "PV6j8lAqfq5jwaRxOnS96UBGLKG+NdcrEyiMp/ZkpqnEQZZfu2mkeq6CPahnbBTZqsE0jgY351gU"
- + "9T6SFVvLIFH7cOxJqsoxPqv5YEcgiXPpOyyu2rpQqKYBYcnerF6/zx5hmWHxTd7MWaTHm0gJI/Im"
- + "d8esbW+xyaJuAVUcBA+sDmSe8AAoRVxwBRY+xi9ApaJHpmwT+0n2K2GsL3wIMIIEMTCCAxmgAwIB"
- + "AgIDAjhuMA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNVBAYTAkRFMSQwIgYDVQQKDBtEZXV0c2NoZSBS"
- + "ZW50ZW52ZXJzaWNoZXJ1bmcxEzARBgNVBAsMClFDIFJvb3QgQ0EwHhcNMDcwNzI3MjAyMTExWhcN"
- + "MTIwNzI3MjAyMTExWjBIMQswCQYDVQQGEwJERTEkMCIGA1UECgwbRGV1dHNjaGUgUmVudGVudmVy"
- + "c2ljaGVydW5nMRMwEQYDVQQLDApRQyBSb290IENBMIIBJDANBgkqhkiG9w0BAQEFAAOCAREAMIIB"
- + "DAKCAQEAzuhBdo9c84DdzsggjWOgfC4jJ2jYqpsOpBo3DVyem+5R26QK4feZdyFnaGvyG+TLcdLO"
- + "iCecGmrRGD+ey4IhjCONb7hsQQhJWTyDEtBblzYB0yjY8+9fnNeR61W+M/KlMgC6Rw/w+zwzklTM"
- + "MWwIbxLHm8l9jTSKFjAWTwjE8bCzpUCwN8+4JbFTwjwOJ5lsVA5Xa34wpgr6lgL3WrVTV1NSprqR"
- + "ZYDWg477tht0KkyOJt3guF3RONKBBuTO2qCbpUeI8m4v3tznoopYbV5Gp5wu5gqd6lTfgju3ldql"
- + "bxtuCLZd0nAI5rLEOPItDKl4vPXllmmtGIrtDZlwr86cbwIFAJvMJpGjggEgMIIBHDAPBgNVHRMB"
- + "Af8EBTADAQH/MBEGA1UdDgQKBAhAnn7gZn5X3jB3BgNVHSAEcDBuMGwGDSsGAQQBga08AQgBAQEw"
- + "WzBZBggrBgEFBQcCARZNaHR0cDovL3d3dy5kZXV0c2NoZS1yZW50ZW52ZXJzaWNoZXJ1bmctYnVu"
- + "ZC5kZS9zdGF0aWMvdHJ1c3RjZW50ZXIvcG9saWN5Lmh0bWwwUwYDVR0JBEwwSjBIBgNVBAMxQRM/"
- + "UUMgV3VyemVsemVydGlmaXppZXJ1bmdzc3RlbGxlIERldXRzY2hlIFJlbnRlbnZlcnNpY2hlcnVu"
- + "ZyAxOlBOMBgGCCsGAQUFBwEDBAwwCjAIBgYEAI5GAQEwDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3"
- + "DQEBCwUAA4IBAQBNGs7Dnc1yzzpZrkuC+oLv+NhbORTEYNgpaOetB1JQ1EbUBoPuNN4ih0ngy/uJ"
- + "D2O+h4JsNkmELgaehLWyFwATqCYZY4cTAGVoEwgn93x3aW8JbMDQf+YEJDSDsXcm4oIDFPqv5M6o"
- + "HZUWfsPka3mxKivfKtWhooTz1/+BEGReVQ2oOAvlwXlkEab9e3GOqXQUcLPYDTl8BQxiYhtQtf3d"
- + "kORiUkuGiGX1YJ5JnZnG3ElMjPgOl8rOiYU7oj9uv1HVb5sdAwuVw0BR/eiMVDBT8DNyfoJmPeQQ"
- + "A9pXtoAYO0Ya7wNNmCY2Y63YfBlRCF+9VQv2RZ4TdO1KGWwxR98OMYIC1zCCAtMCAQEwTzBIMQsw"
- + "CQYDVQQGEwJERTEkMCIGA1UECgwbRGV1dHNjaGUgUmVudGVudmVyc2ljaGVydW5nMRMwEQYDVQQL"
- + "DApRQyBSb290IENBAgMDdaYwDQYJYIZIAWUDBAIBBQCgggFZMBoGCSqGSIb3DQEJAzENBgsqhkiG"
- + "9w0BCRABBDAvBgkqhkiG9w0BCQQxIgQgO7FFODWWwF5RUjo6wjIkgkD5u7dH+NICiCpSgRRqd/Aw"
- + "ggEIBgsqhkiG9w0BCRACLzGB+DCB9TCB8jB3BCAMMZqK/5pZxOb3ruCbcgxStaTDwDHaf2glEo6P"
- + "+89t8TBTMEykSjBIMQswCQYDVQQGEwJERTEkMCIGA1UECgwbRGV1dHNjaGUgUmVudGVudmVyc2lj"
- + "aGVydW5nMRMwEQYDVQQLDApRQyBSb290IENBAgMDdaYwdwQgl7vwI+P47kpxhWLoIdEco7UfGwZ2"
- + "X4el3jaZ67q5/9IwUzBMpEowSDELMAkGA1UEBhMCREUxJDAiBgNVBAoMG0RldXRzY2hlIFJlbnRl"
- + "bnZlcnNpY2hlcnVuZzETMBEGA1UECwwKUUMgUm9vdCBDQQIDAjhuMA0GCSqGSIb3DQEBCwUABIIB"
- + "AIOYgpDI0BaeG4RF/EB5QzkUqAZ9nX6w895+m2hHyRKrAKdj3913j5QI+aEVIG3DVbFaAfdKeKfn"
- + "xsTW48aWs6aARtPAc+1OXwoGUSYElOFqqVpSeTaXe+kjY5bsLSQeETB+EPvXl8EcKTaxTRCNOqJU"
- + "XbnyYRgWTI55A2jH6IsQQVHc5DaIcmbdI8iATaRTHY5eUeVuI+Q/3RMVBFAb5qRhM61Ddcrjq058"
- + "C0uiH9G2IB5QRyu6RsCUgrkeMTMBqlIBlnDBy+EgLouDU4Dehxy5uzEl5DBKZEewZpQZOTO/kAgL"
- + "WruAAg/Lj4r0f9vN12wRlHoS2UKDjrE1DnUBbrM=");
-
- /* (non-Javadoc)
- * @see org.bouncycastle.util.test.Test#getName()
- */
- public String getName()
- {
- return "ParseTest";
- }
-
- private void requestParse(
- byte[] request,
- ASN1ObjectIdentifier algorithm)
- throws IOException
- {
- TimeStampRequest req = new TimeStampRequest(request);
-
- if (!req.getMessageImprintAlgOID().equals(algorithm))
- {
- fail("failed to get expected algorithm - got "
- + req.getMessageImprintAlgOID() + " not " + algorithm);
- }
-
- if (request != sha1Request && request != sha1noNonse)
- {
- if (!req.getReqPolicy().equals(TSPTestUtil.EuroPKI_TSA_Test_Policy))
- {
- fail("" + algorithm + " failed policy check.");
- }
-
- if (request == ripemd160Request)
- {
- if (!req.getCertReq())
- {
- fail("" + algorithm + " failed certReq check.");
- }
- }
- }
-
- assertEquals("version not 1", 1, req.getVersion());
-
- assertEquals("critical extensions found when none expected", 0, req.getCriticalExtensionOIDs().size());
-
- assertEquals("non-critical extensions found when none expected", 0, req.getNonCriticalExtensionOIDs().size());
-
- if (request != sha1noNonse)
- {
- if (req.getNonce() == null)
- {
- fail("" + algorithm + " nonse not found when one expected.");
- }
- }
- else
- {
- if (req.getNonce() != null)
- {
- fail("" + algorithm + " nonse not found when one not expected.");
- }
- }
-
- try
- {
- req.validate(TSPAlgorithms.ALLOWED, null, null);
- }
- catch (Exception e)
- {
- fail("validation exception.");
- }
-
- if (!Arrays.areEqual(req.getEncoded(), request))
- {
- fail("" + algorithm + " failed encode check.");
- }
- }
-
- private void responseParse(
- byte[] request,
- byte[] response,
- ASN1ObjectIdentifier algorithm)
- throws Exception
- {
- TimeStampRequest req = new TimeStampRequest(request);
- TimeStampResponse resp = new TimeStampResponse(response);
-
- CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC");
-
- X509Certificate cert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(signingCert));
-
- resp.validate(req);
-
- resp.getTimeStampToken().validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert));
- }
-
- private void unacceptableResponseParse(
- byte[] response)
- throws Exception
- {
- TimeStampResponse resp = new TimeStampResponse(response);
-
- if (resp.getStatus() != PKIStatus.REJECTION)
- {
- fail("request not rejected.");
- }
-
- if (resp.getFailInfo().intValue() != PKIFailureInfo.unacceptedPolicy)
- {
- fail("request not rejected.");
- }
- }
-
- private void generalizedTimeParse(
- byte[] response)
- throws Exception
- {
- TimeStampResponse resp = new TimeStampResponse(response);
-
- if (resp.getStatus() != PKIStatus.GRANTED)
- {
- fail("request not rejected.");
- }
- }
-
- public void setUp()
- {
- Security.addProvider(new BouncyCastleProvider());
- }
-
- public void testParsing()
- throws Exception
- {
- requestParse(sha1Request, TSPAlgorithms.SHA1);
-
- requestParse(sha1noNonse, TSPAlgorithms.SHA1);
-
- requestParse(md5Request, TSPAlgorithms.MD5);
-
- requestParse(ripemd160Request, TSPAlgorithms.RIPEMD160);
-
- responseParse(sha1Request, sha1Response, TSPAlgorithms.SHA1);
-
- responseParse(sha1noNonse, sha1noNonseResponse, TSPAlgorithms.SHA1);
-
- responseParse(md5Request, md5Response, TSPAlgorithms.MD5);
-
- unacceptableResponseParse(unacceptablePolicy);
-
- generalizedTimeParse(generalizedTime);
-
- v2SigningResponseParse(v2SigningCertResponse);
- }
-
- private void v2SigningResponseParse(
- byte[] encoded)
- throws Exception
- {
- TimeStampResponse response = new TimeStampResponse(encoded);
-
- Store store = response.getTimeStampToken().getCertificates();
- X509CertificateHolder cert = (X509CertificateHolder)store.getMatches(response.getTimeStampToken().getSID()).iterator().next();
-
- response.getTimeStampToken().validate(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert));
- }
-
- public void parse(
- byte[] encoded,
- boolean tokenPresent)
- throws Exception
- {
- TimeStampResponse response = new TimeStampResponse(encoded);
-
- if (tokenPresent && response.getTimeStampToken() == null)
- {
- fail("token not found when expected.");
- }
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/tsp/test/SHA1DigestCalculator.java b/pkix/src/test/java/org/bouncycastle/tsp/test/SHA1DigestCalculator.java
deleted file mode 100644
index 8bbd4ade..00000000
--- a/pkix/src/test/java/org/bouncycastle/tsp/test/SHA1DigestCalculator.java
+++ /dev/null
@@ -1,44 +0,0 @@
-package org.bouncycastle.tsp.test;
-
-import java.io.ByteArrayOutputStream;
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.operator.DigestCalculator;
-
-
-class SHA1DigestCalculator
- implements DigestCalculator
-{
- private ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- public AlgorithmIdentifier getAlgorithmIdentifier()
- {
- return new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1);
- }
-
- public OutputStream getOutputStream()
- {
- return bOut;
- }
-
- public byte[] getDigest()
- {
- byte[] bytes = bOut.toByteArray();
-
- bOut.reset();
-
- Digest sha1 = new SHA1Digest();
-
- sha1.update(bytes, 0, bytes.length);
-
- byte[] digest = new byte[sha1.getDigestSize()];
-
- sha1.doFinal(digest, 0);
-
- return digest;
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/tsp/test/SHA256DigestCalculator.java b/pkix/src/test/java/org/bouncycastle/tsp/test/SHA256DigestCalculator.java
deleted file mode 100644
index 89b0a1f2..00000000
--- a/pkix/src/test/java/org/bouncycastle/tsp/test/SHA256DigestCalculator.java
+++ /dev/null
@@ -1,44 +0,0 @@
-package org.bouncycastle.tsp.test;
-
-import java.io.ByteArrayOutputStream;
-import java.io.OutputStream;
-
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.operator.DigestCalculator;
-
-
-class SHA256DigestCalculator
- implements DigestCalculator
-{
- private ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- public AlgorithmIdentifier getAlgorithmIdentifier()
- {
- return new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256);
- }
-
- public OutputStream getOutputStream()
- {
- return bOut;
- }
-
- public byte[] getDigest()
- {
- byte[] bytes = bOut.toByteArray();
-
- bOut.reset();
-
- Digest sha256 = new SHA256Digest();
-
- sha256.update(bytes, 0, bytes.length);
-
- byte[] digest = new byte[sha256.getDigestSize()];
-
- sha256.doFinal(digest, 0);
-
- return digest;
- }
-}
diff --git a/pkix/src/test/java/org/bouncycastle/tsp/test/TSPTestUtil.java b/pkix/src/test/java/org/bouncycastle/tsp/test/TSPTestUtil.java
deleted file mode 100644
index e9d94262..00000000
--- a/pkix/src/test/java/org/bouncycastle/tsp/test/TSPTestUtil.java
+++ /dev/null
@@ -1,229 +0,0 @@
-package org.bouncycastle.tsp.test;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-
-import javax.crypto.KeyGenerator;
-import javax.crypto.SecretKey;
-
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
-import org.bouncycastle.asn1.x509.BasicConstraints;
-import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
-import org.bouncycastle.asn1.x509.Extension;
-import org.bouncycastle.asn1.x509.KeyPurposeId;
-import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
-import org.bouncycastle.asn1.x509.X509Name;
-import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
-import org.bouncycastle.util.encoders.Base64;
-import org.bouncycastle.x509.X509V3CertificateGenerator;
-
-public class TSPTestUtil
-{
-
- public static SecureRandom rand = new SecureRandom();
-
- public static KeyPairGenerator kpg;
-
- public static KeyGenerator desede128kg;
-
- public static KeyGenerator desede192kg;
-
- public static KeyGenerator rc240kg;
-
- public static KeyGenerator rc264kg;
-
- public static KeyGenerator rc2128kg;
-
- public static BigInteger serialNumber = BigInteger.ONE;
-
- public static final boolean DEBUG = true;
-
- public static ASN1ObjectIdentifier EuroPKI_TSA_Test_Policy = new ASN1ObjectIdentifier(
- "1.3.6.1.4.1.5255.5.1");
-
- public static JcaX509ExtensionUtils extUtils;
-
- static
- {
- try
- {
- rand = new SecureRandom();
-
- kpg = KeyPairGenerator.getInstance("RSA", "BC");
- kpg.initialize(1024, rand);
-
- desede128kg = KeyGenerator.getInstance("DESEDE", "BC");
- desede128kg.init(112, rand);
-
- desede192kg = KeyGenerator.getInstance("DESEDE", "BC");
- desede192kg.init(168, rand);
-
- rc240kg = KeyGenerator.getInstance("RC2", "BC");
- rc240kg.init(40, rand);
-
- rc264kg = KeyGenerator.getInstance("RC2", "BC");
- rc264kg.init(64, rand);
-
- rc2128kg = KeyGenerator.getInstance("RC2", "BC");
- rc2128kg.init(128, rand);
-
- serialNumber = new BigInteger("1");
-
- extUtils = new JcaX509ExtensionUtils();
-
- }
- catch (Exception ex)
- {
- throw new RuntimeException(ex.toString());
- }
- }
-
- public static String dumpBase64(byte[] data)
- {
- StringBuffer buf = new StringBuffer();
-
- data = Base64.encode(data);
-
- for (int i = 0; i < data.length; i += 64)
- {
- if (i + 64 < data.length)
- {
- buf.append(new String(data, i, 64));
- }
- else
- {
- buf.append(new String(data, i, data.length - i));
- }
- buf.append('\n');
- }
-
- return buf.toString();
- }
-
- public static KeyPair makeKeyPair()
- {
- return kpg.generateKeyPair();
- }
-
- public static SecretKey makeDesede128Key()
- {
- return desede128kg.generateKey();
- }
-
- public static SecretKey makeDesede192Key()
- {
- return desede192kg.generateKey();
- }
-
- public static SecretKey makeRC240Key()
- {
- return rc240kg.generateKey();
- }
-
- public static SecretKey makeRC264Key()
- {
- return rc264kg.generateKey();
- }
-
- public static SecretKey makeRC2128Key()
- {
- return rc2128kg.generateKey();
- }
-
- public static X509Certificate makeCertificate(KeyPair _subKP,
- String _subDN, KeyPair _issKP, String _issDN)
- throws GeneralSecurityException, IOException
- {
-
- return makeCertificate(_subKP, _subDN, _issKP, _issDN, false);
- }
-
- public static X509Certificate makeCACertificate(KeyPair _subKP,
- String _subDN, KeyPair _issKP, String _issDN)
- throws GeneralSecurityException, IOException
- {
-
- return makeCertificate(_subKP, _subDN, _issKP, _issDN, true);
- }
-
- public static X509Certificate makeCertificate(KeyPair _subKP,
- String _subDN, KeyPair _issKP, String _issDN, boolean _ca)
- throws GeneralSecurityException, IOException
- {
-
- PublicKey _subPub = _subKP.getPublic();
- PrivateKey _issPriv = _issKP.getPrivate();
- PublicKey _issPub = _issKP.getPublic();
-
- X509V3CertificateGenerator _v3CertGen = new X509V3CertificateGenerator();
-
- _v3CertGen.reset();
- _v3CertGen.setSerialNumber(allocateSerialNumber());
- _v3CertGen.setIssuerDN(new X509Name(_issDN));
- _v3CertGen.setNotBefore(new Date(System.currentTimeMillis()));
- _v3CertGen.setNotAfter(new Date(System.currentTimeMillis()
- + (1000L * 60 * 60 * 24 * 100)));
- _v3CertGen.setSubjectDN(new X509Name(_subDN));
- _v3CertGen.setPublicKey(_subPub);
- _v3CertGen.setSignatureAlgorithm("MD5WithRSAEncryption");
-
- _v3CertGen.addExtension(Extension.subjectKeyIdentifier, false,
- createSubjectKeyId(_subPub));
-
- _v3CertGen.addExtension(Extension.authorityKeyIdentifier, false,
- createAuthorityKeyId(_issPub));
-
- if (_ca)
- {
- _v3CertGen.addExtension(Extension.basicConstraints, false,
- new BasicConstraints(_ca));
- }
- else
- {
- _v3CertGen.addExtension(Extension.extendedKeyUsage, true,
- new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping));
- }
-
- X509Certificate _cert = _v3CertGen.generate(_issPriv);
-
- _cert.checkValidity(new Date());
- _cert.verify(_issPub);
-
- return _cert;
- }
-
- /*
- *
- * INTERNAL METHODS
- *
- */
-
-
- private static AuthorityKeyIdentifier createAuthorityKeyId(PublicKey _pubKey)
- throws IOException
- {
- return extUtils.createAuthorityKeyIdentifier(_pubKey);
- }
-
- private static SubjectKeyIdentifier createSubjectKeyId(PublicKey _pubKey)
- throws IOException
- {
- return extUtils.createSubjectKeyIdentifier(_pubKey);
- }
-
- private static BigInteger allocateSerialNumber()
- {
- BigInteger _tmp = serialNumber;
- serialNumber = serialNumber.add(BigInteger.ONE);
- return _tmp;
- }
-}