Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/quite/humla-spongycastle.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/pkix/src/test/jdk1.3/org/spongycastle/cert/test/AttrCertTest.java
diff options
context:
space:
mode:
Diffstat (limited to 'pkix/src/test/jdk1.3/org/spongycastle/cert/test/AttrCertTest.java')
-rw-r--r--pkix/src/test/jdk1.3/org/spongycastle/cert/test/AttrCertTest.java665
1 files changed, 665 insertions, 0 deletions
diff --git a/pkix/src/test/jdk1.3/org/spongycastle/cert/test/AttrCertTest.java b/pkix/src/test/jdk1.3/org/spongycastle/cert/test/AttrCertTest.java
new file mode 100644
index 00000000..525971e6
--- /dev/null
+++ b/pkix/src/test/jdk1.3/org/spongycastle/cert/test/AttrCertTest.java
@@ -0,0 +1,665 @@
+package org.spongycastle.cert.test;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.security.spec.RSAPrivateCrtKeySpec;
+import java.security.spec.RSAPublicKeySpec;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Date;
+import java.util.List;
+import java.util.Set;
+
+import org.spongycastle.asn1.ASN1Encodable;
+import org.spongycastle.asn1.ASN1EncodableVector;
+import org.spongycastle.asn1.ASN1ObjectIdentifier;
+import org.spongycastle.asn1.ASN1String;
+import org.spongycastle.asn1.DEROctetString;
+import org.spongycastle.asn1.DERSequence;
+import org.spongycastle.asn1.x500.X500Name;
+import org.spongycastle.asn1.x509.Attribute;
+import org.spongycastle.asn1.x509.GeneralName;
+import org.spongycastle.asn1.x509.GeneralNames;
+import org.spongycastle.asn1.x509.Extension;
+import org.spongycastle.cert.AttributeCertificateHolder;
+import org.spongycastle.cert.AttributeCertificateIssuer;
+import org.spongycastle.cert.X509AttributeCertificateHolder;
+import org.spongycastle.cert.X509v2AttributeCertificateBuilder;
+import org.spongycastle.cert.jcajce.JcaCertStore;
+import org.spongycastle.cert.jcajce.JcaX509CertificateHolder;
+import org.spongycastle.jce.provider.BouncyCastleProvider;
+import org.spongycastle.operator.ContentSigner;
+import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
+import org.spongycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
+import org.spongycastle.util.Store;
+import org.spongycastle.util.encoders.Base64;
+import org.spongycastle.util.test.SimpleTest;
+
+public class AttrCertTest
+ extends SimpleTest
+{
+ private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
+
+ private static final RSAPrivateCrtKeySpec RSA_PRIVATE_KEY_SPEC = new RSAPrivateCrtKeySpec(
+ new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
+ new BigInteger("11", 16),
+ new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
+ new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
+ new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
+ new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
+ new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
+ new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
+
+ public static byte[] attrCert = Base64.decode(
+ "MIIHQDCCBqkCAQEwgZChgY2kgYowgYcxHDAaBgkqhkiG9w0BCQEWDW1sb3JjaEB2"
+ + "dC5lZHUxHjAcBgNVBAMTFU1hcmt1cyBMb3JjaCAobWxvcmNoKTEbMBkGA1UECxMS"
+ + "VmlyZ2luaWEgVGVjaCBVc2VyMRAwDgYDVQQLEwdDbGFzcyAyMQswCQYDVQQKEwJ2"
+ + "dDELMAkGA1UEBhMCVVMwgYmkgYYwgYMxGzAZBgkqhkiG9w0BCQEWDHNzaGFoQHZ0"
+ + "LmVkdTEbMBkGA1UEAxMSU3VtaXQgU2hhaCAoc3NoYWgpMRswGQYDVQQLExJWaXJn"
+ + "aW5pYSBUZWNoIFVzZXIxEDAOBgNVBAsTB0NsYXNzIDExCzAJBgNVBAoTAnZ0MQsw"
+ + "CQYDVQQGEwJVUzANBgkqhkiG9w0BAQQFAAIBBTAiGA8yMDAzMDcxODE2MDgwMloY"
+ + "DzIwMDMwNzI1MTYwODAyWjCCBU0wggVJBgorBgEEAbRoCAEBMYIFORaCBTU8UnVs"
+ + "ZSBSdWxlSWQ9IkZpbGUtUHJpdmlsZWdlLVJ1bGUiIEVmZmVjdD0iUGVybWl0Ij4K"
+ + "IDxUYXJnZXQ+CiAgPFN1YmplY3RzPgogICA8U3ViamVjdD4KICAgIDxTdWJqZWN0"
+ + "TWF0Y2ggTWF0Y2hJZD0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjEuMDpmdW5j"
+ + "dGlvbjpzdHJpbmctZXF1YWwiPgogICAgIDxBdHRyaWJ1dGVWYWx1ZSBEYXRhVHlw"
+ + "ZT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjc3RyaW5nIj4KICAg"
+ + "ICAgIENOPU1hcmt1cyBMb3JjaDwvQXR0cmlidXRlVmFsdWU+CiAgICAgPFN1Ympl"
+ + "Y3RBdHRyaWJ1dGVEZXNpZ25hdG9yIEF0dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFt"
+ + "ZXM6dGM6eGFjbWw6MS4wOnN1YmplY3Q6c3ViamVjdC1pZCIgRGF0YVR5cGU9Imh0"
+ + "dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hI3N0cmluZyIgLz4gCiAgICA8"
+ + "L1N1YmplY3RNYXRjaD4KICAgPC9TdWJqZWN0PgogIDwvU3ViamVjdHM+CiAgPFJl"
+ + "c291cmNlcz4KICAgPFJlc291cmNlPgogICAgPFJlc291cmNlTWF0Y2ggTWF0Y2hJ"
+ + "ZD0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjEuMDpmdW5jdGlvbjpzdHJpbmct"
+ + "ZXF1YWwiPgogICAgIDxBdHRyaWJ1dGVWYWx1ZSBEYXRhVHlwZT0iaHR0cDovL3d3"
+ + "dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjYW55VVJJIj4KICAgICAgaHR0cDovL3p1"
+ + "bmkuY3MudnQuZWR1PC9BdHRyaWJ1dGVWYWx1ZT4KICAgICA8UmVzb3VyY2VBdHRy"
+ + "aWJ1dGVEZXNpZ25hdG9yIEF0dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFtZXM6dGM6"
+ + "eGFjbWw6MS4wOnJlc291cmNlOnJlc291cmNlLWlkIiBEYXRhVHlwZT0iaHR0cDov"
+ + "L3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjYW55VVJJIiAvPiAKICAgIDwvUmVz"
+ + "b3VyY2VNYXRjaD4KICAgPC9SZXNvdXJjZT4KICA8L1Jlc291cmNlcz4KICA8QWN0"
+ + "aW9ucz4KICAgPEFjdGlvbj4KICAgIDxBY3Rpb25NYXRjaCBNYXRjaElkPSJ1cm46"
+ + "b2FzaXM6bmFtZXM6dGM6eGFjbWw6MS4wOmZ1bmN0aW9uOnN0cmluZy1lcXVhbCI+"
+ + "CiAgICAgPEF0dHJpYnV0ZVZhbHVlIERhdGFUeXBlPSJodHRwOi8vd3d3LnczLm9y"
+ + "Zy8yMDAxL1hNTFNjaGVtYSNzdHJpbmciPgpEZWxlZ2F0ZSBBY2Nlc3MgICAgIDwv"
+ + "QXR0cmlidXRlVmFsdWU+CgkgIDxBY3Rpb25BdHRyaWJ1dGVEZXNpZ25hdG9yIEF0"
+ + "dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFtZXM6dGM6eGFjbWw6MS4wOmFjdGlvbjph"
+ + "Y3Rpb24taWQiIERhdGFUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNj"
+ + "aGVtYSNzdHJpbmciIC8+IAogICAgPC9BY3Rpb25NYXRjaD4KICAgPC9BY3Rpb24+"
+ + "CiAgPC9BY3Rpb25zPgogPC9UYXJnZXQ+CjwvUnVsZT4KMA0GCSqGSIb3DQEBBAUA"
+ + "A4GBAGiJSM48XsY90HlYxGmGVSmNR6ZW2As+bot3KAfiCIkUIOAqhcphBS23egTr"
+ + "6asYwy151HshbPNYz+Cgeqs45KkVzh7bL/0e1r8sDVIaaGIkjHK3CqBABnfSayr3"
+ + "Rd1yBoDdEv8Qb+3eEPH6ab9021AsLEnJ6LWTmybbOpMNZ3tv");
+
+ byte[] signCert = Base64.decode(
+ "MIIGjTCCBXWgAwIBAgICAPswDQYJKoZIhvcNAQEEBQAwaTEdMBsGCSqGSIb3DQEJ"
+ + "ARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZpcmdpbmlhIFRlY2ggQ2VydGlm"
+ + "aWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0MQswCQYDVQQGEwJVUzAeFw0w"
+ + "MzAxMzExMzUyMTRaFw0wNDAxMzExMzUyMTRaMIGDMRswGQYJKoZIhvcNAQkBFgxz"
+ + "c2hhaEB2dC5lZHUxGzAZBgNVBAMTElN1bWl0IFNoYWggKHNzaGFoKTEbMBkGA1UE"
+ + "CxMSVmlyZ2luaWEgVGVjaCBVc2VyMRAwDgYDVQQLEwdDbGFzcyAxMQswCQYDVQQK"
+ + "EwJ2dDELMAkGA1UEBhMCVVMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPDc"
+ + "scgSKmsEp0VegFkuitD5j5PUkDuzLjlfaYONt2SN8WeqU4j2qtlCnsipa128cyKS"
+ + "JzYe9duUdNxquh5BPIkMkHBw4jHoQA33tk0J/sydWdN74/AHPpPieK5GHwhU7GTG"
+ + "rCCS1PJRxjXqse79ExAlul+gjQwHeldAC+d4A6oZAgMBAAGjggOmMIIDojAMBgNV"
+ + "HRMBAf8EAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAOBgNVHQ8BAf8EBAMCA/gwHQYD"
+ + "VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBRUIoWAzlXbzBYE"
+ + "yVTjQFWyMMKo1jCBkwYDVR0jBIGLMIGIgBTgc3Fm+TGqKDhen+oKfbl+xVbj2KFt"
+ + "pGswaTEdMBsGCSqGSIb3DQEJARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZp"
+ + "cmdpbmlhIFRlY2ggQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0"
+ + "MQswCQYDVQQGEwJVU4IBADCBiwYJYIZIAYb4QgENBH4WfFZpcmdpbmlhIFRlY2gg"
+ + "Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgZGlnaXRhbCBjZXJ0aWZpY2F0ZXMgYXJl"
+ + "IHN1YmplY3QgdG8gcG9saWNpZXMgbG9jYXRlZCBhdCBodHRwOi8vd3d3LnBraS52"
+ + "dC5lZHUvY2EvY3BzLy4wFwYDVR0RBBAwDoEMc3NoYWhAdnQuZWR1MBkGA1UdEgQS"
+ + "MBCBDmlybWhlbHBAdnQuZWR1MEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcwAoYn"
+ + "aHR0cDovL2JveDE3Ny5jYy52dC5lZHUvY2EvaXNzdWVycy5odG1sMEQGA1UdHwQ9"
+ + "MDswOaA3oDWGM2h0dHA6Ly9ib3gxNzcuY2MudnQuZWR1L2h0ZG9jcy1wdWJsaWMv"
+ + "Y3JsL2NhY3JsLmNybDBUBgNVHSAETTBLMA0GCysGAQQBtGgFAQEBMDoGCysGAQQB"
+ + "tGgFAQEBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cucGtpLnZ0LmVkdS9jYS9j"
+ + "cHMvMD8GCWCGSAGG+EIBBAQyFjBodHRwOi8vYm94MTc3LmNjLnZ0LmVkdS9jZ2kt"
+ + "cHVibGljL2NoZWNrX3Jldl9jYT8wPAYJYIZIAYb4QgEDBC8WLWh0dHA6Ly9ib3gx"
+ + "NzcuY2MudnQuZWR1L2NnaS1wdWJsaWMvY2hlY2tfcmV2PzBLBglghkgBhvhCAQcE"
+ + "PhY8aHR0cHM6Ly9ib3gxNzcuY2MudnQuZWR1L35PcGVuQ0E4LjAxMDYzMC9jZ2kt"
+ + "cHVibGljL3JlbmV3YWw/MCwGCWCGSAGG+EIBCAQfFh1odHRwOi8vd3d3LnBraS52"
+ + "dC5lZHUvY2EvY3BzLzANBgkqhkiG9w0BAQQFAAOCAQEAHJ2ls9yjpZVcu5DqiE67"
+ + "r7BfkdMnm7IOj2v8cd4EAlPp6OPBmjwDMwvKRBb/P733kLBqFNWXWKTpT008R0KB"
+ + "8kehbx4h0UPz9vp31zhGv169+5iReQUUQSIwTGNWGLzrT8kPdvxiSAvdAJxcbRBm"
+ + "KzDic5I8PoGe48kSCkPpT1oNmnivmcu5j1SMvlx0IS2BkFMksr0OHiAW1elSnE/N"
+ + "RuX2k73b3FucwVxB3NRo3vgoHPCTnh9r4qItAHdxFlF+pPtbw2oHESKRfMRfOIHz"
+ + "CLQWSIa6Tvg4NIV3RRJ0sbCObesyg08lymalQMdkXwtRn5eGE00SHWwEUjSXP2gR"
+ + "3g==");
+
+ static byte[] certWithBaseCertificateID = Base64.decode(
+ "MIIBqzCCARQCAQEwSKBGMD6kPDA6MQswCQYDVQQGEwJJVDEOMAwGA1UEChMFVU5JVE4xDDAKBgNV"
+ + "BAsTA0RJVDENMAsGA1UEAxMEcm9vdAIEAVMVjqB6MHikdjB0MQswCQYDVQQGEwJBVTEoMCYGA1UE"
+ + "ChMfVGhlIExlZ2lvbiBvZiB0aGUgQm91bmN5IENhc3RsZTEjMCEGA1UECxMaQm91bmN5IFByaW1h"
+ + "cnkgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUJvdW5jeSBDYXN0bGUwDQYJKoZIhvcNAQEFBQACBQKW"
+ + "RhnHMCIYDzIwMDUxMjEyMTIwMDQyWhgPMjAwNTEyMTkxMjAxMzJaMA8wDQYDVRhIMQaBBGVWSVAw"
+ + "DQYJKoZIhvcNAQEFBQADgYEAUAVin9StDaA+InxtXq/av6rUQLI9p1X6louBcj4kYJnxRvTrHpsr"
+ + "N3+i9Uq/uk5lRdAqmPFvcmSbuE3TRAsjrXON5uFiBBKZ1AouLqcr8nHbwcdwjJ9TyUNO9I4hfpSH"
+ + "UHHXMtBKgp4MOkhhX8xTGyWg3hp23d3GaUeg/IYlXBI=");
+
+ byte[] holderCertWithBaseCertificateID = Base64.decode(
+ "MIIBwDCCASmgAwIBAgIEAVMVjjANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJJVDEOMAwGA1UE"
+ + "ChMFVU5JVE4xDDAKBgNVBAsTA0RJVDENMAsGA1UEAxMEcm9vdDAeFw0wNTExMTExMjAxMzJaFw0w"
+ + "NjA2MTYxMjAxMzJaMD4xCzAJBgNVBAYTAklUMQ4wDAYDVQQKEwVVTklUTjEMMAoGA1UECxMDRElU"
+ + "MREwDwYDVQQDEwhMdWNhQm9yejBaMA0GCSqGSIb3DQEBAQUAA0kAMEYCQQC0p+RhcFdPFqlwgrIr"
+ + "5YtqKmKXmEGb4ShypL26Ymz66ZAPdqv7EhOdzl3lZWT6srZUMWWgQMYGiHQg4z2R7X7XAgERoxUw"
+ + "EzARBglghkgBhvhCAQEEBAMCBDAwDQYJKoZIhvcNAQEFBQADgYEAsX50VPQQCWmHvPq9y9DeCpmS"
+ + "4szcpFAhpZyn6gYRwY9CRZVtmZKH8713XhkGDWcIEMcG0u3oTz3tdKgPU5uyIPrDEWr6w8ClUj4x"
+ + "5aVz5c2223+dVY7KES//JSB2bE/KCIchN3kAioQ4K8O3e0OL6oDVjsqKGw5bfahgKuSIk/Q=");
+
+
+ public String getName()
+ {
+ return "AttrCertTest";
+ }
+
+ private void testCertWithBaseCertificateID()
+ throws Exception
+ {
+ X509AttributeCertificateHolder attrCert = new X509AttributeCertificateHolder(certWithBaseCertificateID);
+ CertificateFactory fact = CertificateFactory.getInstance("X.509", "SC");
+ X509Certificate cert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(holderCertWithBaseCertificateID));
+
+ AttributeCertificateHolder holder = attrCert.getHolder();
+
+ if (holder.getEntityNames() != null)
+ {
+ fail("entity names set when none expected");
+ }
+
+ if (!holder.getSerialNumber().equals(cert.getSerialNumber()))
+ {
+ fail("holder serial number doesn't match");
+ }
+
+ if (!holder.getIssuer()[0].equals(new JcaX509CertificateHolder(cert).getIssuer()))
+ {
+ fail("holder issuer doesn't match");
+ }
+
+ if (!holder.match(new JcaX509CertificateHolder(cert)))
+ {
+ fail("holder not matching holder certificate");
+ }
+
+ if (!holder.equals(holder.clone()))
+ {
+ fail("holder clone test failed");
+ }
+
+ if (!attrCert.getIssuer().equals(attrCert.getIssuer().clone()))
+ {
+ fail("issuer clone test failed");
+ }
+
+ //equalityAndHashCodeTest(attrCert, certWithBaseCertificateID);
+ }
+
+ private void equalityAndHashCodeTest(X509AttributeCertificateHolder attrCert, byte[] encoding)
+ throws IOException
+ {
+ if (!attrCert.equals(attrCert))
+ {
+ fail("same certificate not equal");
+ }
+
+ if (!attrCert.getHolder().equals(attrCert.getHolder()))
+ {
+ fail("same holder not equal");
+ }
+
+ if (!attrCert.getIssuer().equals(attrCert.getIssuer()))
+ {
+ fail("same issuer not equal");
+ }
+
+ if (attrCert.getHolder().equals(attrCert.getIssuer()))
+ {
+ fail("wrong holder equal");
+ }
+
+ if (attrCert.getIssuer().equals(attrCert.getHolder()))
+ {
+ fail("wrong issuer equal");
+ }
+
+ X509AttributeCertificateHolder attrCert2 = new X509AttributeCertificateHolder(encoding);
+
+ if (attrCert2.getHolder().hashCode() != attrCert.getHolder().hashCode())
+ {
+ fail("holder hashCode test failed");
+ }
+
+ if (!attrCert2.getHolder().equals(attrCert.getHolder()))
+ {
+ fail("holder equals test failed");
+ }
+
+ if (attrCert2.getIssuer().hashCode() != attrCert.getIssuer().hashCode())
+ {
+ fail("issuer hashCode test failed");
+ }
+
+ if (!attrCert2.getIssuer().equals(attrCert.getIssuer()))
+ {
+ fail("issuer equals test failed");
+ }
+ }
+
+ private void testGenerateWithCert()
+ throws Exception
+ {
+ CertificateFactory fact = CertificateFactory.getInstance("X.509","SC");
+ X509Certificate iCert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(signCert));
+
+ //
+ // a sample key pair.
+ //
+ RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
+ new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
+ new BigInteger("11", 16));
+
+ //
+ // set up the keys
+ //
+ PrivateKey privKey;
+ PublicKey pubKey;
+
+ KeyFactory kFact = KeyFactory.getInstance("RSA", "SC");
+
+ privKey = kFact.generatePrivate(RSA_PRIVATE_KEY_SPEC);
+ pubKey = kFact.generatePublic(pubKeySpec);
+
+ X509v2AttributeCertificateBuilder gen = new X509v2AttributeCertificateBuilder(
+ new AttributeCertificateHolder(new JcaX509CertificateHolder(iCert)),
+ new AttributeCertificateIssuer(new X500Name("cn=test")),
+ BigInteger.valueOf(1),
+ new Date(System.currentTimeMillis() - 50000),
+ new Date(System.currentTimeMillis() + 50000));
+
+ // the actual attributes
+ GeneralName roleName = new GeneralName(GeneralName.rfc822Name, "DAU123456789");
+ ASN1EncodableVector roleSyntax = new ASN1EncodableVector();
+ roleSyntax.add(roleName);
+
+ // roleSyntax OID: 2.5.24.72;
+
+ gen.addAttribute(new ASN1ObjectIdentifier("2.5.24.72"), new DERSequence(roleSyntax));
+
+ ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider(BC).build(privKey);
+
+ X509AttributeCertificateHolder aCert = gen.build(sigGen);
+
+ if (!aCert.isValidOn(new Date()))
+ {
+ fail("certificate invalid");
+ }
+
+ if (!aCert.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(pubKey)))
+ {
+ fail("certificate signature not valid");
+ }
+
+ AttributeCertificateHolder holder = aCert.getHolder();
+
+ if (holder.getEntityNames() != null)
+ {
+ fail("entity names set when none expected");
+ }
+
+ if (!holder.getSerialNumber().equals(iCert.getSerialNumber()))
+ {
+ fail("holder serial number doesn't match");
+ }
+
+ if (!holder.getIssuer()[0].equals(new JcaX509CertificateHolder(iCert).getIssuer()))
+ {
+ fail("holder issuer doesn't match");
+ }
+
+ if (!holder.match(new JcaX509CertificateHolder(iCert)))
+ {
+ fail("generated holder not matching holder certificate");
+ }
+
+ Attribute[] attrs = aCert.getAttributes(new ASN1ObjectIdentifier("2.5.24.72"));
+
+ if (attrs == null)
+ {
+ fail("attributes related to 2.5.24.72 not found");
+ }
+
+ Attribute attr = attrs[0];
+
+ if (!attr.getAttrType().getId().equals("2.5.24.72"))
+ {
+ fail("attribute oid mismatch");
+ }
+
+ ASN1Encodable[] values = attr.getAttrValues().toArray();
+
+ GeneralName role = GeneralNames.getInstance(values[0]).getNames()[0];
+
+ if (role.getTagNo() != GeneralName.rfc822Name)
+ {
+ fail("wrong general name type found in role");
+ }
+
+ if (!((ASN1String)role.getName()).getString().equals("DAU123456789"))
+ {
+ fail("wrong general name value found in role");
+ }
+
+ X509Certificate sCert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(holderCertWithBaseCertificateID));
+
+ if (holder.match(new JcaX509CertificateHolder(sCert)))
+ {
+ fail("generated holder matching wrong certificate");
+ }
+
+ equalityAndHashCodeTest(aCert, aCert.getEncoded());
+ }
+
+ private void testGenerateWithPrincipal()
+ throws Exception
+ {
+ CertificateFactory fact = CertificateFactory.getInstance("X.509","SC");
+ X509Certificate iCert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(signCert));
+
+ //
+ // a sample key pair.
+ //
+ RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
+ new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
+ new BigInteger("11", 16));
+
+ //
+ // set up the keys
+ //
+ PrivateKey privKey;
+ PublicKey pubKey;
+
+ KeyFactory kFact = KeyFactory.getInstance("RSA", "SC");
+
+ privKey = kFact.generatePrivate(RSA_PRIVATE_KEY_SPEC);
+ pubKey = kFact.generatePublic(pubKeySpec);
+
+ X509v2AttributeCertificateBuilder gen = new X509v2AttributeCertificateBuilder(
+ new AttributeCertificateHolder(new JcaX509CertificateHolder(iCert).getSubject()),
+ new AttributeCertificateIssuer(new X500Name("cn=test")),
+ BigInteger.valueOf(1),
+ new Date(System.currentTimeMillis() - 50000),
+ new Date(System.currentTimeMillis() + 50000));
+
+ // the actual attributes
+ GeneralName roleName = new GeneralName(GeneralName.rfc822Name, "DAU123456789");
+ ASN1EncodableVector roleSyntax = new ASN1EncodableVector();
+ roleSyntax.add(roleName);
+
+ // roleSyntax OID: 2.5.24.72
+
+ gen.addAttribute(new ASN1ObjectIdentifier("2.5.24.72"), new DERSequence(roleSyntax));
+
+ ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider(BC).build(privKey);
+
+ X509AttributeCertificateHolder aCert = gen.build(sigGen);
+
+ if (!aCert.isValidOn(new Date()))
+ {
+ fail("certificate invalid");
+ }
+
+ if (!aCert.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(pubKey)))
+ {
+ fail("certificate signature not valid");
+ }
+
+ AttributeCertificateHolder holder = aCert.getHolder();
+
+ if (holder.getEntityNames() == null)
+ {
+ fail("entity names not set when expected");
+ }
+
+ if (holder.getSerialNumber() != null)
+ {
+ fail("holder serial number found when none expected");
+ }
+
+ if (holder.getIssuer() != null)
+ {
+ fail("holder issuer found when none expected");
+ }
+
+ if (!holder.match(new JcaX509CertificateHolder(iCert)))
+ {
+ fail("generated holder not matching holder certificate");
+ }
+
+ X509Certificate sCert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(holderCertWithBaseCertificateID));
+
+ if (holder.match(sCert))
+ {
+ fail("principal generated holder matching wrong certificate");
+ }
+
+ equalityAndHashCodeTest(aCert, aCert.getEncoded());
+ }
+
+ public void performTest()
+ throws Exception
+ {
+ X509AttributeCertificateHolder aCert = new X509AttributeCertificateHolder(attrCert);
+ CertificateFactory fact = CertificateFactory.getInstance("X.509","SC");
+ X509Certificate sCert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(signCert));
+
+ if (!aCert.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(sCert)))
+ {
+ fail("certificate signature not valid");
+ }
+
+ //
+ // search test
+ //
+
+ List list = new ArrayList();
+
+ list.add(sCert);
+
+ Store store = new JcaCertStore(list);
+
+ Collection certs = store.getMatches(aCert.getIssuer());
+ if (certs.size() != 1 || !certs.contains(new JcaX509CertificateHolder(sCert)))
+ {
+ fail("sCert not found by issuer");
+ }
+
+ Attribute[] attrs = aCert.getAttributes(new ASN1ObjectIdentifier("1.3.6.1.4.1.6760.8.1.1"));
+ if (attrs == null || attrs.length != 1)
+ {
+ fail("attribute not found");
+ }
+
+ //
+ // reencode test
+ //
+ aCert = new X509AttributeCertificateHolder(aCert.getEncoded());
+
+ if (!aCert.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(sCert)))
+ {
+ fail("certificate signature not valid");
+ }
+
+ X509AttributeCertificateHolder saCert = new X509AttributeCertificateHolder(aCert.getEncoded());
+
+ if (!aCert.getNotAfter().equals(saCert.getNotAfter()))
+ {
+ fail("failed date comparison");
+ }
+
+ // base generator test
+
+ //
+ // a sample key pair.
+ //
+ RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
+ new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
+ new BigInteger("11", 16));
+
+ RSAPrivateCrtKeySpec privKeySpec = RSA_PRIVATE_KEY_SPEC;
+
+ //
+ // set up the keys
+ //
+ PrivateKey privKey;
+ PublicKey pubKey;
+
+ KeyFactory kFact = KeyFactory.getInstance("RSA", "SC");
+
+ privKey = kFact.generatePrivate(privKeySpec);
+ pubKey = kFact.generatePublic(pubKeySpec);
+
+ X509v2AttributeCertificateBuilder gen = new X509v2AttributeCertificateBuilder(
+ aCert.getHolder(),
+ aCert.getIssuer(),
+ aCert.getSerialNumber(),
+ new Date(System.currentTimeMillis() - 50000),
+ new Date(System.currentTimeMillis() + 50000));
+
+ gen.addAttribute(attrs[0].getAttrType(), attrs[0].getAttributeValues());
+
+ ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider(BC).build(privKey);
+
+ aCert = gen.build(sigGen);
+
+ if (!aCert.isValidOn(new Date()))
+ {
+ fail("certificate not valid");
+ }
+
+ if (!aCert.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(pubKey)))
+ {
+ fail("signature not valid");
+ }
+
+ // as the issuer is the same this should still work (even though it is not
+ // technically correct
+
+ certs = store.getMatches(aCert.getIssuer());
+ if (certs.size() != 1 || !certs.contains(new JcaX509CertificateHolder(sCert)))
+ {
+ fail("sCert not found by issuer");
+ }
+
+ attrs = aCert.getAttributes(new ASN1ObjectIdentifier("1.3.6.1.4.1.6760.8.1.1"));
+ if (attrs == null || attrs.length != 1)
+ {
+ fail("attribute not found");
+ }
+
+ //
+ // reencode test
+ //
+ aCert = new X509AttributeCertificateHolder(aCert.getEncoded());
+
+ if (!aCert.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(BC).build(pubKey)))
+ {
+ fail("signature not valid");
+ }
+
+ AttributeCertificateIssuer issuer = aCert.getIssuer();
+
+ X500Name[] principals = issuer.getNames();
+
+ //
+ // test holder
+ //
+ AttributeCertificateHolder holder = aCert.getHolder();
+
+ if (holder.getEntityNames() == null)
+ {
+ fail("entity names not set");
+ }
+
+ if (holder.getSerialNumber() != null)
+ {
+ fail("holder serial number set when none expected");
+ }
+
+ if (holder.getIssuer() != null)
+ {
+ fail("holder issuer set when none expected");
+ }
+
+ principals = holder.getEntityNames();
+
+ // X500Principal principal0 = new X500Principal(principals[0].getEncoded());
+ // if (!principal0.toString().equals("C=US, O=vt, OU=Class 2, OU=Virginia Tech User, CN=Markus Lorch (mlorch), EMAILADDRESS=mlorch@vt.edu"))
+ // {
+ // fail("principal[0] for entity names don't match");
+ // }
+
+ //
+ // extension test
+ //
+
+ if (aCert.hasExtensions())
+ {
+ fail("hasExtensions true with no extensions");
+ }
+
+ gen.addExtension(new ASN1ObjectIdentifier("1.1"), true, new DEROctetString(new byte[10]));
+
+ gen.addExtension(new ASN1ObjectIdentifier("2.2"), false, new DEROctetString(new byte[20]));
+
+ aCert = gen.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(privKey));
+
+ Set exts = aCert.getCriticalExtensionOIDs();
+
+ if (exts.size() != 1 || !exts.contains(new ASN1ObjectIdentifier("1.1")))
+ {
+ fail("critical extension test failed");
+ }
+
+ exts = aCert.getNonCriticalExtensionOIDs();
+
+ if (exts.size() != 1 || !exts.contains(new ASN1ObjectIdentifier("2.2")))
+ {
+ fail("non-critical extension test failed");
+ }
+
+ if (aCert.getCriticalExtensionOIDs().isEmpty())
+ {
+ fail("critical extensions not found");
+ }
+
+ Extension ext = aCert.getExtension(new ASN1ObjectIdentifier("1.1"));
+ ASN1Encodable extValue = ext.getParsedValue();
+
+ if (!extValue.equals(new DEROctetString(new byte[10])))
+ {
+ fail("wrong extension value found for 1.1");
+ }
+
+ testCertWithBaseCertificateID();
+ testGenerateWithCert();
+ testGenerateWithPrincipal();
+ }
+
+ public static void main(
+ String[] args)
+ {
+ Security.addProvider(new BouncyCastleProvider());
+
+ runTest(new AttrCertTest());
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-23 05:32:13 +0300