diff options
Diffstat (limited to 'pkix')
4 files changed, 171 insertions, 610 deletions
diff --git a/pkix/src/main/jdk1.1/org/bouncycastle/cert/crmf/bc/BcFixedLengthMGF1Padder.java b/pkix/src/main/jdk1.1/org/bouncycastle/cert/crmf/bc/BcFixedLengthMGF1Padder.java new file mode 100644 index 00000000..5af8e75b --- /dev/null +++ b/pkix/src/main/jdk1.1/org/bouncycastle/cert/crmf/bc/BcFixedLengthMGF1Padder.java @@ -0,0 +1,134 @@ +package org.bouncycastle.cert.crmf.bc; + +import java.security.SecureRandom; + +import org.bouncycastle.cert.crmf.EncryptedValuePadder; +import org.bouncycastle.crypto.Digest; +import org.bouncycastle.crypto.digests.SHA1Digest; +import org.bouncycastle.crypto.generators.MGF1BytesGenerator; +import org.bouncycastle.crypto.params.MGFParameters; + +/** + * An encrypted value padder that uses MGF1 as the basis of the padding. + */ +public class BcFixedLengthMGF1Padder + implements EncryptedValuePadder +{ + private int length; + private SecureRandom random; + private Digest dig = new SHA1Digest(); + + /** + * Create a padder to so that padded output will always be at least + * length bytes long. + * + * @param length fixed length for padded output. + */ + public BcFixedLengthMGF1Padder(int length) + { + this(length, null); + } + + /** + * Create a padder to so that padded output will always be at least + * length bytes long, using the passed in source of randomness to + * provide the random material for the padder. + * + * @param length fixed length for padded output. + * @param random a source of randomness. + */ + public BcFixedLengthMGF1Padder(int length, SecureRandom random) + { + this.length = length; + this.random = random; + } + + public byte[] getPaddedData(byte[] data) + { + byte[] bytes = new byte[length]; + byte[] seed = new byte[dig.getDigestSize()]; + byte[] mask = new byte[length - dig.getDigestSize()]; + + if (random == null) + { + random = new SecureRandom(); + } + + random.nextBytes(seed); + + MGF1BytesGenerator maskGen = new MGF1BytesGenerator(dig); + + maskGen.init(new MGFParameters(seed)); + + maskGen.generateBytes(mask, 0, mask.length); + + System.arraycopy(seed, 0, bytes, 0, seed.length); + System.arraycopy(data, 0, bytes, seed.length, data.length); + + for (int i = seed.length + data.length + 1; i != bytes.length; i++) + { + bytes[i] = (byte)(1 + nextByte(random)); + } + + for (int i = 0; i != mask.length; i++) + { + bytes[i + seed.length] ^= mask[i]; + } + + return bytes; + } + + public byte[] getUnpaddedData(byte[] paddedData) + { + byte[] seed = new byte[dig.getDigestSize()]; + byte[] mask = new byte[length - dig.getDigestSize()]; + + System.arraycopy(paddedData, 0, seed, 0, seed.length); + + MGF1BytesGenerator maskGen = new MGF1BytesGenerator(dig); + + maskGen.init(new MGFParameters(seed)); + + maskGen.generateBytes(mask, 0, mask.length); + + for (int i = 0; i != mask.length; i++) + { + paddedData[i + seed.length] ^= mask[i]; + } + + int end = 0; + + for (int i = paddedData.length - 1; i != seed.length; i--) + { + if (paddedData[i] == 0) + { + end = i; + break; + } + } + + if (end == 0) + { + throw new IllegalStateException("bad padding in encoding"); + } + + byte[] data = new byte[end - seed.length]; + + System.arraycopy(paddedData, seed.length, data, 0, data.length); + + return data; + } + + private int nextByte(SecureRandom random) + { + int bits, val; + do + { + bits = random.nextInt() & 0x7fffffff; + val = bits % 255; + } + while (bits - val + 254 < 0); + + return val; + } +} diff --git a/pkix/src/main/jdk1.1/org/bouncycastle/cms/jcajce/JcePasswordRecipient.java b/pkix/src/main/jdk1.1/org/bouncycastle/cms/jcajce/JcePasswordRecipient.java index 0cda97c4..ac144999 100644 --- a/pkix/src/main/jdk1.1/org/bouncycastle/cms/jcajce/JcePasswordRecipient.java +++ b/pkix/src/main/jdk1.1/org/bouncycastle/cms/jcajce/JcePasswordRecipient.java @@ -1,19 +1,22 @@ package org.bouncycastle.cms.jcajce; -import java.security.GeneralSecurityException; -import java.security.Key; -import java.security.Provider; import java.security.InvalidKeyException; +import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; +import java.security.Key; +import java.security.Provider; import javax.crypto.Cipher; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.pkcs.PBKDF2Params; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.cms.CMSException; import org.bouncycastle.cms.PasswordRecipient; +import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; +import org.bouncycastle.crypto.params.KeyParameter; /** * the RecipientInfo class for a recipient who has been sent a message @@ -74,12 +77,24 @@ public abstract class JcePasswordRecipient { throw new CMSException("cannot process content encryption key: " + e.getMessage(), e); } - catch (GeneralSecurityException e) + catch (InvalidAlgorithmParameterException e) { throw new CMSException("cannot process content encryption key: " + e.getMessage(), e); } } + public byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize) + throws CMSException + { + PBKDF2Params params = PBKDF2Params.getInstance(derivationAlgorithm.getParameters()); + + PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); + + gen.init(encodedPassword, params.getSalt(), params.getIterationCount().intValue()); + + return ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey(); + } + public int getPasswordConversionScheme() { return schemeID; diff --git a/pkix/src/main/jdk1.1/org/bouncycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java b/pkix/src/main/jdk1.1/org/bouncycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java index efbd266f..b5bb763c 100644 --- a/pkix/src/main/jdk1.1/org/bouncycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java +++ b/pkix/src/main/jdk1.1/org/bouncycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java @@ -1,9 +1,9 @@ package org.bouncycastle.cms.jcajce; import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; import java.security.Key; import java.security.Provider; -import java.security.InvalidKeyException; import javax.crypto.Cipher; import javax.crypto.spec.IvParameterSpec; @@ -11,9 +11,12 @@ import javax.crypto.spec.SecretKeySpec; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.pkcs.PBKDF2Params; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.cms.CMSException; import org.bouncycastle.cms.PasswordRecipientInfoGenerator; +import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; +import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.operator.GenericKey; public class JcePasswordRecipientInfoGenerator @@ -40,6 +43,18 @@ public class JcePasswordRecipientInfoGenerator return this; } + protected byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize) + throws CMSException + { + PBKDF2Params params = PBKDF2Params.getInstance(derivationAlgorithm.getParameters()); + + PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); + + gen.init(encodedPassword, params.getSalt(), params.getIterationCount().intValue()); + + return ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey(); + } + public byte[] generateEncryptedBytes(AlgorithmIdentifier keyEncryptionAlgorithm, byte[] derivedKey, GenericKey contentEncryptionKey) throws CMSException { @@ -54,11 +69,11 @@ public class JcePasswordRecipientInfoGenerator return keyEncryptionCipher.wrap(contentEncryptionKeySpec); } - catch (InvalidKeyException e) + catch (GeneralSecurityException e) { throw new CMSException("cannot process content encryption key: " + e.getMessage(), e); } - catch (GeneralSecurityException e) + catch (InvalidKeyException e) { throw new CMSException("cannot process content encryption key: " + e.getMessage(), e); } diff --git a/pkix/src/test/jdk1.3/org/bouncycastle/tsp/test/TSPTest.java b/pkix/src/test/jdk1.3/org/bouncycastle/tsp/test/TSPTest.java deleted file mode 100644 index ddd08653..00000000 --- a/pkix/src/test/jdk1.3/org/bouncycastle/tsp/test/TSPTest.java +++ /dev/null @@ -1,603 +0,0 @@ -package org.bouncycastle.tsp.test; - -import java.math.BigInteger; -import java.security.KeyPair; -import java.security.PrivateKey; -import org.bouncycastle.jce.cert.CertStore; -import org.bouncycastle.jce.cert.CollectionCertStoreParameters; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Date; -import java.util.HashSet; -import java.util.List; - -import junit.framework.TestCase; -import org.bouncycastle.asn1.cmp.PKIFailureInfo; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.tsp.GenTimeAccuracy; -import org.bouncycastle.tsp.TSPAlgorithms; -import org.bouncycastle.tsp.TSPValidationException; -import org.bouncycastle.tsp.TimeStampRequest; -import org.bouncycastle.tsp.TimeStampRequestGenerator; -import org.bouncycastle.tsp.TimeStampResponse; -import org.bouncycastle.tsp.TimeStampResponseGenerator; -import org.bouncycastle.tsp.TimeStampToken; -import org.bouncycastle.tsp.TimeStampTokenGenerator; -import org.bouncycastle.tsp.TimeStampTokenInfo; -import org.bouncycastle.util.Arrays; - -public class TSPTest - extends TestCase -{ - public void testGeneral() - throws Exception - { - String signDN = "O=Bouncy Castle, C=AU"; - KeyPair signKP = TSPTestUtil.makeKeyPair(); - X509Certificate signCert = TSPTestUtil.makeCACertificate(signKP, - signDN, signKP, signDN); - - String origDN = "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU"; - KeyPair origKP = TSPTestUtil.makeKeyPair(); - X509Certificate origCert = TSPTestUtil.makeCertificate(origKP, - origDN, signKP, signDN); - - - - List certList = new ArrayList(); - certList.add(origCert); - certList.add(signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), "BC"); - - basicTest(origKP.getPrivate(), origCert, certs); - responseValidationTest(origKP.getPrivate(), origCert, certs); - incorrectHashTest(origKP.getPrivate(), origCert, certs); - badAlgorithmTest(origKP.getPrivate(), origCert, certs); - timeNotAvailableTest(origKP.getPrivate(), origCert, certs); - badPolicyTest(origKP.getPrivate(), origCert, certs); - tokenEncodingTest(origKP.getPrivate(), origCert, certs); - certReqTest(origKP.getPrivate(), origCert, certs); - testAccuracyZeroCerts(origKP.getPrivate(), origCert, certs); - testAccuracyWithCertsAndOrdering(origKP.getPrivate(), origCert, certs); - testNoNonse(origKP.getPrivate(), origCert, certs); - } - - private void basicTest( - PrivateKey privateKey, - X509Certificate cert, - CertStore certs) - throws Exception - { - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( - privateKey, cert, TSPAlgorithms.SHA1, "1.2"); - - tsTokenGen.setCertificatesAndCRLs(certs); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - - TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date(), "BC"); - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampToken tsToken = tsResp.getTimeStampToken(); - - tsToken.validate(cert, "BC"); - - AttributeTable table = tsToken.getSignedAttributes(); - - assertNotNull("no signingCertificate attribute found", table.get(PKCSObjectIdentifiers.id_aa_signingCertificate)); - } - - private void responseValidationTest( - PrivateKey privateKey, - X509Certificate cert, - CertStore certs) - throws Exception - { - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( - privateKey, cert, TSPAlgorithms.MD5, "1.2"); - - tsTokenGen.setCertificatesAndCRLs(certs); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - - TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date(), "BC"); - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampToken tsToken = tsResp.getTimeStampToken(); - - tsToken.validate(cert, "BC"); - - // - // check validation - // - tsResp.validate(request); - - try - { - request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(101)); - - tsResp.validate(request); - - fail("response validation failed on invalid nonce."); - } - catch (TSPValidationException e) - { - // ignore - } - - try - { - request = reqGen.generate(TSPAlgorithms.SHA1, new byte[22], BigInteger.valueOf(100)); - - tsResp.validate(request); - - fail("response validation failed on wrong digest."); - } - catch (TSPValidationException e) - { - // ignore - } - - try - { - request = reqGen.generate(TSPAlgorithms.MD5, new byte[20], BigInteger.valueOf(100)); - - tsResp.validate(request); - - fail("response validation failed on wrong digest."); - } - catch (TSPValidationException e) - { - // ignore - } - } - - private void incorrectHashTest( - PrivateKey privateKey, - X509Certificate cert, - CertStore certs) - throws Exception - { - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( - privateKey, cert, TSPAlgorithms.SHA1, "1.2"); - - tsTokenGen.setCertificatesAndCRLs(certs); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[16]); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - - TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date(), "BC"); - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampToken tsToken = tsResp.getTimeStampToken(); - - if (tsToken != null) - { - fail("incorrectHash - token not null."); - } - - PKIFailureInfo failInfo = tsResp.getFailInfo(); - - if (failInfo == null) - { - fail("incorrectHash - failInfo set to null."); - } - - if (failInfo.intValue() != PKIFailureInfo.badDataFormat) - { - fail("incorrectHash - wrong failure info returned."); - } - } - - private void badAlgorithmTest( - PrivateKey privateKey, - X509Certificate cert, - CertStore certs) - throws Exception - { - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( - privateKey, cert, TSPAlgorithms.SHA1, "1.2"); - - tsTokenGen.setCertificatesAndCRLs(certs); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - TimeStampRequest request = reqGen.generate("1.2.3.4.5", new byte[20]); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - - TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date(), "BC"); - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampToken tsToken = tsResp.getTimeStampToken(); - - if (tsToken != null) - { - fail("badAlgorithm - token not null."); - } - - PKIFailureInfo failInfo = tsResp.getFailInfo(); - - if (failInfo == null) - { - fail("badAlgorithm - failInfo set to null."); - } - - if (failInfo.intValue() != PKIFailureInfo.badAlg) - { - fail("badAlgorithm - wrong failure info returned."); - } - } - - private void timeNotAvailableTest( - PrivateKey privateKey, - X509Certificate cert, - CertStore certs) - throws Exception - { - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( - privateKey, cert, TSPAlgorithms.SHA1, "1.2"); - - tsTokenGen.setCertificatesAndCRLs(certs); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - TimeStampRequest request = reqGen.generate("1.2.3.4.5", new byte[20]); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - - TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), null, "BC"); - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampToken tsToken = tsResp.getTimeStampToken(); - - if (tsToken != null) - { - fail("timeNotAvailable - token not null."); - } - - PKIFailureInfo failInfo = tsResp.getFailInfo(); - - if (failInfo == null) - { - fail("timeNotAvailable - failInfo set to null."); - } - - if (failInfo.intValue() != PKIFailureInfo.timeNotAvailable) - { - fail("timeNotAvailable - wrong failure info returned."); - } - } - - private void badPolicyTest( - PrivateKey privateKey, - X509Certificate cert, - CertStore certs) - throws Exception - { - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( - privateKey, cert, TSPAlgorithms.SHA1, "1.2"); - - tsTokenGen.setCertificatesAndCRLs(certs); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - - reqGen.setReqPolicy("1.1"); - - TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20]); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED, new HashSet()); - - TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date(), "BC"); - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampToken tsToken = tsResp.getTimeStampToken(); - - if (tsToken != null) - { - fail("badPolicy - token not null."); - } - - PKIFailureInfo failInfo = tsResp.getFailInfo(); - - if (failInfo == null) - { - fail("badPolicy - failInfo set to null."); - } - - if (failInfo.intValue() != PKIFailureInfo.unacceptedPolicy) - { - fail("badPolicy - wrong failure info returned."); - } - } - - private void certReqTest( - PrivateKey privateKey, - X509Certificate cert, - CertStore certs) - throws Exception - { - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( - privateKey, cert, TSPAlgorithms.MD5, "1.2"); - - tsTokenGen.setCertificatesAndCRLs(certs); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - - // - // request with certReq false - // - reqGen.setCertReq(false); - - TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - - TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date(), "BC"); - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampToken tsToken = tsResp.getTimeStampToken(); - - assertNull(tsToken.getTimeStampInfo().getGenTimeAccuracy()); // check for abscence of accuracy - - assertEquals("1.2", tsToken.getTimeStampInfo().getPolicy().getId()); - - try - { - tsToken.validate(cert, "BC"); - } - catch (TSPValidationException e) - { - fail("certReq(false) verification of token failed."); - } - - CertStore respCerts = tsToken.getCertificatesAndCRLs("Collection", "BC"); - - Collection certsColl = respCerts.getCertificates(null); - - if (!certsColl.isEmpty()) - { - fail("certReq(false) found certificates in response."); - } - } - - - private void tokenEncodingTest( - PrivateKey privateKey, - X509Certificate cert, - CertStore certs) - throws Exception - { - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( - privateKey, cert, TSPAlgorithms.SHA1, "1.2.3.4.5.6"); - - tsTokenGen.setCertificatesAndCRLs(certs); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date(), "BC"); - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampResponse tsResponse = new TimeStampResponse(tsResp.getEncoded()); - - if (!Arrays.areEqual(tsResponse.getEncoded(), tsResp.getEncoded()) - || !Arrays.areEqual(tsResponse.getTimeStampToken().getEncoded(), - tsResp.getTimeStampToken().getEncoded())) - { - fail(); - } - } - - private void testAccuracyZeroCerts( - PrivateKey privateKey, - X509Certificate cert, - CertStore certs) - throws Exception - { - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( - privateKey, cert, TSPAlgorithms.MD5, "1.2"); - - tsTokenGen.setCertificatesAndCRLs(certs); - - tsTokenGen.setAccuracySeconds(1); - tsTokenGen.setAccuracyMillis(2); - tsTokenGen.setAccuracyMicros(3); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - - TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date(), "BC"); - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampToken tsToken = tsResp.getTimeStampToken(); - - tsToken.validate(cert, "BC"); - - // - // check validation - // - tsResp.validate(request); - - // - // check tstInfo - // - TimeStampTokenInfo tstInfo = tsToken.getTimeStampInfo(); - - // - // check accuracy - // - GenTimeAccuracy accuracy = tstInfo.getGenTimeAccuracy(); - - assertEquals(1, accuracy.getSeconds()); - assertEquals(2, accuracy.getMillis()); - assertEquals(3, accuracy.getMicros()); - - assertEquals(new BigInteger("23"), tstInfo.getSerialNumber()); - - assertEquals("1.2", tstInfo.getPolicy().getId()); - - // - // test certReq - // - CertStore store = tsToken.getCertificatesAndCRLs("Collection", "BC"); - - Collection certificates = store.getCertificates(null); - - assertEquals(0, certificates.size()); - } - - private void testAccuracyWithCertsAndOrdering( - PrivateKey privateKey, - X509Certificate cert, - CertStore certs) - throws Exception - { - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( - privateKey, cert, TSPAlgorithms.MD5, "1.2.3"); - - tsTokenGen.setCertificatesAndCRLs(certs); - - tsTokenGen.setAccuracySeconds(3); - tsTokenGen.setAccuracyMillis(1); - tsTokenGen.setAccuracyMicros(2); - - tsTokenGen.setOrdering(true); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - - reqGen.setCertReq(true); - - TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); - - assertTrue(request.getCertReq()); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - - TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date(), "BC"); - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampToken tsToken = tsResp.getTimeStampToken(); - - tsToken.validate(cert, "BC"); - - // - // check validation - // - tsResp.validate(request); - - // - // check tstInfo - // - TimeStampTokenInfo tstInfo = tsToken.getTimeStampInfo(); - - // - // check accuracy - // - GenTimeAccuracy accuracy = tstInfo.getGenTimeAccuracy(); - - assertEquals(3, accuracy.getSeconds()); - assertEquals(1, accuracy.getMillis()); - assertEquals(2, accuracy.getMicros()); - - assertEquals(new BigInteger("23"), tstInfo.getSerialNumber()); - - assertEquals("1.2.3", tstInfo.getPolicy().getId()); - - assertEquals(true, tstInfo.isOrdered()); - - assertEquals(tstInfo.getNonce(), BigInteger.valueOf(100)); - - // - // test certReq - // - CertStore store = tsToken.getCertificatesAndCRLs("Collection", "BC"); - - Collection certificates = store.getCertificates(null); - - assertEquals(2, certificates.size()); - } - - private void testNoNonse( - PrivateKey privateKey, - X509Certificate cert, - CertStore certs) - throws Exception - { - TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( - privateKey, cert, TSPAlgorithms.MD5, "1.2.3"); - - tsTokenGen.setCertificatesAndCRLs(certs); - - TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); - TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20]); - - assertFalse(request.getCertReq()); - - TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED); - - TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("24"), new Date(), "BC"); - - tsResp = new TimeStampResponse(tsResp.getEncoded()); - - TimeStampToken tsToken = tsResp.getTimeStampToken(); - - tsToken.validate(cert, "BC"); - - // - // check validation - // - tsResp.validate(request); - - // - // check tstInfo - // - TimeStampTokenInfo tstInfo = tsToken.getTimeStampInfo(); - - // - // check accuracy - // - GenTimeAccuracy accuracy = tstInfo.getGenTimeAccuracy(); - - assertNull(accuracy); - - assertEquals(new BigInteger("24"), tstInfo.getSerialNumber()); - - assertEquals("1.2.3", tstInfo.getPolicy().getId()); - - assertEquals(false, tstInfo.isOrdered()); - - assertNull(tstInfo.getNonce()); - - // - // test certReq - // - CertStore store = tsToken.getCertificatesAndCRLs("Collection", "BC"); - - Collection certificates = store.getCertificates(null); - - assertEquals(0, certificates.size()); - } -} |