From 86d074dbcf9b6bab29985eee7b7187f3b85b0f43 Mon Sep 17 00:00:00 2001 From: David Hook Date: Mon, 30 Jun 2014 14:31:21 +1000 Subject: 1.3 compatibility updates, minor cleanups. --- .../org/bouncycastle/cert/test/BcCertTest.java | 1 - .../bouncycastle/cert/path/test/CertPathTest.java | 370 +++++ .../org/bouncycastle/cert/test/BcCertTest.java | 1418 ++++++++++++++++++ .../org/bouncycastle/cert/test/PKCS10Test.java | 2 + .../jdk1.3/org/bouncycastle/cms/test/AllTests.java | 24 +- .../org/bouncycastle/cms/test/Rfc4134Test.java | 430 ------ .../cms/test/SignedDataStreamTest.java | 1158 -------------- .../org/bouncycastle/cms/test/SignedDataTest.java | 1573 -------------------- .../org/bouncycastle/openssl/test/ReaderTest.java | 323 ---- 9 files changed, 1806 insertions(+), 3493 deletions(-) create mode 100644 pkix/src/test/jdk1.3/org/bouncycastle/cert/path/test/CertPathTest.java create mode 100644 pkix/src/test/jdk1.3/org/bouncycastle/cert/test/BcCertTest.java delete mode 100644 pkix/src/test/jdk1.3/org/bouncycastle/cms/test/Rfc4134Test.java delete mode 100644 pkix/src/test/jdk1.3/org/bouncycastle/cms/test/SignedDataStreamTest.java delete mode 100644 pkix/src/test/jdk1.3/org/bouncycastle/cms/test/SignedDataTest.java delete mode 100644 pkix/src/test/jdk1.3/org/bouncycastle/openssl/test/ReaderTest.java (limited to 'pkix') diff --git a/pkix/src/test/java/org/bouncycastle/cert/test/BcCertTest.java b/pkix/src/test/java/org/bouncycastle/cert/test/BcCertTest.java index a0eb89c7..fd551381 100644 --- a/pkix/src/test/java/org/bouncycastle/cert/test/BcCertTest.java +++ b/pkix/src/test/java/org/bouncycastle/cert/test/BcCertTest.java @@ -62,7 +62,6 @@ import org.bouncycastle.crypto.params.RSAKeyGenerationParameters; import org.bouncycastle.crypto.params.RSAKeyParameters; import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory; -import org.bouncycastle.cert.test.PEMData; import org.bouncycastle.operator.ContentSigner; import org.bouncycastle.operator.ContentVerifierProvider; import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder; diff --git a/pkix/src/test/jdk1.3/org/bouncycastle/cert/path/test/CertPathTest.java b/pkix/src/test/jdk1.3/org/bouncycastle/cert/path/test/CertPathTest.java new file mode 100644 index 00000000..d487afb0 --- /dev/null +++ b/pkix/src/test/jdk1.3/org/bouncycastle/cert/path/test/CertPathTest.java @@ -0,0 +1,370 @@ +package org.bouncycastle.cert.path.test; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.ObjectOutputStream; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PublicKey; +import java.security.Security; +import java.security.SignatureException; +import org.bouncycastle.jce.cert.CertPath; +import org.bouncycastle.jce.cert.CertPathBuilder; +import org.bouncycastle.jce.cert.CertPathBuilderException; +import org.bouncycastle.jce.cert.CertPathBuilderResult; +import org.bouncycastle.jce.cert.CertStore; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import org.bouncycastle.jce.cert.CertificateFactory; +import org.bouncycastle.jce.cert.CollectionCertStoreParameters; +import org.bouncycastle.jce.cert.PKIXBuilderParameters; +import org.bouncycastle.jce.cert.TrustAnchor; +import org.bouncycastle.jce.cert.X509CertSelector; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Set; +import java.util.Vector; + +import org.bouncycastle.jce.X509Principal; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.util.encoders.Base64; +import org.bouncycastle.util.test.SimpleTest; + +public class CertPathTest + extends SimpleTest +{ + public static byte[] rootCertBin = Base64.decode( + "MIIBqzCCARQCAQEwDQYJKoZIhvcNAQEFBQAwHjEcMBoGA1UEAxMTVGVzdCBDQSBDZXJ0aWZpY2F0ZTAeFw0wODA5MDQwNDQ1MDhaFw0wODA5MTEwNDQ1MDhaMB4xHDAaBgNVBAMTE1Rlc3QgQ0EgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMRLUjhPe4YUdLo6EcjKcWUOG7CydFTH53Pr1lWjOkbmszYDpkhCTT9LOsI+disk18nkBxSl8DAHTqV+VxtuTPt64iyi10YxyDeep+DwZG/f8cVQv97U3hA9cLurZ2CofkMLGr6JpSGCMZ9FcstcTdHB4lbErIJ54YqfF4pNOs4/AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAgyrTEFY7ALpeY59jL6xFOLpuPqoBOWrUWv6O+zy5BCU0qiX71r3BpigtxRj+DYcfLIM9FNERDoHu3TthD3nwYWUBtFX8N0QUJIdJabxqAMhLjSC744koiFpCYse5Ye3ZvEdFwDzgAQsJTp5eFGgTZPkPzcdhkFJ2p9+OWs+cb24="); + + + static byte[] interCertBin = Base64.decode( + "MIICSzCCAbSgAwIBAgIBATANBgkqhkiG9w0BAQUFADAeMRwwGgYDVQQDExNUZXN0IENBIENlcnRpZmljYXRlMB4XDTA4MDkwNDA0NDUwOFoXDTA4MDkxMTA0NDUwOFowKDEmMCQGA1UEAxMdVGVzdCBJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAISS9OOZ2wxzdWny9aVvk4Joq+dwSJ+oqvHUxX3PflZyuiLiCBUOUE4q59dGKdtNX5fIfwyK3cpV0e73Y/0fwfM3m9rOWFrCKOhfeswNTes0w/2PqPVVDDsF/nj7NApuqXwioeQlgTL251RDF4sVoxXqAU7lRkcqwZt3mwqS4KTJAgMBAAGjgY4wgYswRgYDVR0jBD8wPYAUhv8BOT27EB9JaCccJD4YASPP5XWhIqQgMB4xHDAaBgNVBAMTE1Rlc3QgQ0EgQ2VydGlmaWNhdGWCAQEwHQYDVR0OBBYEFL/IwAGOkHzaQyPZegy79CwM5oTFMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4GBAE4TRgUz4sUvZyVdZxqV+XyNRnqXAeLOOqFGYv2D96tQrS+zjd0elVlT6lFrtchZdOmmX7R6/H/tjMWMcTBICZyRYrvK8cCAmDOI+EIdq5p6lj2Oq6Pbw/wruojAqNrpaR6IkwNpWtdOSSupv4IJL+YU9q2YFTh4R1j3tOkPoFGr"); + + static byte[] finalCertBin = Base64.decode( + "MIICRjCCAa+gAwIBAgIBATANBgkqhkiG9w0BAQUFADAoMSYwJAYDVQQDEx1UZXN0IEludGVybWVkaWF0ZSBDZXJ0aWZpY2F0ZTAeFw0wODA5MDQwNDQ1MDhaFw0wODA5MTEwNDQ1MDhaMB8xHTAbBgNVBAMTFFRlc3QgRW5kIENlcnRpZmljYXRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChpUeo0tPYywWKiLlbWKNJBcCpSaLSlaZ+4+yer1AxI5yJIVHP6SAlBghlbD5Qne5ImnN/15cz1xwYAiul6vGKJkVPlFEe2Mr+g/J/WJPQQPsjbZ1G+vxbAwXEDA4KaQrnpjRZFq+CdKHwOjuPLYS/MYQNgdIvDVEQcTbPQ8GaiQIDAQABo4GIMIGFMEYGA1UdIwQ/MD2AFL/IwAGOkHzaQyPZegy79CwM5oTFoSKkIDAeMRwwGgYDVQQDExNUZXN0IENBIENlcnRpZmljYXRlggEBMB0GA1UdDgQWBBSVkw+VpqBf3zsLc/9GdkK9TzHPwDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFoDANBgkqhkiG9w0BAQUFAAOBgQBLv/0bVDjzTs/y1vN3FUiZNknEbzupIZduTuXJjqv/vBX+LDPjUfu/+iOCXOSKoRn6nlOWhwB1z6taG2usQkFG8InMkRcPREi2uVgFdhJ/1C3dAWhsdlubjdL926bftXvxnx/koDzyrePW5U96RlOQM2qLvbaky2Giz6hrc3Wl+w=="); + public static byte[] rootCrlBin = Base64.decode( + "MIIBYjCBzAIBATANBgkqhkiG9w0BAQsFADAeMRwwGgYDVQQDExNUZXN0IENBIENlcnRpZmljYXRlFw0wODA5MDQwNDQ1MDhaFw0wODA5MDQwNzMxNDhaMCIwIAIBAhcNMDgwOTA0MDQ0NTA4WjAMMAoGA1UdFQQDCgEJoFYwVDBGBgNVHSMEPzA9gBSG/wE5PbsQH0loJxwkPhgBI8/ldaEipCAwHjEcMBoGA1UEAxMTVGVzdCBDQSBDZXJ0aWZpY2F0ZYIBATAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQsFAAOBgQCAbaFCo0BNG4AktVf6jjBLeawP1u0ELYkOCEGvYZE0mBpQ+OvFg7subZ6r3lRIj030nUli28sPFtu5ZQMBNcpE4nS1ziF44RfT3Lp5UgHx9x17Krz781iEyV+7zU8YxYMY9wULD+DCuK294kGKIssVNbmTYXZatBNoXQN5CLIocA=="); + static byte[] interCrlBin = Base64.decode( + "MIIBbDCB1gIBATANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDEx1UZXN0IEludGVybWVkaWF0ZSBDZXJ0aWZpY2F0ZRcNMDgwOTA0MDQ0NTA4WhcNMDgwOTA0MDczMTQ4WjAiMCACAQIXDTA4MDkwNDA0NDUwOFowDDAKBgNVHRUEAwoBCaBWMFQwRgYDVR0jBD8wPYAUv8jAAY6QfNpDI9l6DLv0LAzmhMWhIqQgMB4xHDAaBgNVBAMTE1Rlc3QgQ0EgQ2VydGlmaWNhdGWCAQEwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQELBQADgYEAEVCr5TKs5yguGgLH+dBzmSPoeSIWJFLsgWwJEit/iUDJH3dgYmaczOcGxIDtbYYHLWIHM+P2YRyQz3MEkCXEgm/cx4y7leAmux5l+xQWgmxFPz+197vaphPeCZo+B7V1CWtm518gcq4mrs9ovfgNqgyFj7KGjcBpWdJE32KMt50="); + + /* + * certpath with a circular reference + */ + static byte[] certA = Base64.decode( + "MIIC6jCCAlOgAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBjTEPMA0GA1UEAxMGSW50" + + "ZXIzMQswCQYDVQQGEwJDSDEPMA0GA1UEBxMGWnVyaWNoMQswCQYDVQQIEwJaSDEX" + + "MBUGA1UEChMOUHJpdmFzcGhlcmUgQUcxEDAOBgNVBAsTB1Rlc3RpbmcxJDAiBgkq" + + "hkiG9w0BCQEWFWFybWluQHByaXZhc3BoZXJlLmNvbTAeFw0wNzA0MDIwODQ2NTda" + + "Fw0xNzAzMzAwODQ0MDBaMIGlMScwJQYDVQQDHh4AQQByAG0AaQBuACAASADkAGIA" + + "ZQByAGwAaQBuAGcxCzAJBgNVBAYTAkNIMQ8wDQYDVQQHEwZadXJpY2gxCzAJBgNV" + + "BAgTAlpIMRcwFQYDVQQKEw5Qcml2YXNwaGVyZSBBRzEQMA4GA1UECxMHVGVzdGlu" + + "ZzEkMCIGCSqGSIb3DQEJARYVYXJtaW5AcHJpdmFzcGhlcmUuY29tMIGfMA0GCSqG" + + "SIb3DQEBAQUAA4GNADCBiQKBgQCfHfyVs5dbxG35H/Thd29qR4NZU88taCu/OWA1" + + "GdACI02lXWYpmLWiDgnU0ULP+GG8OnVp1IES9fz2zcrXKQ19xZzsen/To3h5sNte" + + "cJpS00XMM24q/jDwy5NvkBP9YIfFKQ1E/0hFHXcqwlw+b/y/v6YGsZCU2h6QDzc4" + + "5m0+BwIDAQABo0AwPjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIE8DAeBglg" + + "hkgBhvhCAQ0EERYPeGNhIGNlcnRpZmljYXRlMA0GCSqGSIb3DQEBBQUAA4GBAJEu" + + "KiSfIwsY7SfobMLrv2v/BtLhGLi4RnmjiwzBhuv5rn4rRfBpq1ppmqQMJ2pmA67v" + + "UWCY+mNwuyjHyivpCCyJGsZ9d5H09g2vqxzkDBMz7X9VNMZYFH8j/R3/Cfvqks31" + + "z0OFslJkeKLa1I0P/dfVHsRKNkLRT3Ws5LKksErQ"); + + static byte[] certB = Base64.decode( + "MIICtTCCAh6gAwIBAgIBBDANBgkqhkiG9w0BAQQFADCBjTEPMA0GA1UEAxMGSW50" + + "ZXIyMQswCQYDVQQGEwJDSDEPMA0GA1UEBxMGWnVyaWNoMQswCQYDVQQIEwJaSDEX" + + "MBUGA1UEChMOUHJpdmFzcGhlcmUgQUcxEDAOBgNVBAsTB1Rlc3RpbmcxJDAiBgkq" + + "hkiG9w0BCQEWFWFybWluQHByaXZhc3BoZXJlLmNvbTAeFw0wNzA0MDIwODQ2Mzha" + + "Fw0xNzAzMzAwODQ0MDBaMIGNMQ8wDQYDVQQDEwZJbnRlcjMxCzAJBgNVBAYTAkNI" + + "MQ8wDQYDVQQHEwZadXJpY2gxCzAJBgNVBAgTAlpIMRcwFQYDVQQKEw5Qcml2YXNw" + + "aGVyZSBBRzEQMA4GA1UECxMHVGVzdGluZzEkMCIGCSqGSIb3DQEJARYVYXJtaW5A" + + "cHJpdmFzcGhlcmUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxCXIB" + + "QRnmVvl2h7Q+0SsRxDLnyM1dJG9jMa+UCCmHy0k/ZHs5VirSbjEJSjkQ9BGeh9SC" + + "7JwbMpXO7UE+gcVc2RnWUY+MA+fWIeTV4KtkYA8WPu8wVGCXbN8wwh/StOocszxb" + + "g+iLvGeh8CYSRqg6QN3S/02etH3o8H4e7Z0PZwIDAQABoyMwITAPBgNVHRMBAf8E" + + "BTADAQH/MA4GA1UdDwEB/wQEAwIB9jANBgkqhkiG9w0BAQQFAAOBgQCtWdirSsmt" + + "+CBBCNn6ZnbU3QqQfiiQIomjenNEHESJgaS/+PvPE5i3xWFXsunTHLW321/Km16I" + + "7+ZvT8Su1cqHg79NAT8QB0yke1saKSy2C0Pic4HwrNqVBWFNSxMU0hQzpx/ZXDbZ" + + "DqIXAp5EfyRYBy2ul+jm6Rot6aFgzuopKg=="); + + static byte[] certC = Base64.decode( + "MIICtTCCAh6gAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBjTEPMA0GA1UEAxMGSW50" + + "ZXIxMQswCQYDVQQGEwJDSDEPMA0GA1UEBxMGWnVyaWNoMQswCQYDVQQIEwJaSDEX" + + "MBUGA1UEChMOUHJpdmFzcGhlcmUgQUcxEDAOBgNVBAsTB1Rlc3RpbmcxJDAiBgkq" + + "hkiG9w0BCQEWFWFybWluQHByaXZhc3BoZXJlLmNvbTAeFw0wNzA0MDIwODQ0Mzla" + + "Fw0xNzAzMzAwODQ0MDBaMIGNMQ8wDQYDVQQDEwZJbnRlcjIxCzAJBgNVBAYTAkNI" + + "MQ8wDQYDVQQHEwZadXJpY2gxCzAJBgNVBAgTAlpIMRcwFQYDVQQKEw5Qcml2YXNw" + + "aGVyZSBBRzEQMA4GA1UECxMHVGVzdGluZzEkMCIGCSqGSIb3DQEJARYVYXJtaW5A" + + "cHJpdmFzcGhlcmUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0rLr6" + + "f2/ONeJzTb0q9M/NNX+MnAFMSqiQGVBkT76u5nOH4KLkpHXkzI82JI7GuQMzoT3a" + + "+RP1hO6FneO92ms2soC6xiOFb4EC69Dfhh87Nww5O35JxVF0bzmbmIAWd6P/7zGh" + + "nd2S4tKkaZcubps+C0j9Fgi0hipVicAOUVVoDQIDAQABoyMwITAPBgNVHRMBAf8E" + + "BTADAQH/MA4GA1UdDwEB/wQEAwIB9jANBgkqhkiG9w0BAQQFAAOBgQCLPvc1IMA4" + + "YP+PmnEldyUoRWRnvPWjBGeu0WheBP7fdcnGBf93Nmc5j68ZN+eTZ5VMuZ99YdvH" + + "CXGNX6oodONLU//LlFKdLl5xjLAS5X9p1RbOEGytnalqeiEpjk4+C/7rIBG1kllO" + + "dItmI6LlEMV09Hkpg6ZRAUmRkb8KrM4X7A=="); + + static byte[] certD = Base64.decode( + "MIICtTCCAh6gAwIBAgIBBjANBgkqhkiG9w0BAQQFADCBjTEPMA0GA1UEAxMGSW50" + + "ZXIzMQswCQYDVQQGEwJDSDEPMA0GA1UEBxMGWnVyaWNoMQswCQYDVQQIEwJaSDEX" + + "MBUGA1UEChMOUHJpdmFzcGhlcmUgQUcxEDAOBgNVBAsTB1Rlc3RpbmcxJDAiBgkq" + + "hkiG9w0BCQEWFWFybWluQHByaXZhc3BoZXJlLmNvbTAeFw0wNzA0MDIwODQ5NTNa" + + "Fw0xNzAzMzAwODQ0MDBaMIGNMQ8wDQYDVQQDEwZJbnRlcjExCzAJBgNVBAYTAkNI" + + "MQ8wDQYDVQQHEwZadXJpY2gxCzAJBgNVBAgTAlpIMRcwFQYDVQQKEw5Qcml2YXNw" + + "aGVyZSBBRzEQMA4GA1UECxMHVGVzdGluZzEkMCIGCSqGSIb3DQEJARYVYXJtaW5A" + + "cHJpdmFzcGhlcmUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCae3TP" + + "jIVKeASqvNabaiUHAMGUgFxB7L0yUsIj39azLcLtUj4S7XkDf7SMGtYV0JY1XNaQ" + + "sHJAsnJivDZc50oiYvqDYfgFZx5+AsN5l5X5rjRzs/OX+Jo+k1OgsIyu6+mf9Kfb" + + "5IdWOVB2EcOg4f9tPjLM8CIj9Pp7RbKLyqUUgwIDAQABoyMwITAPBgNVHRMBAf8E" + + "BTADAQH/MA4GA1UdDwEB/wQEAwIB9jANBgkqhkiG9w0BAQQFAAOBgQCgr9kUdWUT" + + "Lt9UcztSzR3pnHRsyvS0E/z850OKQKS5/VxLEalpFvhj+3EcZ7Y6mFxaaS2B7vXg" + + "2YWyqV1PRb6iF7/u9EXkpSTKGrJahwANirCa3V/HTUuPdCE2GITlnWI8h3eVA+xQ" + + "D4LF0PXHOkXbwmhXRSb10lW1bSGkUxE9jg=="); + + private void testExceptions() + throws Exception + { + byte[] enc = { (byte)0, (byte)2, (byte)3, (byte)4, (byte)5 }; + MyCertPath mc = new MyCertPath(enc); + ByteArrayOutputStream os = new ByteArrayOutputStream(); + ByteArrayInputStream is; + byte[] arr; + + ObjectOutputStream oOut = new ObjectOutputStream(os); + oOut.writeObject(mc); + oOut.flush(); + oOut.close(); + + try + { + CertificateFactory cFac = CertificateFactory.getInstance("X.509", + "BC"); + arr = os.toByteArray(); + is = new ByteArrayInputStream(arr); + cFac.generateCertPath(is); + } + catch (CertificateException e) + { + // ignore okay + } + + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + List certCol = new ArrayList(); + + certCol.add(cf.generateCertificate(new ByteArrayInputStream(certA))); + certCol.add(cf.generateCertificate(new ByteArrayInputStream(certB))); + certCol.add(cf.generateCertificate(new ByteArrayInputStream(certC))); + certCol.add(cf.generateCertificate(new ByteArrayInputStream(certD))); + + CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX", "BC"); + X509CertSelector select = new X509CertSelector(); + select.setSubject(((X509Principal)((X509Certificate)certCol.get(0)).getSubjectDN()).getEncoded()); + + Set trustanchors = new HashSet(); + trustanchors.add(new TrustAnchor((X509Certificate)cf.generateCertificate(new ByteArrayInputStream(rootCertBin)), null)); + + CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certCol)); + + PKIXBuilderParameters params = new PKIXBuilderParameters(trustanchors, select); + params.addCertStore(certStore); + + try + { + CertPathBuilderResult result = pathBuilder.build(params); + CertPath path = result.getCertPath(); + fail("found cert path in circular set"); + } + catch (CertPathBuilderException e) + { + // expected + } + } + + public void performTest() + throws Exception + { + CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC"); + + X509Certificate rootCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(rootCertBin)); + X509Certificate interCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(interCertBin)); + X509Certificate finalCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(finalCertBin)); + + //Testing CertPath generation from List + List list = new ArrayList(); + list.add(interCert); + CertPath certPath1 = cf.generateCertPath(list); + + //Testing CertPath encoding as PkiPath + byte[] encoded = certPath1.getEncoded("PkiPath"); + + //Testing CertPath generation from InputStream + ByteArrayInputStream inStream = new ByteArrayInputStream(encoded); + CertPath certPath2 = cf.generateCertPath(inStream, "PkiPath"); + + //Comparing both CertPathes + if (!certPath2.equals(certPath1)) + { + fail("CertPath differ after encoding and decoding."); + } + + encoded = certPath1.getEncoded("PKCS7"); + + //Testing CertPath generation from InputStream + inStream = new ByteArrayInputStream(encoded); + certPath2 = cf.generateCertPath(inStream, "PKCS7"); + + //Comparing both CertPathes + if (!certPath2.equals(certPath1)) + { + fail("CertPath differ after encoding and decoding."); + } + + encoded = certPath1.getEncoded("PEM"); + + //Testing CertPath generation from InputStream + inStream = new ByteArrayInputStream(encoded); + certPath2 = cf.generateCertPath(inStream, "PEM"); + + //Comparing both CertPathes + if (!certPath2.equals(certPath1)) + { + fail("CertPath differ after encoding and decoding."); + } + + // + // empty list test + // + list = new ArrayList(); + + CertPath certPath = CertificateFactory.getInstance("X.509","BC").generateCertPath(list); + if (certPath.getCertificates().size() != 0) + { + fail("list wrong size."); + } + + // + // exception tests + // + testExceptions(); + } + + public String getName() + { + return "CertPath"; + } + + public static void main( + String[] args) + { + Security.addProvider(new BouncyCastleProvider()); + + runTest(new CertPathTest()); + } + + private static class MyCertificate extends Certificate + { + private final byte[] encoding; + + public MyCertificate(String type, byte[] encoding) + { + super(type); + // don't copy to allow null parameter in test + this.encoding = encoding; + } + + public byte[] getEncoded() throws CertificateEncodingException + { + // do copy to force NPE in test + return (byte[])encoding.clone(); + } + + public void verify(PublicKey key) throws CertificateException, + NoSuchAlgorithmException, InvalidKeyException, + NoSuchProviderException, SignatureException + { + } + + public void verify(PublicKey key, String sigProvider) + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, + SignatureException + { + } + + public String toString() + { + return "[My test Certificate, type: " + getType() + "]"; + } + + public PublicKey getPublicKey() + { + return new PublicKey() + { + public String getAlgorithm() + { + return "TEST"; + } + + public byte[] getEncoded() + { + return new byte[] { (byte)1, (byte)2, (byte)3 }; + } + + public String getFormat() + { + return "TEST_FORMAT"; + } + }; + } + } + + private static class MyCertPath extends CertPath + { + private final Vector certificates; + + private final Vector encodingNames; + + private final byte[] encoding; + + public MyCertPath(byte[] encoding) + { + super("MyEncoding"); + this.encoding = encoding; + certificates = new Vector(); + certificates.add(new MyCertificate("MyEncoding", encoding)); + encodingNames = new Vector(); + encodingNames.add("MyEncoding"); + } + + public List getCertificates() + { + return Collections.unmodifiableList(certificates); + } + + public byte[] getEncoded() throws CertificateEncodingException + { + return (byte[])encoding.clone(); + } + + public byte[] getEncoded(String encoding) + throws CertificateEncodingException + { + if (getType().equals(encoding)) + { + return (byte[])this.encoding.clone(); + } + throw new CertificateEncodingException("Encoding not supported: " + + encoding); + } + + public Iterator getEncodings() + { + return Collections.unmodifiableCollection(encodingNames).iterator(); + } + } +} + diff --git a/pkix/src/test/jdk1.3/org/bouncycastle/cert/test/BcCertTest.java b/pkix/src/test/jdk1.3/org/bouncycastle/cert/test/BcCertTest.java new file mode 100644 index 00000000..e414c856 --- /dev/null +++ b/pkix/src/test/jdk1.3/org/bouncycastle/cert/test/BcCertTest.java @@ -0,0 +1,1418 @@ +package org.bouncycastle.cert.test; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.math.BigInteger; +import java.security.SecureRandom; +import java.security.cert.CRL; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509CRL; +import java.security.cert.X509Certificate; +import java.util.Collection; +import java.util.Date; +import java.util.Iterator; +import java.util.List; +import java.util.Set; + +import junit.framework.TestCase; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Enumerated; +import org.bouncycastle.asn1.ASN1Object; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.DERBitString; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x500.X500NameBuilder; +import org.bouncycastle.asn1.x500.style.RFC4519Style; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier; +import org.bouncycastle.asn1.x509.CRLReason; +import org.bouncycastle.asn1.x509.Certificate; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.Extensions; +import org.bouncycastle.asn1.x509.ExtensionsGenerator; +import org.bouncycastle.asn1.x509.GeneralName; +import org.bouncycastle.asn1.x509.GeneralNames; +import org.bouncycastle.asn1.x509.KeyPurposeId; +import org.bouncycastle.asn1.x509.KeyUsage; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.cert.CertException; +import org.bouncycastle.cert.X509CRLEntryHolder; +import org.bouncycastle.cert.X509CRLHolder; +import org.bouncycastle.cert.X509CertificateHolder; +import org.bouncycastle.cert.X509v1CertificateBuilder; +import org.bouncycastle.cert.X509v2CRLBuilder; +import org.bouncycastle.cert.X509v3CertificateBuilder; +import org.bouncycastle.cert.bc.BcX509ExtensionUtils; +import org.bouncycastle.cert.bc.BcX509v1CertificateBuilder; +import org.bouncycastle.cert.bc.BcX509v3CertificateBuilder; +import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; +import org.bouncycastle.crypto.AsymmetricCipherKeyPair; +import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator; +import org.bouncycastle.crypto.generators.DSAKeyPairGenerator; +import org.bouncycastle.crypto.generators.DSAParametersGenerator; +import org.bouncycastle.crypto.generators.RSAKeyPairGenerator; +import org.bouncycastle.crypto.params.AsymmetricKeyParameter; +import org.bouncycastle.crypto.params.DSAKeyGenerationParameters; +import org.bouncycastle.crypto.params.DSAParameters; +import org.bouncycastle.crypto.params.RSAKeyGenerationParameters; +import org.bouncycastle.crypto.params.RSAKeyParameters; +import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; +import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory; +import org.bouncycastle.cert.test.PEMData; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.ContentVerifierProvider; +import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder; +import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder; +import org.bouncycastle.operator.OperatorCreationException; +import org.bouncycastle.operator.bc.BcDSAContentSignerBuilder; +import org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder; +import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder; +import org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder; +import org.bouncycastle.util.encoders.Base64; + +public class BcCertTest + extends TestCase +{ + DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder(); + DefaultDigestAlgorithmIdentifierFinder digAlgFinder = new DefaultDigestAlgorithmIdentifierFinder(); + + // + // server.crt + // + byte[] cert1 = Base64.decode( + "MIIDXjCCAsegAwIBAgIBBzANBgkqhkiG9w0BAQQFADCBtzELMAkGA1UEBhMCQVUx" + + "ETAPBgNVBAgTCFZpY3RvcmlhMRgwFgYDVQQHEw9Tb3V0aCBNZWxib3VybmUxGjAY" + + "BgNVBAoTEUNvbm5lY3QgNCBQdHkgTHRkMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBB" + + "dXRob3JpdHkxFTATBgNVBAMTDENvbm5lY3QgNCBDQTEoMCYGCSqGSIb3DQEJARYZ" + + "d2VibWFzdGVyQGNvbm5lY3Q0LmNvbS5hdTAeFw0wMDA2MDIwNzU2MjFaFw0wMTA2" + + "MDIwNzU2MjFaMIG4MQswCQYDVQQGEwJBVTERMA8GA1UECBMIVmljdG9yaWExGDAW" + + "BgNVBAcTD1NvdXRoIE1lbGJvdXJuZTEaMBgGA1UEChMRQ29ubmVjdCA0IFB0eSBM" + + "dGQxFzAVBgNVBAsTDldlYnNlcnZlciBUZWFtMR0wGwYDVQQDExR3d3cyLmNvbm5l" + + "Y3Q0LmNvbS5hdTEoMCYGCSqGSIb3DQEJARYZd2VibWFzdGVyQGNvbm5lY3Q0LmNv" + + "bS5hdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArvDxclKAhyv7Q/Wmr2re" + + "Gw4XL9Cnh9e+6VgWy2AWNy/MVeXdlxzd7QAuc1eOWQkGQEiLPy5XQtTY+sBUJ3AO" + + "Rvd2fEVJIcjf29ey7bYua9J/vz5MG2KYo9/WCHIwqD9mmG9g0xLcfwq/s8ZJBswE" + + "7sb85VU+h94PTvsWOsWuKaECAwEAAaN3MHUwJAYDVR0RBB0wG4EZd2VibWFzdGVy" + + "QGNvbm5lY3Q0LmNvbS5hdTA6BglghkgBhvhCAQ0ELRYrbW9kX3NzbCBnZW5lcmF0" + + "ZWQgY3VzdG9tIHNlcnZlciBjZXJ0aWZpY2F0ZTARBglghkgBhvhCAQEEBAMCBkAw" + + "DQYJKoZIhvcNAQEEBQADgYEAotccfKpwSsIxM1Hae8DR7M/Rw8dg/RqOWx45HNVL" + + "iBS4/3N/TO195yeQKbfmzbAA2jbPVvIvGgTxPgO1MP4ZgvgRhasaa0qCJCkWvpM4" + + "yQf33vOiYQbpv4rTwzU8AmRlBG45WdjyNIigGV+oRc61aKCTnLq7zB8N3z1TF/bF" + + "5/8="); + + // + // ca.crt + // + byte[] cert2 = Base64.decode( + "MIIDbDCCAtWgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBtzELMAkGA1UEBhMCQVUx" + + "ETAPBgNVBAgTCFZpY3RvcmlhMRgwFgYDVQQHEw9Tb3V0aCBNZWxib3VybmUxGjAY" + + "BgNVBAoTEUNvbm5lY3QgNCBQdHkgTHRkMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBB" + + "dXRob3JpdHkxFTATBgNVBAMTDENvbm5lY3QgNCBDQTEoMCYGCSqGSIb3DQEJARYZ" + + "d2VibWFzdGVyQGNvbm5lY3Q0LmNvbS5hdTAeFw0wMDA2MDIwNzU1MzNaFw0wMTA2" + + "MDIwNzU1MzNaMIG3MQswCQYDVQQGEwJBVTERMA8GA1UECBMIVmljdG9yaWExGDAW" + + "BgNVBAcTD1NvdXRoIE1lbGJvdXJuZTEaMBgGA1UEChMRQ29ubmVjdCA0IFB0eSBM" + + "dGQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEVMBMGA1UEAxMMQ29u" + + "bmVjdCA0IENBMSgwJgYJKoZIhvcNAQkBFhl3ZWJtYXN0ZXJAY29ubmVjdDQuY29t" + + "LmF1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgs5ptNG6Qv1ZpCDuUNGmv" + + "rhjqMDPd3ri8JzZNRiiFlBA4e6/ReaO1U8ASewDeQMH6i9R6degFdQRLngbuJP0s" + + "xcEE+SksEWNvygfzLwV9J/q+TQDyJYK52utb++lS0b48A1KPLwEsyL6kOAgelbur" + + "ukwxowprKUIV7Knf1ajetQIDAQABo4GFMIGCMCQGA1UdEQQdMBuBGXdlYm1hc3Rl" + + "ckBjb25uZWN0NC5jb20uYXUwDwYDVR0TBAgwBgEB/wIBADA2BglghkgBhvhCAQ0E" + + "KRYnbW9kX3NzbCBnZW5lcmF0ZWQgY3VzdG9tIENBIGNlcnRpZmljYXRlMBEGCWCG" + + "SAGG+EIBAQQEAwICBDANBgkqhkiG9w0BAQQFAAOBgQCsGvfdghH8pPhlwm1r3pQk" + + "msnLAVIBb01EhbXm2861iXZfWqGQjrGAaA0ZpXNk9oo110yxoqEoSJSzniZa7Xtz" + + "soTwNUpE0SLHvWf/SlKdFWlzXA+vOZbzEv4UmjeelekTm7lc01EEa5QRVzOxHFtQ" + + "DhkaJ8VqOMajkQFma2r9iA=="); + + // + // testx509.pem + // + byte[] cert3 = Base64.decode( + "MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV" + + "BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz" + + "MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM" + + "RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF" + + "AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO" + + "/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE" + + "Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ" + + "zl9HYIMxATFyqSiD9jsx"); + + // + // v3-cert1.pem + // + byte[] cert4 = Base64.decode( + "MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx" + + "NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz" + + "dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw" + + "ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu" + + "ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2" + + "ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp" + + "miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C" + + "AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK" + + "Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x" + + "DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR" + + "MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB" + + "AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21" + + "X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3" + + "WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO"); + + // + // v3-cert2.pem + // + byte[] cert5 = Base64.decode( + "MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD" + + "YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0" + + "ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu" + + "dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1" + + "WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV" + + "BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx" + + "FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA" + + "6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT" + + "G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ" + + "YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm" + + "b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc" + + "F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz" + + "lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap" + + "jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU="); + + // + // pem encoded pkcs7 + // + byte[] cert6 = Base64.decode( + "MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJbzCCAj0w" + + "ggGmAhEAzbp/VvDf5LxU/iKss3KqVTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUG" + + "A1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2Vy" + + "dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMjgwODAxMjM1OTU5WjBfMQsw" + + "CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVi" + + "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0A" + + "MIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiH" + + "mgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNePNGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF" + + "4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEwDQYJKoZIhvcNAQECBQADgYEATD+4i8Zo3+5DMw5d" + + "6abLB4RNejP/khv0Nq3YlSI2aBFsfELM85wuxAc/FLAPT/+Qknb54rxK6Y/NoIAK98Up8YIiXbix" + + "3YEjo3slFUYweRb46gVLlH8dwhzI47f0EEA8E8NfH1PoSOSGtHuhNbB7Jbq4046rPzidADQAmPPR" + + "cZQwggMuMIICl6ADAgECAhEA0nYujRQMPX2yqCVdr+4NdTANBgkqhkiG9w0BAQIFADBfMQswCQYD" + + "VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGlj" + + "IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTgwNTEyMDAwMDAwWhcNMDgwNTEy" + + "MjM1OTU5WjCBzDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy" + + "dXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5j" + + "b3JwLiBCeSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDEgQ0Eg" + + "SW5kaXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEgTm90IFZhbGlkYXRlZDCBnzANBgkqhkiG9w0B" + + "AQEFAAOBjQAwgYkCgYEAu1pEigQWu1X9A3qKLZRPFXg2uA1Ksm+cVL+86HcqnbnwaLuV2TFBcHqB" + + "S7lIE1YtxwjhhEKrwKKSq0RcqkLwgg4C6S/7wju7vsknCl22sDZCM7VuVIhPh0q/Gdr5FegPh7Yc" + + "48zGmo5/aiSS4/zgZbqnsX7vyds3ashKyAkG5JkCAwEAAaN8MHowEQYJYIZIAYb4QgEBBAQDAgEG" + + "MEcGA1UdIARAMD4wPAYLYIZIAYb4RQEHAQEwLTArBggrBgEFBQcCARYfd3d3LnZlcmlzaWduLmNv" + + "bS9yZXBvc2l0b3J5L1JQQTAPBgNVHRMECDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B" + + "AQIFAAOBgQCIuDc73dqUNwCtqp/hgQFxHpJqbS/28Z3TymQ43BuYDAeGW4UVag+5SYWklfEXfWe0" + + "fy0s3ZpCnsM+tI6q5QsG3vJWKvozx74Z11NMw73I4xe1pElCY+zCphcPXVgaSTyQXFWjZSAA/Rgg" + + "5V+CprGoksVYasGNAzzrw80FopCubjCCA/gwggNhoAMCAQICEBbbn/1G1zppD6KsP01bwywwDQYJ" + + "KoZIhvcNAQEEBQAwgcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln" + + "biBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvUlBB" + + "IEluY29ycC4gQnkgUmVmLixMSUFCLkxURChjKTk4MUgwRgYDVQQDEz9WZXJpU2lnbiBDbGFzcyAx" + + "IENBIEluZGl2aWR1YWwgU3Vic2NyaWJlci1QZXJzb25hIE5vdCBWYWxpZGF0ZWQwHhcNMDAxMDAy" + + "MDAwMDAwWhcNMDAxMjAxMjM1OTU5WjCCAQcxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYD" + + "VQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3Jl" + + "cG9zaXRvcnkvUlBBIEluY29ycC4gYnkgUmVmLixMSUFCLkxURChjKTk4MR4wHAYDVQQLExVQZXJz" + + "b25hIE5vdCBWYWxpZGF0ZWQxJzAlBgNVBAsTHkRpZ2l0YWwgSUQgQ2xhc3MgMSAtIE1pY3Jvc29m" + + "dDETMBEGA1UEAxQKRGF2aWQgUnlhbjElMCMGCSqGSIb3DQEJARYWZGF2aWRAbGl2ZW1lZGlhLmNv" + + "bS5hdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqxBsdeNmSvFqhMNwhQgNzM8mdjX9eSXb" + + "DawpHtQHjmh0AKJSa3IwUY0VIsyZHuXWktO/CgaMBVPt6OVf/n0R2sQigMP6Y+PhEiS0vCJBL9aK" + + "0+pOo2qXrjVBmq+XuCyPTnc+BOSrU26tJsX0P9BYorwySiEGxGanBNATdVL4NdUCAwEAAaOBnDCB" + + "mTAJBgNVHRMEAjAAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHAQgwKjAoBggrBgEFBQcCARYcaHR0" + + "cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTARBglghkgBhvhCAQEEBAMCB4AwMwYDVR0fBCwwKjAo" + + "oCagJIYiaHR0cDovL2NybC52ZXJpc2lnbi5jb20vY2xhc3MxLmNybDANBgkqhkiG9w0BAQQFAAOB" + + "gQBC8yIIdVGpFTf8/YiL14cMzcmL0nIRm4kGR3U59z7UtcXlfNXXJ8MyaeI/BnXwG/gD5OKYqW6R" + + "yca9vZOxf1uoTBl82gInk865ED3Tej6msCqFzZffnSUQvOIeqLxxDlqYRQ6PmW2nAnZeyjcnbI5Y" + + "syQSM2fmo7n6qJFP+GbFezGCAkUwggJBAgEBMIHhMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5j" + + "LjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWdu" + + "LmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UE" + + "AxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJbmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3Qg" + + "VmFsaWRhdGVkAhAW25/9Rtc6aQ+irD9NW8MsMAkGBSsOAwIaBQCggbowGAYJKoZIhvcNAQkDMQsG" + + "CSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDAxMDAyMTczNTE4WjAjBgkqhkiG9w0BCQQxFgQU" + + "gZjSaBEY2oxGvlQUIMnxSXhivK8wWwYJKoZIhvcNAQkPMU4wTDAKBggqhkiG9w0DBzAOBggqhkiG" + + "9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwBwYFKw4DAh0w" + + "DQYJKoZIhvcNAQEBBQAEgYAzk+PU91/ZFfoiuKOECjxEh9fDYE2jfDCheBIgh5gdcCo+sS1WQs8O" + + "HreQ9Nop/JdJv1DQMBK6weNBBDoP0EEkRm1XCC144XhXZC82jBZohYmi2WvDbbC//YN58kRMYMyy" + + "srrfn4Z9I+6kTriGXkrpGk9Q0LSGjmG2BIsqiF0dvwAAAAAAAA=="); + + // + // dsaWithSHA1 cert + // + byte[] cert7 = Base64.decode( + "MIIEXAYJKoZIhvcNAQcCoIIETTCCBEkCAQExCzAJBgUrDgMCGgUAMAsGCSqG" + + "SIb3DQEHAaCCAsMwggK/MIIB4AIBADCBpwYFKw4DAhswgZ0CQQEkJRHP+mN7" + + "d8miwTMN55CUSmo3TO8WGCxgY61TX5k+7NU4XPf1TULjw3GobwaJX13kquPh" + + "fVXk+gVy46n4Iw3hAhUBSe/QF4BUj+pJOF9ROBM4u+FEWA8CQQD4mSJbrABj" + + "TUWrlnAte8pS22Tq4/FPO7jHSqjijUHfXKTrHL1OEqV3SVWcFy5j/cqBgX/z" + + "m8Q12PFp/PjOhh+nMA4xDDAKBgNVBAMTA0lEMzAeFw05NzEwMDEwMDAwMDBa" + + "Fw0zODAxMDEwMDAwMDBaMA4xDDAKBgNVBAMTA0lEMzCB8DCBpwYFKw4DAhsw" + + "gZ0CQQEkJRHP+mN7d8miwTMN55CUSmo3TO8WGCxgY61TX5k+7NU4XPf1TULj" + + "w3GobwaJX13kquPhfVXk+gVy46n4Iw3hAhUBSe/QF4BUj+pJOF9ROBM4u+FE" + + "WA8CQQD4mSJbrABjTUWrlnAte8pS22Tq4/FPO7jHSqjijUHfXKTrHL1OEqV3" + + "SVWcFy5j/cqBgX/zm8Q12PFp/PjOhh+nA0QAAkEAkYkXLYMtGVGWj9OnzjPn" + + "sB9sefSRPrVegZJCZbpW+Iv0/1RP1u04pHG9vtRpIQLjzUiWvLMU9EKQTThc" + + "eNMmWDCBpwYFKw4DAhswgZ0CQQEkJRHP+mN7d8miwTMN55CUSmo3TO8WGCxg" + + "Y61TX5k+7NU4XPf1TULjw3GobwaJX13kquPhfVXk+gVy46n4Iw3hAhUBSe/Q" + + "F4BUj+pJOF9ROBM4u+FEWA8CQQD4mSJbrABjTUWrlnAte8pS22Tq4/FPO7jH" + + "SqjijUHfXKTrHL1OEqV3SVWcFy5j/cqBgX/zm8Q12PFp/PjOhh+nAy8AMCwC" + + "FBY3dBSdeprGcqpr6wr3xbG+6WW+AhRMm/facKJNxkT3iKgJbp7R8Xd3QTGC" + + "AWEwggFdAgEBMBMwDjEMMAoGA1UEAxMDSUQzAgEAMAkGBSsOAwIaBQCgXTAY" + + "BgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wMjA1" + + "MjQyMzEzMDdaMCMGCSqGSIb3DQEJBDEWBBS4WMsoJhf7CVbZYCFcjoTRzPkJ" + + "xjCBpwYFKw4DAhswgZ0CQQEkJRHP+mN7d8miwTMN55CUSmo3TO8WGCxgY61T" + + "X5k+7NU4XPf1TULjw3GobwaJX13kquPhfVXk+gVy46n4Iw3hAhUBSe/QF4BU" + + "j+pJOF9ROBM4u+FEWA8CQQD4mSJbrABjTUWrlnAte8pS22Tq4/FPO7jHSqji" + + "jUHfXKTrHL1OEqV3SVWcFy5j/cqBgX/zm8Q12PFp/PjOhh+nBC8wLQIVALID" + + "dt+MHwawrDrwsO1Z6sXBaaJsAhRaKssrpevmLkbygKPV07XiAKBG02Zvb2Jh" + + "cg=="); + + // + // testcrl.pem + // + byte[] crl1 = Base64.decode( + "MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT" + + "F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy" + + "IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw" + + "MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw" + + "MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw" + + "MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw" + + "MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw" + + "MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw" + + "MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw" + + "NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw" + + "NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF" + + "AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ" + + "wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt" + + "JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v"); + + // + // ecdsa cert with extra octet string. + // + byte[] oldEcdsa = Base64.decode( + "MIICljCCAkCgAwIBAgIBATALBgcqhkjOPQQBBQAwgY8xCzAJBgNVBAYTAkFVMSgwJ" + + "gYDVQQKEx9UaGUgTGVnaW9uIG9mIHRoZSBCb3VuY3kgQ2FzdGxlMRIwEAYDVQQHEw" + + "lNZWxib3VybmUxETAPBgNVBAgTCFZpY3RvcmlhMS8wLQYJKoZIhvcNAQkBFiBmZWV" + + "kYmFjay1jcnlwdG9AYm91bmN5Y2FzdGxlLm9yZzAeFw0wMTEyMDcwMTAwMDRaFw0w" + + "MTEyMDcwMTAxNDRaMIGPMQswCQYDVQQGEwJBVTEoMCYGA1UEChMfVGhlIExlZ2lvb" + + "iBvZiB0aGUgQm91bmN5IENhc3RsZTESMBAGA1UEBxMJTWVsYm91cm5lMREwDwYDVQ" + + "QIEwhWaWN0b3JpYTEvMC0GCSqGSIb3DQEJARYgZmVlZGJhY2stY3J5cHRvQGJvdW5" + + "jeWNhc3RsZS5vcmcwgeQwgb0GByqGSM49AgEwgbECAQEwKQYHKoZIzj0BAQIef///" + + "////////////f///////gAAAAAAAf///////MEAEHn///////////////3///////" + + "4AAAAAAAH///////AQeawFsO9zxiUHQ1lSSFHXKcanbL7J9HTd5YYXClCwKBB8CD/" + + "qWPNyogWzMM7hkK+35BcPTWFc9Pyf7vTs8uaqvAh5///////////////9///+eXpq" + + "fXZBx+9FSJoiQnQsDIgAEHwJbbcU7xholSP+w9nFHLebJUhqdLSU05lq/y9X+DHAw" + + "CwYHKoZIzj0EAQUAA0MAMEACHnz6t4UNoVROp74ma4XNDjjGcjaqiIWPZLK8Bdw3G" + + "QIeLZ4j3a6ividZl344UH+UPUE7xJxlYGuy7ejTsqRR"); + + byte[] keyUsage = Base64.decode( + "MIIE7TCCBFagAwIBAgIEOAOR7jANBgkqhkiG9w0BAQQFADCByTELMAkGA1UE" + + "BhMCVVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MUgwRgYDVQQLFD93d3cuZW50" + + "cnVzdC5uZXQvQ2xpZW50X0NBX0luZm8vQ1BTIGluY29ycC4gYnkgcmVmLiBs" + + "aW1pdHMgbGlhYi4xJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExp" + + "bWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENsaWVudCBDZXJ0aWZpY2F0" + + "aW9uIEF1dGhvcml0eTAeFw05OTEwMTIxOTI0MzBaFw0xOTEwMTIxOTU0MzBa" + + "MIHJMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxSDBGBgNV" + + "BAsUP3d3dy5lbnRydXN0Lm5ldC9DbGllbnRfQ0FfSW5mby9DUFMgaW5jb3Jw" + + "LiBieSByZWYuIGxpbWl0cyBsaWFiLjElMCMGA1UECxMcKGMpIDE5OTkgRW50" + + "cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQgQ2xpZW50" + + "IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUAA4GL" + + "ADCBhwKBgQDIOpleMRffrCdvkHvkGf9FozTC28GoT/Bo6oT9n3V5z8GKUZSv" + + "x1cDR2SerYIbWtp/N3hHuzeYEpbOxhN979IMMFGpOZ5V+Pux5zDeg7K6PvHV" + + "iTs7hbqqdCz+PzFur5GVbgbUB01LLFZHGARS2g4Qk79jkJvh34zmAqTmT173" + + "iwIBA6OCAeAwggHcMBEGCWCGSAGG+EIBAQQEAwIABzCCASIGA1UdHwSCARkw" + + "ggEVMIHkoIHhoIHepIHbMIHYMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50" + + "cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9DbGllbnRfQ0Ff" + + "SW5mby9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjElMCMGA1UE" + + "CxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50" + + "cnVzdC5uZXQgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MQ0wCwYD" + + "VQQDEwRDUkwxMCygKqAohiZodHRwOi8vd3d3LmVudHJ1c3QubmV0L0NSTC9D" + + "bGllbnQxLmNybDArBgNVHRAEJDAigA8xOTk5MTAxMjE5MjQzMFqBDzIwMTkx" + + "MDEyMTkyNDMwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUxPucKXuXzUyW" + + "/O5bs8qZdIuV6kwwHQYDVR0OBBYEFMT7nCl7l81MlvzuW7PKmXSLlepMMAwG" + + "A1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI" + + "hvcNAQEEBQADgYEAP66K8ddmAwWePvrqHEa7pFuPeJoSSJn59DXeDDYHAmsQ" + + "OokUgZwxpnyyQbJq5wcBoUv5nyU7lsqZwz6hURzzwy5E97BnRqqS5TvaHBkU" + + "ODDV4qIxJS7x7EU47fgGWANzYrAQMY9Av2TgXD7FTx/aEkP/TOYGJqibGapE" + + "PHayXOw="); + + byte[] nameCert = Base64.decode( + "MIIEFjCCA3+gAwIBAgIEdS8BozANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJE"+ + "RTERMA8GA1UEChQIREFURVYgZUcxKDAMBgcCggYBCgcUEwExMBgGA1UEAxQRQ0Eg"+ + "REFURVYgRDAzIDE6UE4wIhgPMjAwMTA1MTAxMDIyNDhaGA8yMDA0MDUwOTEwMjI0"+ + "OFowgYQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIFAZCYXllcm4xEjAQBgNVBAcUCU7I"+ + "dXJuYmVyZzERMA8GA1UEChQIREFURVYgZUcxHTAbBgNVBAUTFDAwMDAwMDAwMDA4"+ + "OTU3NDM2MDAxMR4wHAYDVQQDFBVEaWV0bWFyIFNlbmdlbmxlaXRuZXIwgaEwDQYJ"+ + "KoZIhvcNAQEBBQADgY8AMIGLAoGBAJLI/LJLKaHoMk8fBECW/od8u5erZi6jI8Ug"+ + "C0a/LZyQUO/R20vWJs6GrClQtXB+AtfiBSnyZOSYzOdfDI8yEKPEv8qSuUPpOHps"+ + "uNCFdLZF1vavVYGEEWs2+y+uuPmg8q1oPRyRmUZ+x9HrDvCXJraaDfTEd9olmB/Z"+ + "AuC/PqpjAgUAwAAAAaOCAcYwggHCMAwGA1UdEwEB/wQCMAAwDwYDVR0PAQH/BAUD"+ + "AwdAADAxBgNVHSAEKjAoMCYGBSskCAEBMB0wGwYIKwYBBQUHAgEWD3d3dy56cy5k"+ + "YXRldi5kZTApBgNVHREEIjAggR5kaWV0bWFyLnNlbmdlbmxlaXRuZXJAZGF0ZXYu"+ + "ZGUwgYQGA1UdIwR9MHuhc6RxMG8xCzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1"+ + "bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0"+ + "MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjVSLUNBIDE6UE6CBACm8LkwDgYHAoIG"+ + "AQoMAAQDAQEAMEcGA1UdHwRAMD4wPKAUoBKGEHd3dy5jcmwuZGF0ZXYuZGWiJKQi"+ + "MCAxCzAJBgNVBAYTAkRFMREwDwYDVQQKFAhEQVRFViBlRzAWBgUrJAgDBAQNMAsT"+ + "A0VVUgIBBQIBATAdBgNVHQ4EFgQUfv6xFP0xk7027folhy+ziZvBJiwwLAYIKwYB"+ + "BQUHAQEEIDAeMBwGCCsGAQUFBzABhhB3d3cuZGlyLmRhdGV2LmRlMA0GCSqGSIb3"+ + "DQEBBQUAA4GBAEOVX6uQxbgtKzdgbTi6YLffMftFr2mmNwch7qzpM5gxcynzgVkg"+ + "pnQcDNlm5AIbS6pO8jTCLfCd5TZ5biQksBErqmesIl3QD+VqtB+RNghxectZ3VEs"+ + "nCUtcE7tJ8O14qwCb3TxS9dvIUFiVi4DjbxX46TdcTbTaK8/qr6AIf+l"); + + byte[] probSelfSignedCert = Base64.decode( + "MIICxTCCAi6gAwIBAgIQAQAAAAAAAAAAAAAAAAAAATANBgkqhkiG9w0BAQUFADBF" + + "MScwJQYDVQQKEx4gRElSRUNUSU9OIEdFTkVSQUxFIERFUyBJTVBPVFMxGjAYBgNV" + + "BAMTESBBQyBNSU5FRkkgQiBURVNUMB4XDTA0MDUwNzEyMDAwMFoXDTE0MDUwNzEy" + + "MDAwMFowRTEnMCUGA1UEChMeIERJUkVDVElPTiBHRU5FUkFMRSBERVMgSU1QT1RT" + + "MRowGAYDVQQDExEgQUMgTUlORUZJIEIgVEVTVDCBnzANBgkqhkiG9w0BAQEFAAOB" + + "jQAwgYkCgYEAveoCUOAukZdcFCs2qJk76vSqEX0ZFzHqQ6faBPZWjwkgUNwZ6m6m" + + "qWvvyq1cuxhoDvpfC6NXILETawYc6MNwwxsOtVVIjuXlcF17NMejljJafbPximEt" + + "DQ4LcQeSp4K7FyFlIAMLyt3BQ77emGzU5fjFTvHSUNb3jblx0sV28c0CAwEAAaOB" + + "tTCBsjAfBgNVHSMEGDAWgBSEJ4bLbvEQY8cYMAFKPFD1/fFXlzAdBgNVHQ4EFgQU" + + "hCeGy27xEGPHGDABSjxQ9f3xV5cwDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIB" + + "AQQEAwIBBjA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vYWRvbmlzLnBrNy5jZXJ0" + + "cGx1cy5uZXQvZGdpLXRlc3QuY3JsMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN" + + "AQEFBQADgYEAmToHJWjd3+4zknfsP09H6uMbolHNGG0zTS2lrLKpzcmkQfjhQpT9" + + "LUTBvfs1jdjo9fGmQLvOG+Sm51Rbjglb8bcikVI5gLbclOlvqLkm77otjl4U4Z2/" + + "Y0vP14Aov3Sn3k+17EfReYUZI4liuB95ncobC4e8ZM++LjQcIM0s+Vs="); + + + byte[] gost34102001base = Base64.decode( + "MIIB1DCCAYECEEjpVKXP6Wn1yVz3VeeDQa8wCgYGKoUDAgIDBQAwbTEfMB0G" + + "A1UEAwwWR29zdFIzNDEwLTIwMDEgZXhhbXBsZTESMBAGA1UECgwJQ3J5cHRv" + + "UHJvMQswCQYDVQQGEwJSVTEpMCcGCSqGSIb3DQEJARYaR29zdFIzNDEwLTIw" + + "MDFAZXhhbXBsZS5jb20wHhcNMDUwMjAzMTUxNjQ2WhcNMTUwMjAzMTUxNjQ2" + + "WjBtMR8wHQYDVQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQK" + + "DAlDcnlwdG9Qcm8xCzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0" + + "UjM0MTAtMjAwMUBleGFtcGxlLmNvbTBjMBwGBiqFAwICEzASBgcqhQMCAiQA" + + "BgcqhQMCAh4BA0MABECElWh1YAIaQHUIzROMMYks/eUFA3pDXPRtKw/nTzJ+" + + "V4/rzBa5lYgD0Jp8ha4P5I3qprt+VsfLsN8PZrzK6hpgMAoGBiqFAwICAwUA" + + "A0EAHw5dw/aw/OiNvHyOE65kvyo4Hp0sfz3csM6UUkp10VO247ofNJK3tsLb" + + "HOLjUaqzefrlGb11WpHYrvWFg+FcLA=="); + + private final byte[] emptyDNCert = Base64.decode( + "MIICfTCCAeagAwIBAgIBajANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJVUzEMMAoGA1UEChMD" + + "Q0RXMQkwBwYDVQQLEwAxCTAHBgNVBAcTADEJMAcGA1UECBMAMRowGAYDVQQDExFUZW1wbGFyIFRl" + + "c3QgMTAyNDEiMCAGCSqGSIb3DQEJARYTdGVtcGxhcnRlc3RAY2R3LmNvbTAeFw0wNjA1MjIwNTAw" + + "MDBaFw0xMDA1MjIwNTAwMDBaMHwxCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNDRFcxCTAHBgNVBAsT" + + "ADEJMAcGA1UEBxMAMQkwBwYDVQQIEwAxGjAYBgNVBAMTEVRlbXBsYXIgVGVzdCAxMDI0MSIwIAYJ" + + "KoZIhvcNAQkBFhN0ZW1wbGFydGVzdEBjZHcuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB" + + "gQDH3aJpJBfM+A3d84j5YcU6zEQaQ76u5xO9NSBmHjZykKS2kCcUqPpvVOPDA5WgV22dtKPh+lYV" + + "iUp7wyCVwAKibq8HIbihHceFqMKzjwC639rMoDJ7bi/yzQWz1Zg+075a4FGPlUKn7Yfu89wKkjdW" + + "wDpRPXc/agqBnrx5pJTXzQIDAQABow8wDTALBgNVHQ8EBAMCALEwDQYJKoZIhvcNAQEEBQADgYEA" + + "RRsRsjse3i2/KClFVd6YLZ+7K1BE0WxFyY2bbytkwQJSxvv3vLSuweFUbhNxutb68wl/yW4GLy4b" + + "1QdyswNxrNDXTuu5ILKhRDDuWeocz83aG2KGtr3JlFyr3biWGEyn5WUOE6tbONoQDJ0oPYgI6CAc" + + "EHdUp0lioOCt6UOw7Cs="); + + private AsymmetricKeyParameter dudPublicKey = new AsymmetricKeyParameter(true) + { + public String getAlgorithm() + { + return null; + } + + public String getFormat() + { + return null; + } + + public byte[] getEncoded() + { + return null; + } + + }; + + public String getName() + { + return "CertTest"; + } + + public void checkCertificate( + int id, + byte[] bytes) + { + try + { + X509CertificateHolder certHldr = new X509CertificateHolder(bytes); + + SubjectPublicKeyInfo k = certHldr.getSubjectPublicKeyInfo(); + // System.out.println(cert); + } + catch (Exception e) + { + fail(e.toString()); + } + } + /* + public void checkNameCertificate( + int id, + byte[] bytes) + { + ByteArrayInputStream bIn; + String dump = ""; + + try + { + bIn = new ByteArrayInputStream(bytes); + + CertificateFactory fact = CertificateFactory.getInstance("X.509", "LKBX-BC"); + + X509Certificate cert = (X509Certificate)fact.generateCertificate(bIn); + + AsymmetricKeyParameter k = cert.getAsymmetricKeyParameter(); + if (!cert.getIssuerDN().toString().equals("C=DE,O=DATEV eG,0.2.262.1.10.7.20=1+CN=CA DATEV D03 1:PN")) + { + fail(id + " failed - name test."); + } + // System.out.println(cert); + } + catch (Exception e) + { + fail(dump + System.getProperty("line.separator") + getName() + ": "+ id + " failed - exception " + e.toString(), e); + } + + } + */ + public void checkKeyUsage( + int id, + byte[] bytes) + throws IOException + { + + X509CertificateHolder certHld = new X509CertificateHolder(bytes); + + if ((DERBitString.getInstance(certHld.getExtension(Extension.keyUsage).getParsedValue()).getBytes()[0] & 0x01) != 0) + { + fail("error generating cert - key usage wrong."); + } + + + } + + + public void checkSelfSignedCertificate( + int id, + byte[] bytes) + throws OperatorCreationException, IOException, CertException + { + + X509CertificateHolder certHolder = new X509CertificateHolder(bytes); + + assertTrue(certHolder.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(certHolder))); + + + } + + /** + * we generate a self signed certificate for the sake of testing - RSA + */ + public void checkCreation1() + throws Exception + { + // + // a sample key pair. + // + AsymmetricKeyParameter pubKey = new RSAKeyParameters( + false, + new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), + new BigInteger("11", 16)); + + AsymmetricKeyParameter privKey = new RSAPrivateCrtKeyParameters( + new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), + new BigInteger("11", 16), + new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16), + new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16), + new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16), + new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16), + new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16), + new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16)); + + // + // distinguished name table. + // + X500NameBuilder builder = new X500NameBuilder(RFC4519Style.INSTANCE); + + builder.addRDN(RFC4519Style.c, "AU"); + builder.addRDN(RFC4519Style.o, "The Legion of the Bouncy Castle"); + builder.addRDN(RFC4519Style.l, "Melbourne"); + builder.addRDN(RFC4519Style.st, "Victoria"); + builder.addRDN(PKCSObjectIdentifiers.pkcs_9_at_emailAddress, "feedback-crypto@bouncycastle.org"); + + // + // extensions + // + + // + // create the certificate - version 3 - without extensions + // + AlgorithmIdentifier sigAlg = sigAlgFinder.find("SHA256WithRSAEncryption"); + ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlg, digAlgFinder.find(sigAlg)).build(privKey); + X509v3CertificateBuilder certGen = new BcX509v3CertificateBuilder(builder.build(), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - 50000), new Date(System.currentTimeMillis() + 50000),builder.build(), pubKey); + + X509CertificateHolder certH = certGen.build(sigGen); + + assertTrue(certH.isValidOn(new Date())); + + ContentVerifierProvider contentVerifierProvider = new BcRSAContentVerifierProviderBuilder(new DefaultDigestAlgorithmIdentifierFinder()).build(pubKey); + + assertTrue(certH.isSignatureValid(contentVerifierProvider)); + + X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certH); + Set dummySet = cert.getNonCriticalExtensionOIDs(); + if (dummySet != null) + { + fail("non-critical oid set should be null"); + } + dummySet = cert.getCriticalExtensionOIDs(); + if (dummySet != null) + { + fail("critical oid set should be null"); + } + + // + // create the certificate - version 3 - with extensions + // + sigGen = new BcRSAContentSignerBuilder(sigAlgFinder.find("MD5WithRSA"), digAlgFinder.find(sigAlgFinder.find("MD5withRSA"))).build(privKey); + certGen = new BcX509v3CertificateBuilder(builder.build(), BigInteger.valueOf(1) + , new Date(System.currentTimeMillis() - 50000) + , new Date(System.currentTimeMillis() + 50000) + , builder.build() + , pubKey) + .addExtension(new ASN1ObjectIdentifier("2.5.29.15"), true, + new KeyUsage(KeyUsage.encipherOnly)) + .addExtension(new ASN1ObjectIdentifier("2.5.29.37"), true, + new DERSequence(KeyPurposeId.anyExtendedKeyUsage)) + .addExtension(new ASN1ObjectIdentifier("2.5.29.17"), true, + new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test"))); + + X509CertificateHolder certHolder = certGen.build(sigGen); + + assertTrue(certHolder.isValidOn(new Date())); + + contentVerifierProvider = new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey); + if (!certHolder.isSignatureValid(contentVerifierProvider)) + { + fail("signature test failed"); + } + + ByteArrayInputStream bIn = new ByteArrayInputStream(certHolder.getEncoded()); + CertificateFactory certFact = CertificateFactory.getInstance("X.509"); + + cert = (X509Certificate)certFact.generateCertificate(bIn); + + if (!cert.getKeyUsage()[7]) + { + fail("error generating cert - key usage wrong."); + } + + // System.out.println(cert); + + // + // create the certificate - version 1 + // + sigGen = new BcRSAContentSignerBuilder(sigAlgFinder.find("MD5WithRSA"), digAlgFinder.find(sigAlgFinder.find("MD5withRSA"))).build(privKey); + X509v1CertificateBuilder certGen1 = new BcX509v1CertificateBuilder(builder.build(), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey); + + cert = new JcaX509CertificateConverter().getCertificate(certGen1.build(sigGen)); + + assertTrue(certHolder.isValidOn(new Date())); + + contentVerifierProvider = new BcRSAContentVerifierProviderBuilder(new DefaultDigestAlgorithmIdentifierFinder()).build(pubKey); + + assertTrue(certHolder.isSignatureValid(contentVerifierProvider)); + + bIn = new ByteArrayInputStream(cert.getEncoded()); + certFact = CertificateFactory.getInstance("X.509"); + + cert = (X509Certificate)certFact.generateCertificate(bIn); + + // System.out.println(cert); + if (!cert.getIssuerDN().equals(cert.getSubjectDN())) + { + fail("name comparison fails"); + } + +// + // a lightweight key pair. + // + RSAKeyParameters lwPubKey = new RSAKeyParameters( + false, + new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), + new BigInteger("11", 16)); + + RSAPrivateCrtKeyParameters lwPrivKey = new RSAPrivateCrtKeyParameters( + new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), + new BigInteger("11", 16), + new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16), + new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16), + new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16), + new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16), + new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16), + new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16)); + + // + // distinguished name table. + // + builder = new X500NameBuilder(RFC4519Style.INSTANCE); + + builder.addRDN(RFC4519Style.c, "AU"); + builder.addRDN(RFC4519Style.o, "The Legion of the Bouncy Castle"); + builder.addRDN(RFC4519Style.l, "Melbourne"); + builder.addRDN(RFC4519Style.st, "Victoria"); + builder.addRDN(PKCSObjectIdentifiers.pkcs_9_at_emailAddress, "feedback-crypto@bouncycastle.org"); + + // + // extensions + // + + // + // create the certificate - version 3 - without extensions + // + AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256WithRSAEncryption"); + AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); + + sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(lwPrivKey); + SubjectPublicKeyInfo pubInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(lwPubKey); + certGen = new X509v3CertificateBuilder(builder.build(), BigInteger.valueOf(1), new Date(System.currentTimeMillis() - 50000), new Date(System.currentTimeMillis() + 50000), builder.build(), pubInfo); + + certHolder = certGen.build(sigGen); + + assertTrue(certHolder.isValidOn(new Date())); + + contentVerifierProvider = new BcRSAContentVerifierProviderBuilder(new DefaultDigestAlgorithmIdentifierFinder()).build(lwPubKey); + + assertTrue(certHolder.isSignatureValid(contentVerifierProvider)); + + if (!certHolder.isSignatureValid(contentVerifierProvider)) + { + fail("lw sig verification failed"); + } + } + + /** + * we generate a self signed certificate for the sake of testing - DSA + */ + public void checkCreation2() + throws Exception + { + // + // set up the keys + // + AsymmetricKeyParameter privKey; + AsymmetricKeyParameter pubKey; + + AsymmetricCipherKeyPairGenerator kpg = new DSAKeyPairGenerator(); + BigInteger r = new BigInteger("68076202252361894315274692543577577550894681403"); + BigInteger s = new BigInteger("1089214853334067536215539335472893651470583479365"); + DSAParametersGenerator pGen = new DSAParametersGenerator(); + + pGen.init(512, 80, new SecureRandom()); + + DSAParameters params = pGen.generateParameters(); + DSAKeyGenerationParameters genParam = new DSAKeyGenerationParameters(new SecureRandom(), params); + + kpg.init(genParam); + + AsymmetricCipherKeyPair pair = kpg.generateKeyPair(); + + privKey = (AsymmetricKeyParameter)pair.getPrivate(); + pubKey = (AsymmetricKeyParameter)pair.getPublic(); + + // + // distinguished name table. + // + X500NameBuilder builder = createStdBuilder(); + + // + // extensions + // + + // + // create the certificate - version 3 + // + AlgorithmIdentifier sigAlgId = sigAlgFinder.find("SHA1withDSA"); + AlgorithmIdentifier digAlgId = digAlgFinder.find(sigAlgId); + + ContentSigner sigGen = new BcDSAContentSignerBuilder(sigAlgId, digAlgId).build(privKey); + X509v3CertificateBuilder certGen = new BcX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey); + + + X509CertificateHolder cert = certGen.build(sigGen); + + assertTrue(cert.isValidOn(new Date())); + + assertTrue(cert.isSignatureValid(new BcDSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey))); + + + // + // create the certificate - version 1 + // + sigAlgId = sigAlgFinder.find("SHA1withDSA"); + digAlgId = digAlgFinder.find(sigAlgId); + + sigGen = new BcDSAContentSignerBuilder(sigAlgId, digAlgId).build(privKey); + X509v1CertificateBuilder certGen1 = new BcX509v1CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey); + + cert = certGen1.build(sigGen); + + assertTrue(cert.isValidOn(new Date())); + + assertTrue(cert.isSignatureValid(new BcDSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey))); + + ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded()); + CertificateFactory fact = CertificateFactory.getInstance("X.509"); + + X509Certificate x509cert = (X509Certificate)fact.generateCertificate(bIn); + + //System.out.println(cert); + } + + private X500NameBuilder createStdBuilder() + { + X500NameBuilder builder = new X500NameBuilder(RFC4519Style.INSTANCE); + + builder.addRDN(RFC4519Style.c, "AU"); + builder.addRDN(RFC4519Style.o, "The Legion of the Bouncy Castle"); + builder.addRDN(RFC4519Style.l, "Melbourne"); + builder.addRDN(RFC4519Style.st, "Victoria"); + builder.addRDN(PKCSObjectIdentifiers.pkcs_9_at_emailAddress, "feedback-crypto@bouncycastle.org"); + + return builder; + } + + private void checkCRL( + int id, + byte[] bytes) + { + String dump = ""; + + try + { + X509CRLHolder crlHolder = new X509CRLHolder(bytes); + + } + catch (Exception e) + { + fail(dump + System.getProperty("line.separator") + getName() + ": "+ id + " failed - exception " + e.toString()); + } + + } + + public void checkCRLCreation1() + throws Exception + { + AsymmetricCipherKeyPairGenerator kpg = new RSAKeyPairGenerator(); + RSAKeyGenerationParameters genParam = new RSAKeyGenerationParameters( + BigInteger.valueOf(0x1001), new SecureRandom(), 1024, 25); + + kpg.init(genParam); + + AsymmetricCipherKeyPair pair = kpg.generateKeyPair(); + Date now = new Date(); + + X509v2CRLBuilder crlGen = new X509v2CRLBuilder(new X500Name("CN=Test CA"), now); + + BcX509ExtensionUtils extFact = new BcX509ExtensionUtils(new SHA1DigestCalculator()); + + crlGen.setNextUpdate(new Date(now.getTime() + 100000)); + + crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn); + + crlGen.addExtension(Extension.authorityKeyIdentifier, false, extFact.createAuthorityKeyIdentifier(pair.getPublic())); + + AlgorithmIdentifier sigAlg = sigAlgFinder.find("SHA256withRSAEncryption"); + AlgorithmIdentifier digAlg = digAlgFinder.find(sigAlg); + + X509CRLHolder crl = crlGen.build(new BcRSAContentSignerBuilder(sigAlg, digAlg).build(pair.getPrivate())); + + if (!crl.getIssuer().equals(new X500Name("CN=Test CA"))) + { + fail("failed CRL issuer test"); + } + + Extension authExt = crl.getExtension(Extension.authorityKeyIdentifier); + + if (authExt == null) + { + fail("failed to find CRL extension"); + } + + AuthorityKeyIdentifier authId = AuthorityKeyIdentifier.getInstance(authExt.getParsedValue()); + + X509CRLEntryHolder entry = crl.getRevokedCertificate(BigInteger.ONE); + + if (entry == null) + { + fail("failed to find CRL entry"); + } + + if (!entry.getSerialNumber().equals(BigInteger.ONE)) + { + fail("CRL cert serial number does not match"); + } + + if (!entry.hasExtensions()) + { + fail("CRL entry extension not found"); + } + + Extension ext = entry.getExtension(Extension.reasonCode); + + if (ext != null) + { + ASN1Enumerated reasonCode = ASN1Enumerated.getInstance(ext.getParsedValue()); + + if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn) + { + fail("CRL entry reasonCode wrong"); + } + } + else + { + fail("CRL entry reasonCode not found"); + } + } + + public void checkCRLCreation2() + throws Exception + { + AsymmetricCipherKeyPairGenerator kpg = new RSAKeyPairGenerator(); + RSAKeyGenerationParameters genParam = new RSAKeyGenerationParameters( + BigInteger.valueOf(0x1001), new SecureRandom(), 1024, 25); + + kpg.init(genParam); + + AsymmetricCipherKeyPair pair = kpg.generateKeyPair(); + Date now = new Date(); + + X509v2CRLBuilder crlGen = new X509v2CRLBuilder(new X500Name("CN=Test CA"), now); + + crlGen.setNextUpdate(new Date(now.getTime() + 100000)); + + ExtensionsGenerator extGen = new ExtensionsGenerator(); + + CRLReason crlReason = CRLReason.lookup(CRLReason.privilegeWithdrawn); + + extGen.addExtension(Extension.reasonCode, false, crlReason); + + BcX509ExtensionUtils extFact = new BcX509ExtensionUtils(new SHA1DigestCalculator()); + + crlGen.addCRLEntry(BigInteger.ONE, now, extGen.generate()); + + crlGen.addExtension(Extension.authorityKeyIdentifier, false, extFact.createAuthorityKeyIdentifier((AsymmetricKeyParameter)pair.getPublic())); + + AlgorithmIdentifier sigAlg = sigAlgFinder.find("SHA256withRSAEncryption"); + AlgorithmIdentifier digAlg = digAlgFinder.find(sigAlg); + + X509CRLHolder crlHolder = crlGen.build(new BcRSAContentSignerBuilder(sigAlg, digAlg).build((AsymmetricKeyParameter)pair.getPrivate())); + + if (!crlHolder.getIssuer().equals(new X500Name("CN=Test CA"))) + { + fail("failed CRL issuer test"); + } + + Extension authExt = crlHolder.getExtension(Extension.authorityKeyIdentifier); + + if (authExt == null) + { + fail("failed to find CRL extension"); + } + + AuthorityKeyIdentifier authId = AuthorityKeyIdentifier.getInstance(authExt.getParsedValue()); + + X509CRLEntryHolder entry = crlHolder.getRevokedCertificate(BigInteger.ONE); + + if (entry == null) + { + fail("failed to find CRL entry"); + } + + if (!entry.getSerialNumber().equals(BigInteger.ONE)) + { + fail("CRL cert serial number does not match"); + } + + if (!entry.hasExtensions()) + { + fail("CRL entry extension not found"); + } + + Extension ext = entry.getExtension(Extension.reasonCode); + + if (ext != null) + { + ASN1Enumerated reasonCode = ASN1Enumerated.getInstance(ext.getParsedValue()); + + if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn) + { + fail("CRL entry reasonCode wrong"); + } + } + else + { + fail("CRL entry reasonCode not found"); + } + } + + public void checkCRLCreation3() + throws Exception + { + AsymmetricCipherKeyPairGenerator kpg = new RSAKeyPairGenerator(); + RSAKeyGenerationParameters genParam = new RSAKeyGenerationParameters( + BigInteger.valueOf(0x1001), new SecureRandom(), 1024, 25); + + kpg.init(genParam); + + AsymmetricCipherKeyPair pair = kpg.generateKeyPair(); + Date now = new Date(); + X509v2CRLBuilder crlGen = new X509v2CRLBuilder(new X500Name("CN=Test CA"), now); + + crlGen.setNextUpdate(new Date(now.getTime() + 100000)); + + ExtensionsGenerator extGen = new ExtensionsGenerator(); + + CRLReason crlReason = CRLReason.lookup(CRLReason.privilegeWithdrawn); + + extGen.addExtension(Extension.reasonCode, false, crlReason); + + BcX509ExtensionUtils extFact = new BcX509ExtensionUtils(new SHA1DigestCalculator()); + + Extensions entryExtensions = extGen.generate(); + + crlGen.addCRLEntry(BigInteger.ONE, now, entryExtensions); + + crlGen.addExtension(Extension.authorityKeyIdentifier, false, extFact.createAuthorityKeyIdentifier((AsymmetricKeyParameter)pair.getPublic())); + + AlgorithmIdentifier sigAlg = sigAlgFinder.find("SHA256withRSAEncryption"); + AlgorithmIdentifier digAlg = digAlgFinder.find(sigAlg); + + X509CRLHolder crlHolder = crlGen.build(new BcRSAContentSignerBuilder(sigAlg, digAlg).build((AsymmetricKeyParameter)pair.getPrivate())); + + if (!crlHolder.getIssuer().equals(new X500Name("CN=Test CA"))) + { + fail("failed CRL issuer test"); + } + + Extension authExt = crlHolder.getExtension(Extension.authorityKeyIdentifier); + + if (authExt == null) + { + fail("failed to find CRL extension"); + } + + AuthorityKeyIdentifier authId = AuthorityKeyIdentifier.getInstance(authExt.getParsedValue()); + + X509CRLEntryHolder entry = crlHolder.getRevokedCertificate(BigInteger.ONE); + + if (entry == null) + { + fail("failed to find CRL entry"); + } + + if (!entry.getSerialNumber().equals(BigInteger.ONE)) + { + fail("CRL cert serial number does not match"); + } + + if (!entry.hasExtensions()) + { + fail("CRL entry extension not found"); + } + + Extension ext = entry.getExtension(Extension.reasonCode); + + if (ext != null) + { + ASN1Enumerated reasonCode = ASN1Enumerated.getInstance(ext.getParsedValue()); + + if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn) + { + fail("CRL entry reasonCode wrong"); + } + } + else + { + fail("CRL entry reasonCode not found"); + } + + // + // check loading of existing CRL + // + now = new Date(); + crlGen = new X509v2CRLBuilder(new X500Name("CN=Test CA"), now); + + crlGen.setNextUpdate(new Date(now.getTime() + 100000)); + + crlGen.addCRL(crlHolder); + + crlGen.addCRLEntry(BigInteger.valueOf(2), now, entryExtensions); + + crlGen.addExtension(Extension.authorityKeyIdentifier, false, extFact.createAuthorityKeyIdentifier(pair.getPublic())); + + crlHolder = crlGen.build(new BcRSAContentSignerBuilder(sigAlg, digAlg).build(pair.getPrivate())); + + int count = 0; + boolean oneFound = false; + boolean twoFound = false; + + Iterator it = crlHolder.getRevokedCertificates().iterator(); + while (it.hasNext()) + { + X509CRLEntryHolder crlEnt = (X509CRLEntryHolder)it.next(); + + if (crlEnt.getSerialNumber().intValue() == 1) + { + oneFound = true; + Extension extn = crlEnt.getExtension(Extension.reasonCode); + + if (extn != null) + { + ASN1Enumerated reasonCode = ASN1Enumerated.getInstance(extn.getParsedValue()); + + if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn) + { + fail("CRL entry reasonCode wrong on recheck"); + } + } + else + { + fail("CRL entry reasonCode not found on recheck"); + } + } + else if (crlEnt.getSerialNumber().intValue() == 2) + { + twoFound = true; + } + + count++; + } + + if (count != 2) + { + fail("wrong number of CRLs found, got: " + count); + } + + if (!oneFound || !twoFound) + { + fail("wrong CRLs found in copied list"); + } + + // + // check factory read back + // + CertificateFactory cFact = CertificateFactory.getInstance("X.509"); + + X509CRL readCrl = (X509CRL)cFact.generateCRL(new ByteArrayInputStream(crlHolder.getEncoded())); + + if (readCrl == null) + { + fail("crl not returned!"); + } + + Collection col = cFact.generateCRLs(new ByteArrayInputStream(crlHolder.getEncoded())); + + if (col.size() != 1) + { + fail("wrong number of CRLs found in collection"); + } + } + + public void checkCreation5() + throws Exception + { + // + // a sample key pair. + // + AsymmetricKeyParameter pubKey = new RSAKeyParameters( + false, + new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), + new BigInteger("11", 16)); + + AsymmetricKeyParameter privKey = new RSAPrivateCrtKeyParameters( + new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), + new BigInteger("11", 16), + new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16), + new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16), + new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16), + new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16), + new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16), + new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16)); + + // + // set up the keys + // + SecureRandom rand = new SecureRandom(); + + // + // distinguished name table. + // + X500NameBuilder builder = createStdBuilder(); + + // + // create base certificate - version 3 + // + AlgorithmIdentifier sigAlg = sigAlgFinder.find("MD5WithRSA"); + AlgorithmIdentifier digAlg = digAlgFinder.find(sigAlg); + + ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlg, digAlg).build(privKey); + ASN1ObjectIdentifier extOid = new ASN1ObjectIdentifier("2.5.29.37"); + X509v3CertificateBuilder certGen = new BcX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey) + .addExtension(new ASN1ObjectIdentifier("2.5.29.15"), true, + new KeyUsage(KeyUsage.encipherOnly)) + .addExtension(extOid, true, + new DERSequence(KeyPurposeId.anyExtendedKeyUsage)) + .addExtension(new ASN1ObjectIdentifier("2.5.29.17"), true, + new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test"))); + + X509CertificateHolder baseCert = certGen.build(sigGen); + + // + // copy certificate + // + + certGen = new BcX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey) + .copyAndAddExtension(new ASN1ObjectIdentifier("2.5.29.15"), true, baseCert) + .copyAndAddExtension(extOid, false, baseCert); + + X509CertificateHolder cert = certGen.build(sigGen); + + assertTrue(cert.isValidOn(new Date())); + + assertTrue(cert.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey))); + + if (!baseCert.getExtension(new ASN1ObjectIdentifier("2.5.29.15")).equals(cert.getExtension(new ASN1ObjectIdentifier("2.5.29.15")))) + { + fail("2.5.29.15 differs"); + } + + assertTrue(baseCert.getExtension(extOid).getExtnId().equals(cert.getExtension(extOid).getExtnId())); + assertFalse(baseCert.getExtension(extOid).isCritical() == cert.getExtension(extOid).isCritical()); + if (!baseCert.getExtension(extOid).getParsedValue().equals(cert.getExtension(extOid).getParsedValue())) + { + fail("2.5.29.37 differs"); + } + + // + // exception test + // + + try + { + certGen.copyAndAddExtension(new ASN1ObjectIdentifier("2.5.99.99"), true, baseCert); + + fail("exception not thrown on dud extension copy"); + } + catch (NullPointerException e) + { + // expected + } + +// try +// { +// certGen.setPublicKey(dudPublicKey); +// +// certGen.generate(privKey, BC); +// +// fail("key without encoding not detected in v3"); +// } +// catch (IllegalArgumentException e) +// { +// // expected +// } + + } + + public void testForgedSignature() + throws Exception + { + String cert = "MIIBsDCCAVoCAQYwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV" + + "BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD" + + "VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw0wNjA5MTEyMzU4NTVa" + + "Fw0wNjEwMTEyMzU4NTVaMGMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNs" + + "YW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEjMCEGA1UEAxMaU2VydmVy" + + "IHRlc3QgY2VydCAoNTEyIGJpdCkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PD" + + "hCeV/xIxUg8V70YRxK2A5jZbD92A12GN4PxyRQk0/lVmRUNMaJdq/qigpd9feP/u" + + "12S4PwTLb/8q/v657QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAbynCRIlUQgaqyNgU" + + "DF6P14yRKUtX8akOP2TwStaSiVf/akYqfLFm3UGka5XbPj4rifrZ0/sOoZEEBvHQ" + + "e20sRA=="; + + X509CertificateHolder hldr = new X509CertificateHolder(Base64.decode(cert)); + + assertFalse(hldr.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(hldr))); + } + + private void pemTest() + throws Exception + { + CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC"); + + X509Certificate cert = readPEMCert(cf, PEMData.CERTIFICATE_1); + if (cert == null) + { + fail("PEM cert not read"); + } + cert = readPEMCert(cf, "-----BEGIN CERTIFICATE-----" + PEMData.CERTIFICATE_2); + if (cert == null) + { + fail("PEM cert with extraneous header not read"); + } + CRL crl = cf.generateCRL(new ByteArrayInputStream(PEMData.CRL_1.getBytes("US-ASCII"))); + if (crl == null) + { + fail("PEM crl not read"); + } + Collection col = cf.generateCertificates(new ByteArrayInputStream(PEMData.CERTIFICATE_2.getBytes("US-ASCII"))); + if (col.size() != 1 || !col.contains(cert)) + { + fail("PEM cert collection not right"); + } + col = cf.generateCRLs(new ByteArrayInputStream(PEMData.CRL_2.getBytes("US-ASCII"))); + if (col.size() != 1 || !col.contains(crl)) + { + fail("PEM crl collection not right"); + } + } + + private static X509Certificate readPEMCert(CertificateFactory cf, String pemData) + throws CertificateException, UnsupportedEncodingException + { + return (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(pemData.getBytes("US-ASCII"))); + } + + private void createPSSCert(String algorithm) + throws Exception + { + AsymmetricCipherKeyPair pair = generateLongFixedKeys(); + + AsymmetricKeyParameter privKey = (AsymmetricKeyParameter)pair.getPrivate(); + AsymmetricKeyParameter pubKey = (AsymmetricKeyParameter)pair.getPublic(); + + // + // distinguished name table. + // + + X500NameBuilder builder = createStdBuilder(); + + // + // create base certificate - version 3 + // + BcX509ExtensionUtils extFact = new BcX509ExtensionUtils(new SHA1DigestCalculator()); + + AlgorithmIdentifier sigAlgId = sigAlgFinder.find(algorithm); + AlgorithmIdentifier digAlgId = digAlgFinder.find(sigAlgId); + + ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privKey); + BcX509v3CertificateBuilder certGen = new BcX509v3CertificateBuilder(builder.build(),BigInteger.valueOf(1), + new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),builder.build(),pubKey); + + certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.15"), true, + new KeyUsage(KeyUsage.encipherOnly)); + certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.37"), true, + new DERSequence(KeyPurposeId.anyExtendedKeyUsage)); + certGen.addExtension(new ASN1ObjectIdentifier("2.5.29.17"), true, + new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test"))); + + certGen.addExtension(Extension.authorityKeyIdentifier, true, extFact.createAuthorityKeyIdentifier(pubKey)); + + X509CertificateHolder baseCert = certGen.build(sigGen); + + assertTrue(baseCert.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey))); + } + + private AsymmetricCipherKeyPair generateLongFixedKeys() + { + RSAKeyParameters pubKeySpec = new RSAKeyParameters( + false, + new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16), + new BigInteger("010001",16)); + + RSAKeyParameters privKeySpec = new RSAPrivateCrtKeyParameters( + new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",16), + new BigInteger("010001",16), + new BigInteger("33a5042a90b27d4f5451ca9bbbd0b44771a101af884340aef9885f2a4bbe92e894a724ac3c568c8f97853ad07c0266c8c6a3ca0929f1e8f11231884429fc4d9ae55fee896a10ce707c3ed7e734e44727a39574501a532683109c2abacaba283c31b4bd2f53c3ee37e352cee34f9e503bd80c0622ad79c6dcee883547c6a3b325",16), + new BigInteger("e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443",16), + new BigInteger("b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd",16), + new BigInteger("28fa13938655be1f8a159cbaca5a72ea190c30089e19cd274a556f36c4f6e19f554b34c077790427bbdd8dd3ede2448328f385d81b30e8e43b2fffa027861979",16), + new BigInteger("1a8b38f398fa712049898d7fb79ee0a77668791299cdfa09efc0e507acb21ed74301ef5bfd48be455eaeb6e1678255827580a8e4e8e14151d1510a82a3f2e729",16), + new BigInteger("27156aba4126d24a81f3a528cbfb27f56886f840a9f6e86e17a44b94fe9319584b8e22fdde1e5a2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24a79f4d",16)); + + return new AsymmetricCipherKeyPair(pubKeySpec, privKeySpec); + } + + public void testNullDerNullCert() + throws Exception + { + AsymmetricCipherKeyPair pair = generateLongFixedKeys(); + AsymmetricKeyParameter pubKey = (AsymmetricKeyParameter)pair.getPublic(); + AsymmetricKeyParameter privKey = (AsymmetricKeyParameter)pair.getPrivate(); + + DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder(); + DefaultDigestAlgorithmIdentifierFinder digAlgFinder = new DefaultDigestAlgorithmIdentifierFinder(); + + AlgorithmIdentifier sigAlgId = sigAlgFinder.find("MD5withRSA"); + AlgorithmIdentifier digAlgId = digAlgFinder.find(sigAlgId); + + ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privKey); + BcX509v3CertificateBuilder certGen = new BcX509v3CertificateBuilder(new X500Name("CN=Test"),BigInteger.valueOf(1),new Date(System.currentTimeMillis() - 50000),new Date(System.currentTimeMillis() + 50000),new X500Name("CN=Test"),pubKey); + X509CertificateHolder cert = certGen.build(sigGen); + + Certificate struct = Certificate.getInstance(cert.getEncoded()); + + ASN1Object tbsCertificate = struct.getTBSCertificate(); + AlgorithmIdentifier sig = struct.getSignatureAlgorithm(); + + ASN1EncodableVector v = new ASN1EncodableVector(); + + v.add(tbsCertificate); + v.add(new AlgorithmIdentifier(sig.getAlgorithm())); + v.add(struct.getSignature()); + + // verify + ByteArrayInputStream bIn; + String dump = ""; + + bIn = new ByteArrayInputStream(new DERSequence(v).getEncoded()); + + cert = new X509CertificateHolder(new DERSequence(v).getEncoded()); + + assertTrue(cert.isSignatureValid(new BcRSAContentVerifierProviderBuilder(digAlgFinder).build(pubKey))); + } + + public void testCertificates() + throws Exception + { + checkCertificate(1, cert1); + checkCertificate(2, cert2); + checkCertificate(3, cert3); + checkCertificate(4, cert4); + checkCertificate(5, cert5); + //checkCertificate(7, cert7); + + checkKeyUsage(8, keyUsage); + + checkSelfSignedCertificate(11, probSelfSignedCert); + + checkCRL(1, crl1); + + checkCreation1(); + checkCreation2(); + checkCreation5(); + + createPSSCert("SHA1withRSAandMGF1"); + createPSSCert("SHA224withRSAandMGF1"); + createPSSCert("SHA256withRSAandMGF1"); + createPSSCert("SHA384withRSAandMGF1"); + + checkCRLCreation1(); + checkCRLCreation2(); + checkCRLCreation3(); + + pemTest(); + + checkCertificate(18, emptyDNCert); + } +} diff --git a/pkix/src/test/jdk1.3/org/bouncycastle/cert/test/PKCS10Test.java b/pkix/src/test/jdk1.3/org/bouncycastle/cert/test/PKCS10Test.java index 8109824e..2865e825 100644 --- a/pkix/src/test/jdk1.3/org/bouncycastle/cert/test/PKCS10Test.java +++ b/pkix/src/test/jdk1.3/org/bouncycastle/cert/test/PKCS10Test.java @@ -24,6 +24,7 @@ import org.bouncycastle.asn1.x500.style.BCStyle; import org.bouncycastle.asn1.x509.BasicConstraints; import org.bouncycastle.asn1.x509.KeyUsage; import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x509.X509Extension; import org.bouncycastle.asn1.x509.X509Extensions; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; @@ -40,6 +41,7 @@ import org.bouncycastle.operator.ContentSigner; import org.bouncycastle.operator.ContentVerifierProvider; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder; +import org.bouncycastle.cert.bc.BcX509ExtensionUtils; import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest; diff --git a/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/AllTests.java b/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/AllTests.java index f8358aa5..2a7f57e0 100644 --- a/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/AllTests.java +++ b/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/AllTests.java @@ -16,16 +16,24 @@ public class AllTests public static Test suite() throws Exception - { + { TestSuite suite = new TestSuite("CMS tests"); - - suite.addTest(CompressedDataTest.suite()); - suite.addTest(SignedDataTest.suite()); - suite.addTest(EnvelopedDataTest.suite()); - suite.addTest(CompressedDataStreamTest.suite()); - suite.addTest(SignedDataStreamTest.suite()); - suite.addTest(EnvelopedDataStreamTest.suite()); + suite.addTest(NewCompressedDataTest.suite()); + suite.addTest(NewSignedDataTest.suite()); + suite.addTest(NewEnvelopedDataTest.suite()); + suite.addTest(NewAuthenticatedDataTest.suite()); + suite.addTest(NewAuthenticatedDataStreamTest.suite()); + suite.addTest(NewCompressedDataStreamTest.suite()); + suite.addTest(NewSignedDataStreamTest.suite()); + suite.addTest(NewEnvelopedDataStreamTest.suite()); + + suite.addTest(MiscDataStreamTest.suite()); + suite.addTest(Rfc4134Test.suite()); + suite.addTest(ConverterTest.suite()); + + suite.addTest(BcEnvelopedDataTest.suite()); + suite.addTest(BcSignedDataTest.suite()); return suite; } diff --git a/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/Rfc4134Test.java b/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/Rfc4134Test.java deleted file mode 100644 index 39ae6c09..00000000 --- a/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/Rfc4134Test.java +++ /dev/null @@ -1,430 +0,0 @@ -package org.bouncycastle.cms.test; - -import java.io.ByteArrayInputStream; -import java.io.FileInputStream; -import java.io.IOException; -import java.security.KeyFactory; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.Security; -import org.bouncycastle.jce.cert.CertStore; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.security.interfaces.DSAParams; -import java.security.interfaces.DSAPublicKey; -import java.security.spec.DSAPublicKeySpec; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.PKCS8EncodedKeySpec; -import java.util.Arrays; -import java.util.Collection; -import java.util.Iterator; - -import junit.framework.Test; -import junit.framework.TestCase; -import junit.framework.TestSuite; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERUTF8String; -import org.bouncycastle.asn1.cms.Attribute; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.CMSAttributes; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.cms.CMSEnvelopedData; -import org.bouncycastle.cms.CMSEnvelopedDataGenerator; -import org.bouncycastle.cms.CMSEnvelopedDataParser; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.CMSProcessableByteArray; -import org.bouncycastle.cms.CMSSignedData; -import org.bouncycastle.cms.CMSSignedDataParser; -import org.bouncycastle.cms.CMSTypedStream; -import org.bouncycastle.cms.RecipientInformation; -import org.bouncycastle.cms.RecipientInformationStore; -import org.bouncycastle.cms.SignerInformation; -import org.bouncycastle.cms.SignerInformationStore; -import org.bouncycastle.cms.jcajce.JcaX509CertSelectorConverter; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.util.encoders.Hex; -import org.bouncycastle.util.io.Streams; - -public class Rfc4134Test - extends TestCase -{ - private static final String BC = BouncyCastleProvider.PROVIDER_NAME; - private static final String TEST_DATA_HOME = "bc.test.data.home"; - - private static byte[] exContent = getRfc4134Data("ExContent.bin"); - private static byte[] sha1 = Hex.decode("406aec085279ba6e16022d9e0629c0229687dd48"); - - private static final JcaX509CertSelectorConverter selectorConverter = new JcaX509CertSelectorConverter(); - - public Rfc4134Test(String name) - { - super(name); - } - - public static void main(String args[]) - { - Security.addProvider(new BouncyCastleProvider()); - - junit.textui.TestRunner.run(Rfc4134Test.class); - } - - public static Test suite() - throws Exception - { - return new CMSTestSetup(new TestSuite(Rfc4134Test.class)); - } - - public void test4_1() - throws Exception - { - byte[] data = getRfc4134Data("4.1.bin"); - CMSSignedData signedData = new CMSSignedData(data); - - verifySignatures(signedData); - - CMSSignedDataParser parser = new CMSSignedDataParser(data); - - verifySignatures(parser); - } - - public void test4_2() - throws Exception - { - byte[] data = getRfc4134Data("4.2.bin"); - CMSSignedData signedData = new CMSSignedData(data); - - verifySignatures(signedData); - - CMSSignedDataParser parser = new CMSSignedDataParser(data); - - verifySignatures(parser); - } - - public void testRfc4_3() - throws Exception - { - byte[] data = getRfc4134Data("4.3.bin"); - CMSSignedData signedData = new CMSSignedData(new CMSProcessableByteArray(exContent), data); - - verifySignatures(signedData, sha1); - - CMSSignedDataParser parser = new CMSSignedDataParser( - new CMSTypedStream(new ByteArrayInputStream(exContent)), - data); - - verifySignatures(parser); - } - - public void test4_4() - throws Exception - { - byte[] data = getRfc4134Data("4.4.bin"); - byte[] counterSigCert = getRfc4134Data("AliceRSASignByCarl.cer"); - CMSSignedData signedData = new CMSSignedData(data); - - verifySignatures(signedData, sha1); - - verifySignerInfo4_4(getFirstSignerInfo(signedData.getSignerInfos()), counterSigCert); - - CMSSignedDataParser parser = new CMSSignedDataParser(data); - - verifySignatures(parser); - - verifySignerInfo4_4(getFirstSignerInfo(parser.getSignerInfos()), counterSigCert); - } - - public void test4_5() - throws Exception - { - byte[] data = getRfc4134Data("4.5.bin"); - CMSSignedData signedData = new CMSSignedData(data); - - verifySignatures(signedData); - - CMSSignedDataParser parser = new CMSSignedDataParser(data); - - verifySignatures(parser); - } - - public void test4_6() - throws Exception - { - byte[] data = getRfc4134Data("4.6.bin"); - CMSSignedData signedData = new CMSSignedData(data); - - verifySignatures(signedData); - - CMSSignedDataParser parser = new CMSSignedDataParser(data); - - verifySignatures(parser); - } - - public void test4_7() - throws Exception - { - byte[] data = getRfc4134Data("4.7.bin"); - CMSSignedData signedData = new CMSSignedData(data); - - verifySignatures(signedData); - - CMSSignedDataParser parser = new CMSSignedDataParser(data); - - verifySignatures(parser); - } - - public void test5_1() - throws Exception - { - byte[] data = getRfc4134Data("5.1.bin"); - CMSEnvelopedData envelopedData = new CMSEnvelopedData(data); - - verifyEnvelopedData(envelopedData, CMSEnvelopedDataGenerator.DES_EDE3_CBC); - - CMSEnvelopedDataParser envelopedParser = new CMSEnvelopedDataParser(data); - - verifyEnvelopedData(envelopedParser, CMSEnvelopedDataGenerator.DES_EDE3_CBC); - } - - public void test5_2() - throws Exception - { - byte[] data = getRfc4134Data("5.2.bin"); - CMSEnvelopedData envelopedData = new CMSEnvelopedData(data); - - verifyEnvelopedData(envelopedData, CMSEnvelopedDataGenerator.RC2_CBC); - - CMSEnvelopedDataParser envelopedParser = new CMSEnvelopedDataParser(data); - - verifyEnvelopedData(envelopedParser, CMSEnvelopedDataGenerator.RC2_CBC); - } - - private void verifyEnvelopedData(CMSEnvelopedData envelopedData, String symAlgorithmOID) - throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException, CMSException - { - byte[] privKeyData = getRfc4134Data("BobPrivRSAEncrypt.pri"); - PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privKeyData); - KeyFactory keyFact = KeyFactory.getInstance("RSA", BC); - PrivateKey privKey = keyFact.generatePrivate(keySpec); - - RecipientInformationStore recipients = envelopedData.getRecipientInfos(); - - assertEquals(envelopedData.getEncryptionAlgOID(), symAlgorithmOID); - - Collection c = recipients.getRecipients(); - assertTrue(c.size() >= 1 && c.size() <= 2); - - Iterator it = c.iterator(); - verifyRecipient((RecipientInformation)it.next(), privKey); - - if (c.size() == 2) - { - RecipientInformation recInfo = (RecipientInformation)it.next(); - - assertEquals(PKCSObjectIdentifiers.id_alg_CMSRC2wrap.getId(), recInfo.getKeyEncryptionAlgOID()); - } - } - - private void verifyEnvelopedData(CMSEnvelopedDataParser envelopedParser, String symAlgorithmOID) - throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException, CMSException - { - byte[] privKeyData = getRfc4134Data("BobPrivRSAEncrypt.pri"); - PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privKeyData); - KeyFactory keyFact = KeyFactory.getInstance("RSA", BC); - PrivateKey privKey = keyFact.generatePrivate(keySpec); - - RecipientInformationStore recipients = envelopedParser.getRecipientInfos(); - - assertEquals(envelopedParser.getEncryptionAlgOID(), symAlgorithmOID); - - Collection c = recipients.getRecipients(); - assertTrue(c.size() >= 1 && c.size() <= 2); - - Iterator it = c.iterator(); - verifyRecipient((RecipientInformation)it.next(), privKey); - - if (c.size() == 2) - { - RecipientInformation recInfo = (RecipientInformation)it.next(); - - assertEquals(PKCSObjectIdentifiers.id_alg_CMSRC2wrap.getId(), recInfo.getKeyEncryptionAlgOID()); - } - } - - private void verifyRecipient(RecipientInformation recipient, PrivateKey privKey) - throws CMSException, NoSuchProviderException - { - assertEquals(recipient.getKeyEncryptionAlgOID(), PKCSObjectIdentifiers.rsaEncryption.getId()); - - byte[] recData = recipient.getContent(privKey, BC); - - assertEquals(true, Arrays.equals(exContent, recData)); - } - - private void verifySignerInfo4_4(SignerInformation signerInfo, byte[] counterSigCert) - throws Exception - { - verifyCounterSignature(signerInfo, counterSigCert); - - verifyContentHint(signerInfo); - } - - private SignerInformation getFirstSignerInfo(SignerInformationStore store) - { - return (SignerInformation)store.getSigners().iterator().next(); - } - - private void verifyCounterSignature(SignerInformation signInfo, byte[] certificate) - throws Exception - { - SignerInformation csi = (SignerInformation)signInfo.getCounterSignatures().getSigners().iterator().next(); - - CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC); - X509Certificate cert = (X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(certificate)); - - assertTrue(csi.verify(cert, BC)); - } - - private void verifyContentHint(SignerInformation signInfo) - { - AttributeTable attrTable = signInfo.getUnsignedAttributes(); - - Attribute attr = attrTable.get(CMSAttributes.contentHint); - - assertEquals(1, attr.getAttrValues().size()); - - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new DERUTF8String("Content Hints Description Buffer")); - v.add(CMSObjectIdentifiers.data); - - assertTrue(attr.getAttrValues().getObjectAt(0).equals(new DERSequence(v))); - } - - private void verifySignatures(CMSSignedData s, byte[] contentDigest) - throws Exception - { - CertStore certStore = s.getCertificatesAndCRLs("Collection", BC); - SignerInformationStore signers = s.getSignerInfos(); - - Collection c = signers.getSigners(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certStore.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - verifySigner(signer, cert); - - if (contentDigest != null) - { - assertTrue(MessageDigest.isEqual(contentDigest, signer.getContentDigest())); - } - } - - Collection certColl = certStore.getCertificates(null); - Collection crlColl = certStore.getCRLs(null); - - assertEquals(certColl.size(), s.getCertificates("Collection", BC).getMatches(null).size()); - assertEquals(crlColl.size(), s.getCRLs("Collection", BC).getMatches(null).size()); - } - - private void verifySignatures(CMSSignedData s) - throws Exception - { - verifySignatures(s, null); - } - - private void verifySignatures(CMSSignedDataParser sp) - throws Exception - { - CMSTypedStream sc = sp.getSignedContent(); - if (sc != null) - { - sc.drain(); - } - - CertStore certs = sp.getCertificatesAndCRLs("Collection", BC); - SignerInformationStore signers = sp.getSignerInfos(); - - Collection c = signers.getSigners(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certs.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - verifySigner(signer, cert); - } - } - - private void verifySigner(SignerInformation signer, X509Certificate cert) - throws Exception - { - if (cert.getPublicKey() instanceof DSAPublicKey) - { - DSAPublicKey key = (DSAPublicKey)cert.getPublicKey(); - - if (key.getParams() == null) - { - assertEquals(true, signer.verify(getInheritedKey(key), BC)); - } - else - { - assertEquals(true, signer.verify(cert, BC)); - } - } - else - { - assertEquals(true, signer.verify(cert, BC)); - } - } - - private PublicKey getInheritedKey(DSAPublicKey key) - throws Exception - { - CertificateFactory certFact = CertificateFactory.getInstance("X.509", BC); - - X509Certificate cert = (X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(getRfc4134Data("CarlDSSSelf.cer"))); - - DSAParams dsaParams = ((DSAPublicKey)cert.getPublicKey()).getParams(); - - DSAPublicKeySpec dsaPubKeySpec = new DSAPublicKeySpec( - key.getY(), dsaParams.getP(), dsaParams.getQ(), dsaParams.getG()); - - KeyFactory keyFactory = KeyFactory.getInstance("DSA", BC); - - return keyFactory.generatePublic(dsaPubKeySpec); - } - - private static byte[] getRfc4134Data(String name) - { - String dataHome = System.getProperty(TEST_DATA_HOME); - - if (dataHome == null) - { - throw new IllegalStateException(TEST_DATA_HOME + " property not set"); - } - - try - { - return Streams.readAll(new FileInputStream(dataHome + "/rfc4134/" + name)); - } - catch (IOException e) - { - throw new RuntimeException(e.toString()); - } - } -} diff --git a/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/SignedDataStreamTest.java b/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/SignedDataStreamTest.java deleted file mode 100644 index 39becc42..00000000 --- a/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/SignedDataStreamTest.java +++ /dev/null @@ -1,1158 +0,0 @@ -package org.bouncycastle.cms.test; - -import java.io.BufferedOutputStream; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.OutputStream; -import java.security.InvalidKeyException; -import java.security.KeyPair; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import org.bouncycastle.jce.cert.CertStore; -import org.bouncycastle.jce.cert.CollectionCertStoreParameters; -import java.security.cert.X509CRL; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.Hashtable; -import java.util.Iterator; -import java.util.List; -import java.util.Map; - -import junit.framework.Test; -import junit.framework.TestCase; -import junit.framework.TestSuite; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.Attribute; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.CMSAttributes; -import org.bouncycastle.cms.CMSAttributeTableGenerator; -import org.bouncycastle.cms.CMSProcessable; -import org.bouncycastle.cms.CMSProcessableByteArray; -import org.bouncycastle.cms.CMSSignedData; -import org.bouncycastle.cms.CMSSignedDataGenerator; -import org.bouncycastle.cms.CMSSignedDataParser; -import org.bouncycastle.cms.CMSSignedDataStreamGenerator; -import org.bouncycastle.cms.CMSSignedGenerator; -import org.bouncycastle.cms.CMSTypedStream; -import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator; -import org.bouncycastle.cms.SignerInformation; -import org.bouncycastle.cms.SignerInformationStore; -import org.bouncycastle.cms.jcajce.JcaX509CertSelectorConverter; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.util.encoders.Base64; -import org.bouncycastle.x509.X509AttributeCertificate; -import org.bouncycastle.x509.X509CollectionStoreParameters; -import org.bouncycastle.x509.X509Store; - -public class SignedDataStreamTest - extends TestCase -{ - private static final String BC = BouncyCastleProvider.PROVIDER_NAME; - - private static final String TEST_MESSAGE = "Hello World!"; - private static String _signDN; - private static KeyPair _signKP; - private static X509Certificate _signCert; - - private static String _origDN; - private static KeyPair _origKP; - private static X509Certificate _origCert; - - private static String _reciDN; - private static KeyPair _reciKP; - private static X509Certificate _reciCert; - - private static KeyPair _origDsaKP; - private static X509Certificate _origDsaCert; - - private static X509CRL _signCrl; - private static X509CRL _origCrl; - - private static boolean _initialised = false; - - private static final JcaX509CertSelectorConverter selectorConverter = new JcaX509CertSelectorConverter(); - - public SignedDataStreamTest(String name) - { - super(name); - } - - private static void init() - throws Exception - { - if (!_initialised) - { - _initialised = true; - - _signDN = "O=Bouncy Castle, C=AU"; - _signKP = CMSTestUtil.makeKeyPair(); - _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _signKP, _signDN); - - _origDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU"; - _origKP = CMSTestUtil.makeKeyPair(); - _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _signKP, _signDN); - - _origDsaKP = CMSTestUtil.makeDsaKeyPair(); - _origDsaCert = CMSTestUtil.makeCertificate(_origDsaKP, _origDN, _signKP, _signDN); - - _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU"; - _reciKP = CMSTestUtil.makeKeyPair(); - _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN); - - _signCrl = CMSTestUtil.makeCrl(_signKP); - _origCrl = CMSTestUtil.makeCrl(_origKP); - } - } - - private void verifySignatures(CMSSignedDataParser sp, byte[] contentDigest) - throws Exception - { - CertStore certStore = sp.getCertificatesAndCRLs("Collection", BC); - SignerInformationStore signers = sp.getSignerInfos(); - - Collection c = signers.getSigners(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certStore.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertEquals(true, signer.verify(cert, BC)); - - if (contentDigest != null) - { - assertTrue(MessageDigest.isEqual(contentDigest, signer.getContentDigest())); - } - } - - Collection certColl = certStore.getCertificates(null); - Collection crlColl = certStore.getCRLs(null); - - assertEquals(certColl.size(), sp.getCertificates("Collection", BC).getMatches(null).size()); - assertEquals(crlColl.size(), sp.getCRLs("Collection", BC).getMatches(null).size()); - } - - private void verifySignatures(CMSSignedDataParser sp) - throws Exception - { - verifySignatures(sp, null); - } - - private void verifyEncodedData(ByteArrayOutputStream bOut) - throws Exception - { - CMSSignedDataParser sp; - sp = new CMSSignedDataParser(bOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - - sp.close(); - } - - private void checkSigParseable(byte[] sig) - throws Exception - { - CMSSignedDataParser sp = new CMSSignedDataParser(sig); - sp.getVersion(); - CMSTypedStream sc = sp.getSignedContent(); - if (sc != null) - { - sc.drain(); - } - sp.getCertificatesAndCRLs("Collection", BC); - sp.getSignerInfos(); - sp.close(); - } - - public void testEarlyInvalidKeyException() throws Exception - { - try - { - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - gen.addSigner( _origKP.getPrivate(), _origCert, - "DSA", // DOESN'T MATCH KEY ALG - CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - fail("Expected InvalidKeyException in addSigner"); - } - catch (InvalidKeyException e) - { - // Ignore - } - } - - public void testEarlyNoSuchAlgorithmException() throws Exception - { - try - { - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - gen.addSigner( _origKP.getPrivate(), _origCert, - CMSSignedDataStreamGenerator.DIGEST_SHA1, // BAD OID! - CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - fail("Expected NoSuchAlgorithmException in addSigner"); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - - public void testSha1EncapsulatedSignature() - throws Exception - { - byte[] encapSigData = Base64.decode( - "MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEH" - + "AaCAJIAEDEhlbGxvIFdvcmxkIQAAAAAAAKCCBGIwggINMIIBdqADAgECAgEF" - + "MA0GCSqGSIb3DQEBBAUAMCUxFjAUBgNVBAoTDUJvdW5jeSBDYXN0bGUxCzAJ" - + "BgNVBAYTAkFVMB4XDTA1MDgwNzA2MjU1OVoXDTA1MTExNTA2MjU1OVowJTEW" - + "MBQGA1UEChMNQm91bmN5IENhc3RsZTELMAkGA1UEBhMCQVUwgZ8wDQYJKoZI" - + "hvcNAQEBBQADgY0AMIGJAoGBAI1fZGgH9wgC3QiK6yluH6DlLDkXkxYYL+Qf" - + "nVRszJVYl0LIxZdpb7WEbVpO8fwtEgFtoDsOdxyqh3dTBv+L7NVD/v46kdPt" - + "xVkSNHRbutJVY8Xn4/TC/CDngqtbpbniMO8n0GiB6vs94gBT20M34j96O2IF" - + "73feNHP+x8PkJ+dNAgMBAAGjTTBLMB0GA1UdDgQWBBQ3XUfEE6+D+t+LIJgK" - + "ESSUE58eyzAfBgNVHSMEGDAWgBQ3XUfEE6+D+t+LIJgKESSUE58eyzAJBgNV" - + "HRMEAjAAMA0GCSqGSIb3DQEBBAUAA4GBAFK3r1stYOeXYJOlOyNGDTWEhZ+a" - + "OYdFeFaS6c+InjotHuFLAy+QsS8PslE48zYNFEqYygGfLhZDLlSnJ/LAUTqF" - + "01vlp+Bgn/JYiJazwi5WiiOTf7Th6eNjHFKXS3hfSGPNPIOjvicAp3ce3ehs" - + "uK0MxgLAaxievzhFfJcGSUMDMIICTTCCAbagAwIBAgIBBzANBgkqhkiG9w0B" - + "AQQFADAlMRYwFAYDVQQKEw1Cb3VuY3kgQ2FzdGxlMQswCQYDVQQGEwJBVTAe" - + "Fw0wNTA4MDcwNjI1NTlaFw0wNTExMTUwNjI1NTlaMGUxGDAWBgNVBAMTD0Vy" - + "aWMgSC4gRWNoaWRuYTEkMCIGCSqGSIb3DQEJARYVZXJpY0Bib3VuY3ljYXN0" - + "bGUub3JnMRYwFAYDVQQKEw1Cb3VuY3kgQ2FzdGxlMQswCQYDVQQGEwJBVTCB" - + "nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAgHCJyfwV6/V3kqSu2SOU2E/K" - + "I+N0XohCMUaxPLLNtNBZ3ijxwaV6JGFz7siTgZD/OGfzir/eZimkt+L1iXQn" - + "OAB+ZChivKvHtX+dFFC7Vq+E4Uy0Ftqc/wrGxE6DHb5BR0hprKH8wlDS8wSP" - + "zxovgk4nH0ffUZOoDSuUgjh3gG8CAwEAAaNNMEswHQYDVR0OBBYEFLfY/4EG" - + "mYrvJa7Cky+K9BJ7YmERMB8GA1UdIwQYMBaAFDddR8QTr4P634sgmAoRJJQT" - + "nx7LMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEEBQADgYEADIOmpMd6UHdMjkyc" - + "mIE1yiwfClCsGhCK9FigTg6U1G2FmkBwJIMWBlkeH15uvepsAncsgK+Cn3Zr" - + "dZMb022mwtTJDtcaOM+SNeuCnjdowZ4i71Hf68siPm6sMlZkhz49rA0Yidoo" - + "WuzYOO+dggzwDsMldSsvsDo/ARyCGOulDOAxggEvMIIBKwIBATAqMCUxFjAU" - + "BgNVBAoTDUJvdW5jeSBDYXN0bGUxCzAJBgNVBAYTAkFVAgEHMAkGBSsOAwIa" - + "BQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP" - + "Fw0wNTA4MDcwNjI1NTlaMCMGCSqGSIb3DQEJBDEWBBQu973mCM5UBOl9XwQv" - + "lfifHCMocTANBgkqhkiG9w0BAQEFAASBgGxnBl2qozYKLgZ0ygqSFgWcRGl1" - + "LgNuE587LtO+EKkgoc3aFqEdjXlAyP8K7naRsvWnFrsB6pUpnrgI9Z8ZSKv8" - + "98IlpsSSJ0jBlEb4gzzavwcBpYbr2ryOtDcF+kYmKIpScglyyoLzm+KPXOoT" - + "n7MsJMoKN3Kd2Vzh6s10PFgeAAAAAAAA"); - - CMSSignedDataParser sp = new CMSSignedDataParser(encapSigData); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - } - - public void testSHA1WithRSANoAttributes() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray(TEST_MESSAGE.getBytes()); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData s = gen.generate(CMSSignedDataGenerator.DATA, msg, false, BC, false); - - CMSSignedDataParser sp = new CMSSignedDataParser( - new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), s.getEncoded()); - - sp.getSignedContent().drain(); - - // - // compute expected content digest - // - MessageDigest md = MessageDigest.getInstance("SHA1", BC); - - verifySignatures(sp, md.digest(TEST_MESSAGE.getBytes())); - } - - public void testDSANoAttributes() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray(TEST_MESSAGE.getBytes()); - - certList.add(_origDsaCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origDsaKP.getPrivate(), _origDsaCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData s = gen.generate(CMSSignedDataGenerator.DATA, msg, false, BC, false); - - CMSSignedDataParser sp = new CMSSignedDataParser( - new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), s.getEncoded()); - - sp.getSignedContent().drain(); - - // - // compute expected content digest - // - MessageDigest md = MessageDigest.getInstance("SHA1", BC); - - verifySignatures(sp, md.digest(TEST_MESSAGE.getBytes())); - } - - public void testSHA1WithRSA() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - certList.add(_signCrl); - certList.add(_origCrl); - - CertStore certsAndCrls = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certsAndCrls); - - OutputStream sigOut = gen.open(bOut); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - checkSigParseable(bOut.toByteArray()); - - CMSSignedDataParser sp = new CMSSignedDataParser( - new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), bOut.toByteArray()); - - sp.getSignedContent().drain(); - - // - // compute expected content digest - // - MessageDigest md = MessageDigest.getInstance("SHA1", BC); - - verifySignatures(sp, md.digest(TEST_MESSAGE.getBytes())); - - // - // try using existing signer - // - gen = new CMSSignedDataStreamGenerator(); - - gen.addSigners(sp.getSignerInfos()); - - gen.addCertificatesAndCRLs(sp.getCertificatesAndCRLs("Collection", BC)); - - bOut.reset(); - - sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - verifyEncodedData(bOut); - - // - // look for the CRLs - // - Collection col = certsAndCrls.getCRLs(null); - - assertEquals(2, col.size()); - assertTrue(col.contains(_signCrl)); - assertTrue(col.contains(_origCrl)); - } - - public void testSHA1WithRSANonData() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - certList.add(_signCrl); - certList.add(_origCrl); - - CertStore certsAndCrls = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certsAndCrls); - - OutputStream sigOut = gen.open(bOut, "1.2.3.4", true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray()); - - CMSTypedStream stream = sp.getSignedContent(); - - assertEquals(new ASN1ObjectIdentifier("1.2.3.4"), stream.getContentType()); - - stream.drain(); - - // - // compute expected content digest - // - MessageDigest md = MessageDigest.getInstance("SHA1", BC); - - verifySignatures(sp, md.digest(TEST_MESSAGE.getBytes())); - } - - public void testSHA1AndMD5WithRSA() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_MD5, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - checkSigParseable(bOut.toByteArray()); - - CMSSignedDataParser sp = new CMSSignedDataParser( - new CMSTypedStream(new ByteArrayInputStream(TEST_MESSAGE.getBytes())), bOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - } - - public void testSHA1WithRSAEncapsulatedBufferedStream() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - // - // find unbuffered length - // - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut, true); - - for (int i = 0; i != 2000; i++) - { - sigOut.write(i & 0xff); - } - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - - int unbufferedLength = bOut.toByteArray().length; - - // - // find buffered length with buffered stream - should be equal - // - bOut = new ByteArrayOutputStream(); - - gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - sigOut = gen.open(bOut, true); - - BufferedOutputStream bfOut = new BufferedOutputStream(sigOut, 300); - - for (int i = 0; i != 2000; i++) - { - bfOut.write(i & 0xff); - } - - bfOut.close(); - - verifyEncodedData(bOut); - - assertTrue(bOut.toByteArray().length == unbufferedLength); - } - - public void testSHA1WithRSAEncapsulatedBuffered() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - // - // find unbuffered length - // - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut, true); - - for (int i = 0; i != 2000; i++) - { - sigOut.write(i & 0xff); - } - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - - int unbufferedLength = bOut.toByteArray().length; - - // - // find buffered length - buffer size less than default - // - bOut = new ByteArrayOutputStream(); - - gen = new CMSSignedDataStreamGenerator(); - - gen.setBufferSize(300); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - sigOut = gen.open(bOut, true); - - for (int i = 0; i != 2000; i++) - { - sigOut.write(i & 0xff); - } - - sigOut.close(); - - verifyEncodedData(bOut); - - assertTrue(bOut.toByteArray().length > unbufferedLength); - } - - public void testSHA1WithRSAEncapsulated() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - - byte[] contentDigest = (byte[])gen.getGeneratedDigests().get(CMSSignedGenerator.DIGEST_SHA1); - - AttributeTable table = ((SignerInformation)sp.getSignerInfos().getSigners().iterator().next()).getSignedAttributes(); - Attribute hash = table.get(CMSAttributes.messageDigest); - - assertTrue(MessageDigest.isEqual(contentDigest, ((ASN1OctetString)hash.getAttrValues().getObjectAt(0)).getOctets())); - - // - // try using existing signer - // - gen = new CMSSignedDataStreamGenerator(); - - gen.addSigners(sp.getSignerInfos()); - - gen.addCertificatesAndCRLs(sp.getCertificatesAndCRLs("Collection", BC)); - - bOut.reset(); - - sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedData sd = new CMSSignedData(new CMSProcessableByteArray(TEST_MESSAGE.getBytes()), bOut.toByteArray()); - - assertEquals(1, sd.getSignerInfos().getSigners().size()); - - verifyEncodedData(bOut); - } - - public void testSHA1WithRSAEncapsulatedSubjectKeyID() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), CMSTestUtil.createSubjectKeyId(_origCert.getPublicKey()).getKeyIdentifier(), CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - - byte[] contentDigest = (byte[])gen.getGeneratedDigests().get(CMSSignedGenerator.DIGEST_SHA1); - - AttributeTable table = ((SignerInformation)sp.getSignerInfos().getSigners().iterator().next()).getSignedAttributes(); - Attribute hash = table.get(CMSAttributes.messageDigest); - - assertTrue(MessageDigest.isEqual(contentDigest, ((ASN1OctetString)hash.getAttrValues().getObjectAt(0)).getOctets())); - - // - // try using existing signer - // - gen = new CMSSignedDataStreamGenerator(); - - gen.addSigners(sp.getSignerInfos()); - - gen.addCertificatesAndCRLs(sp.getCertificatesAndCRLs("Collection", BC)); - - bOut.reset(); - - sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedData sd = new CMSSignedData(new CMSProcessableByteArray(TEST_MESSAGE.getBytes()), bOut.toByteArray()); - - assertEquals(1, sd.getSignerInfos().getSigners().size()); - - verifyEncodedData(bOut); - } - - public void testAttributeGenerators() - throws Exception - { - final ASN1ObjectIdentifier dummyOid1 = new ASN1ObjectIdentifier("1.2.3"); - final ASN1ObjectIdentifier dummyOid2 = new ASN1ObjectIdentifier("1.2.3.4"); - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - CMSAttributeTableGenerator signedGen = new DefaultSignedAttributeTableGenerator() - { - public AttributeTable getAttributes(Map parameters) - { - Hashtable table = createStandardAttributeTable(parameters); - - DEROctetString val = new DEROctetString((byte[])parameters.get(CMSAttributeTableGenerator.DIGEST)); - Attribute attr = new Attribute(dummyOid1, new DERSet(val)); - - table.put(attr.getAttrType(), attr); - - return new AttributeTable(table); - } - }; - - CMSAttributeTableGenerator unsignedGen = new CMSAttributeTableGenerator() - { - public AttributeTable getAttributes(Map parameters) - { - DEROctetString val = new DEROctetString((byte[])parameters.get(CMSAttributeTableGenerator.SIGNATURE)); - Attribute attr = new Attribute(dummyOid2, new DERSet(val)); - - return new AttributeTable(new DERSet(attr)); - } - }; - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, signedGen, unsignedGen, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - - // - // check attributes - // - SignerInformationStore signers = sp.getSignerInfos(); - - Collection c = signers.getSigners(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - checkAttribute(signer.getContentDigest(), signer.getSignedAttributes().get(dummyOid1)); - checkAttribute(signer.getSignature(), signer.getUnsignedAttributes().get(dummyOid2)); - } - } - - private void checkAttribute(byte[] expected, Attribute attr) - { - DEROctetString value = (DEROctetString)attr.getAttrValues().getObjectAt(0); - - assertEquals(new DEROctetString(expected), value); - } - - public void testWithAttributeCertificate() - throws Exception - { - List certList = new ArrayList(); - - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - X509AttributeCertificate attrCert = CMSTestUtil.getAttributeCertificate(); - - X509Store store = X509Store.getInstance("AttributeCertificate/Collection", - new X509CollectionStoreParameters(Collections.singleton(attrCert)), BC); - - gen.addAttributeCertificates(store); - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray()); - - sp.getSignedContent().drain(); - - assertEquals(4, sp.getVersion()); - - store = sp.getAttributeCertificates("Collection", BC); - - Collection coll = store.getMatches(null); - - assertEquals(1, coll.size()); - - assertTrue(coll.contains(attrCert)); - } - - public void testSignerStoreReplacement() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - byte[] data = TEST_MESSAGE.getBytes(); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut, false); - - sigOut.write(data); - - sigOut.close(); - - checkSigParseable(bOut.toByteArray()); - - // - // create new Signer - // - ByteArrayInputStream original = new ByteArrayInputStream(bOut.toByteArray()); - - bOut.reset(); - - gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA224, BC); - - gen.addCertificatesAndCRLs(certs); - - sigOut = gen.open(bOut); - - sigOut.write(data); - - sigOut.close(); - - checkSigParseable(bOut.toByteArray()); - - CMSSignedData sd = new CMSSignedData(bOut.toByteArray()); - - // - // replace signer - // - ByteArrayOutputStream newOut = new ByteArrayOutputStream(); - - CMSSignedDataParser.replaceSigners(original, sd.getSignerInfos(), newOut); - - sd = new CMSSignedData(new CMSProcessableByteArray(data), newOut.toByteArray()); - SignerInformation signer = (SignerInformation)sd.getSignerInfos().getSigners().iterator().next(); - - assertEquals(signer.getDigestAlgOID(), CMSSignedDataStreamGenerator.DIGEST_SHA224); - - CMSSignedDataParser sp = new CMSSignedDataParser(new CMSTypedStream(new ByteArrayInputStream(data)), newOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - } - - public void testEncapsulatedSignerStoreReplacement() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - // - // create new Signer - // - ByteArrayInputStream original = new ByteArrayInputStream(bOut.toByteArray()); - - bOut.reset(); - - gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA224, BC); - - gen.addCertificatesAndCRLs(certs); - - sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedData sd = new CMSSignedData(bOut.toByteArray()); - - // - // replace signer - // - ByteArrayOutputStream newOut = new ByteArrayOutputStream(); - - CMSSignedDataParser.replaceSigners(original, sd.getSignerInfos(), newOut); - - sd = new CMSSignedData(newOut.toByteArray()); - SignerInformation signer = (SignerInformation)sd.getSignerInfos().getSigners().iterator().next(); - - assertEquals(signer.getDigestAlgOID(), CMSSignedDataStreamGenerator.DIGEST_SHA224); - - CMSSignedDataParser sp = new CMSSignedDataParser(newOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - } - - public void testCertStoreReplacement() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - byte[] data = TEST_MESSAGE.getBytes(); - - certList.add(_origDsaCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut); - - sigOut.write(data); - - sigOut.close(); - - checkSigParseable(bOut.toByteArray()); - - // - // create new certstore with the right certificates - // - certList = new ArrayList(); - certList.add(_origCert); - certList.add(_signCert); - - certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - // - // replace certs - // - ByteArrayInputStream original = new ByteArrayInputStream(bOut.toByteArray()); - ByteArrayOutputStream newOut = new ByteArrayOutputStream(); - - CMSSignedDataParser.replaceCertificatesAndCRLs(original, certs, newOut); - - CMSSignedDataParser sp = new CMSSignedDataParser(new CMSTypedStream(new ByteArrayInputStream(data)), newOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - } - - public void testEncapsulatedCertStoreReplacement() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origDsaCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - // - // create new certstore with the right certificates - // - certList = new ArrayList(); - certList.add(_origCert); - certList.add(_signCert); - - certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - // - // replace certs - // - ByteArrayInputStream original = new ByteArrayInputStream(bOut.toByteArray()); - ByteArrayOutputStream newOut = new ByteArrayOutputStream(); - - CMSSignedDataParser.replaceCertificatesAndCRLs(original, certs, newOut); - - CMSSignedDataParser sp = new CMSSignedDataParser(newOut.toByteArray()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - } - - public void testCertOrdering1() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray()); - - sp.getSignedContent().drain(); - certs = sp.getCertificatesAndCRLs("Collection", BC); - Iterator it = certs.getCertificates(null).iterator(); - - assertEquals(_origCert, it.next()); - assertEquals(_signCert, it.next()); - } - - public void testCertOrdering2() - throws Exception - { - List certList = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - certList.add(_signCert); - certList.add(_origCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataStreamGenerator.DIGEST_SHA1, BC); - - gen.addCertificatesAndCRLs(certs); - - OutputStream sigOut = gen.open(bOut, true); - - sigOut.write(TEST_MESSAGE.getBytes()); - - sigOut.close(); - - CMSSignedDataParser sp = new CMSSignedDataParser(bOut.toByteArray()); - - sp.getSignedContent().drain(); - certs = sp.getCertificatesAndCRLs("Collection", BC); - Iterator it = certs.getCertificates(null).iterator(); - - assertEquals(_signCert, it.next()); - assertEquals(_origCert, it.next()); - } - - public static Test suite() - throws Exception - { - init(); - - return new CMSTestSetup(new TestSuite(SignedDataStreamTest.class)); - } -} diff --git a/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/SignedDataTest.java b/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/SignedDataTest.java deleted file mode 100644 index ef3f8de5..00000000 --- a/pkix/src/test/jdk1.3/org/bouncycastle/cms/test/SignedDataTest.java +++ /dev/null @@ -1,1573 +0,0 @@ -package org.bouncycastle.cms.test; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.security.KeyFactory; -import java.security.KeyPair; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import org.bouncycastle.jce.cert.CertStore; -import org.bouncycastle.jce.cert.CollectionCertStoreParameters; -import java.security.cert.X509CRL; -import java.security.cert.X509Certificate; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Map; - -import junit.framework.Test; -import junit.framework.TestCase; -import junit.framework.TestSuite; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cms.Attribute; -import org.bouncycastle.asn1.cms.AttributeTable; -import org.bouncycastle.asn1.cms.CMSAttributes; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.cms.CMSConfig; -import org.bouncycastle.cms.CMSProcessable; -import org.bouncycastle.cms.CMSProcessableByteArray; -import org.bouncycastle.cms.CMSSignedData; -import org.bouncycastle.cms.CMSSignedDataGenerator; -import org.bouncycastle.cms.CMSSignedDataParser; -import org.bouncycastle.cms.SignerId; -import org.bouncycastle.cms.SignerInformation; -import org.bouncycastle.cms.SignerInformationStore; -import org.bouncycastle.cms.jcajce.JcaX509CertSelectorConverter; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.util.encoders.Base64; -import org.bouncycastle.util.io.Streams; -import org.bouncycastle.x509.X509AttributeCertificate; -import org.bouncycastle.x509.X509CollectionStoreParameters; -import org.bouncycastle.x509.X509Store; - -public class SignedDataTest - extends TestCase -{ - private static final String BC = BouncyCastleProvider.PROVIDER_NAME; - - boolean DEBUG = true; - - private static String _origDN; - private static KeyPair _origKP; - private static X509Certificate _origCert; - - private static String _signDN; - private static KeyPair _signKP; - private static X509Certificate _signCert; - - private static KeyPair _signGostKP; - private static X509Certificate _signGostCert; - - private static KeyPair _signEcDsaKP; - private static X509Certificate _signEcDsaCert; - - private static KeyPair _signEcGostKP; - private static X509Certificate _signEcGostCert; - - private static KeyPair _signDsaKP; - private static X509Certificate _signDsaCert; - - private static String _reciDN; - private static KeyPair _reciKP; - private static X509Certificate _reciCert; - - private static X509CRL _signCrl; - - private static boolean _initialised = false; - - private byte[] disorderedMessage = Base64.decode( - "SU9fc3RkaW5fdXNlZABfX2xpYmNfc3RhcnRfbWFpbgBnZXRob3N0aWQAX19n" - + "bW9uX3M="); - - private byte[] disorderedSet = Base64.decode( - "MIIYXQYJKoZIhvcNAQcCoIIYTjCCGEoCAQExCzAJBgUrDgMCGgUAMAsGCSqG" - + "SIb3DQEHAaCCFqswggJUMIIBwKADAgECAgMMg6wwCgYGKyQDAwECBQAwbzEL" - + "MAkGA1UEBhMCREUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbI" - + "dXIgVGVsZWtvbW11bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwEx" - + "MBEGA1UEAxQKNFItQ0EgMTpQTjAiGA8yMDAwMDMyMjA5NDM1MFoYDzIwMDQw" - + "MTIxMTYwNDUzWjBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxpZXJ1" - + "bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9zdDEh" - + "MAwGBwKCBgEKBxQTATEwEQYDVQQDFAo1Ui1DQSAxOlBOMIGhMA0GCSqGSIb3" - + "DQEBAQUAA4GPADCBiwKBgQCKHkFTJx8GmoqFTxEOxpK9XkC3NZ5dBEKiUv0I" - + "fe3QMqeGMoCUnyJxwW0k2/53duHxtv2yHSZpFKjrjvE/uGwdOMqBMTjMzkFg" - + "19e9JPv061wyADOucOIaNAgha/zFt9XUyrHF21knKCvDNExv2MYIAagkTKaj" - + "LMAw0bu1J0FadQIFAMAAAAEwCgYGKyQDAwECBQADgYEAgFauXpoTLh3Z3pT/" - + "3bhgrxO/2gKGZopWGSWSJPNwq/U3x2EuctOJurj+y2inTcJjespThflpN+7Q" - + "nvsUhXU+jL2MtPlObU0GmLvWbi47cBShJ7KElcZAaxgWMBzdRGqTOdtMv+ev" - + "2t4igGF/q71xf6J2c3pTLWr6P8s6tzLfOCMwggJDMIIBr6ADAgECAgQAuzyu" - + "MAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1bGll" - + "cnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0" - + "MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjVSLUNBIDE6UE4wIhgPMjAwMTA4" - + "MjAwODA4MjBaGA8yMDA1MDgyMDA4MDgyMFowSzELMAkGA1UEBhMCREUxEjAQ" - + "BgNVBAoUCVNpZ250cnVzdDEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFDQSBT" - + "SUdOVFJVU1QgMTpQTjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAhV12" - + "N2WhlR6f+3CXP57GrBM9la5Vnsu2b92zv5MZqQOPeEsYbZqDCFkYg1bSwsDE" - + "XsGVQqXdQNAGUaapr/EUVVN+hNZ07GcmC1sPeQECgUkxDYjGi4ihbvzxlahj" - + "L4nX+UTzJVBfJwXoIvJ+lMHOSpnOLIuEL3SRhBItvRECxN0CAwEAAaMSMBAw" - + "DgYDVR0PAQH/BAQDAgEGMAoGBiskAwMBAgUAA4GBACDc9Pc6X8sK1cerphiV" - + "LfFv4kpZb9ev4WPy/C6987Qw1SOTElhZAmxaJQBqmDHWlQ63wj1DEqswk7hG" - + "LrvQk/iX6KXIn8e64uit7kx6DHGRKNvNGofPjr1WelGeGW/T2ZJKgmPDjCkf" - + "sIKt2c3gwa2pDn4mmCz/DStUIqcPDbqLMIICVTCCAcGgAwIBAgIEAJ16STAK" - + "BgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxpZXJ1" - + "bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9zdDEh" - + "MAwGBwKCBgEKBxQTATEwEQYDVQQDFAo1Ui1DQSAxOlBOMCIYDzIwMDEwMjAx" - + "MTM0NDI1WhgPMjAwNTAzMjIwODU1NTFaMG8xCzAJBgNVBAYTAkRFMT0wOwYD" - + "VQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0" - + "aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNhIDE6" - + "UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGLAoGBAIOiqxUkzVyqnvthihnl" - + "tsE5m1Xn5TZKeR/2MQPStc5hJ+V4yptEtIx+Fn5rOoqT5VEVWhcE35wdbPvg" - + "JyQFn5msmhPQT/6XSGOlrWRoFummXN9lQzAjCj1sgTcmoLCVQ5s5WpCAOXFw" - + "VWu16qndz3sPItn3jJ0F3Kh3w79NglvPAgUAwAAAATAKBgYrJAMDAQIFAAOB" - + "gQBpSRdnDb6AcNVaXSmGo6+kVPIBhot1LzJOGaPyDNpGXxd7LV4tMBF1U7gr" - + "4k1g9BO6YiMWvw9uiTZmn0CfV8+k4fWEuG/nmafRoGIuay2f+ILuT+C0rnp1" - + "4FgMsEhuVNJJAmb12QV0PZII+UneyhAneZuQQzVUkTcVgYxogxdSOzCCAlUw" - + "ggHBoAMCAQICBACdekowCgYGKyQDAwECBQAwbzELMAkGA1UEBhMCREUxPTA7" - + "BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11bmlr" - + "YXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNlItQ2Eg" - + "MTpQTjAiGA8yMDAxMDIwMTEzNDcwN1oYDzIwMDUwMzIyMDg1NTUxWjBvMQsw" - + "CQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1" - + "ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEw" - + "EQYDVQQDFAo1Ui1DQSAxOlBOMIGhMA0GCSqGSIb3DQEBAQUAA4GPADCBiwKB" - + "gQCKHkFTJx8GmoqFTxEOxpK9XkC3NZ5dBEKiUv0Ife3QMqeGMoCUnyJxwW0k" - + "2/53duHxtv2yHSZpFKjrjvE/uGwdOMqBMTjMzkFg19e9JPv061wyADOucOIa" - + "NAgha/zFt9XUyrHF21knKCvDNExv2MYIAagkTKajLMAw0bu1J0FadQIFAMAA" - + "AAEwCgYGKyQDAwECBQADgYEAV1yTi+2gyB7sUhn4PXmi/tmBxAfe5oBjDW8m" - + "gxtfudxKGZ6l/FUPNcrSc5oqBYxKWtLmf3XX87LcblYsch617jtNTkMzhx9e" - + "qxiD02ufcrxz2EVt0Akdqiz8mdVeqp3oLcNU/IttpSrcA91CAnoUXtDZYwb/" - + "gdQ4FI9l3+qo/0UwggJVMIIBwaADAgECAgQAxIymMAoGBiskAwMBAgUAMG8x" - + "CzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBm" - + "yHVyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMB" - + "MTARBgNVBAMUCjZSLUNhIDE6UE4wIhgPMjAwMTEwMTUxMzMxNThaGA8yMDA1" - + "MDYwMTA5NTIxN1owbzELMAkGA1UEBhMCREUxPTA7BgNVBAoUNFJlZ3VsaWVy" - + "dW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11bmlrYXRpb24gdW5kIFBvc3Qx" - + "ITAMBgcCggYBCgcUEwExMBEGA1UEAxQKN1ItQ0EgMTpQTjCBoTANBgkqhkiG" - + "9w0BAQEFAAOBjwAwgYsCgYEAiokD/j6lEP4FexF356OpU5teUpGGfUKjIrFX" - + "BHc79G0TUzgVxqMoN1PWnWktQvKo8ETaugxLkP9/zfX3aAQzDW4Zki6x6GDq" - + "fy09Agk+RJvhfbbIzRkV4sBBco0n73x7TfG/9NTgVr/96U+I+z/1j30aboM6" - + "9OkLEhjxAr0/GbsCBQDAAAABMAoGBiskAwMBAgUAA4GBAHWRqRixt+EuqHhR" - + "K1kIxKGZL2vZuakYV0R24Gv/0ZR52FE4ECr+I49o8FP1qiGSwnXB0SwjuH2S" - + "iGiSJi+iH/MeY85IHwW1P5e+bOMvEOFhZhQXQixOD7totIoFtdyaj1XGYRef" - + "0f2cPOjNJorXHGV8wuBk+/j++sxbd/Net3FtMIICVTCCAcGgAwIBAgIEAMSM" - + "pzAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxp" - + "ZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9z" - + "dDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo3Ui1DQSAxOlBOMCIYDzIwMDEx" - + "MDE1MTMzNDE0WhgPMjAwNTA2MDEwOTUyMTdaMG8xCzAJBgNVBAYTAkRFMT0w" - + "OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5p" - + "a2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNh" - + "IDE6UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGLAoGBAIOiqxUkzVyqnvth" - + "ihnltsE5m1Xn5TZKeR/2MQPStc5hJ+V4yptEtIx+Fn5rOoqT5VEVWhcE35wd" - + "bPvgJyQFn5msmhPQT/6XSGOlrWRoFummXN9lQzAjCj1sgTcmoLCVQ5s5WpCA" - + "OXFwVWu16qndz3sPItn3jJ0F3Kh3w79NglvPAgUAwAAAATAKBgYrJAMDAQIF" - + "AAOBgQBi5W96UVDoNIRkCncqr1LLG9vF9SGBIkvFpLDIIbcvp+CXhlvsdCJl" - + "0pt2QEPSDl4cmpOet+CxJTdTuMeBNXxhb7Dvualog69w/+K2JbPhZYxuVFZs" - + "Zh5BkPn2FnbNu3YbJhE60aIkikr72J4XZsI5DxpZCGh6xyV/YPRdKSljFjCC" - + "AlQwggHAoAMCAQICAwyDqzAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9" - + "MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVu" - + "aWthdGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo1Ui1D" - + "QSAxOlBOMCIYDzIwMDAwMzIyMDk0MTI3WhgPMjAwNDAxMjExNjA0NTNaMG8x" - + "CzAJBgNVBAYTAkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBm" - + "yHVyIFRlbGVrb21tdW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMB" - + "MTARBgNVBAMUCjRSLUNBIDE6UE4wgaEwDQYJKoZIhvcNAQEBBQADgY8AMIGL" - + "AoGBAI8x26tmrFJanlm100B7KGlRemCD1R93PwdnG7svRyf5ZxOsdGrDszNg" - + "xg6ouO8ZHQMT3NC2dH8TvO65Js+8bIyTm51azF6clEg0qeWNMKiiXbBXa+ph" - + "hTkGbXiLYvACZ6/MTJMJ1lcrjpRF7BXtYeYMcEF6znD4pxOqrtbf9z5hAgUA" - + "wAAAATAKBgYrJAMDAQIFAAOBgQB99BjSKlGPbMLQAgXlvA9jUsDNhpnVm3a1" - + "YkfxSqS/dbQlYkbOKvCxkPGA9NBxisBM8l1zFynVjJoy++aysRmcnLY/sHaz" - + "23BF2iU7WERy18H3lMBfYB6sXkfYiZtvQZcWaO48m73ZBySuiV3iXpb2wgs/" - + "Cs20iqroAWxwq/W/9jCCAlMwggG/oAMCAQICBDsFZ9UwCgYGKyQDAwECBQAw" - + "bzELMAkGA1UEBhMCREUxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNFItQ0Eg" - + "MTpQTjE9MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxl" - + "a29tbXVuaWthdGlvbiB1bmQgUG9zdDAiGA8xOTk5MDEyMTE3MzUzNFoYDzIw" - + "MDQwMTIxMTYwMDAyWjBvMQswCQYDVQQGEwJERTE9MDsGA1UEChQ0UmVndWxp" - + "ZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWthdGlvbiB1bmQgUG9z" - + "dDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAozUi1DQSAxOlBOMIGfMA0GCSqG" - + "SIb3DQEBAQUAA4GNADCBiQKBgI4B557mbKQg/AqWBXNJhaT/6lwV93HUl4U8" - + "u35udLq2+u9phns1WZkdM3gDfEpL002PeLfHr1ID/96dDYf04lAXQfombils" - + "of1C1k32xOvxjlcrDOuPEMxz9/HDAQZA5MjmmYHAIulGI8Qg4Tc7ERRtg/hd" - + "0QX0/zoOeXoDSEOBAgTAAAABMAoGBiskAwMBAgUAA4GBAIyzwfT3keHI/n2P" - + "LrarRJv96mCohmDZNpUQdZTVjGu5VQjVJwk3hpagU0o/t/FkdzAjOdfEw8Ql" - + "3WXhfIbNLv1YafMm2eWSdeYbLcbB5yJ1od+SYyf9+tm7cwfDAcr22jNRBqx8" - + "wkWKtKDjWKkevaSdy99sAI8jebHtWz7jzydKMIID9TCCA16gAwIBAgICbMcw" - + "DQYJKoZIhvcNAQEFBQAwSzELMAkGA1UEBhMCREUxEjAQBgNVBAoUCVNpZ250" - + "cnVzdDEoMAwGBwKCBgEKBxQTATEwGAYDVQQDFBFDQSBTSUdOVFJVU1QgMTpQ" - + "TjAeFw0wNDA3MzAxMzAyNDZaFw0wNzA3MzAxMzAyNDZaMDwxETAPBgNVBAMM" - + "CFlhY29tOlBOMQ4wDAYDVQRBDAVZYWNvbTELMAkGA1UEBhMCREUxCjAIBgNV" - + "BAUTATEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIWzLlYLQApocXIp" - + "pgCCpkkOUVLgcLYKeOd6/bXAnI2dTHQqT2bv7qzfUnYvOqiNgYdF13pOYtKg" - + "XwXMTNFL4ZOI6GoBdNs9TQiZ7KEWnqnr2945HYx7UpgTBclbOK/wGHuCdcwO" - + "x7juZs1ZQPFG0Lv8RoiV9s6HP7POqh1sO0P/AgMBAAGjggH1MIIB8TCBnAYD" - + "VR0jBIGUMIGRgBQcZzNghfnXoXRm8h1+VITC5caNRqFzpHEwbzELMAkGA1UE" - + "BhMCREUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVs" - + "ZWtvbW11bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UE" - + "AxQKNVItQ0EgMTpQToIEALs8rjAdBgNVHQ4EFgQU2e5KAzkVuKaM9I5heXkz" - + "bcAIuR8wDgYDVR0PAQH/BAQDAgZAMBIGA1UdIAQLMAkwBwYFKyQIAQEwfwYD" - + "VR0fBHgwdjB0oCygKoYobGRhcDovL2Rpci5zaWdudHJ1c3QuZGUvbz1TaWdu" - + "dHJ1c3QsYz1kZaJEpEIwQDEdMBsGA1UEAxMUQ1JMU2lnblNpZ250cnVzdDE6" - + "UE4xEjAQBgNVBAoTCVNpZ250cnVzdDELMAkGA1UEBhMCREUwYgYIKwYBBQUH" - + "AQEEVjBUMFIGCCsGAQUFBzABhkZodHRwOi8vZGlyLnNpZ250cnVzdC5kZS9T" - + "aWdudHJ1c3QvT0NTUC9zZXJ2bGV0L2h0dHBHYXRld2F5LlBvc3RIYW5kbGVy" - + "MBgGCCsGAQUFBwEDBAwwCjAIBgYEAI5GAQEwDgYHAoIGAQoMAAQDAQH/MA0G" - + "CSqGSIb3DQEBBQUAA4GBAHn1m3GcoyD5GBkKUY/OdtD6Sj38LYqYCF+qDbJR" - + "6pqUBjY2wsvXepUppEler+stH8mwpDDSJXrJyuzf7xroDs4dkLl+Rs2x+2tg" - + "BjU+ABkBDMsym2WpwgA8LCdymmXmjdv9tULxY+ec2pjSEzql6nEZNEfrU8nt" - + "ZCSCavgqW4TtMYIBejCCAXYCAQEwUTBLMQswCQYDVQQGEwJERTESMBAGA1UE" - + "ChQJU2lnbnRydXN0MSgwDAYHAoIGAQoHFBMBMTAYBgNVBAMUEUNBIFNJR05U" - + "UlVTVCAxOlBOAgJsxzAJBgUrDgMCGgUAoIGAMBgGCSqGSIb3DQEJAzELBgkq" - + "hkiG9w0BBwEwIwYJKoZIhvcNAQkEMRYEFIYfhPoyfGzkLWWSSLjaHb4HQmaK" - + "MBwGCSqGSIb3DQEJBTEPFw0wNTAzMjQwNzM4MzVaMCEGBSskCAYFMRgWFi92" - + "YXIvZmlsZXMvdG1wXzEvdGVzdDEwDQYJKoZIhvcNAQEFBQAEgYA2IvA8lhVz" - + "VD5e/itUxbFboKxeKnqJ5n/KuO/uBCl1N14+7Z2vtw1sfkIG+bJdp3OY2Cmn" - + "mrQcwsN99Vjal4cXVj8t+DJzFG9tK9dSLvD3q9zT/GQ0kJXfimLVwCa4NaSf" - + "Qsu4xtG0Rav6bCcnzabAkKuNNvKtH8amSRzk870DBg=="); - - public static byte[] xtraCounterSig = Base64.decode( - "MIIR/AYJKoZIhvcNAQcCoIIR7TCCEekCAQExCzAJBgUrDgMCGgUAMBoGCSqG" - + "SIb3DQEHAaANBAtIZWxsbyB3b3JsZKCCDnkwggTPMIIDt6ADAgECAgRDnYD3" - + "MA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNVBAYTAklUMRowGAYDVQQKExFJbi5U" - + "ZS5TLkEuIFMucC5BLjEtMCsGA1UEAxMkSW4uVGUuUy5BLiAtIENlcnRpZmlj" - + "YXRpb24gQXV0aG9yaXR5MB4XDTA4MDkxMjExNDMxMloXDTEwMDkxMjExNDMx" - + "MlowgdgxCzAJBgNVBAYTAklUMSIwIAYDVQQKDBlJbnRlc2EgUy5wLkEuLzA1" - + "MjYyODkwMDE0MSowKAYDVQQLDCFCdXNpbmVzcyBDb2xsYWJvcmF0aW9uICYg" - + "U2VjdXJpdHkxHjAcBgNVBAMMFU1BU1NJTUlMSUFOTyBaSUNDQVJESTERMA8G" - + "A1UEBAwIWklDQ0FSREkxFTATBgNVBCoMDE1BU1NJTUlMSUFOTzEcMBoGA1UE" - + "BRMTSVQ6WkNDTVNNNzZIMTRMMjE5WTERMA8GA1UELhMIMDAwMDI1ODUwgaAw" - + "DQYJKoZIhvcNAQEBBQADgY4AMIGKAoGBALeJTjmyFgx1SIP6c2AuB/kuyHo5" - + "j/prKELTALsFDimre/Hxr3wOSet1TdQfFzU8Lu+EJqgfV9cV+cI1yeH1rZs7" - + "lei7L3tX/VR565IywnguX5xwvteASgWZr537Fkws50bvTEMyYOj1Tf3FZvZU" - + "z4n4OD39KI4mfR9i1eEVIxR3AgQAizpNo4IBoTCCAZ0wHQYDVR0RBBYwFIES" - + "emljY2FyZGlAaW50ZXNhLml0MC8GCCsGAQUFBwEDBCMwITAIBgYEAI5GAQEw" - + "CwYGBACORgEDAgEUMAgGBgQAjkYBBDBZBgNVHSAEUjBQME4GBgQAizABATBE" - + "MEIGCCsGAQUFBwIBFjZodHRwOi8vZS10cnVzdGNvbS5pbnRlc2EuaXQvY2Ff" - + "cHViYmxpY2EvQ1BTX0lOVEVTQS5odG0wDgYDVR0PAQH/BAQDAgZAMIGDBgNV" - + "HSMEfDB6gBQZCQOW0bjFWBt+EORuxPagEgkQqKFcpFowWDELMAkGA1UEBhMC" - + "SVQxGjAYBgNVBAoTEUluLlRlLlMuQS4gUy5wLkEuMS0wKwYDVQQDEyRJbi5U" - + "ZS5TLkEuIC0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCBDzRARMwOwYDVR0f" - + "BDQwMjAwoC6gLIYqaHR0cDovL2UtdHJ1c3Rjb20uaW50ZXNhLml0L0NSTC9J" - + "TlRFU0EuY3JsMB0GA1UdDgQWBBTf5ItL8KmQh541Dxt7YxcWI1254TANBgkq" - + "hkiG9w0BAQUFAAOCAQEAgW+uL1CVWQepbC/wfCmR6PN37Sueb4xiKQj2mTD5" - + "UZ5KQjpivy/Hbuf0NrfKNiDEhAvoHSPC31ebGiKuTMFNyZPHfPEUnyYGSxea" - + "2w837aXJFr6utPNQGBRi89kH90sZDlXtOSrZI+AzJJn5QK3F9gjcayU2NZXQ" - + "MJgRwYmFyn2w4jtox+CwXPQ9E5XgxiMZ4WDL03cWVXDLX00EOJwnDDMUNTRI" - + "m9Zv+4SKTNlfFbi9UTBqWBySkDzAelsfB2U61oqc2h1xKmCtkGMmN9iZT+Qz" - + "ZC/vaaT+hLEBFGAH2gwFrYc4/jTBKyBYeU1vsAxsibIoTs1Apgl6MH75qPDL" - + "BzCCBM8wggO3oAMCAQICBEOdgPcwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE" - + "BhMCSVQxGjAYBgNVBAoTEUluLlRlLlMuQS4gUy5wLkEuMS0wKwYDVQQDEyRJ" - + "bi5UZS5TLkEuIC0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwOTEy" - + "MTE0MzEyWhcNMTAwOTEyMTE0MzEyWjCB2DELMAkGA1UEBhMCSVQxIjAgBgNV" - + "BAoMGUludGVzYSBTLnAuQS4vMDUyNjI4OTAwMTQxKjAoBgNVBAsMIUJ1c2lu" - + "ZXNzIENvbGxhYm9yYXRpb24gJiBTZWN1cml0eTEeMBwGA1UEAwwVTUFTU0lN" - + "SUxJQU5PIFpJQ0NBUkRJMREwDwYDVQQEDAhaSUNDQVJESTEVMBMGA1UEKgwM" - + "TUFTU0lNSUxJQU5PMRwwGgYDVQQFExNJVDpaQ0NNU003NkgxNEwyMTlZMREw" - + "DwYDVQQuEwgwMDAwMjU4NTCBoDANBgkqhkiG9w0BAQEFAAOBjgAwgYoCgYEA" - + "t4lOObIWDHVIg/pzYC4H+S7IejmP+msoQtMAuwUOKat78fGvfA5J63VN1B8X" - + "NTwu74QmqB9X1xX5wjXJ4fWtmzuV6Lsve1f9VHnrkjLCeC5fnHC+14BKBZmv" - + "nfsWTCznRu9MQzJg6PVN/cVm9lTPifg4Pf0ojiZ9H2LV4RUjFHcCBACLOk2j" - + "ggGhMIIBnTAdBgNVHREEFjAUgRJ6aWNjYXJkaUBpbnRlc2EuaXQwLwYIKwYB" - + "BQUHAQMEIzAhMAgGBgQAjkYBATALBgYEAI5GAQMCARQwCAYGBACORgEEMFkG" - + "A1UdIARSMFAwTgYGBACLMAEBMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9lLXRy" - + "dXN0Y29tLmludGVzYS5pdC9jYV9wdWJibGljYS9DUFNfSU5URVNBLmh0bTAO" - + "BgNVHQ8BAf8EBAMCBkAwgYMGA1UdIwR8MHqAFBkJA5bRuMVYG34Q5G7E9qAS" - + "CRCooVykWjBYMQswCQYDVQQGEwJJVDEaMBgGA1UEChMRSW4uVGUuUy5BLiBT" - + "LnAuQS4xLTArBgNVBAMTJEluLlRlLlMuQS4gLSBDZXJ0aWZpY2F0aW9uIEF1" - + "dGhvcml0eYIEPNEBEzA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vZS10cnVz" - + "dGNvbS5pbnRlc2EuaXQvQ1JML0lOVEVTQS5jcmwwHQYDVR0OBBYEFN/ki0vw" - + "qZCHnjUPG3tjFxYjXbnhMA0GCSqGSIb3DQEBBQUAA4IBAQCBb64vUJVZB6ls" - + "L/B8KZHo83ftK55vjGIpCPaZMPlRnkpCOmK/L8du5/Q2t8o2IMSEC+gdI8Lf" - + "V5saIq5MwU3Jk8d88RSfJgZLF5rbDzftpckWvq6081AYFGLz2Qf3SxkOVe05" - + "Ktkj4DMkmflArcX2CNxrJTY1ldAwmBHBiYXKfbDiO2jH4LBc9D0TleDGIxnh" - + "YMvTdxZVcMtfTQQ4nCcMMxQ1NEib1m/7hIpM2V8VuL1RMGpYHJKQPMB6Wx8H" - + "ZTrWipzaHXEqYK2QYyY32JlP5DNkL+9ppP6EsQEUYAfaDAWthzj+NMErIFh5" - + "TW+wDGyJsihOzUCmCXowfvmo8MsHMIIEzzCCA7egAwIBAgIEQ52A9zANBgkq" - + "hkiG9w0BAQUFADBYMQswCQYDVQQGEwJJVDEaMBgGA1UEChMRSW4uVGUuUy5B" - + "LiBTLnAuQS4xLTArBgNVBAMTJEluLlRlLlMuQS4gLSBDZXJ0aWZpY2F0aW9u" - + "IEF1dGhvcml0eTAeFw0wODA5MTIxMTQzMTJaFw0xMDA5MTIxMTQzMTJaMIHY" - + "MQswCQYDVQQGEwJJVDEiMCAGA1UECgwZSW50ZXNhIFMucC5BLi8wNTI2Mjg5" - + "MDAxNDEqMCgGA1UECwwhQnVzaW5lc3MgQ29sbGFib3JhdGlvbiAmIFNlY3Vy" - + "aXR5MR4wHAYDVQQDDBVNQVNTSU1JTElBTk8gWklDQ0FSREkxETAPBgNVBAQM" - + "CFpJQ0NBUkRJMRUwEwYDVQQqDAxNQVNTSU1JTElBTk8xHDAaBgNVBAUTE0lU" - + "OlpDQ01TTTc2SDE0TDIxOVkxETAPBgNVBC4TCDAwMDAyNTg1MIGgMA0GCSqG" - + "SIb3DQEBAQUAA4GOADCBigKBgQC3iU45shYMdUiD+nNgLgf5Lsh6OY/6ayhC" - + "0wC7BQ4pq3vx8a98DknrdU3UHxc1PC7vhCaoH1fXFfnCNcnh9a2bO5Xouy97" - + "V/1UeeuSMsJ4Ll+ccL7XgEoFma+d+xZMLOdG70xDMmDo9U39xWb2VM+J+Dg9" - + "/SiOJn0fYtXhFSMUdwIEAIs6TaOCAaEwggGdMB0GA1UdEQQWMBSBEnppY2Nh" - + "cmRpQGludGVzYS5pdDAvBggrBgEFBQcBAwQjMCEwCAYGBACORgEBMAsGBgQA" - + "jkYBAwIBFDAIBgYEAI5GAQQwWQYDVR0gBFIwUDBOBgYEAIswAQEwRDBCBggr" - + "BgEFBQcCARY2aHR0cDovL2UtdHJ1c3Rjb20uaW50ZXNhLml0L2NhX3B1YmJs" - + "aWNhL0NQU19JTlRFU0EuaHRtMA4GA1UdDwEB/wQEAwIGQDCBgwYDVR0jBHww" - + "eoAUGQkDltG4xVgbfhDkbsT2oBIJEKihXKRaMFgxCzAJBgNVBAYTAklUMRow" - + "GAYDVQQKExFJbi5UZS5TLkEuIFMucC5BLjEtMCsGA1UEAxMkSW4uVGUuUy5B" - + "LiAtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ80QETMDsGA1UdHwQ0MDIw" - + "MKAuoCyGKmh0dHA6Ly9lLXRydXN0Y29tLmludGVzYS5pdC9DUkwvSU5URVNB" - + "LmNybDAdBgNVHQ4EFgQU3+SLS/CpkIeeNQ8be2MXFiNdueEwDQYJKoZIhvcN" - + "AQEFBQADggEBAIFvri9QlVkHqWwv8Hwpkejzd+0rnm+MYikI9pkw+VGeSkI6" - + "Yr8vx27n9Da3yjYgxIQL6B0jwt9XmxoirkzBTcmTx3zxFJ8mBksXmtsPN+2l" - + "yRa+rrTzUBgUYvPZB/dLGQ5V7Tkq2SPgMySZ+UCtxfYI3GslNjWV0DCYEcGJ" - + "hcp9sOI7aMfgsFz0PROV4MYjGeFgy9N3FlVwy19NBDicJwwzFDU0SJvWb/uE" - + "ikzZXxW4vVEwalgckpA8wHpbHwdlOtaKnNodcSpgrZBjJjfYmU/kM2Qv72mk" - + "/oSxARRgB9oMBa2HOP40wSsgWHlNb7AMbImyKE7NQKYJejB++ajwywcxggM8" - + "MIIDOAIBATBgMFgxCzAJBgNVBAYTAklUMRowGAYDVQQKExFJbi5UZS5TLkEu" - + "IFMucC5BLjEtMCsGA1UEAxMkSW4uVGUuUy5BLiAtIENlcnRpZmljYXRpb24g" - + "QXV0aG9yaXR5AgRDnYD3MAkGBSsOAwIaBQAwDQYJKoZIhvcNAQEBBQAEgYB+" - + "lH2cwLqc91mP8prvgSV+RRzk13dJdZvdoVjgQoFrPhBiZCNIEoHvIhMMA/sM" - + "X6euSRZk7EjD24FasCEGYyd0mJVLEy6TSPmuW+wWz/28w3a6IWXBGrbb/ild" - + "/CJMkPgLPGgOVD1WDwiNKwfasiQSFtySf5DPn3jFevdLeMmEY6GCAjIwggEV" - + "BgkqhkiG9w0BCQYxggEGMIIBAgIBATBgMFgxCzAJBgNVBAYTAklUMRowGAYD" - + "VQQKExFJbi5UZS5TLkEuIFMucC5BLjEtMCsGA1UEAxMkSW4uVGUuUy5BLiAt" - + "IENlcnRpZmljYXRpb24gQXV0aG9yaXR5AgRDnYD3MAkGBSsOAwIaBQAwDQYJ" - + "KoZIhvcNAQEBBQAEgYBHlOULfT5GDigIvxP0qZOy8VbpntmzaPF55VV4buKV" - + "35J+uHp98gXKp0LrHM69V5IRKuyuQzHHFBqsXxsRI9o6KoOfgliD9Xc+BeMg" - + "dKzQhBhBYoFREq8hQM0nSbqDNHYAQyNHMzUA/ZQUO5dlFuH8Dw3iDYAhNtfd" - + "PrlchKJthDCCARUGCSqGSIb3DQEJBjGCAQYwggECAgEBMGAwWDELMAkGA1UE" - + "BhMCSVQxGjAYBgNVBAoTEUluLlRlLlMuQS4gUy5wLkEuMS0wKwYDVQQDEyRJ" - + "bi5UZS5TLkEuIC0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkCBEOdgPcwCQYF" - + "Kw4DAhoFADANBgkqhkiG9w0BAQEFAASBgEeU5Qt9PkYOKAi/E/Spk7LxVume" - + "2bNo8XnlVXhu4pXfkn64en3yBcqnQusczr1XkhEq7K5DMccUGqxfGxEj2joq" - + "g5+CWIP1dz4F4yB0rNCEGEFigVESryFAzSdJuoM0dgBDI0czNQD9lBQ7l2UW" - + "4fwPDeINgCE2190+uVyEom2E"); - - byte[] noSignedAttrSample2 = Base64.decode( - "MIIIlAYJKoZIhvcNAQcCoIIIhTCCCIECAQExCzAJBgUrDgMCGgUAMAsGCSqG" - + "SIb3DQEHAaCCB3UwggOtMIIDa6ADAgECAgEzMAsGByqGSM44BAMFADCBkDEL" - + "MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlQYWxvIEFsdG8x" - + "HTAbBgNVBAoTFFN1biBNaWNyb3N5c3RlbXMgSW5jMSMwIQYDVQQLExpKYXZh" - + "IFNvZnR3YXJlIENvZGUgU2lnbmluZzEcMBoGA1UEAxMTSkNFIENvZGUgU2ln" - + "bmluZyBDQTAeFw0wMTA1MjkxNjQ3MTFaFw0wNjA1MjgxNjQ3MTFaMG4xHTAb" - + "BgNVBAoTFFN1biBNaWNyb3N5c3RlbXMgSW5jMSMwIQYDVQQLExpKYXZhIFNv" - + "ZnR3YXJlIENvZGUgU2lnbmluZzEoMCYGA1UEAxMfVGhlIExlZ2lvbiBvZiB0" - + "aGUgQm91bmN5IENhc3RsZTCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OB" - + "HXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2" - + "y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUP" - + "BPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvM" - + "spK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9" - + "B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj" - + "rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtV" - + "JWQBTDv+z0kqA4GEAAKBgBWry/FCAZ6miyy39+ftsa+h9lxoL+JtV0MJcUyQ" - + "E4VAhpAwWb8vyjba9AwOylYQTktHX5sAkFvjBiU0LOYDbFSTVZSHMRJgfjxB" - + "SHtICjOEvr1BJrrOrdzqdxcOUge5n7El124BCrv91x5Ol8UTwtiO9LrRXF/d" - + "SyK+RT5n1klRo3YwdDARBglghkgBhvhCAQEEBAMCAIcwDgYDVR0PAQH/BAQD" - + "AgHGMB0GA1UdDgQWBBQwMY4NRcco1AO3w1YsokfDLVseEjAPBgNVHRMBAf8E" - + "BTADAQH/MB8GA1UdIwQYMBaAFGXi9IbJ007wkU5Yomr12HhamsGmMAsGByqG" - + "SM44BAMFAAMvADAsAhRmigTu6QV0sTfEkVljgij/hhdVfAIUQZvMxAnIHc30" - + "y/u0C1T5UEG9glUwggPAMIIDfqADAgECAgEQMAsGByqGSM44BAMFADCBkDEL" - + "MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlQYWxvIEFsdG8x" - + "HTAbBgNVBAoTFFN1biBNaWNyb3N5c3RlbXMgSW5jMSMwIQYDVQQLExpKYXZh" - + "IFNvZnR3YXJlIENvZGUgU2lnbmluZzEcMBoGA1UEAxMTSkNFIENvZGUgU2ln" - + "bmluZyBDQTAeFw0wMTA0MjUwNzAwMDBaFw0yMDA0MjUwNzAwMDBaMIGQMQsw" - + "CQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVBhbG8gQWx0bzEd" - + "MBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxIzAhBgNVBAsTGkphdmEg" - + "U29mdHdhcmUgQ29kZSBTaWduaW5nMRwwGgYDVQQDExNKQ0UgQ29kZSBTaWdu" - + "aW5nIENBMIIBtzCCASwGByqGSM44BAEwggEfAoGBAOuvNwQeylEeaV2w8o/2" - + "tUkfxqSZBdcpv3S3avUZ2B7kG/gKAZqY/3Cr4kpWhmxTs/zhyIGMMfDE87CL" - + "5nAG7PdpaNuDTHIpiSk2F1w7SgegIAIqRpdRHXDICBgLzgxum3b3BePn+9Nh" - + "eeFgmiSNBpWDPFEg4TDPOFeCphpyDc7TAhUAhCVF4bq5qWKreehbMLiJaxv/" - + "e3UCgYEAq8l0e3Tv7kK1alNNO92QBnJokQ8LpCl2LlU71a5NZVx+KjoEpmem" - + "0HGqpde34sFyDaTRqh6SVEwgAAmisAlBGTMAssNcrkL4sYvKfJbYEH83RFuq" - + "zHjI13J2N2tAmahVZvqoAx6LShECactMuCUGHKB30sms0j3pChD6dnC3+9wD" - + "gYQAAoGALQmYXKy4nMeZfu4gGSo0kPnXq6uu3WtylQ1m+O8nj0Sy7ShEx/6v" - + "sKYnbwBnRYJbB6hWVjvSKVFhXmk51y50dxLPGUr1LcjLcmHETm/6R0M/FLv6" - + "vBhmKMLZZot6LS/CYJJLFP5YPiF/aGK+bEhJ+aBLXoWdGRD5FUVRG3HU9wuj" - + "ZjBkMBEGCWCGSAGG+EIBAQQEAwIABzAPBgNVHRMBAf8EBTADAQH/MB8GA1Ud" - + "IwQYMBaAFGXi9IbJ007wkU5Yomr12HhamsGmMB0GA1UdDgQWBBRl4vSGydNO" - + "8JFOWKJq9dh4WprBpjALBgcqhkjOOAQDBQADLwAwLAIUKvfPPJdd+Xi2CNdB" - + "tNkNRUzktJwCFEXNdWkOIfod1rMpsun3Mx0z/fxJMYHoMIHlAgEBMIGWMIGQ" - + "MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVBhbG8gQWx0" - + "bzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxIzAhBgNVBAsTGkph" - + "dmEgU29mdHdhcmUgQ29kZSBTaWduaW5nMRwwGgYDVQQDExNKQ0UgQ29kZSBT" - + "aWduaW5nIENBAgEzMAkGBSsOAwIaBQAwCwYHKoZIzjgEAQUABC8wLQIVAIGV" - + "khm+kbV4a/+EP45PHcq0hIViAhR4M9os6IrJnoEDS3Y3l7O6zrSosA=="); - - private JcaX509CertSelectorConverter selectorConverter = new JcaX509CertSelectorConverter(); - - /* - * - * INFRASTRUCTURE - * - */ - - public SignedDataTest(String name) - { - super(name); - } - - public static void main(String args[]) - { - - junit.textui.TestRunner.run(SignedDataTest.class); - } - - public static Test suite() - throws Exception - { - init(); - - return new CMSTestSetup(new TestSuite(SignedDataTest.class)); - } - - private static void init() - throws Exception - { - if (!_initialised) - { - _initialised = true; - - _origDN = "O=Bouncy Castle, C=AU"; - _origKP = CMSTestUtil.makeKeyPair(); - _origCert = CMSTestUtil.makeCertificate(_origKP, _origDN, _origKP, _origDN); - - _signDN = "CN=Bob, OU=Sales, O=Bouncy Castle, C=AU"; - _signKP = CMSTestUtil.makeKeyPair(); - _signCert = CMSTestUtil.makeCertificate(_signKP, _signDN, _origKP, _origDN); - - _signGostKP = CMSTestUtil.makeGostKeyPair(); - _signGostCert = CMSTestUtil.makeCertificate(_signGostKP, _signDN, _origKP, _origDN); - - _signDsaKP = CMSTestUtil.makeDsaKeyPair(); - _signDsaCert = CMSTestUtil.makeCertificate(_signDsaKP, _signDN, _origKP, _origDN); - - _signEcDsaKP = CMSTestUtil.makeEcDsaKeyPair(); - _signEcDsaCert = CMSTestUtil.makeCertificate(_signEcDsaKP, _signDN, _origKP, _origDN); - - _signEcGostKP = CMSTestUtil.makeEcGostKeyPair(); - _signEcGostCert = CMSTestUtil.makeCertificate(_signEcGostKP, _signDN, _origKP, _origDN); - - _reciDN = "CN=Doug, OU=Sales, O=Bouncy Castle, C=AU"; - _reciKP = CMSTestUtil.makeKeyPair(); - _reciCert = CMSTestUtil.makeCertificate(_reciKP, _reciDN, _signKP, _signDN); - - _signCrl = CMSTestUtil.makeCrl(_signKP); - } - } - - private void verifySignatures(CMSSignedData s, byte[] contentDigest) - throws Exception - { - CertStore certStore = s.getCertificatesAndCRLs("Collection", BC); - SignerInformationStore signers = s.getSignerInfos(); - - Collection c = signers.getSigners(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certStore.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertEquals(true, signer.verify(cert, BC)); - - if (contentDigest != null) - { - assertTrue(MessageDigest.isEqual(contentDigest, signer.getContentDigest())); - } - } - - Collection certColl = certStore.getCertificates(null); - Collection crlColl = certStore.getCRLs(null); - - assertEquals(certColl.size(), s.getCertificates("Collection", BC).getMatches(null).size()); - assertEquals(crlColl.size(), s.getCRLs("Collection", BC).getMatches(null).size()); - } - - private void verifySignatures(CMSSignedData s) - throws Exception - { - verifySignatures(s, null); - } - - public void testDetachedVerification() - throws Exception - { - byte[] data = "Hello World!".getBytes(); - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray(data); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_MD5); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData s = gen.generate(msg, BC); - - MessageDigest sha1 = MessageDigest.getInstance("SHA1", BC); - MessageDigest md5 = MessageDigest.getInstance("MD5", BC); - Map hashes = new HashMap(); - byte[] sha1Hash = sha1.digest(data); - byte[] md5Hash = md5.digest(data); - - hashes.put(CMSSignedDataGenerator.DIGEST_SHA1, sha1Hash); - hashes.put(CMSSignedDataGenerator.DIGEST_MD5, md5Hash); - - s = new CMSSignedData(hashes, s.getEncoded()); - - verifySignatures(s, null); - } - - public void testSHA1AndMD5WithRSAEncapsulatedRepeated() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes()); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_MD5); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData s = gen.generate(msg, true, BC); - - ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded()); - ASN1InputStream aIn = new ASN1InputStream(bIn); - - s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject())); - - certs = s.getCertificatesAndCRLs("Collection", BC); - - SignerInformationStore signers = s.getSignerInfos(); - - assertEquals(2, signers.size()); - - Collection c = signers.getSigners(); - Iterator it = c.iterator(); - SignerId sid = null; - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certs.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - sid = signer.getSID(); - - assertEquals(true, signer.verify(cert, BC)); - - // - // check content digest - // - - byte[] contentDigest = (byte[])gen.getGeneratedDigests().get(signer.getDigestAlgOID()); - - AttributeTable table = signer.getSignedAttributes(); - Attribute hash = table.get(CMSAttributes.messageDigest); - - assertTrue(MessageDigest.isEqual(contentDigest, ((ASN1OctetString)hash.getAttrValues().getObjectAt(0)).getOctets())); - } - - c = signers.getSigners(sid); - - assertEquals(2, c.size()); - - - // - // try using existing signer - // - - gen = new CMSSignedDataGenerator(); - - gen.addSigners(s.getSignerInfos()); - - gen.addCertificatesAndCRLs(s.getCertificatesAndCRLs("Collection", BC)); - - s = gen.generate(msg, true, BC); - - bIn = new ByteArrayInputStream(s.getEncoded()); - aIn = new ASN1InputStream(bIn); - - s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject())); - - certs = s.getCertificatesAndCRLs("Collection", BC); - - signers = s.getSignerInfos(); - c = signers.getSigners(); - it = c.iterator(); - - assertEquals(2, c.size()); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certs.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertEquals(true, signer.verify(cert, BC)); - } - - checkSignerStoreReplacement(s, signers); - } - - public void testSHA1WithRSANoAttributes() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello world!".getBytes()); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData s = gen.generate(CMSSignedDataGenerator.DATA, msg, false, BC, false); - - // - // compute expected content digest - // - MessageDigest md = MessageDigest.getInstance("SHA1", BC); - - verifySignatures(s, md.digest("Hello world!".getBytes())); - } - - public void testSHA1WithRSAViaConfig() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello world!".getBytes()); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - // set some bogus mappings. - CMSConfig.setSigningEncryptionAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption.getId(), "XXXX"); - CMSConfig.setSigningDigestAlgorithmMapping(OIWObjectIdentifiers.idSHA1.getId(), "YYYY"); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData s; - - try - { - // try the bogus mappings - s = gen.generate(CMSSignedDataGenerator.DATA, msg, false, BC, false); - } - catch (NoSuchAlgorithmException e) - { - if (!e.getMessage().startsWith("Unknown signature type requested: YYYYWITHXXXX")) - { - throw e; - } - } - finally - { - // reset to the real ones - CMSConfig.setSigningEncryptionAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption.getId(), "RSA"); - CMSConfig.setSigningDigestAlgorithmMapping(OIWObjectIdentifiers.idSHA1.getId(), "SHA1"); - } - - s = gen.generate(CMSSignedDataGenerator.DATA, msg, false, BC, false); - - // - // compute expected content digest - // - MessageDigest md = MessageDigest.getInstance("SHA1", BC); - - verifySignatures(s, md.digest("Hello world!".getBytes())); - } - - public void testSHA1WithRSAAndAttributeTable() - throws Exception - { - MessageDigest md = MessageDigest.getInstance("SHA1", BC); - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello world!".getBytes()); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - Attribute attr = new Attribute(CMSAttributes.messageDigest, - new DERSet( - new DEROctetString( - md.digest("Hello world!".getBytes())))); - - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(attr); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1, new AttributeTable(v), null); - - gen.addCertificatesAndCRLs(certs); - - - CMSSignedData s = gen.generate(CMSSignedDataGenerator.DATA, null, false, BC); - - // - // the signature is detached, so need to add msg before passing on - // - s = new CMSSignedData(msg, s.getEncoded()); - // - // compute expected content digest - // - - verifySignatures(s, md.digest("Hello world!".getBytes())); - } - - public void testSHA1WithRSAEncapsulated() - throws Exception - { - encapsulatedTest(_signKP, _signCert, CMSSignedDataGenerator.DIGEST_SHA1); - } - - public void testSHA1WithRSAEncapsulatedSubjectKeyID() - throws Exception - { - subjectKeyIDTest(_signKP, _signCert, CMSSignedDataGenerator.DIGEST_SHA1); - } - - public void testSHA1WithRSAPSS() - throws Exception - { - rsaPSSTest("SHA1", CMSSignedDataGenerator.DIGEST_SHA1); - } - - public void testSHA224WithRSAPSS() - throws Exception - { - rsaPSSTest("SHA224", CMSSignedDataGenerator.DIGEST_SHA224); - } - - public void testSHA256WithRSAPSS() - throws Exception - { - rsaPSSTest("SHA256", CMSSignedDataGenerator.DIGEST_SHA256); - } - - public void testSHA384WithRSAPSS() - throws Exception - { - rsaPSSTest("SHA384", CMSSignedDataGenerator.DIGEST_SHA384); - } - - public void testSHA224WithRSAEncapsulated() - throws Exception - { - encapsulatedTest(_signKP, _signCert, CMSSignedDataGenerator.DIGEST_SHA224); - } - - public void testSHA256WithRSAEncapsulated() - throws Exception - { - encapsulatedTest(_signKP, _signCert, CMSSignedDataGenerator.DIGEST_SHA256); - } - - public void testRIPEMD128WithRSAEncapsulated() - throws Exception - { - encapsulatedTest(_signKP, _signCert, CMSSignedDataGenerator.DIGEST_RIPEMD128); - } - - public void testRIPEMD160WithRSAEncapsulated() - throws Exception - { - encapsulatedTest(_signKP, _signCert, CMSSignedDataGenerator.DIGEST_RIPEMD160); - } - - public void testRIPEMD256WithRSAEncapsulated() - throws Exception - { - encapsulatedTest(_signKP, _signCert, CMSSignedDataGenerator.DIGEST_RIPEMD256); - } - - public void testECDSAEncapsulated() - throws Exception - { - encapsulatedTest(_signEcDsaKP, _signEcDsaCert, CMSSignedDataGenerator.DIGEST_SHA1); - } - - public void testECDSAEncapsulatedSubjectKeyID() - throws Exception - { - subjectKeyIDTest(_signEcDsaKP, _signEcDsaCert, CMSSignedDataGenerator.DIGEST_SHA1); - } - - public void testECDSASHA224Encapsulated() - throws Exception - { - encapsulatedTest(_signEcDsaKP, _signEcDsaCert, CMSSignedDataGenerator.DIGEST_SHA224); - } - - public void testECDSASHA256Encapsulated() - throws Exception - { - encapsulatedTest(_signEcDsaKP, _signEcDsaCert, CMSSignedDataGenerator.DIGEST_SHA256); - } - - public void testECDSASHA384Encapsulated() - throws Exception - { - encapsulatedTest(_signEcDsaKP, _signEcDsaCert, CMSSignedDataGenerator.DIGEST_SHA384); - } - - public void testECDSASHA512Encapsulated() - throws Exception - { - encapsulatedTest(_signEcDsaKP, _signEcDsaCert, CMSSignedDataGenerator.DIGEST_SHA512); - } - - public void testECDSASHA512EncapsulatedWithKeyFactoryAsEC() - throws Exception - { - X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(_signEcDsaKP.getPublic().getEncoded()); - PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(_signEcDsaKP.getPrivate().getEncoded()); - KeyFactory keyFact = KeyFactory.getInstance("EC", BC); - KeyPair kp = new KeyPair(keyFact.generatePublic(pubSpec), keyFact.generatePrivate(privSpec)); - - encapsulatedTest(kp, _signEcDsaCert, CMSSignedDataGenerator.DIGEST_SHA512); - } - - public void testDSAEncapsulated() - throws Exception - { - encapsulatedTest(_signDsaKP, _signDsaCert, CMSSignedDataGenerator.DIGEST_SHA1); - } - - public void testDSAEncapsulatedSubjectKeyID() - throws Exception - { - subjectKeyIDTest(_signDsaKP, _signDsaCert, CMSSignedDataGenerator.DIGEST_SHA1); - } - - public void testGOST3411WithGOST3410Encapsulated() - throws Exception - { - encapsulatedTest(_signGostKP, _signGostCert, CMSSignedDataGenerator.DIGEST_GOST3411); - } - - public void testGOST3411WithECGOST3410Encapsulated() - throws Exception - { - encapsulatedTest(_signEcGostKP, _signEcGostCert, CMSSignedDataGenerator.DIGEST_GOST3411); - } - - public void testSHA1WithRSACounterSignature() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes()); - - certList.add(_signCert); - certList.add(_origCert); - - certList.add(_signCrl); - - CertStore certsAndCrls = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_signKP.getPrivate(), _signCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certsAndCrls); - - CMSSignedData s = gen.generate(msg, true, BC); - SignerInformation origSigner = (SignerInformation)s.getSignerInfos().getSigners().toArray()[0]; - SignerInformationStore counterSigners1 = gen.generateCounterSigners(origSigner, BC); - SignerInformationStore counterSigners2 = gen.generateCounterSigners(origSigner, BC); - - SignerInformation signer1 = SignerInformation.addCounterSigners(origSigner, counterSigners1); - SignerInformation signer2 = SignerInformation.addCounterSigners(signer1, counterSigners2); - - SignerInformationStore cs = signer2.getCounterSignatures(); - Collection csSigners = cs.getSigners(); - assertEquals(2, csSigners.size()); - - Iterator it = csSigners.iterator(); - while (it.hasNext()) - { - SignerInformation cSigner = (SignerInformation)it.next(); - Collection certCollection = certsAndCrls.getCertificates(selectorConverter.getCertSelector(cSigner.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertNull(cSigner.getSignedAttributes().get(PKCSObjectIdentifiers.pkcs_9_at_contentType)); - assertEquals(true, cSigner.verify(cert, BC)); - } - } - - private void rsaPSSTest(String digestName, String digestOID) - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello world!".getBytes()); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.ENCRYPTION_RSA_PSS, digestOID); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData s = gen.generate(CMSSignedDataGenerator.DATA, msg, false, BC, false); - - // - // compute expected content digest - // - MessageDigest md = MessageDigest.getInstance(digestName, BC); - - verifySignatures(s, md.digest("Hello world!".getBytes())); - } - - private void subjectKeyIDTest( - KeyPair signaturePair, - X509Certificate signatureCert, - String digestAlgorithm) - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes()); - - certList.add(signatureCert); - certList.add(_origCert); - - certList.add(_signCrl); - - CertStore certsAndCrls = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(signaturePair.getPrivate(), CMSTestUtil.createSubjectKeyId(signatureCert.getPublicKey()).getKeyIdentifier(), digestAlgorithm); - - gen.addCertificatesAndCRLs(certsAndCrls); - - CMSSignedData s = gen.generate(msg, true, BC); - - assertEquals(3, s.getVersion()); - - ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded()); - ASN1InputStream aIn = new ASN1InputStream(bIn); - - s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject())); - - certsAndCrls = s.getCertificatesAndCRLs("Collection", BC); - - SignerInformationStore signers = s.getSignerInfos(); - Collection c = signers.getSigners(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certsAndCrls.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertEquals(true, signer.verify(cert, BC)); - } - - // - // check for CRLs - // - Collection crls = certsAndCrls.getCRLs(null); - - assertEquals(1, crls.size()); - - assertTrue(crls.contains(_signCrl)); - - // - // try using existing signer - // - - gen = new CMSSignedDataGenerator(); - - gen.addSigners(s.getSignerInfos()); - - gen.addCertificatesAndCRLs(s.getCertificatesAndCRLs("Collection", BC)); - - s = gen.generate(msg, true, BC); - - bIn = new ByteArrayInputStream(s.getEncoded()); - aIn = new ASN1InputStream(bIn); - - s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject())); - - certsAndCrls = s.getCertificatesAndCRLs("Collection", BC); - - signers = s.getSignerInfos(); - c = signers.getSigners(); - it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certsAndCrls.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertEquals(true, signer.verify(cert, BC)); - } - - checkSignerStoreReplacement(s, signers); - } - - private void encapsulatedTest( - KeyPair signaturePair, - X509Certificate signatureCert, - String digestAlgorithm) - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes()); - - certList.add(signatureCert); - certList.add(_origCert); - - certList.add(_signCrl); - - CertStore certsAndCrls = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(signaturePair.getPrivate(), signatureCert, digestAlgorithm); - - gen.addCertificatesAndCRLs(certsAndCrls); - - CMSSignedData s = gen.generate(msg, true, BC); - - ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded()); - ASN1InputStream aIn = new ASN1InputStream(bIn); - - s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject())); - - certsAndCrls = s.getCertificatesAndCRLs("Collection", BC); - - SignerInformationStore signers = s.getSignerInfos(); - Collection c = signers.getSigners(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certsAndCrls.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertEquals(true, signer.verify(cert, BC)); - } - - // - // check for CRLs - // - Collection crls = certsAndCrls.getCRLs(null); - - assertEquals(1, crls.size()); - - assertTrue(crls.contains(_signCrl)); - - // - // try using existing signer - // - - gen = new CMSSignedDataGenerator(); - - gen.addSigners(s.getSignerInfos()); - - gen.addCertificatesAndCRLs(s.getCertificatesAndCRLs("Collection", BC)); - - s = gen.generate(msg, true, BC); - - bIn = new ByteArrayInputStream(s.getEncoded()); - aIn = new ASN1InputStream(bIn); - - s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject())); - - certsAndCrls = s.getCertificatesAndCRLs("Collection", BC); - - signers = s.getSignerInfos(); - c = signers.getSigners(); - it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certsAndCrls.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertEquals(true, signer.verify(cert, BC)); - } - - checkSignerStoreReplacement(s, signers); - } - - // - // signerInformation store replacement test. - // - private void checkSignerStoreReplacement( - CMSSignedData orig, - SignerInformationStore signers) - throws Exception - { - CMSSignedData s = CMSSignedData.replaceSigners(orig, signers); - - CertStore certs = s.getCertificatesAndCRLs("Collection", BC); - - signers = s.getSignerInfos(); - Collection c = signers.getSigners(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certs.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertEquals(true, signer.verify(cert, BC)); - } - } - - public void testUnsortedAttributes() - throws Exception - { - CMSSignedData s = new CMSSignedData(new CMSProcessableByteArray(disorderedMessage), disorderedSet); - - CertStore certs = s.getCertificatesAndCRLs("Collection", BC); - - SignerInformationStore signers = s.getSignerInfos(); - Collection c = signers.getSigners(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certs.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertEquals(true, signer.verify(cert, BC)); - } - } - - public void testNullContentWithSigner() - throws Exception - { - List certList = new ArrayList(); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData s = gen.generate(null, false, BC); - - ByteArrayInputStream bIn = new ByteArrayInputStream(s.getEncoded()); - ASN1InputStream aIn = new ASN1InputStream(bIn); - - s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject())); - - verifySignatures(s); - } - - public void testWithAttributeCertificate() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes()); - - - certList.add(_signDsaCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certs); - - X509AttributeCertificate attrCert = CMSTestUtil.getAttributeCertificate(); - - X509Store store = X509Store.getInstance("AttributeCertificate/Collection", - new X509CollectionStoreParameters(Collections.singleton(attrCert)), BC); - - gen.addAttributeCertificates(store); - - CMSSignedData sd = gen.generate(msg, BC); - - assertEquals(4, sd.getVersion()); - - store = sd.getAttributeCertificates("Collection", BC); - - Collection coll = store.getMatches(null); - - assertEquals(1, coll.size()); - - assertTrue(coll.contains(attrCert)); - - // - // create new certstore - // - certList = new ArrayList(); - certList.add(_origCert); - certList.add(_signCert); - - certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - - // - // replace certs - // - sd = CMSSignedData.replaceCertificatesAndCRLs(sd, certs); - - verifySignatures(sd); - } - - public void testCertStoreReplacement() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes()); - - - certList.add(_signDsaCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData sd = gen.generate(msg, BC); - - // - // create new certstore - // - certList = new ArrayList(); - certList.add(_origCert); - certList.add(_signCert); - - certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - // - // replace certs - // - sd = CMSSignedData.replaceCertificatesAndCRLs(sd, certs); - - verifySignatures(sd); - } - - public void testEncapsulatedCertStoreReplacement() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes()); - - - certList.add(_signDsaCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData sd = gen.generate(msg, true, BC); - - // - // create new certstore - // - certList = new ArrayList(); - certList.add(_origCert); - certList.add(_signCert); - - certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - // - // replace certs - // - sd = CMSSignedData.replaceCertificatesAndCRLs(sd, certs); - - verifySignatures(sd); - } - - public void testCertOrdering1() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes()); - - certList.add(_origCert); - certList.add(_signCert); - certList.add(_signDsaCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData sd = gen.generate(msg, true, BC); - - certs = sd.getCertificatesAndCRLs("Collection", BC); - Iterator it = certs.getCertificates(null).iterator(); - - assertEquals(_origCert, it.next()); - assertEquals(_signCert, it.next()); - assertEquals(_signDsaCert, it.next()); - } - - public void testCertOrdering2() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes()); - - certList.add(_signCert); - certList.add(_signDsaCert); - certList.add(_origCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData sd = gen.generate(msg, true, BC); - - certs = sd.getCertificatesAndCRLs("Collection", BC); - Iterator it = certs.getCertificates(null).iterator(); - - assertEquals(_signCert, it.next()); - assertEquals(_signDsaCert, it.next()); - assertEquals(_origCert, it.next()); - } - - public void testSignerStoreReplacement() - throws Exception - { - List certList = new ArrayList(); - CMSProcessable msg = new CMSProcessableByteArray("Hello World!".getBytes()); - - certList.add(_origCert); - certList.add(_signCert); - - CertStore certs = CertStore.getInstance("Collection", - new CollectionCertStoreParameters(certList), BC); - - CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA1); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData original = gen.generate(msg, true, BC); - - // - // create new Signer - // - gen = new CMSSignedDataGenerator(); - - gen.addSigner(_origKP.getPrivate(), _origCert, CMSSignedDataGenerator.DIGEST_SHA224); - - gen.addCertificatesAndCRLs(certs); - - CMSSignedData newSD = gen.generate(msg, true, BC); - - // - // replace signer - // - CMSSignedData sd = CMSSignedData.replaceSigners(original, newSD.getSignerInfos()); - - SignerInformation signer = (SignerInformation)sd.getSignerInfos().getSigners().iterator().next(); - - assertEquals(CMSSignedDataGenerator.DIGEST_SHA224, signer.getDigestAlgOID()); - - // we use a parser here as it requires the digests to be correct in the digest set, if it - // isn't we'll get a NullPointerException - CMSSignedDataParser sp = new CMSSignedDataParser(sd.getEncoded()); - - sp.getSignedContent().drain(); - - verifySignatures(sp); - } - - public void testEncapsulatedSamples() - throws Exception - { - testSample("PSSSignDataSHA1Enc.sig"); - testSample("PSSSignDataSHA256Enc.sig"); - testSample("PSSSignDataSHA512Enc.sig"); - } - - public void testSamples() - throws Exception - { - testSample("PSSSignData.data", "PSSSignDataSHA1.sig"); - testSample("PSSSignData.data", "PSSSignDataSHA256.sig"); - testSample("PSSSignData.data", "PSSSignDataSHA512.sig"); - } - - public void testCounterSig() - throws Exception - { - CMSSignedData sig = new CMSSignedData(getInput("counterSig.p7m")); - - SignerInformationStore ss = sig.getSignerInfos(); - Collection signers = ss.getSigners(); - - SignerInformationStore cs = ((SignerInformation)signers.iterator().next()).getCounterSignatures(); - Collection csSigners = cs.getSigners(); - assertEquals(1, csSigners.size()); - - Iterator it = csSigners.iterator(); - while (it.hasNext()) - { - SignerInformation cSigner = (SignerInformation)it.next(); - Collection certCollection = sig.getCertificatesAndCRLs("Collection", BC).getCertificates(selectorConverter.getCertSelector(cSigner.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertNull(cSigner.getSignedAttributes().get(PKCSObjectIdentifiers.pkcs_9_at_contentType)); - assertEquals(true, cSigner.verify(cert, BC)); - } - - verifySignatures(sig); - } - - private void testSample(String sigName) - throws Exception - { - CMSSignedData sig = new CMSSignedData(getInput(sigName)); - - verifySignatures(sig); - } - - private void testSample(String messageName, String sigName) - throws Exception - { - CMSSignedData sig = new CMSSignedData(new CMSProcessableByteArray(getInput(messageName)), getInput(sigName)); - - verifySignatures(sig); - } - - private byte[] getInput(String name) - throws IOException - { - return Streams.readAll(getClass().getResourceAsStream(name)); - } - - public void testForMultipleCounterSignatures() - throws Exception - { - CMSSignedData sd = new CMSSignedData(xtraCounterSig); - - for (Iterator sI = sd.getSignerInfos().getSigners().iterator(); sI.hasNext();) - { - SignerInformation sigI = (SignerInformation)sI.next(); - - SignerInformationStore counter = sigI.getCounterSignatures(); - List sigs = new ArrayList(counter.getSigners()); - - assertEquals(2, sigs.size()); - } - } - - private void verifySignatures(CMSSignedDataParser sp) - throws Exception - { - CertStore certs = sp.getCertificatesAndCRLs("Collection", BC); - SignerInformationStore signers = sp.getSignerInfos(); - - Collection c = signers.getSigners(); - Iterator it = c.iterator(); - - while (it.hasNext()) - { - SignerInformation signer = (SignerInformation)it.next(); - Collection certCollection = certs.getCertificates(selectorConverter.getCertSelector(signer.getSID())); - - Iterator certIt = certCollection.iterator(); - X509Certificate cert = (X509Certificate)certIt.next(); - - assertEquals(true, signer.verify(cert, BC)); - } - } -} diff --git a/pkix/src/test/jdk1.3/org/bouncycastle/openssl/test/ReaderTest.java b/pkix/src/test/jdk1.3/org/bouncycastle/openssl/test/ReaderTest.java deleted file mode 100644 index 54f9d046..00000000 --- a/pkix/src/test/jdk1.3/org/bouncycastle/openssl/test/ReaderTest.java +++ /dev/null @@ -1,323 +0,0 @@ -package org.bouncycastle.openssl.test; - -import java.io.BufferedReader; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.io.OutputStreamWriter; -import java.io.Reader; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.Security; -import java.security.Signature; -import java.security.interfaces.DSAPrivateKey; -import java.security.interfaces.RSAPrivateKey; - -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; -import org.bouncycastle.openssl.PEMWriter; -import org.bouncycastle.openssl.PasswordFinder; -import org.bouncycastle.util.test.SimpleTest; - -/** - * basic class for reading test.pem - the password is "secret" - */ -public class ReaderTest - extends SimpleTest -{ - private static class Password - implements PasswordFinder - { - char[] password; - - Password( - char[] word) - { - this.password = word; - } - - public char[] getPassword() - { - return password; - } - } - - public String getName() - { - return "PEMReaderTest"; - } - - private PEMReader openPEMResource( - String fileName, - PasswordFinder pGet) - { - InputStream res = this.getClass().getResourceAsStream(fileName); - Reader fRd = new BufferedReader(new InputStreamReader(res)); - return new PEMReader(fRd, pGet); - } - - public void performTest() - throws Exception - { - PasswordFinder pGet = new Password("secret".toCharArray()); - PEMReader pemRd = openPEMResource("test.pem", pGet); - Object o; - KeyPair pair; - - while ((o = pemRd.readObject()) != null) - { - if (o instanceof KeyPair) - { - //pair = (KeyPair)o; - - //System.out.println(pair.getPublic()); - //System.out.println(pair.getPrivate()); - } - else - { - //System.out.println(o.toString()); - } - } - - // - // pkcs 7 data - // - pemRd = openPEMResource("pkcs7.pem", null); - ContentInfo d = (ContentInfo)pemRd.readObject(); - - if (!d.getContentType().equals(CMSObjectIdentifiers.envelopedData)) - { - fail("failed envelopedData check"); - } - - // - // ECKey - // - pemRd = openPEMResource("eckey.pem", null); - ECNamedCurveParameterSpec spec = (ECNamedCurveParameterSpec)pemRd.readObject(); - - pair = (KeyPair)pemRd.readObject(); - Signature sgr = Signature.getInstance("ECDSA", "BC"); - - sgr.initSign(pair.getPrivate()); - - byte[] message = new byte[] { (byte)'a', (byte)'b', (byte)'c' }; - - sgr.update(message); - - byte[] sigBytes = sgr.sign(); - - sgr.initVerify(pair.getPublic()); - - sgr.update(message); - - if (!sgr.verify(sigBytes)) - { - fail("EC verification failed"); - } - - if (!pair.getPublic().getAlgorithm().equals("ECDSA")) - { - fail("wrong algorithm name on public got: " + pair.getPublic().getAlgorithm()); - } - - if (!pair.getPrivate().getAlgorithm().equals("ECDSA")) - { - fail("wrong algorithm name on private"); - } - - // - // writer/parser test - // - KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC"); - - pair = kpGen.generateKeyPair(); - - keyPairTest("RSA", pair); - - kpGen = KeyPairGenerator.getInstance("DSA", "BC"); - kpGen.initialize(512, new SecureRandom()); - pair = kpGen.generateKeyPair(); - - keyPairTest("DSA", pair); - - // - // PKCS7 - // - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - PEMWriter pWrt = new PEMWriter(new OutputStreamWriter(bOut)); - - pWrt.writeObject(d); - - pWrt.close(); - - pemRd = new PEMReader(new InputStreamReader(new ByteArrayInputStream(bOut.toByteArray()))); - d = (ContentInfo)pemRd.readObject(); - - if (!d.getContentType().equals(CMSObjectIdentifiers.envelopedData)) - { - fail("failed envelopedData recode check"); - } - - - // OpenSSL test cases (as embedded resources) - doOpenSslDsaTest("unencrypted"); - doOpenSslRsaTest("unencrypted"); - - doOpenSslTests("aes128"); - doOpenSslTests("aes192"); - doOpenSslTests("aes256"); - doOpenSslTests("blowfish"); - doOpenSslTests("des1"); - doOpenSslTests("des2"); - doOpenSslTests("des3"); - doOpenSslTests("rc2_128"); - - doOpenSslDsaTest("rc2_40_cbc"); - doOpenSslRsaTest("rc2_40_cbc"); - doOpenSslDsaTest("rc2_64_cbc"); - doOpenSslRsaTest("rc2_64_cbc"); - - // heap space check - a failure by the ASN.1 library to detect an - // out of band stream will cause this to run out of memory. - try - { - pGet = new Password("7fd98".toCharArray()); - - pemRd = openPEMResource("test.pem", pGet); - - while ((o = pemRd.readObject()) != null) - { - } - fail("bounds issue not detected"); - } - catch (IOException e) - { - } - } - - private void keyPairTest( - String name, - KeyPair pair) - throws IOException - { - PEMReader pemRd; - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - PEMWriter pWrt = new PEMWriter(new OutputStreamWriter(bOut)); - - pWrt.writeObject(pair.getPublic()); - - pWrt.close(); - - pemRd = new PEMReader(new InputStreamReader(new ByteArrayInputStream(bOut.toByteArray()))); - - PublicKey k = (PublicKey)pemRd.readObject(); - if (!k.equals(pair.getPublic())) - { - fail("Failed public key read: " + name); - } - - bOut = new ByteArrayOutputStream(); - pWrt = new PEMWriter(new OutputStreamWriter(bOut)); - - pWrt.writeObject(pair.getPrivate()); - - pWrt.close(); - - pemRd = new PEMReader(new InputStreamReader(new ByteArrayInputStream(bOut.toByteArray()))); - - KeyPair kPair = (KeyPair)pemRd.readObject(); - if (!kPair.getPrivate().equals(pair.getPrivate())) - { - fail("Failed private key read: " + name); - } - - if (!kPair.getPublic().equals(pair.getPublic())) - { - fail("Failed private key public read: " + name); - } - } - - private void doOpenSslTests( - String baseName) - throws IOException - { - doOpenSslDsaModesTest(baseName); - doOpenSslRsaModesTest(baseName); - } - - private void doOpenSslDsaModesTest( - String baseName) - throws IOException - { - doOpenSslDsaTest(baseName + "_cbc"); - doOpenSslDsaTest(baseName + "_cfb"); - doOpenSslDsaTest(baseName + "_ecb"); - doOpenSslDsaTest(baseName + "_ofb"); - } - - private void doOpenSslRsaModesTest( - String baseName) - throws IOException - { - doOpenSslRsaTest(baseName + "_cbc"); - doOpenSslRsaTest(baseName + "_cfb"); - doOpenSslRsaTest(baseName + "_ecb"); - doOpenSslRsaTest(baseName + "_ofb"); - } - - private void doOpenSslDsaTest( - String name) - throws IOException - { - String fileName = "dsa/openssl_dsa_" + name + ".pem"; - - doOpenSslTestFile(fileName, DSAPrivateKey.class); - } - - private void doOpenSslRsaTest( - String name) - throws IOException - { - String fileName = "rsa/openssl_rsa_" + name + ".pem"; - - doOpenSslTestFile(fileName, RSAPrivateKey.class); - } - - private void doOpenSslTestFile( - String fileName, - Class expectedPrivKeyClass) - throws IOException - { - PEMReader pr = openPEMResource("data/" + fileName, new Password("changeit".toCharArray())); - Object o = pr.readObject(); - - if (o == null || !(o instanceof KeyPair)) - { - fail("Didn't find OpenSSL key"); - } - - KeyPair kp = (KeyPair) o; - PrivateKey privKey = kp.getPrivate(); - - if (!expectedPrivKeyClass.isInstance(privKey)) - { - fail("Returned key not of correct type"); - } - } - - public static void main( - String[] args) - { - Security.addProvider(new BouncyCastleProvider()); - - runTest(new ReaderTest()); - } -} -- cgit v1.2.3