summaryrefslogtreecommitdiffstats
path: root/bcpkix/src/main/java/org/bouncycastle/cert/crmf/test/AllTests.java
diff options
context:
space:
mode:
Diffstat (limited to 'bcpkix/src/main/java/org/bouncycastle/cert/crmf/test/AllTests.java')
-rw-r--r--bcpkix/src/main/java/org/bouncycastle/cert/crmf/test/AllTests.java384
1 files changed, 0 insertions, 384 deletions
diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/test/AllTests.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/test/AllTests.java
deleted file mode 100644
index 712210e..0000000
--- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/test/AllTests.java
+++ /dev/null
@@ -1,384 +0,0 @@
-package org.bouncycastle.cert.crmf.test;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.Security;
-import java.security.cert.X509Certificate;
-import java.security.interfaces.RSAPublicKey;
-import java.util.Date;
-
-import javax.security.auth.x500.X500Principal;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.crmf.CRMFObjectIdentifiers;
-import org.bouncycastle.asn1.crmf.EncKeyWithID;
-import org.bouncycastle.asn1.crmf.EncryptedValue;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.X509v1CertificateBuilder;
-import org.bouncycastle.cert.crmf.EncryptedValueBuilder;
-import org.bouncycastle.cert.crmf.EncryptedValuePadder;
-import org.bouncycastle.cert.crmf.EncryptedValueParser;
-import org.bouncycastle.cert.crmf.PKIArchiveControl;
-import org.bouncycastle.cert.crmf.PKMACBuilder;
-import org.bouncycastle.cert.crmf.ValueDecryptorGenerator;
-import org.bouncycastle.cert.crmf.bc.BcFixedLengthMGF1Padder;
-import org.bouncycastle.cert.crmf.jcajce.JcaCertificateRequestMessage;
-import org.bouncycastle.cert.crmf.jcajce.JcaCertificateRequestMessageBuilder;
-import org.bouncycastle.cert.crmf.jcajce.JcaEncryptedValueBuilder;
-import org.bouncycastle.cert.crmf.jcajce.JcaPKIArchiveControlBuilder;
-import org.bouncycastle.cert.crmf.jcajce.JceAsymmetricValueDecryptorGenerator;
-import org.bouncycastle.cert.crmf.jcajce.JceCRMFEncryptorBuilder;
-import org.bouncycastle.cert.crmf.jcajce.JcePKMACValuesCalculator;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
-import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder;
-import org.bouncycastle.cms.CMSAlgorithm;
-import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
-import org.bouncycastle.cms.RecipientId;
-import org.bouncycastle.cms.RecipientInformation;
-import org.bouncycastle.cms.RecipientInformationStore;
-import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
-import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
-import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId;
-import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
-import org.bouncycastle.operator.jcajce.JceAsymmetricKeyWrapper;
-import org.bouncycastle.util.Arrays;
-
-public class AllTests
- extends TestCase
-{
- private static final byte[] TEST_DATA = "Hello world!".getBytes();
- private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
- private static final String PASSPHRASE = "hello world";
-
- /*
- *
- * INFRASTRUCTURE
- *
- */
-
- public AllTests(String name)
- {
- super(name);
- }
-
- public static void main(String args[])
- {
- junit.textui.TestRunner.run(AllTests.class);
- }
-
- public static Test suite()
- {
- return new TestSuite(AllTests.class);
- }
-
- public void setUp()
- {
- Security.addProvider(new BouncyCastleProvider());
- }
-
- public void tearDown()
- {
-
- }
-
- public void testBasicMessageWithArchiveControl()
- throws Exception
- {
- KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
-
- kGen.initialize(512);
-
- KeyPair kp = kGen.generateKeyPair();
- X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test");
-
- JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ONE);
-
- certReqBuild.setSubject(new X500Principal("CN=Test"))
- .setPublicKey(kp.getPublic());
-
- certReqBuild.addControl(new JcaPKIArchiveControlBuilder(kp.getPrivate(), new X500Principal("CN=Test"))
- .addRecipientGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider(BC))
- .build(new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.AES128_CBC)).setProvider(BC).build()));
-
- JcaCertificateRequestMessage certReqMsg = new JcaCertificateRequestMessage(certReqBuild.build());
-
- assertEquals(new X500Principal("CN=Test"), certReqMsg.getSubjectX500Principal());
- assertEquals(kp.getPublic(), certReqMsg.getPublicKey());
-
- PKIArchiveControl archiveControl = (PKIArchiveControl)certReqMsg.getControl(CRMFObjectIdentifiers.id_regCtrl_pkiArchiveOptions);
-
- assertEquals(PKIArchiveControl.encryptedPrivKey, archiveControl.getArchiveType());
-
- assertTrue(archiveControl.isEnvelopedData());
-
- RecipientInformationStore recips = archiveControl.getEnvelopedData().getRecipientInfos();
-
- RecipientId recipientId = new JceKeyTransRecipientId(cert);
-
- RecipientInformation recipientInformation = recips.get(recipientId);
-
- assertNotNull(recipientInformation);
-
- EncKeyWithID encKeyWithID = EncKeyWithID.getInstance(recipientInformation.getContent(new JceKeyTransEnvelopedRecipient(kp.getPrivate()).setProvider(BC)));
-
- assertTrue(encKeyWithID.hasIdentifier());
- assertFalse(encKeyWithID.isIdentifierUTF8String());
-
- assertEquals(new GeneralName(X500Name.getInstance(new X500Principal("CN=Test").getEncoded())), encKeyWithID.getIdentifier());
- assertTrue(Arrays.areEqual(kp.getPrivate().getEncoded(), encKeyWithID.getPrivateKey().getEncoded()));
- }
-
- public void testProofOfPossessionWithoutSender()
- throws Exception
- {
- KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
-
- kGen.initialize(512);
-
- KeyPair kp = kGen.generateKeyPair();
- X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test");
-
- JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ONE);
-
- certReqBuild.setPublicKey(kp.getPublic())
- .setAuthInfoPKMAC(new PKMACBuilder(new JcePKMACValuesCalculator()), "fred".toCharArray())
- .setProofOfPossessionSigningKeySigner(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(kp.getPrivate()));
-
- certReqBuild.addControl(new JcaPKIArchiveControlBuilder(kp.getPrivate(), new X500Principal("CN=test"))
- .addRecipientGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider(BC))
- .build(new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.AES128_CBC)).setProvider(BC).build()));
-
- JcaCertificateRequestMessage certReqMsg = new JcaCertificateRequestMessage(certReqBuild.build().getEncoded());
-
- // check that internal check on popo signing is working okay
- try
- {
- certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic()));
- fail("IllegalStateException not thrown");
- }
- catch (IllegalStateException e)
- {
- // ignore
- }
-
- assertTrue(certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic()), new PKMACBuilder(new JcePKMACValuesCalculator().setProvider(BC)), "fred".toCharArray()));
-
- assertEquals(kp.getPublic(), certReqMsg.getPublicKey());
- }
-
- public void testProofOfPossessionWithSender()
- throws Exception
- {
- KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
-
- kGen.initialize(512);
-
- KeyPair kp = kGen.generateKeyPair();
- X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test");
-
- JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ONE);
-
- certReqBuild.setPublicKey(kp.getPublic())
- .setAuthInfoSender(new X500Principal("CN=Test"))
- .setProofOfPossessionSigningKeySigner(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(kp.getPrivate()));
-
- certReqBuild.addControl(new JcaPKIArchiveControlBuilder(kp.getPrivate(), new X500Principal("CN=test"))
- .addRecipientGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider(BC))
- .build(new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.AES128_CBC)).setProvider(BC).build()));
-
- JcaCertificateRequestMessage certReqMsg = new JcaCertificateRequestMessage(certReqBuild.build().getEncoded());
-
- // check that internal check on popo signing is working okay
- try
- {
- certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic()), new PKMACBuilder(new JcePKMACValuesCalculator().setProvider(BC)), "fred".toCharArray());
-
- fail("IllegalStateException not thrown");
- }
- catch (IllegalStateException e)
- {
- // ignore
- }
-
-
- assertTrue(certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic())));
-
- assertEquals(kp.getPublic(), certReqMsg.getPublicKey());
- }
-
- public void testProofOfPossessionWithTemplate()
- throws Exception
- {
- KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
-
- kGen.initialize(512);
-
- KeyPair kp = kGen.generateKeyPair();
- X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test");
-
- JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ONE);
-
- certReqBuild.setPublicKey(kp.getPublic())
- .setSubject(new X500Principal("CN=Test"))
- .setAuthInfoSender(new X500Principal("CN=Test"))
- .setProofOfPossessionSigningKeySigner(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(kp.getPrivate()));
-
- certReqBuild.addControl(new JcaPKIArchiveControlBuilder(kp.getPrivate(), new X500Principal("CN=test"))
- .addRecipientGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider(BC))
- .build(new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.AES128_CBC)).setProvider(BC).build()));
-
- JcaCertificateRequestMessage certReqMsg = new JcaCertificateRequestMessage(certReqBuild.build().getEncoded());
-
- assertTrue(certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic())));
-
- assertEquals(kp.getPublic(), certReqMsg.getPublicKey());
- }
-
- public void testEncryptedValue()
- throws Exception
- {
- KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
-
- kGen.initialize(512);
-
- KeyPair kp = kGen.generateKeyPair();
- X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test");
-
- JcaEncryptedValueBuilder build = new JcaEncryptedValueBuilder(new JceAsymmetricKeyWrapper(cert.getPublicKey()).setProvider(BC), new JceCRMFEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
- EncryptedValue value = build.build(cert);
- ValueDecryptorGenerator decGen = new JceAsymmetricValueDecryptorGenerator(kp.getPrivate()).setProvider(BC);
-
- // try direct
- encryptedValueParserTest(value, decGen, cert);
-
- // try indirect
- encryptedValueParserTest(EncryptedValue.getInstance(value.getEncoded()), decGen, cert);
- }
-
- private void encryptedValueParserTest(EncryptedValue value, ValueDecryptorGenerator decGen, X509Certificate cert)
- throws Exception
- {
- EncryptedValueParser parser = new EncryptedValueParser(value);
-
- X509CertificateHolder holder = parser.readCertificateHolder(decGen);
-
- assertTrue(Arrays.areEqual(cert.getEncoded(), holder.getEncoded()));
- }
-
- public void testEncryptedValuePassphrase()
- throws Exception
- {
- char[] passphrase = PASSPHRASE.toCharArray();
- KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
-
- kGen.initialize(512);
-
- KeyPair kp = kGen.generateKeyPair();
- X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test");
-
- EncryptedValueBuilder build = new EncryptedValueBuilder(new JceAsymmetricKeyWrapper(cert.getPublicKey()).setProvider(BC), new JceCRMFEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build());
- EncryptedValue value = build.build(passphrase);
- ValueDecryptorGenerator decGen = new JceAsymmetricValueDecryptorGenerator(kp.getPrivate()).setProvider(BC);
-
- // try direct
- encryptedValuePassphraseParserTest(value, null, decGen, cert);
-
- // try indirect
- encryptedValuePassphraseParserTest(EncryptedValue.getInstance(value.getEncoded()), null, decGen, cert);
- }
-
- public void testEncryptedValuePassphraseWithPadding()
- throws Exception
- {
- char[] passphrase = PASSPHRASE.toCharArray();
- KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC);
-
- kGen.initialize(512);
-
- KeyPair kp = kGen.generateKeyPair();
- X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test");
-
- BcFixedLengthMGF1Padder mgf1Padder = new BcFixedLengthMGF1Padder(200, new SecureRandom());
- EncryptedValueBuilder build = new EncryptedValueBuilder(new JceAsymmetricKeyWrapper(cert.getPublicKey()).setProvider(BC), new JceCRMFEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build(), mgf1Padder);
- EncryptedValue value = build.build(passphrase);
- ValueDecryptorGenerator decGen = new JceAsymmetricValueDecryptorGenerator(kp.getPrivate()).setProvider(BC);
-
- // try direct
- encryptedValuePassphraseParserTest(value, mgf1Padder, decGen, cert);
-
- // try indirect
- encryptedValuePassphraseParserTest(EncryptedValue.getInstance(value.getEncoded()), mgf1Padder, decGen, cert);
- }
-
- private void encryptedValuePassphraseParserTest(EncryptedValue value, EncryptedValuePadder padder, ValueDecryptorGenerator decGen, X509Certificate cert)
- throws Exception
- {
- EncryptedValueParser parser = new EncryptedValueParser(value, padder);
-
- assertTrue(Arrays.areEqual(PASSPHRASE.toCharArray(), parser.readPassphrase(decGen)));
- }
-
- private static X509Certificate makeV1Certificate(KeyPair subKP, String _subDN, KeyPair issKP, String _issDN)
- throws GeneralSecurityException, IOException, OperatorCreationException
- {
-
- PublicKey subPub = subKP.getPublic();
- PrivateKey issPriv = issKP.getPrivate();
- PublicKey issPub = issKP.getPublic();
-
- X509v1CertificateBuilder v1CertGen = new JcaX509v1CertificateBuilder(
- new X500Name(_issDN),
- BigInteger.valueOf(System.currentTimeMillis()),
- new Date(System.currentTimeMillis()),
- new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)),
- new X500Name(_subDN),
- subPub);
-
- JcaContentSignerBuilder signerBuilder = null;
-
- if (issPub instanceof RSAPublicKey)
- {
- signerBuilder = new JcaContentSignerBuilder("SHA1WithRSA");
- }
- else if (issPub.getAlgorithm().equals("DSA"))
- {
- signerBuilder = new JcaContentSignerBuilder("SHA1withDSA");
- }
- else if (issPub.getAlgorithm().equals("ECDSA"))
- {
- signerBuilder = new JcaContentSignerBuilder("SHA1withECDSA");
- }
- else if (issPub.getAlgorithm().equals("ECGOST3410"))
- {
- signerBuilder = new JcaContentSignerBuilder("GOST3411withECGOST3410");
- }
- else
- {
- signerBuilder = new JcaContentSignerBuilder("GOST3411WithGOST3410");
- }
-
- signerBuilder.setProvider(BC);
-
- X509Certificate _cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(v1CertGen.build(signerBuilder.build(issPriv)));
-
- _cert.checkValidity(new Date());
- _cert.verify(issPub);
-
- return _cert;
- }
-} \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 15:31:09 +0000