001: package org.bouncycastle.asn1.test;
002:
003: import org.bouncycastle.asn1.ASN1InputStream;
004: import org.bouncycastle.asn1.ASN1OctetString;
005: import org.bouncycastle.asn1.ASN1Sequence;
006: import org.bouncycastle.asn1.DERBitString;
007: import org.bouncycastle.asn1.DERInteger;
008: import org.bouncycastle.asn1.DERObjectIdentifier;
009: import org.bouncycastle.asn1.util.ASN1Dump;
010: import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
011: import org.bouncycastle.asn1.x509.AttCertIssuer;
012: import org.bouncycastle.asn1.x509.AttCertValidityPeriod;
013: import org.bouncycastle.asn1.x509.Attribute;
014: import org.bouncycastle.asn1.x509.AttributeCertificate;
015: import org.bouncycastle.asn1.x509.AttributeCertificateInfo;
016: import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
017: import org.bouncycastle.asn1.x509.BasicConstraints;
018: import org.bouncycastle.asn1.x509.CRLDistPoint;
019: import org.bouncycastle.asn1.x509.DistributionPoint;
020: import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
021: import org.bouncycastle.asn1.x509.GeneralName;
022: import org.bouncycastle.asn1.x509.GeneralNames;
023: import org.bouncycastle.asn1.x509.Holder;
024: import org.bouncycastle.asn1.x509.KeyPurposeId;
025: import org.bouncycastle.asn1.x509.KeyUsage;
026: import org.bouncycastle.asn1.x509.PolicyInformation;
027: import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
028: import org.bouncycastle.asn1.x509.TBSCertificateStructure;
029: import org.bouncycastle.asn1.x509.X509CertificateStructure;
030: import org.bouncycastle.asn1.x509.X509Extension;
031: import org.bouncycastle.asn1.x509.X509Extensions;
032: import org.bouncycastle.util.encoders.Base64;
033: import org.bouncycastle.util.test.SimpleTest;
034:
035: import java.io.ByteArrayInputStream;
036: import java.util.Enumeration;
037:
038: public class CertificateTest extends SimpleTest {
039: //
040: // server.crt
041: //
042: byte[] cert1 = Base64
043: .decode("MIIDXjCCAsegAwIBAgIBBzANBgkqhkiG9w0BAQQFADCBtzELMAkGA1UEBhMCQVUx"
044: + "ETAPBgNVBAgTCFZpY3RvcmlhMRgwFgYDVQQHEw9Tb3V0aCBNZWxib3VybmUxGjAY"
045: + "BgNVBAoTEUNvbm5lY3QgNCBQdHkgTHRkMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBB"
046: + "dXRob3JpdHkxFTATBgNVBAMTDENvbm5lY3QgNCBDQTEoMCYGCSqGSIb3DQEJARYZ"
047: + "d2VibWFzdGVyQGNvbm5lY3Q0LmNvbS5hdTAeFw0wMDA2MDIwNzU2MjFaFw0wMTA2"
048: + "MDIwNzU2MjFaMIG4MQswCQYDVQQGEwJBVTERMA8GA1UECBMIVmljdG9yaWExGDAW"
049: + "BgNVBAcTD1NvdXRoIE1lbGJvdXJuZTEaMBgGA1UEChMRQ29ubmVjdCA0IFB0eSBM"
050: + "dGQxFzAVBgNVBAsTDldlYnNlcnZlciBUZWFtMR0wGwYDVQQDExR3d3cyLmNvbm5l"
051: + "Y3Q0LmNvbS5hdTEoMCYGCSqGSIb3DQEJARYZd2VibWFzdGVyQGNvbm5lY3Q0LmNv"
052: + "bS5hdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArvDxclKAhyv7Q/Wmr2re"
053: + "Gw4XL9Cnh9e+6VgWy2AWNy/MVeXdlxzd7QAuc1eOWQkGQEiLPy5XQtTY+sBUJ3AO"
054: + "Rvd2fEVJIcjf29ey7bYua9J/vz5MG2KYo9/WCHIwqD9mmG9g0xLcfwq/s8ZJBswE"
055: + "7sb85VU+h94PTvsWOsWuKaECAwEAAaN3MHUwJAYDVR0RBB0wG4EZd2VibWFzdGVy"
056: + "QGNvbm5lY3Q0LmNvbS5hdTA6BglghkgBhvhCAQ0ELRYrbW9kX3NzbCBnZW5lcmF0"
057: + "ZWQgY3VzdG9tIHNlcnZlciBjZXJ0aWZpY2F0ZTARBglghkgBhvhCAQEEBAMCBkAw"
058: + "DQYJKoZIhvcNAQEEBQADgYEAotccfKpwSsIxM1Hae8DR7M/Rw8dg/RqOWx45HNVL"
059: + "iBS4/3N/TO195yeQKbfmzbAA2jbPVvIvGgTxPgO1MP4ZgvgRhasaa0qCJCkWvpM4"
060: + "yQf33vOiYQbpv4rTwzU8AmRlBG45WdjyNIigGV+oRc61aKCTnLq7zB8N3z1TF/bF"
061: + "5/8=");
062:
063: //
064: // ca.crt
065: //
066: byte[] cert2 = Base64
067: .decode("MIIDbDCCAtWgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBtzELMAkGA1UEBhMCQVUx"
068: + "ETAPBgNVBAgTCFZpY3RvcmlhMRgwFgYDVQQHEw9Tb3V0aCBNZWxib3VybmUxGjAY"
069: + "BgNVBAoTEUNvbm5lY3QgNCBQdHkgTHRkMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBB"
070: + "dXRob3JpdHkxFTATBgNVBAMTDENvbm5lY3QgNCBDQTEoMCYGCSqGSIb3DQEJARYZ"
071: + "d2VibWFzdGVyQGNvbm5lY3Q0LmNvbS5hdTAeFw0wMDA2MDIwNzU1MzNaFw0wMTA2"
072: + "MDIwNzU1MzNaMIG3MQswCQYDVQQGEwJBVTERMA8GA1UECBMIVmljdG9yaWExGDAW"
073: + "BgNVBAcTD1NvdXRoIE1lbGJvdXJuZTEaMBgGA1UEChMRQ29ubmVjdCA0IFB0eSBM"
074: + "dGQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEVMBMGA1UEAxMMQ29u"
075: + "bmVjdCA0IENBMSgwJgYJKoZIhvcNAQkBFhl3ZWJtYXN0ZXJAY29ubmVjdDQuY29t"
076: + "LmF1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgs5ptNG6Qv1ZpCDuUNGmv"
077: + "rhjqMDPd3ri8JzZNRiiFlBA4e6/ReaO1U8ASewDeQMH6i9R6degFdQRLngbuJP0s"
078: + "xcEE+SksEWNvygfzLwV9J/q+TQDyJYK52utb++lS0b48A1KPLwEsyL6kOAgelbur"
079: + "ukwxowprKUIV7Knf1ajetQIDAQABo4GFMIGCMCQGA1UdEQQdMBuBGXdlYm1hc3Rl"
080: + "ckBjb25uZWN0NC5jb20uYXUwDwYDVR0TBAgwBgEB/wIBADA2BglghkgBhvhCAQ0E"
081: + "KRYnbW9kX3NzbCBnZW5lcmF0ZWQgY3VzdG9tIENBIGNlcnRpZmljYXRlMBEGCWCG"
082: + "SAGG+EIBAQQEAwICBDANBgkqhkiG9w0BAQQFAAOBgQCsGvfdghH8pPhlwm1r3pQk"
083: + "msnLAVIBb01EhbXm2861iXZfWqGQjrGAaA0ZpXNk9oo110yxoqEoSJSzniZa7Xtz"
084: + "soTwNUpE0SLHvWf/SlKdFWlzXA+vOZbzEv4UmjeelekTm7lc01EEa5QRVzOxHFtQ"
085: + "DhkaJ8VqOMajkQFma2r9iA==");
086:
087: //
088: // testx509.pem
089: //
090: byte[] cert3 = Base64
091: .decode("MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV"
092: + "BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz"
093: + "MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM"
094: + "RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF"
095: + "AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO"
096: + "/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE"
097: + "Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ"
098: + "zl9HYIMxATFyqSiD9jsx");
099:
100: //
101: // v3-cert1.pem
102: //
103: byte[] cert4 = Base64
104: .decode("MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx"
105: + "NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz"
106: + "dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw"
107: + "ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu"
108: + "ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2"
109: + "ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp"
110: + "miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C"
111: + "AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK"
112: + "Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x"
113: + "DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR"
114: + "MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB"
115: + "AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21"
116: + "X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3"
117: + "WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO");
118:
119: //
120: // v3-cert2.pem
121: //
122: byte[] cert5 = Base64
123: .decode("MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD"
124: + "YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0"
125: + "ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu"
126: + "dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1"
127: + "WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV"
128: + "BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx"
129: + "FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA"
130: + "6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT"
131: + "G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ"
132: + "YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm"
133: + "b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc"
134: + "F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz"
135: + "lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap"
136: + "jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU=");
137:
138: byte[] cert6 = Base64
139: .decode("MIIEDjCCAvagAwIBAgIEFAAq2jANBgkqhkiG9w0BAQUFADBLMSowKAYDVQQDEyFT"
140: + "dW4gTWljcm9zeXN0ZW1zIEluYyBDQSAoQ2xhc3MgQikxHTAbBgNVBAoTFFN1biBN"
141: + "aWNyb3N5c3RlbXMgSW5jMB4XDTA0MDIyOTAwNDMzNFoXDTA5MDMwMTAwNDMzNFow"
142: + "NzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxFjAUBgNVBAMTDXN0b3Jl"
143: + "LnN1bi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAP9ErzFT7MPg2bVV"
144: + "LNmHTgN4kmiRNlPpuLGWS7EDIXYBbLeSSOCp/e1ANcOGnsuf0WIq9ejd/CPyEfh4"
145: + "sWoVvQzpOfHZ/Jyei29PEuxzWT+4kQmCx3+sLK25lAnDFsz1KiFmB6Y3GJ/JSjpp"
146: + "L0Yy1R9YlIc82I8gSw44y5JDABW5AgMBAAGjggGQMIIBjDAOBgNVHQ8BAf8EBAMC"
147: + "BaAwHQYDVR0OBBYEFG1WB3PApZM7OPPVWJ31UrERaoKWMEcGA1UdIARAMD4wPAYL"
148: + "YIZIAYb3AIN9k18wLTArBggrBgEFBQcCARYfaHR0cDovL3d3dy5zdW4uY29tL3Br"
149: + "aS9jcHMuaHRtbDCBhQYDVR0fBH4wfDB6oCegJYYjaHR0cDovL3d3dy5zdW4uY29t"
150: + "L3BraS9wa2lzbWljYS5jcmyiT6RNMEsxKjAoBgNVBAMTIVN1biBNaWNyb3N5c3Rl"
151: + "bXMgSW5jIENBIChDbGFzcyBCKTEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJ"
152: + "bmMwHwYDVR0jBBgwFoAUT7ZnqR/EEBSgG6h1wdYMI5RiiWswVAYIKwYBBQUHAQEE"
153: + "SDBGMB0GCCsGAQUFBzABhhFodHRwOi8vdmEuc3VuLmNvbTAlBggrBgEFBQcwAYYZ"
154: + "aHR0cDovL3ZhLmNlbnRyYWwuc3VuLmNvbTATBgNVHSUEDDAKBggrBgEFBQcDATAN"
155: + "BgkqhkiG9w0BAQUFAAOCAQEAq3byQgyU24tBpR07iQK7agm1zQyzDQ6itdbji0ln"
156: + "T7fOd5Pnp99iig8ovwWliNtXKAmgtJY60jWz7nEuk38AioZJhS+RPWIWX/+2PRV7"
157: + "s2aWTzM3n43BypD+jU2qF9c9kDWP/NW9K9IcrS7SfU/2MZVmiCMD/9FEL+CWndwE"
158: + "JJQ/oenXm44BFISI/NjV7fMckN8EayPvgtzQkD5KnEiggOD6HOrwTDFR+tmAEJ0K"
159: + "ZttQNwOzCOcEdxXTg6qBHUbONdL7bjTT5NzV+JR/bnfiCqHzdnGwfbHzhmrnXw8j"
160: + "QCVXcfBfL9++nmpNNRlnJMRdYGeCY6OAfh/PRo8/fXak1Q==");
161:
162: byte[] cert7 = Base64
163: .decode("MIIFJDCCBAygAwIBAgIKEcJZuwAAAAAABzANBgkqhkiG9w0BAQUFADAPMQ0wCwYD"
164: + "VQQDEwRNU0NBMB4XDTA0MDUyMjE2MTM1OFoXDTA1MDUyMjE2MjM1OFowaTEbMBkG"
165: + "CSqGSIb3DQEJCBMMMTkyLjE2OC4xLjMzMScwJQYJKoZIhvcNAQkCExhwaXhmaXJl"
166: + "d2FsbC5jaXNjb3BpeC5jb20xITAfBgNVBAMTGHBpeGZpcmV3YWxsLmNpc2NvcGl4"
167: + "LmNvbTB8MA0GCSqGSIb3DQEBAQUAA2sAMGgCYQCbcsY7vrjweXZiFQdhUafEjJV+"
168: + "HRy5UKmuCy0237ffmYrN+XNLw0h90cdCSK6KPZebd2E2Bc2UmTikc/FY8meBT3/E"
169: + "O/Osmywzi++Ur8/IrDvtuR1zd0c/xEPnV1ZRezkCAwEAAaOCAs4wggLKMAsGA1Ud"
170: + "DwQEAwIFoDAdBgNVHQ4EFgQUzJBSxkQiN9TKvhTMQ1/Aq4gZnHswHwYDVR0jBBgw"
171: + "FoAUMsxzXVh+5UKMNpwNHmqSfcRYfJ4wgfcGA1UdHwSB7zCB7DCB6aCB5qCB44aB"
172: + "r2xkYXA6Ly8vQ049TVNDQSxDTj1NQVVELENOPUNEUCxDTj1QdWJsaWMlMjBLZXkl"
173: + "MjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPWludCxE"
174: + "Qz1wcmltZWtleSxEQz1zZT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/"
175: + "b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGL2h0dHA6Ly9tYXVkLmlu"
176: + "dC5wcmltZWtleS5zZS9DZXJ0RW5yb2xsL01TQ0EuY3JsMIIBEAYIKwYBBQUHAQEE"
177: + "ggECMIH/MIGqBggrBgEFBQcwAoaBnWxkYXA6Ly8vQ049TVNDQSxDTj1BSUEsQ049"
178: + "UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJh"
179: + "dGlvbixEQz1pbnQsREM9cHJpbWVrZXksREM9c2U/Y0FDZXJ0aWZpY2F0ZT9iYXNl"
180: + "P29iamVjdENsYXNzPWNlcnRpZmljYXRpb25BdXRob3JpdHkwUAYIKwYBBQUHMAKG"
181: + "RGh0dHA6Ly9tYXVkLmludC5wcmltZWtleS5zZS9DZXJ0RW5yb2xsL01BVUQuaW50"
182: + "LnByaW1la2V5LnNlX01TQ0EuY3J0MCwGA1UdEQEB/wQiMCCCGHBpeGZpcmV3YWxs"
183: + "LmNpc2NvcGl4LmNvbYcEwKgBITA/BgkrBgEEAYI3FAIEMh4wAEkAUABTAEUAQwBJ"
184: + "AG4AdABlAHIAbQBlAGQAaQBhAHQAZQBPAGYAZgBsAGkAbgBlMA0GCSqGSIb3DQEB"
185: + "BQUAA4IBAQCa0asiPbObLJjpSz6ndJ7y4KOWMiuuBc/VQBnLr7RBCF3ZlZ6z1+e6"
186: + "dmv8se/z11NgateKfxw69IhLCriA960HEgX9Z61MiVG+DrCFpbQyp8+hPFHoqCZN"
187: + "b7upc8k2OtJW6KPaP9k0DW52YQDIky4Vb2rZeC4AMCorWN+KlndHhr1HFA14HxwA"
188: + "4Mka0FM6HNWnBV2UmTjBZMDr/OrGH1jLYIceAaZK0X2R+/DWXeeqIga8jwP5empq"
189: + "JetYnkXdtTbEh3xL0BX+mZl8vDI+/PGcwox/7YjFmyFWphRMxk9CZ3rF2/FQWMJP"
190: + "YqQpKiQOmQg5NAhcwffLAuVjVVibPYqi");
191:
192: byte[] cert8 = Base64
193: .decode("MIIB0zCCATwCAQEwbqBsMGekZTBjMQswCQYDVQQGEwJERTELMAkGA1UECBMCQlkx"
194: + "EzARBgNVBAcTClJlZ2Vuc2J1cmcxEDAOBgNVBAoTB0FDIFRlc3QxCzAJBgNVBAsT"
195: + "AkNBMRMwEQYDVQQDEwpBQyBUZXN0IENBAgEBoHYwdKRyMHAxCzAJBgNVBAYTAkRF"
196: + "MQswCQYDVQQIEwJCWTETMBEGA1UEBxMKUmVnZW5zYnVyZzESMBAGA1UEChMJQUMg"
197: + "SXNzdWVyMRowGAYDVQQLExFBQyBJc3N1ZXIgc2VjdGlvbjEPMA0GA1UEAxMGQUMg"
198: + "TWFuMA0GCSqGSIb3DQEBBQUAAgEBMCIYDzIwMDQxMTI2MTI1MjUxWhgPMjAwNDEy"
199: + "MzEyMzAwMDBaMBkwFwYDVRhIMRAwDoEMREFVMTIzNDU2Nzg5MA0GCSqGSIb3DQEB"
200: + "BQUAA4GBABd4Odx3yEMGL/BvItuT1RafNR2uuWuZbajg0pD6bshUsl+WCIfRiEkq"
201: + "lHMkpI7WqAZikdnAEQ5jQsVWEuVejWxR6gjejKxc0fb9qpIui7/GoI5Eh6dmG20e"
202: + "xbwJL3+6YYFrZwxR8cC5rPvWrblUR5XKJy+Zp/H5+t9iANnL1L8J");
203:
204: String[] subjects = {
205: "C=AU,ST=Victoria,L=South Melbourne,O=Connect 4 Pty Ltd,OU=Webserver Team,CN=www2.connect4.com.au,E=webmaster@connect4.com.au",
206: "C=AU,ST=Victoria,L=South Melbourne,O=Connect 4 Pty Ltd,OU=Certificate Authority,CN=Connect 4 CA,E=webmaster@connect4.com.au",
207: "C=AU,ST=QLD,CN=SSLeay/rsa test cert",
208: "C=US,O=National Aeronautics and Space Administration,SERIALNUMBER=16+CN=Steve Schoch",
209: "E=cooke@issl.atl.hp.com,C=US,OU=Hewlett Packard Company (ISSL),CN=Paul A. Cooke",
210: "O=Sun Microsystems Inc,CN=store.sun.com",
211: "unstructuredAddress=192.168.1.33,unstructuredName=pixfirewall.ciscopix.com,CN=pixfirewall.ciscopix.com" };
212:
213: public String getName() {
214: return "Certificate";
215: }
216:
217: public void checkCertificate(int id, byte[] cert) throws Exception {
218: ByteArrayInputStream bIn;
219: ASN1InputStream aIn;
220: String dump = "";
221:
222: bIn = new ByteArrayInputStream(cert);
223: aIn = new ASN1InputStream(bIn);
224:
225: ASN1Sequence seq = (ASN1Sequence) aIn.readObject();
226: dump = ASN1Dump.dumpAsString(seq);
227:
228: X509CertificateStructure obj = new X509CertificateStructure(seq);
229: TBSCertificateStructure tbsCert = obj.getTBSCertificate();
230:
231: if (!tbsCert.getSubject().toString().equals(subjects[id - 1])) {
232: fail("failed subject test for certificate id " + id
233: + " got " + tbsCert.getSubject().toString());
234: }
235:
236: if (tbsCert.getVersion() == 3) {
237: X509Extensions ext = tbsCert.getExtensions();
238: if (ext != null) {
239: Enumeration en = ext.oids();
240: while (en.hasMoreElements()) {
241: DERObjectIdentifier oid = (DERObjectIdentifier) en
242: .nextElement();
243: X509Extension extVal = ext.getExtension(oid);
244:
245: ASN1OctetString oct = extVal.getValue();
246: ASN1InputStream extIn = new ASN1InputStream(
247: new ByteArrayInputStream(oct.getOctets()));
248:
249: if (oid.equals(X509Extensions.SubjectKeyIdentifier)) {
250: SubjectKeyIdentifier si = SubjectKeyIdentifier
251: .getInstance(extIn.readObject());
252: } else if (oid.equals(X509Extensions.KeyUsage)) {
253: DERBitString ku = KeyUsage.getInstance(extIn
254: .readObject());
255: } else if (oid
256: .equals(X509Extensions.ExtendedKeyUsage)) {
257: ExtendedKeyUsage ku = ExtendedKeyUsage
258: .getInstance(extIn.readObject());
259:
260: ASN1Sequence sq = (ASN1Sequence) ku
261: .getDERObject();
262: for (int i = 0; i != sq.size(); i++) {
263: DERObjectIdentifier p = KeyPurposeId
264: .getInstance(sq.getObjectAt(i));
265: }
266: } else if (oid
267: .equals(X509Extensions.SubjectAlternativeName)) {
268: GeneralNames gn = GeneralNames
269: .getInstance(extIn.readObject());
270:
271: ASN1Sequence sq = (ASN1Sequence) gn
272: .getDERObject();
273: for (int i = 0; i != sq.size(); i++) {
274: GeneralName n = GeneralName.getInstance(sq
275: .getObjectAt(i));
276: }
277: } else if (oid
278: .equals(X509Extensions.IssuerAlternativeName)) {
279: GeneralNames gn = GeneralNames
280: .getInstance(extIn.readObject());
281:
282: ASN1Sequence sq = (ASN1Sequence) gn
283: .getDERObject();
284: for (int i = 0; i != sq.size(); i++) {
285: GeneralName n = GeneralName.getInstance(sq
286: .getObjectAt(i));
287: }
288: } else if (oid
289: .equals(X509Extensions.CRLDistributionPoints)) {
290: CRLDistPoint p = CRLDistPoint.getInstance(extIn
291: .readObject());
292:
293: DistributionPoint[] points = p
294: .getDistributionPoints();
295: for (int i = 0; i != points.length; i++) {
296: // do nothing
297: }
298: } else if (oid
299: .equals(X509Extensions.CertificatePolicies)) {
300: ASN1Sequence cp = (ASN1Sequence) extIn
301: .readObject();
302:
303: for (int i = 0; i != cp.size(); i++) {
304: PolicyInformation.getInstance(cp
305: .getObjectAt(i));
306: }
307: } else if (oid
308: .equals(X509Extensions.AuthorityKeyIdentifier)) {
309: AuthorityKeyIdentifier auth = AuthorityKeyIdentifier
310: .getInstance(extIn.readObject());
311: } else if (oid
312: .equals(X509Extensions.BasicConstraints)) {
313: BasicConstraints bc = BasicConstraints
314: .getInstance(extIn.readObject());
315: } else {
316: //System.out.println(oid.getId());
317: }
318: }
319: }
320: }
321: }
322:
323: public void checkAttributeCertificate(int id, byte[] cert)
324: throws Exception {
325: ByteArrayInputStream bIn;
326: ASN1InputStream aIn;
327: String dump = "";
328:
329: bIn = new ByteArrayInputStream(cert);
330: aIn = new ASN1InputStream(bIn);
331:
332: ASN1Sequence seq = (ASN1Sequence) aIn.readObject();
333: dump = ASN1Dump.dumpAsString(seq);
334:
335: AttributeCertificate obj = new AttributeCertificate(seq);
336: AttributeCertificateInfo acInfo = obj.getAcinfo();
337:
338: // Version
339: if (!(acInfo.getVersion().equals(new DERInteger(1)))
340: && (!(acInfo.getVersion().equals(new DERInteger(2))))) {
341: fail("failed AC Version test for id " + id);
342: }
343:
344: // Holder
345: Holder h = acInfo.getHolder();
346: if (h == null) {
347: fail("failed AC Holder test, it's null, for id " + id);
348: }
349:
350: // Issuer
351: AttCertIssuer aci = acInfo.getIssuer();
352: if (aci == null) {
353: fail("failed AC Issuer test, it's null, for id " + id);
354: }
355:
356: // Signature
357: AlgorithmIdentifier sig = acInfo.getSignature();
358: if (sig == null) {
359: fail("failed AC Signature test for id " + id);
360: }
361:
362: // Serial
363: DERInteger serial = acInfo.getSerialNumber();
364:
365: // Validity
366: AttCertValidityPeriod validity = acInfo
367: .getAttrCertValidityPeriod();
368: if (validity == null) {
369: fail("failed AC AttCertValidityPeriod test for id " + id);
370: }
371:
372: // Attributes
373: ASN1Sequence attribSeq = acInfo.getAttributes();
374: Attribute att[] = new Attribute[attribSeq.size()];
375: for (int i = 0; i < attribSeq.size(); i++) {
376: att[i] = Attribute.getInstance(attribSeq.getObjectAt(i));
377: }
378:
379: // IssuerUniqueId
380: // TODO, how to best test?
381:
382: // X509 Extensions
383: X509Extensions ext = acInfo.getExtensions();
384: if (ext != null) {
385: Enumeration en = ext.oids();
386: while (en.hasMoreElements()) {
387: DERObjectIdentifier oid = (DERObjectIdentifier) en
388: .nextElement();
389: X509Extension extVal = ext.getExtension(oid);
390: }
391: }
392: }
393:
394: public void performTest() throws Exception {
395: checkCertificate(1, cert1);
396: checkCertificate(2, cert2);
397: checkCertificate(3, cert3);
398: checkCertificate(4, cert4);
399: checkCertificate(5, cert5);
400: checkCertificate(6, cert6);
401: checkCertificate(7, cert7);
402: checkAttributeCertificate(8, cert8);
403: }
404:
405: public static void main(String[] args) {
406: runTest(new CertificateTest());
407: }
408: }
|