001: package org.bouncycastle.jce.provider.test;
002:
003: import java.io.ByteArrayInputStream;
004: import java.math.BigInteger;
005: import java.security.KeyFactory;
006: import java.security.PrivateKey;
007: import java.security.Security;
008: import java.security.cert.CertificateFactory;
009: import java.security.cert.X509Certificate;
010: import java.security.spec.RSAPrivateCrtKeySpec;
011: import java.util.Date;
012:
013: import org.bouncycastle.asn1.ASN1EncodableVector;
014: import org.bouncycastle.asn1.DERSequence;
015: import org.bouncycastle.asn1.x509.GeneralName;
016: import org.bouncycastle.asn1.x509.Target;
017: import org.bouncycastle.asn1.x509.TargetInformation;
018: import org.bouncycastle.asn1.x509.X509Extensions;
019: import org.bouncycastle.jce.X509Principal;
020: import org.bouncycastle.jce.PrincipalUtil;
021: import org.bouncycastle.jce.provider.BouncyCastleProvider;
022: import org.bouncycastle.util.encoders.Base64;
023: import org.bouncycastle.util.test.SimpleTest;
024: import org.bouncycastle.util.test.Test;
025: import org.bouncycastle.util.test.TestResult;
026: import org.bouncycastle.x509.AttributeCertificateHolder;
027: import org.bouncycastle.x509.AttributeCertificateIssuer;
028: import org.bouncycastle.x509.X509Attribute;
029: import org.bouncycastle.x509.X509AttributeCertStoreSelector;
030: import org.bouncycastle.x509.X509AttributeCertificate;
031: import org.bouncycastle.x509.X509V2AttributeCertificateGenerator;
032:
033: public class AttrCertSelectorTest extends SimpleTest {
034:
035: static final RSAPrivateCrtKeySpec RSA_PRIVATE_KEY_SPEC = new RSAPrivateCrtKeySpec(
036: new BigInteger(
037: "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
038: 16),
039: new BigInteger("11", 16),
040: new BigInteger(
041: "9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89",
042: 16),
043: new BigInteger(
044: "c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb",
045: 16),
046: new BigInteger(
047: "f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5",
048: 16),
049: new BigInteger(
050: "b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391",
051: 16),
052: new BigInteger(
053: "d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd",
054: 16),
055: new BigInteger(
056: "b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19",
057: 16));
058:
059: static final byte[] holderCert = Base64
060: .decode("MIIGjTCCBXWgAwIBAgICAPswDQYJKoZIhvcNAQEEBQAwaTEdMBsGCSqGSIb3DQEJ"
061: + "ARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZpcmdpbmlhIFRlY2ggQ2VydGlm"
062: + "aWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0MQswCQYDVQQGEwJVUzAeFw0w"
063: + "MzAxMzExMzUyMTRaFw0wNDAxMzExMzUyMTRaMIGDMRswGQYJKoZIhvcNAQkBFgxz"
064: + "c2hhaEB2dC5lZHUxGzAZBgNVBAMTElN1bWl0IFNoYWggKHNzaGFoKTEbMBkGA1UE"
065: + "CxMSVmlyZ2luaWEgVGVjaCBVc2VyMRAwDgYDVQQLEwdDbGFzcyAxMQswCQYDVQQK"
066: + "EwJ2dDELMAkGA1UEBhMCVVMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPDc"
067: + "scgSKmsEp0VegFkuitD5j5PUkDuzLjlfaYONt2SN8WeqU4j2qtlCnsipa128cyKS"
068: + "JzYe9duUdNxquh5BPIkMkHBw4jHoQA33tk0J/sydWdN74/AHPpPieK5GHwhU7GTG"
069: + "rCCS1PJRxjXqse79ExAlul+gjQwHeldAC+d4A6oZAgMBAAGjggOmMIIDojAMBgNV"
070: + "HRMBAf8EAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAOBgNVHQ8BAf8EBAMCA/gwHQYD"
071: + "VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBRUIoWAzlXbzBYE"
072: + "yVTjQFWyMMKo1jCBkwYDVR0jBIGLMIGIgBTgc3Fm+TGqKDhen+oKfbl+xVbj2KFt"
073: + "pGswaTEdMBsGCSqGSIb3DQEJARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZp"
074: + "cmdpbmlhIFRlY2ggQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0"
075: + "MQswCQYDVQQGEwJVU4IBADCBiwYJYIZIAYb4QgENBH4WfFZpcmdpbmlhIFRlY2gg"
076: + "Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgZGlnaXRhbCBjZXJ0aWZpY2F0ZXMgYXJl"
077: + "IHN1YmplY3QgdG8gcG9saWNpZXMgbG9jYXRlZCBhdCBodHRwOi8vd3d3LnBraS52"
078: + "dC5lZHUvY2EvY3BzLy4wFwYDVR0RBBAwDoEMc3NoYWhAdnQuZWR1MBkGA1UdEgQS"
079: + "MBCBDmlybWhlbHBAdnQuZWR1MEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcwAoYn"
080: + "aHR0cDovL2JveDE3Ny5jYy52dC5lZHUvY2EvaXNzdWVycy5odG1sMEQGA1UdHwQ9"
081: + "MDswOaA3oDWGM2h0dHA6Ly9ib3gxNzcuY2MudnQuZWR1L2h0ZG9jcy1wdWJsaWMv"
082: + "Y3JsL2NhY3JsLmNybDBUBgNVHSAETTBLMA0GCysGAQQBtGgFAQEBMDoGCysGAQQB"
083: + "tGgFAQEBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cucGtpLnZ0LmVkdS9jYS9j"
084: + "cHMvMD8GCWCGSAGG+EIBBAQyFjBodHRwOi8vYm94MTc3LmNjLnZ0LmVkdS9jZ2kt"
085: + "cHVibGljL2NoZWNrX3Jldl9jYT8wPAYJYIZIAYb4QgEDBC8WLWh0dHA6Ly9ib3gx"
086: + "NzcuY2MudnQuZWR1L2NnaS1wdWJsaWMvY2hlY2tfcmV2PzBLBglghkgBhvhCAQcE"
087: + "PhY8aHR0cHM6Ly9ib3gxNzcuY2MudnQuZWR1L35PcGVuQ0E4LjAxMDYzMC9jZ2kt"
088: + "cHVibGljL3JlbmV3YWw/MCwGCWCGSAGG+EIBCAQfFh1odHRwOi8vd3d3LnBraS52"
089: + "dC5lZHUvY2EvY3BzLzANBgkqhkiG9w0BAQQFAAOCAQEAHJ2ls9yjpZVcu5DqiE67"
090: + "r7BfkdMnm7IOj2v8cd4EAlPp6OPBmjwDMwvKRBb/P733kLBqFNWXWKTpT008R0KB"
091: + "8kehbx4h0UPz9vp31zhGv169+5iReQUUQSIwTGNWGLzrT8kPdvxiSAvdAJxcbRBm"
092: + "KzDic5I8PoGe48kSCkPpT1oNmnivmcu5j1SMvlx0IS2BkFMksr0OHiAW1elSnE/N"
093: + "RuX2k73b3FucwVxB3NRo3vgoHPCTnh9r4qItAHdxFlF+pPtbw2oHESKRfMRfOIHz"
094: + "CLQWSIa6Tvg4NIV3RRJ0sbCObesyg08lymalQMdkXwtRn5eGE00SHWwEUjSXP2gR"
095: + "3g==");
096:
097: public String getName() {
098: return "AttrCertSelector";
099: }
100:
101: private X509AttributeCertificate createAttrCert() throws Exception {
102: CertificateFactory fact = CertificateFactory.getInstance(
103: "X.509", "BC");
104: X509Certificate iCert = (X509Certificate) fact
105: .generateCertificate(new ByteArrayInputStream(
106: holderCert));
107:
108: //
109: // a sample key pair.
110: //
111: // RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
112: // new BigInteger(
113: // "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
114: // 16), new BigInteger("11", 16));
115:
116: //
117: // set up the keys
118: //
119: PrivateKey privKey;
120:
121: KeyFactory kFact = KeyFactory.getInstance("RSA", "BC");
122:
123: privKey = kFact.generatePrivate(RSA_PRIVATE_KEY_SPEC);
124:
125: X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();
126:
127: // the actual attributes
128: GeneralName roleName = new GeneralName(GeneralName.rfc822Name,
129: "DAU123456789@test.com");
130: ASN1EncodableVector roleSyntax = new ASN1EncodableVector();
131: roleSyntax.add(roleName);
132:
133: // roleSyntax OID: 2.5.24.72
134: X509Attribute attributes = new X509Attribute("2.5.24.72",
135: new DERSequence(roleSyntax));
136:
137: gen.addAttribute(attributes);
138: gen.setHolder(new AttributeCertificateHolder(PrincipalUtil
139: .getSubjectX509Principal(iCert)));
140: gen.setIssuer(new AttributeCertificateIssuer(new X509Principal(
141: "cn=test")));
142: gen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
143: gen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
144: gen.setSerialNumber(BigInteger.ONE);
145: gen.setSignatureAlgorithm("SHA1WithRSAEncryption");
146:
147: Target targetName = new Target(Target.targetName,
148: new GeneralName(GeneralName.dNSName, "www.test.com"));
149:
150: Target targetGroup = new Target(Target.targetGroup,
151: new GeneralName(GeneralName.directoryName,
152: "o=Test, ou=Test"));
153: Target[] targets = new Target[2];
154: targets[0] = targetName;
155: targets[1] = targetGroup;
156: TargetInformation targetInformation = new TargetInformation(
157: targets);
158: gen.addExtension(X509Extensions.TargetInformation.getId(),
159: true, targetInformation);
160:
161: return gen.generate(privKey, "BC");
162: }
163:
164: public void testSelector() throws Exception {
165: X509AttributeCertificate aCert = createAttrCert();
166: X509AttributeCertStoreSelector sel = new X509AttributeCertStoreSelector();
167: sel.setAttributeCert(aCert);
168: boolean match = sel.match(aCert);
169: if (!match) {
170: fail("Selector does not match attribute certificate.");
171: }
172: sel.setAttributeCert(null);
173: match = sel.match(aCert);
174: if (!match) {
175: fail("Selector does not match attribute certificate.");
176: }
177: sel.setHolder(aCert.getHolder());
178: match = sel.match(aCert);
179: if (!match) {
180: fail("Selector does not match attribute certificate holder.");
181: }
182: sel.setHolder(null);
183: sel.setIssuer(aCert.getIssuer());
184: match = sel.match(aCert);
185: if (!match) {
186: fail("Selector does not match attribute certificate issuer.");
187: }
188: sel.setIssuer(null);
189:
190: CertificateFactory fact = CertificateFactory.getInstance(
191: "X.509", "BC");
192: X509Certificate iCert = (X509Certificate) fact
193: .generateCertificate(new ByteArrayInputStream(
194: holderCert));
195: match = aCert.getHolder().match(iCert);
196: if (!match) {
197: fail("Issuer holder does not match signing certificate of attribute certificate.");
198: }
199:
200: sel.setSerialNumber(aCert.getSerialNumber());
201: match = sel.match(aCert);
202: if (!match) {
203: fail("Selector does not match attribute certificate serial number.");
204: }
205:
206: sel.setAttributeCertificateValid(new Date());
207: match = sel.match(aCert);
208: if (!match) {
209: fail("Selector does not match attribute certificate time.");
210: }
211:
212: sel.addTargetName(new GeneralName(2, "www.test.com"));
213: match = sel.match(aCert);
214: if (!match) {
215: fail("Selector does not match attribute certificate target name.");
216: }
217: sel.setTargetNames(null);
218: sel.addTargetGroup(new GeneralName(4, "o=Test, ou=Test"));
219: match = sel.match(aCert);
220: if (!match) {
221: fail("Selector does not match attribute certificate target group.");
222: }
223: sel.setTargetGroups(null);
224: }
225:
226: public void performTest() throws Exception {
227: Security.addProvider(new BouncyCastleProvider());
228: testSelector();
229: }
230:
231: public static void main(String[] args) {
232: Test test = new AttrCertSelectorTest();
233: TestResult result = test.perform();
234: System.out.println(result);
235: }
236: }
|