001: package org.bouncycastle.jce.provider.test;
002:
003: import org.bouncycastle.asn1.ASN1Encodable;
004: import org.bouncycastle.asn1.ASN1EncodableVector;
005: import org.bouncycastle.asn1.DEROctetString;
006: import org.bouncycastle.asn1.DERSequence;
007: import org.bouncycastle.asn1.DERString;
008: import org.bouncycastle.asn1.x509.GeneralName;
009: import org.bouncycastle.asn1.x509.GeneralNames;
010: import org.bouncycastle.jce.X509Principal;
011: import org.bouncycastle.jce.provider.BouncyCastleProvider;
012: import org.bouncycastle.util.encoders.Base64;
013: import org.bouncycastle.util.test.SimpleTest;
014: import org.bouncycastle.x509.AttributeCertificateHolder;
015: import org.bouncycastle.x509.AttributeCertificateIssuer;
016: import org.bouncycastle.x509.X509Attribute;
017: import org.bouncycastle.x509.X509AttributeCertificate;
018: import org.bouncycastle.x509.X509V2AttributeCertificate;
019: import org.bouncycastle.x509.X509V2AttributeCertificateGenerator;
020: import org.bouncycastle.x509.extension.X509ExtensionUtil;
021:
022: import java.io.ByteArrayInputStream;
023: import java.io.IOException;
024: import java.math.BigInteger;
025: import java.security.KeyFactory;
026: import java.security.Principal;
027: import java.security.PrivateKey;
028: import java.security.PublicKey;
029: import java.security.Security;
030: import java.security.cert.CertStore;
031: import java.security.cert.CertificateFactory;
032: import java.security.cert.CollectionCertStoreParameters;
033: import java.security.cert.X509Certificate;
034: import java.security.spec.RSAPrivateCrtKeySpec;
035: import java.security.spec.RSAPublicKeySpec;
036: import java.util.ArrayList;
037: import java.util.Collection;
038: import java.util.Date;
039: import java.util.List;
040: import java.util.Set;
041:
042: public class AttrCertTest extends SimpleTest {
043: private static final RSAPrivateCrtKeySpec RSA_PRIVATE_KEY_SPEC = new RSAPrivateCrtKeySpec(
044: new BigInteger(
045: "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
046: 16),
047: new BigInteger("11", 16),
048: new BigInteger(
049: "9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89",
050: 16),
051: new BigInteger(
052: "c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb",
053: 16),
054: new BigInteger(
055: "f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5",
056: 16),
057: new BigInteger(
058: "b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391",
059: 16),
060: new BigInteger(
061: "d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd",
062: 16),
063: new BigInteger(
064: "b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19",
065: 16));
066:
067: static byte[] attrCert = Base64
068: .decode("MIIHQDCCBqkCAQEwgZChgY2kgYowgYcxHDAaBgkqhkiG9w0BCQEWDW1sb3JjaEB2"
069: + "dC5lZHUxHjAcBgNVBAMTFU1hcmt1cyBMb3JjaCAobWxvcmNoKTEbMBkGA1UECxMS"
070: + "VmlyZ2luaWEgVGVjaCBVc2VyMRAwDgYDVQQLEwdDbGFzcyAyMQswCQYDVQQKEwJ2"
071: + "dDELMAkGA1UEBhMCVVMwgYmkgYYwgYMxGzAZBgkqhkiG9w0BCQEWDHNzaGFoQHZ0"
072: + "LmVkdTEbMBkGA1UEAxMSU3VtaXQgU2hhaCAoc3NoYWgpMRswGQYDVQQLExJWaXJn"
073: + "aW5pYSBUZWNoIFVzZXIxEDAOBgNVBAsTB0NsYXNzIDExCzAJBgNVBAoTAnZ0MQsw"
074: + "CQYDVQQGEwJVUzANBgkqhkiG9w0BAQQFAAIBBTAiGA8yMDAzMDcxODE2MDgwMloY"
075: + "DzIwMDMwNzI1MTYwODAyWjCCBU0wggVJBgorBgEEAbRoCAEBMYIFORaCBTU8UnVs"
076: + "ZSBSdWxlSWQ9IkZpbGUtUHJpdmlsZWdlLVJ1bGUiIEVmZmVjdD0iUGVybWl0Ij4K"
077: + "IDxUYXJnZXQ+CiAgPFN1YmplY3RzPgogICA8U3ViamVjdD4KICAgIDxTdWJqZWN0"
078: + "TWF0Y2ggTWF0Y2hJZD0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjEuMDpmdW5j"
079: + "dGlvbjpzdHJpbmctZXF1YWwiPgogICAgIDxBdHRyaWJ1dGVWYWx1ZSBEYXRhVHlw"
080: + "ZT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjc3RyaW5nIj4KICAg"
081: + "ICAgIENOPU1hcmt1cyBMb3JjaDwvQXR0cmlidXRlVmFsdWU+CiAgICAgPFN1Ympl"
082: + "Y3RBdHRyaWJ1dGVEZXNpZ25hdG9yIEF0dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFt"
083: + "ZXM6dGM6eGFjbWw6MS4wOnN1YmplY3Q6c3ViamVjdC1pZCIgRGF0YVR5cGU9Imh0"
084: + "dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hI3N0cmluZyIgLz4gCiAgICA8"
085: + "L1N1YmplY3RNYXRjaD4KICAgPC9TdWJqZWN0PgogIDwvU3ViamVjdHM+CiAgPFJl"
086: + "c291cmNlcz4KICAgPFJlc291cmNlPgogICAgPFJlc291cmNlTWF0Y2ggTWF0Y2hJ"
087: + "ZD0idXJuOm9hc2lzOm5hbWVzOnRjOnhhY21sOjEuMDpmdW5jdGlvbjpzdHJpbmct"
088: + "ZXF1YWwiPgogICAgIDxBdHRyaWJ1dGVWYWx1ZSBEYXRhVHlwZT0iaHR0cDovL3d3"
089: + "dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjYW55VVJJIj4KICAgICAgaHR0cDovL3p1"
090: + "bmkuY3MudnQuZWR1PC9BdHRyaWJ1dGVWYWx1ZT4KICAgICA8UmVzb3VyY2VBdHRy"
091: + "aWJ1dGVEZXNpZ25hdG9yIEF0dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFtZXM6dGM6"
092: + "eGFjbWw6MS4wOnJlc291cmNlOnJlc291cmNlLWlkIiBEYXRhVHlwZT0iaHR0cDov"
093: + "L3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEjYW55VVJJIiAvPiAKICAgIDwvUmVz"
094: + "b3VyY2VNYXRjaD4KICAgPC9SZXNvdXJjZT4KICA8L1Jlc291cmNlcz4KICA8QWN0"
095: + "aW9ucz4KICAgPEFjdGlvbj4KICAgIDxBY3Rpb25NYXRjaCBNYXRjaElkPSJ1cm46"
096: + "b2FzaXM6bmFtZXM6dGM6eGFjbWw6MS4wOmZ1bmN0aW9uOnN0cmluZy1lcXVhbCI+"
097: + "CiAgICAgPEF0dHJpYnV0ZVZhbHVlIERhdGFUeXBlPSJodHRwOi8vd3d3LnczLm9y"
098: + "Zy8yMDAxL1hNTFNjaGVtYSNzdHJpbmciPgpEZWxlZ2F0ZSBBY2Nlc3MgICAgIDwv"
099: + "QXR0cmlidXRlVmFsdWU+CgkgIDxBY3Rpb25BdHRyaWJ1dGVEZXNpZ25hdG9yIEF0"
100: + "dHJpYnV0ZUlkPSJ1cm46b2FzaXM6bmFtZXM6dGM6eGFjbWw6MS4wOmFjdGlvbjph"
101: + "Y3Rpb24taWQiIERhdGFUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNj"
102: + "aGVtYSNzdHJpbmciIC8+IAogICAgPC9BY3Rpb25NYXRjaD4KICAgPC9BY3Rpb24+"
103: + "CiAgPC9BY3Rpb25zPgogPC9UYXJnZXQ+CjwvUnVsZT4KMA0GCSqGSIb3DQEBBAUA"
104: + "A4GBAGiJSM48XsY90HlYxGmGVSmNR6ZW2As+bot3KAfiCIkUIOAqhcphBS23egTr"
105: + "6asYwy151HshbPNYz+Cgeqs45KkVzh7bL/0e1r8sDVIaaGIkjHK3CqBABnfSayr3"
106: + "Rd1yBoDdEv8Qb+3eEPH6ab9021AsLEnJ6LWTmybbOpMNZ3tv");
107:
108: byte[] signCert = Base64
109: .decode("MIIGjTCCBXWgAwIBAgICAPswDQYJKoZIhvcNAQEEBQAwaTEdMBsGCSqGSIb3DQEJ"
110: + "ARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZpcmdpbmlhIFRlY2ggQ2VydGlm"
111: + "aWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0MQswCQYDVQQGEwJVUzAeFw0w"
112: + "MzAxMzExMzUyMTRaFw0wNDAxMzExMzUyMTRaMIGDMRswGQYJKoZIhvcNAQkBFgxz"
113: + "c2hhaEB2dC5lZHUxGzAZBgNVBAMTElN1bWl0IFNoYWggKHNzaGFoKTEbMBkGA1UE"
114: + "CxMSVmlyZ2luaWEgVGVjaCBVc2VyMRAwDgYDVQQLEwdDbGFzcyAxMQswCQYDVQQK"
115: + "EwJ2dDELMAkGA1UEBhMCVVMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPDc"
116: + "scgSKmsEp0VegFkuitD5j5PUkDuzLjlfaYONt2SN8WeqU4j2qtlCnsipa128cyKS"
117: + "JzYe9duUdNxquh5BPIkMkHBw4jHoQA33tk0J/sydWdN74/AHPpPieK5GHwhU7GTG"
118: + "rCCS1PJRxjXqse79ExAlul+gjQwHeldAC+d4A6oZAgMBAAGjggOmMIIDojAMBgNV"
119: + "HRMBAf8EAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAOBgNVHQ8BAf8EBAMCA/gwHQYD"
120: + "VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBRUIoWAzlXbzBYE"
121: + "yVTjQFWyMMKo1jCBkwYDVR0jBIGLMIGIgBTgc3Fm+TGqKDhen+oKfbl+xVbj2KFt"
122: + "pGswaTEdMBsGCSqGSIb3DQEJARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZp"
123: + "cmdpbmlhIFRlY2ggQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0"
124: + "MQswCQYDVQQGEwJVU4IBADCBiwYJYIZIAYb4QgENBH4WfFZpcmdpbmlhIFRlY2gg"
125: + "Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgZGlnaXRhbCBjZXJ0aWZpY2F0ZXMgYXJl"
126: + "IHN1YmplY3QgdG8gcG9saWNpZXMgbG9jYXRlZCBhdCBodHRwOi8vd3d3LnBraS52"
127: + "dC5lZHUvY2EvY3BzLy4wFwYDVR0RBBAwDoEMc3NoYWhAdnQuZWR1MBkGA1UdEgQS"
128: + "MBCBDmlybWhlbHBAdnQuZWR1MEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcwAoYn"
129: + "aHR0cDovL2JveDE3Ny5jYy52dC5lZHUvY2EvaXNzdWVycy5odG1sMEQGA1UdHwQ9"
130: + "MDswOaA3oDWGM2h0dHA6Ly9ib3gxNzcuY2MudnQuZWR1L2h0ZG9jcy1wdWJsaWMv"
131: + "Y3JsL2NhY3JsLmNybDBUBgNVHSAETTBLMA0GCysGAQQBtGgFAQEBMDoGCysGAQQB"
132: + "tGgFAQEBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cucGtpLnZ0LmVkdS9jYS9j"
133: + "cHMvMD8GCWCGSAGG+EIBBAQyFjBodHRwOi8vYm94MTc3LmNjLnZ0LmVkdS9jZ2kt"
134: + "cHVibGljL2NoZWNrX3Jldl9jYT8wPAYJYIZIAYb4QgEDBC8WLWh0dHA6Ly9ib3gx"
135: + "NzcuY2MudnQuZWR1L2NnaS1wdWJsaWMvY2hlY2tfcmV2PzBLBglghkgBhvhCAQcE"
136: + "PhY8aHR0cHM6Ly9ib3gxNzcuY2MudnQuZWR1L35PcGVuQ0E4LjAxMDYzMC9jZ2kt"
137: + "cHVibGljL3JlbmV3YWw/MCwGCWCGSAGG+EIBCAQfFh1odHRwOi8vd3d3LnBraS52"
138: + "dC5lZHUvY2EvY3BzLzANBgkqhkiG9w0BAQQFAAOCAQEAHJ2ls9yjpZVcu5DqiE67"
139: + "r7BfkdMnm7IOj2v8cd4EAlPp6OPBmjwDMwvKRBb/P733kLBqFNWXWKTpT008R0KB"
140: + "8kehbx4h0UPz9vp31zhGv169+5iReQUUQSIwTGNWGLzrT8kPdvxiSAvdAJxcbRBm"
141: + "KzDic5I8PoGe48kSCkPpT1oNmnivmcu5j1SMvlx0IS2BkFMksr0OHiAW1elSnE/N"
142: + "RuX2k73b3FucwVxB3NRo3vgoHPCTnh9r4qItAHdxFlF+pPtbw2oHESKRfMRfOIHz"
143: + "CLQWSIa6Tvg4NIV3RRJ0sbCObesyg08lymalQMdkXwtRn5eGE00SHWwEUjSXP2gR"
144: + "3g==");
145:
146: static byte[] certWithBaseCertificateID = Base64
147: .decode("MIIBqzCCARQCAQEwSKBGMD6kPDA6MQswCQYDVQQGEwJJVDEOMAwGA1UEChMFVU5JVE4xDDAKBgNV"
148: + "BAsTA0RJVDENMAsGA1UEAxMEcm9vdAIEAVMVjqB6MHikdjB0MQswCQYDVQQGEwJBVTEoMCYGA1UE"
149: + "ChMfVGhlIExlZ2lvbiBvZiB0aGUgQm91bmN5IENhc3RsZTEjMCEGA1UECxMaQm91bmN5IFByaW1h"
150: + "cnkgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUJvdW5jeSBDYXN0bGUwDQYJKoZIhvcNAQEFBQACBQKW"
151: + "RhnHMCIYDzIwMDUxMjEyMTIwMDQyWhgPMjAwNTEyMTkxMjAxMzJaMA8wDQYDVRhIMQaBBGVWSVAw"
152: + "DQYJKoZIhvcNAQEFBQADgYEAUAVin9StDaA+InxtXq/av6rUQLI9p1X6louBcj4kYJnxRvTrHpsr"
153: + "N3+i9Uq/uk5lRdAqmPFvcmSbuE3TRAsjrXON5uFiBBKZ1AouLqcr8nHbwcdwjJ9TyUNO9I4hfpSH"
154: + "UHHXMtBKgp4MOkhhX8xTGyWg3hp23d3GaUeg/IYlXBI=");
155:
156: byte[] holderCertWithBaseCertificateID = Base64
157: .decode("MIIBwDCCASmgAwIBAgIEAVMVjjANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJJVDEOMAwGA1UE"
158: + "ChMFVU5JVE4xDDAKBgNVBAsTA0RJVDENMAsGA1UEAxMEcm9vdDAeFw0wNTExMTExMjAxMzJaFw0w"
159: + "NjA2MTYxMjAxMzJaMD4xCzAJBgNVBAYTAklUMQ4wDAYDVQQKEwVVTklUTjEMMAoGA1UECxMDRElU"
160: + "MREwDwYDVQQDEwhMdWNhQm9yejBaMA0GCSqGSIb3DQEBAQUAA0kAMEYCQQC0p+RhcFdPFqlwgrIr"
161: + "5YtqKmKXmEGb4ShypL26Ymz66ZAPdqv7EhOdzl3lZWT6srZUMWWgQMYGiHQg4z2R7X7XAgERoxUw"
162: + "EzARBglghkgBhvhCAQEEBAMCBDAwDQYJKoZIhvcNAQEFBQADgYEAsX50VPQQCWmHvPq9y9DeCpmS"
163: + "4szcpFAhpZyn6gYRwY9CRZVtmZKH8713XhkGDWcIEMcG0u3oTz3tdKgPU5uyIPrDEWr6w8ClUj4x"
164: + "5aVz5c2223+dVY7KES//JSB2bE/KCIchN3kAioQ4K8O3e0OL6oDVjsqKGw5bfahgKuSIk/Q=");
165:
166: public String getName() {
167: return "AttrCertTest";
168: }
169:
170: private void testCertWithBaseCertificateID() throws Exception {
171: X509AttributeCertificate attrCert = new X509V2AttributeCertificate(
172: certWithBaseCertificateID);
173: CertificateFactory fact = CertificateFactory.getInstance(
174: "X.509", "BC");
175: X509Certificate cert = (X509Certificate) fact
176: .generateCertificate(new ByteArrayInputStream(
177: holderCertWithBaseCertificateID));
178:
179: AttributeCertificateHolder holder = attrCert.getHolder();
180:
181: if (holder.getEntityNames() != null) {
182: fail("entity names set when none expected");
183: }
184:
185: if (!holder.getSerialNumber().equals(cert.getSerialNumber())) {
186: fail("holder serial number doesn't match");
187: }
188:
189: if (!holder.getIssuer()[0]
190: .equals(cert.getIssuerX500Principal())) {
191: fail("holder issuer doesn't match");
192: }
193:
194: if (!holder.match(cert)) {
195: fail("holder not matching holder certificate");
196: }
197:
198: if (!holder.equals(holder.clone())) {
199: fail("holder clone test failed");
200: }
201:
202: if (!attrCert.getIssuer().equals(attrCert.getIssuer().clone())) {
203: fail("issuer clone test failed");
204: }
205:
206: //equalityAndHashCodeTest(attrCert, certWithBaseCertificateID);
207: }
208:
209: private void equalityAndHashCodeTest(
210: X509AttributeCertificate attrCert, byte[] encoding)
211: throws IOException {
212: if (!attrCert.equals(attrCert)) {
213: fail("same certificate not equal");
214: }
215:
216: if (!attrCert.getHolder().equals(attrCert.getHolder())) {
217: fail("same holder not equal");
218: }
219:
220: if (!attrCert.getIssuer().equals(attrCert.getIssuer())) {
221: fail("same issuer not equal");
222: }
223:
224: if (attrCert.getHolder().equals(attrCert.getIssuer())) {
225: fail("wrong holder equal");
226: }
227:
228: if (attrCert.getIssuer().equals(attrCert.getHolder())) {
229: fail("wrong issuer equal");
230: }
231:
232: X509AttributeCertificate attrCert2 = new X509V2AttributeCertificate(
233: encoding);
234:
235: if (attrCert2.getHolder().hashCode() != attrCert.getHolder()
236: .hashCode()) {
237: fail("holder hashCode test failed");
238: }
239:
240: if (!attrCert2.getHolder().equals(attrCert.getHolder())) {
241: fail("holder equals test failed");
242: }
243:
244: if (attrCert2.getIssuer().hashCode() != attrCert.getIssuer()
245: .hashCode()) {
246: fail("issuer hashCode test failed");
247: }
248:
249: if (!attrCert2.getIssuer().equals(attrCert.getIssuer())) {
250: fail("issuer equals test failed");
251: }
252: }
253:
254: private void testGenerateWithCert() throws Exception {
255: CertificateFactory fact = CertificateFactory.getInstance(
256: "X.509", "BC");
257: X509Certificate iCert = (X509Certificate) fact
258: .generateCertificate(new ByteArrayInputStream(signCert));
259:
260: //
261: // a sample key pair.
262: //
263: RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
264: new BigInteger(
265: "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
266: 16), new BigInteger("11", 16));
267:
268: //
269: // set up the keys
270: //
271: PrivateKey privKey;
272: PublicKey pubKey;
273:
274: KeyFactory kFact = KeyFactory.getInstance("RSA", "BC");
275:
276: privKey = kFact.generatePrivate(RSA_PRIVATE_KEY_SPEC);
277: pubKey = kFact.generatePublic(pubKeySpec);
278:
279: X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();
280:
281: // the actual attributes
282: GeneralName roleName = new GeneralName(GeneralName.rfc822Name,
283: "DAU123456789");
284: ASN1EncodableVector roleSyntax = new ASN1EncodableVector();
285: roleSyntax.add(roleName);
286:
287: // roleSyntax OID: 2.5.24.72
288: X509Attribute attributes = new X509Attribute("2.5.24.72",
289: new DERSequence(roleSyntax));
290:
291: gen.addAttribute(attributes);
292: gen.setHolder(new AttributeCertificateHolder(iCert));
293: gen.setIssuer(new AttributeCertificateIssuer(new X509Principal(
294: "cn=test")));
295: gen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
296: gen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
297: gen.setSerialNumber(BigInteger.ONE);
298: gen.setSignatureAlgorithm("SHA1WithRSAEncryption");
299:
300: X509AttributeCertificate aCert = gen.generate(privKey, "BC");
301:
302: aCert.checkValidity();
303:
304: aCert.verify(pubKey, "BC");
305:
306: AttributeCertificateHolder holder = aCert.getHolder();
307:
308: if (holder.getEntityNames() != null) {
309: fail("entity names set when none expected");
310: }
311:
312: if (!holder.getSerialNumber().equals(iCert.getSerialNumber())) {
313: fail("holder serial number doesn't match");
314: }
315:
316: if (!holder.getIssuer()[0].equals(iCert
317: .getIssuerX500Principal())) {
318: fail("holder issuer doesn't match");
319: }
320:
321: if (!holder.match(iCert)) {
322: fail("generated holder not matching holder certificate");
323: }
324:
325: X509Attribute[] attrs = aCert.getAttributes("2.5.24.72");
326:
327: if (attrs == null) {
328: fail("attributes related to 2.5.24.72 not found");
329: }
330:
331: X509Attribute attr = attrs[0];
332:
333: if (!attr.getOID().equals("2.5.24.72")) {
334: fail("attribute oid mismatch");
335: }
336:
337: ASN1Encodable[] values = attr.getValues();
338:
339: GeneralName role = GeneralNames.getInstance(values[0])
340: .getNames()[0];
341:
342: if (role.getTagNo() != GeneralName.rfc822Name) {
343: fail("wrong general name type found in role");
344: }
345:
346: if (!((DERString) role.getName()).getString().equals(
347: "DAU123456789")) {
348: fail("wrong general name value found in role");
349: }
350:
351: X509Certificate sCert = (X509Certificate) fact
352: .generateCertificate(new ByteArrayInputStream(
353: holderCertWithBaseCertificateID));
354:
355: if (holder.match(sCert)) {
356: fail("generated holder matching wrong certificate");
357: }
358:
359: equalityAndHashCodeTest(aCert, aCert.getEncoded());
360: }
361:
362: private void testGenerateWithPrincipal() throws Exception {
363: CertificateFactory fact = CertificateFactory.getInstance(
364: "X.509", "BC");
365: X509Certificate iCert = (X509Certificate) fact
366: .generateCertificate(new ByteArrayInputStream(signCert));
367:
368: //
369: // a sample key pair.
370: //
371: RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
372: new BigInteger(
373: "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
374: 16), new BigInteger("11", 16));
375:
376: //
377: // set up the keys
378: //
379: PrivateKey privKey;
380: PublicKey pubKey;
381:
382: KeyFactory kFact = KeyFactory.getInstance("RSA", "BC");
383:
384: privKey = kFact.generatePrivate(RSA_PRIVATE_KEY_SPEC);
385: pubKey = kFact.generatePublic(pubKeySpec);
386:
387: X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();
388:
389: // the actual attributes
390: GeneralName roleName = new GeneralName(GeneralName.rfc822Name,
391: "DAU123456789");
392: ASN1EncodableVector roleSyntax = new ASN1EncodableVector();
393: roleSyntax.add(roleName);
394:
395: // roleSyntax OID: 2.5.24.72
396: X509Attribute attributes = new X509Attribute("2.5.24.72",
397: new DERSequence(roleSyntax));
398:
399: gen.addAttribute(attributes);
400: gen.setHolder(new AttributeCertificateHolder(iCert
401: .getSubjectX500Principal()));
402: gen.setIssuer(new AttributeCertificateIssuer(new X509Principal(
403: "cn=test")));
404: gen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
405: gen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
406: gen.setSerialNumber(BigInteger.ONE);
407: gen.setSignatureAlgorithm("SHA1WithRSAEncryption");
408:
409: X509AttributeCertificate aCert = gen.generate(privKey, "BC");
410:
411: aCert.checkValidity();
412:
413: aCert.verify(pubKey, "BC");
414:
415: AttributeCertificateHolder holder = aCert.getHolder();
416:
417: if (holder.getEntityNames() == null) {
418: fail("entity names not set when expected");
419: }
420:
421: if (holder.getSerialNumber() != null) {
422: fail("holder serial number found when none expected");
423: }
424:
425: if (holder.getIssuer() != null) {
426: fail("holder issuer found when none expected");
427: }
428:
429: if (!holder.match(iCert)) {
430: fail("generated holder not matching holder certificate");
431: }
432:
433: X509Certificate sCert = (X509Certificate) fact
434: .generateCertificate(new ByteArrayInputStream(
435: holderCertWithBaseCertificateID));
436:
437: if (holder.match(sCert)) {
438: fail("principal generated holder matching wrong certificate");
439: }
440:
441: equalityAndHashCodeTest(aCert, aCert.getEncoded());
442: }
443:
444: public void performTest() throws Exception {
445: X509AttributeCertificate aCert = new X509V2AttributeCertificate(
446: attrCert);
447: CertificateFactory fact = CertificateFactory.getInstance(
448: "X.509", "BC");
449: X509Certificate sCert = (X509Certificate) fact
450: .generateCertificate(new ByteArrayInputStream(signCert));
451:
452: aCert.verify(sCert.getPublicKey(), "BC");
453:
454: //
455: // search test
456: //
457:
458: List list = new ArrayList();
459:
460: list.add(sCert);
461:
462: CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(
463: list);
464: CertStore store = CertStore.getInstance("Collection", ccsp);
465:
466: Collection certs = store.getCertificates(aCert.getIssuer());
467: if (certs.size() != 1 || !certs.contains(sCert)) {
468: fail("sCert not found by issuer");
469: }
470:
471: X509Attribute[] attrs = aCert
472: .getAttributes("1.3.6.1.4.1.6760.8.1.1");
473: if (attrs == null || attrs.length != 1) {
474: fail("attribute not found");
475: }
476:
477: //
478: // reencode test
479: //
480: aCert = new X509V2AttributeCertificate(aCert.getEncoded());
481:
482: aCert.verify(sCert.getPublicKey(), "BC");
483:
484: X509AttributeCertificate saCert = new X509V2AttributeCertificate(
485: new ByteArrayInputStream(aCert.getEncoded()));
486:
487: if (!aCert.getNotAfter().equals(saCert.getNotAfter())) {
488: fail("failed date comparison");
489: }
490:
491: // base generator test
492:
493: //
494: // a sample key pair.
495: //
496: RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
497: new BigInteger(
498: "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
499: 16), new BigInteger("11", 16));
500:
501: RSAPrivateCrtKeySpec privKeySpec = RSA_PRIVATE_KEY_SPEC;
502:
503: //
504: // set up the keys
505: //
506: PrivateKey privKey;
507: PublicKey pubKey;
508:
509: KeyFactory kFact = KeyFactory.getInstance("RSA", "BC");
510:
511: privKey = kFact.generatePrivate(privKeySpec);
512: pubKey = kFact.generatePublic(pubKeySpec);
513:
514: X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();
515:
516: gen.addAttribute(attrs[0]);
517: gen.setHolder(aCert.getHolder());
518: gen.setIssuer(aCert.getIssuer());
519: gen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
520: gen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
521: gen.setSerialNumber(aCert.getSerialNumber());
522: gen.setSignatureAlgorithm("SHA1WithRSAEncryption");
523:
524: aCert = gen.generate(privKey, "BC");
525:
526: aCert.checkValidity();
527:
528: aCert.verify(pubKey, "BC");
529:
530: // as the issuer is the same this should still work (even though it is not
531: // technically correct
532:
533: certs = store.getCertificates(aCert.getIssuer());
534: if (certs.size() != 1 || !certs.contains(sCert)) {
535: fail("sCert not found by issuer");
536: }
537:
538: attrs = aCert.getAttributes("1.3.6.1.4.1.6760.8.1.1");
539: if (attrs == null || attrs.length != 1) {
540: fail("attribute not found");
541: }
542:
543: //
544: // reencode test
545: //
546: aCert = new X509V2AttributeCertificate(aCert.getEncoded());
547:
548: aCert.verify(pubKey, "BC");
549:
550: AttributeCertificateIssuer issuer = aCert.getIssuer();
551:
552: Principal[] principals = issuer.getPrincipals();
553:
554: //
555: // test holder
556: //
557: AttributeCertificateHolder holder = aCert.getHolder();
558:
559: if (holder.getEntityNames() == null) {
560: fail("entity names not set");
561: }
562:
563: if (holder.getSerialNumber() != null) {
564: fail("holder serial number set when none expected");
565: }
566:
567: if (holder.getIssuer() != null) {
568: fail("holder issuer set when none expected");
569: }
570:
571: principals = holder.getEntityNames();
572:
573: if (!principals[0]
574: .toString()
575: .equals(
576: "C=US, O=vt, OU=Class 2, OU=Virginia Tech User, CN=Markus Lorch (mlorch), EMAILADDRESS=mlorch@vt.edu")) {
577: fail("principal[0] for entity names don't match");
578: }
579:
580: //
581: // extension test
582: //
583:
584: if (aCert.hasUnsupportedCriticalExtension()) {
585: fail("unsupported extensions found with no extensions");
586: }
587:
588: gen.addExtension("1.1", true, new DEROctetString(new byte[10]));
589:
590: gen
591: .addExtension("2.2", false, new DEROctetString(
592: new byte[20]));
593:
594: aCert = gen.generate(privKey, "BC");
595:
596: Set exts = aCert.getCriticalExtensionOIDs();
597:
598: if (exts.size() != 1 || !exts.contains("1.1")) {
599: fail("critical extension test failed");
600: }
601:
602: exts = aCert.getNonCriticalExtensionOIDs();
603:
604: if (exts.size() != 1 || !exts.contains("2.2")) {
605: fail("non-critical extension test failed");
606: }
607:
608: if (!aCert.hasUnsupportedCriticalExtension()) {
609: fail("unsupported extensions not found");
610: }
611:
612: byte[] extString = aCert.getExtensionValue("1.1");
613: ASN1Encodable extValue = X509ExtensionUtil
614: .fromExtensionValue(extString);
615:
616: if (!extValue.equals(new DEROctetString(new byte[10]))) {
617: fail("wrong extension value found for 1.1");
618: }
619:
620: testCertWithBaseCertificateID();
621: testGenerateWithCert();
622: testGenerateWithPrincipal();
623: }
624:
625: public static void main(String[] args) {
626: Security.addProvider(new BouncyCastleProvider());
627:
628: runTest(new AttrCertTest());
629: }
630: }
|