001: package org.bouncycastle.jce.provider.test;
002:
003: import org.bouncycastle.jce.PrincipalUtil;
004: import org.bouncycastle.jce.X509LDAPCertStoreParameters;
005: import org.bouncycastle.jce.X509Principal;
006: import org.bouncycastle.jce.provider.BouncyCastleProvider;
007: import org.bouncycastle.util.encoders.Base64;
008: import org.bouncycastle.util.test.SimpleTest;
009: import org.bouncycastle.x509.X509CRLStoreSelector;
010: import org.bouncycastle.x509.X509CertStoreSelector;
011: import org.bouncycastle.x509.X509Store;
012:
013: import java.io.ByteArrayInputStream;
014: import java.security.Security;
015: import java.security.cert.CRLException;
016: import java.security.cert.CertStore;
017: import java.security.cert.CertificateEncodingException;
018: import java.security.cert.CertificateFactory;
019: import java.security.cert.X509CRL;
020: import java.security.cert.X509CRLSelector;
021: import java.security.cert.X509CertSelector;
022: import java.security.cert.X509Certificate;
023: import java.util.Collection;
024: import java.util.Collections;
025: import java.util.Iterator;
026:
027: public class X509LDAPCertStoreTest extends SimpleTest {
028: private static final byte cert1[] = Base64
029: .decode("MIIDyTCCAzKgAwIBAgIEL64+8zANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJE"
030: + "RTEcMBoGA1UEChQTRGV1dHNjaGUgVGVsZWtvbSBBRzEoMAwGBwKCBgEKBxQTATEw"
031: + "GAYDVQQDFBFUVEMgVGVzdCBDQSAxMTpQTjAeFw0wMzAzMjUxNDM1MzFaFw0wNjAz"
032: + "MjUxNDM1MzFaMGIxCzAJBgNVBAYTAkRFMRswGQYDVQQKDBJHRlQgU29sdXRpb25z"
033: + "IEdtYkgxEjAQBgNVBAsMCUhZUEFSQ0hJVjEWMBQGA1UEAwwNRGllZ2UsIFNpbW9u"
034: + "ZTEKMAgGA1UEBRMBMTCBoDANBgkqhkiG9w0BAQEFAAOBjgAwgYoCgYEAiEYsFbs4"
035: + "FesQpMjBkzJB92c0p8tJ02nbCNA5l17VVbbrv6/twnQHW4kgA+9lZlXfzI8iunT1"
036: + "KuiwVupWObHgFaGPkelIN/qIbuwbQzh7T+IUKdKETE12Lc+xk9YvQ6mJVgosmwpr"
037: + "nMMjezymh8DjPhe7MC7/H3AotrHVNM3mEJcCBEAAAIGjggGWMIIBkjAfBgNVHSME"
038: + "GDAWgBTQc8wTeltcAM3iTE63fk/wTA+IJTAdBgNVHQ4EFgQUq6ChBvXPiqhMHLS3"
039: + "kiKpSeGWDz4wDgYDVR0PAQH/BAQDAgQwMB8GA1UdEQQYMBaBFHNpbW9uZS5kaWVn"
040: + "ZUBnZnQuY29tMIHoBgNVHR8EgeAwgd0wgdqgaqBohjVsZGFwOi8vcGtzbGRhcC50"
041: + "dHRjLmRlOjM4OS9jPWRlLG89RGV1dHNjaGUgVGVsZWtvbSBBR4YvaHR0cDovL3d3"
042: + "dy50dHRjLmRlL3RlbGVzZWMvc2VydmxldC9kb3dubG9hZF9jcmyibKRqMGgxCzAJ"
043: + "BgNVBAYTAkRFMRwwGgYDVQQKFBNEZXV0c2NoZSBUZWxla29tIEFHMTswDAYHAoIG"
044: + "AQoHFBMBMTArBgNVBAMUJFRlbGVTZWMgRGlyZWN0b3J5IFNlcnZpY2UgU2lnRyAx"
045: + "MDpQTjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly93d3cudHR0"
046: + "Yy5kZS9vY3NwcjANBgkqhkiG9w0BAQUFAAOBgQBCPudAtrP9Bx7GRhHQgYS6kaoN"
047: + "vYb/yDss86pyn0uiFuwT+mT1popcAfxPo2yxL0jqqlsDNFBC2hJob5rjihsKPmqV"
048: + "rSaW0VJu/zBihsX7hLKOVMf5gvUYMS5ulq/bp8jOj8a+5SmxVY+WWZVFghWjISse"
049: + "T3WABdTS9S3zjnQiyg==");
050:
051: private static final byte[] directCRL = Base64
052: .decode("MIIGXTCCBckCAQEwCgYGKyQDAwECBQAwdDELMAkGA1UEBhMCREUxHDAaBgNVBAoU"
053: + "E0RldXRzY2hlIFRlbGVrb20gQUcxFzAVBgNVBAsUDlQtVGVsZVNlYyBUZXN0MS4w"
054: + "DAYHAoIGAQoHFBMBMTAeBgNVBAMUF1QtVGVsZVNlYyBUZXN0IERJUiA4OlBOFw0w"
055: + "NjA4MDQwODQ1MTRaFw0wNjA4MDQxNDQ1MTRaMIIElTAVAgQvrj/pFw0wMzA3MjIw"
056: + "NTQxMjhaMBUCBC+uP+oXDTAzMDcyMjA1NDEyOFowFQIEL64/5xcNMDQwNDA1MTMx"
057: + "ODE3WjAVAgQvrj/oFw0wNDA0MDUxMzE4MTdaMBUCBC+uP+UXDTAzMDExMzExMTgx"
058: + "MVowFQIEL64/5hcNMDMwMTEzMTExODExWjAVAgQvrj/jFw0wMzAxMTMxMTI2NTZa"
059: + "MBUCBC+uP+QXDTAzMDExMzExMjY1NlowFQIEL64/4hcNMDQwNzEzMDc1ODM4WjAV"
060: + "AgQvrj/eFw0wMzAyMTcwNjMzMjVaMBUCBC+uP98XDTAzMDIxNzA2MzMyNVowFQIE"
061: + "L64/0xcNMDMwMjE3MDYzMzI1WjAVAgQvrj/dFw0wMzAxMTMxMTI4MTRaMBUCBC+u"
062: + "P9cXDTAzMDExMzExMjcwN1owFQIEL64/2BcNMDMwMTEzMTEyNzA3WjAVAgQvrj/V"
063: + "Fw0wMzA0MzAxMjI3NTNaMBUCBC+uP9YXDTAzMDQzMDEyMjc1M1owFQIEL64/xhcN"
064: + "MDMwMjEyMTM0NTQwWjAVAgQvrj/FFw0wMzAyMTIxMzQ1NDBaMBUCBC+uP8IXDTAz"
065: + "MDIxMjEzMDkxNlowFQIEL64/wRcNMDMwMjEyMTMwODQwWjAVAgQvrj++Fw0wMzAy"
066: + "MTcwNjM3MjVaMBUCBC+uP70XDTAzMDIxNzA2MzcyNVowFQIEL64/sBcNMDMwMjEy"
067: + "MTMwODU5WjAVAgQvrj+vFw0wMzAyMTcwNjM3MjVaMBUCBC+uP5MXDTAzMDQxMDA1"
068: + "MjYyOFowFQIEL64/khcNMDMwNDEwMDUyNjI4WjAVAgQvrj8/Fw0wMzAyMjYxMTA0"
069: + "NDRaMBUCBC+uPz4XDTAzMDIyNjExMDQ0NFowFQIEL64+zRcNMDMwNTIwMDUyNzM2"
070: + "WjAVAgQvrj7MFw0wMzA1MjAwNTI3MzZaMBUCBC+uPjwXDTAzMDYxNzEwMzQxNlow"
071: + "FQIEL64+OxcNMDMwNjE3MTAzNDE2WjAVAgQvrj46Fw0wMzA2MTcxMDM0MTZaMBUC"
072: + "BC+uPjkXDTAzMDYxNzEzMDEwMFowFQIEL64+OBcNMDMwNjE3MTMwMTAwWjAVAgQv"
073: + "rj43Fw0wMzA2MTcxMzAxMDBaMBUCBC+uPjYXDTAzMDYxNzEzMDEwMFowFQIEL64+"
074: + "MxcNMDMwNjE3MTAzNzQ5WjAVAgQvrj4xFw0wMzA2MTcxMDQyNThaMBUCBC+uPjAX"
075: + "DTAzMDYxNzEwNDI1OFowFQIEL649qRcNMDMxMDIyMTEzMjI0WjAVAgQvrjyyFw0w"
076: + "NTAzMTEwNjQ0MjRaMBUCBC+uPKsXDTA0MDQwMjA3NTQ1M1owFQIEL6466BcNMDUw"
077: + "MTI3MTIwMzI0WjAVAgQvrjq+Fw0wNTAyMTYwNzU3MTZaMBUCBC+uOqcXDTA1MDMx"
078: + "MDA1NTkzNVowFQIEL646PBcNMDUwNTExMTA0OTQ2WjAVAgQvrG3VFw0wNTExMTEx"
079: + "MDAzMjFaMBUCBC+uLmgXDTA2MDEyMzEwMjU1NVowFQIEL64mxxcNMDYwODAxMDk0"
080: + "ODQ0WqCBijCBhzALBgNVHRQEBAICEQwwHwYDVR0jBBgwFoAUA1vI26YMj3njkfCU"
081: + "IXbo244kLjkwVwYDVR0SBFAwToZMbGRhcDovL3Brc2xkYXAudHR0Yy5kZS9vdT1U"
082: + "LVRlbGVTZWMgVGVzdCBESVIgODpQTixvPURldXRzY2hlIFRlbGVrb20gQUcsYz1k"
083: + "ZTAKBgYrJAMDAQIFAAOBgQArj4eMlbAwuA2aS5O4UUUHQMKKdK/dtZi60+LJMiMY"
084: + "ojrMIf4+ZCkgm1Ca0Cd5T15MJxVHhh167Ehn/Hd48pdnAP6Dfz/6LeqkIHGWMHR+"
085: + "z6TXpwWB+P4BdUec1ztz04LypsznrHcLRa91ixg9TZCb1MrOG+InNhleRs1ImXk8"
086: + "MQ==");
087:
088: private static final String ldapURL1 = "ldap://pksldap.tttc.de:389";
089:
090: private static final X509LDAPCertStoreParameters params1 = new X509LDAPCertStoreParameters.Builder(
091: ldapURL1, "o=Deutsche Telekom AG, c=DE")
092: .setAACertificateSubjectAttributeName("ou cn")
093: .setAttributeAuthorityRevocationListIssuerAttributeName(
094: "cn")
095: .setAttributeCertificateAttributeSubjectAttributeName("cn")
096: .setAttributeCertificateRevocationListIssuerAttributeName(
097: "cn")
098: .setAttributeDescriptorCertificateSubjectAttributeName(
099: "ou cn")
100: .setAuthorityRevocationListIssuerAttributeName("cn")
101: .setCACertificateSubjectAttributeName("ou cn")
102: .setCertificateRevocationListIssuerAttributeName("cn")
103: .setCrossCertificateSubjectAttributeName("cn")
104: .setDeltaRevocationListIssuerAttributeName("cn")
105: .setSearchForSerialNumberIn("cn").build();
106:
107: private static final String ldapURL2 = "ldap://directory.d-trust.de:389";
108:
109: private static final X509LDAPCertStoreParameters params2 = new X509LDAPCertStoreParameters.Builder(
110: ldapURL2, "o=D-Trust GmbH, c=DE")
111: .setAACertificateSubjectAttributeName("cn o")
112: .setAttributeAuthorityRevocationListIssuerAttributeName(
113: "cn")
114: .setAttributeCertificateAttributeSubjectAttributeName("cn")
115: .setAttributeCertificateRevocationListIssuerAttributeName(
116: "cn")
117: .setAttributeDescriptorCertificateSubjectAttributeName(
118: "cn o")
119: .setAuthorityRevocationListIssuerAttributeName("cn")
120: .setCACertificateSubjectAttributeName("cn o")
121: .setCertificateRevocationListIssuerAttributeName("cn")
122: .setCrossCertificateSubjectAttributeName("cn o")
123: .setDeltaRevocationListIssuerAttributeName("cn")
124: .setSearchForSerialNumberIn("uid").build();
125:
126: private static final byte[] cert2 = Base64
127: .decode("MIIEADCCAuigAwIBAgIDAJ/QMA0GCSqGSIb3DQEBBQUAMD8xCzAJBgNVBAYTAkRF"
128: + "MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxGTAXBgNVBAMMEEQtVFJVU1QgRGVtbyBD"
129: + "QTEwHhcNMDYwMzAyMTYxNTU3WhcNMDgwMzEyMTYxNTU3WjB+MQswCQYDVQQGEwJE"
130: + "RTEUMBIGA1UECgwLTXVzdGVyIEdtYkgxFzAVBgNVBAMMDk1heCBNdXN0ZXJtYW5u"
131: + "MRMwEQYDVQQEDApNdXN0ZXJtYW5uMQwwCgYDVQQqDANNYXgxHTAbBgNVBAUTFERU"
132: + "UldFMTQxMjk5NDU1MTgwMTIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC"
133: + "AQEAjLDFeviSZDEZgLzTdptU4biPgNV7SvLqsNholfqkyQm2r5WSghGZSjhKYIne"
134: + "qKmZ08W59a51bGqDEsifYR7Tw9JC/AhH19fyK01+1ZAXHalgVthaRtLw31lcoTVJ"
135: + "R7j9fvrnW0sMPVP4m5gePb3P5/pYHVmN1MjdPIm38us5aJOytOO5Li2IwQIG0t4M"
136: + "bEC6/1horBR5TgRl7ACamrdaPHOvO1QVweOqYU7uVxLgDTK4mSV6heyrisFMfkbj"
137: + "7jT/c44kXM7dtgNcmESINudu6bnqaB1CxOFTJ/Jzv81R5lf7pBX2LOG1Bu94Yw2x"
138: + "cHUVROs2UWY8kQrNUozsBHzQ0QIDAKq5o4HFMIHCMBMGA1UdIwQMMAqACEITKrPL"
139: + "WuYiMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZC10"
140: + "cnVzdC5uZXQwEAYDVR0gBAkwBzAFBgMqAwQwEQYDVR0OBAoECEvE8bXFHkFLMA4G"
141: + "A1UdDwEB/wQEAwIGQDAPBgUrJAgDCAQGDARUZXN0MB8GA1UdEQQYMBaBFG0ubXVz"
142: + "dGVybWFubkB0ZXN0LmRlMA8GBSskCAMPBAYMBFRlc3QwDQYJKoZIhvcNAQEFBQAD"
143: + "ggEBADD/X+UZZN30nCBDzJ7MtmgwvMBVDAU6HkPlzfyn9pxIKFrq3uR9wcY2pedM"
144: + "yQQk0NpTDCIhAYIjAHysMue0ViQnW5qq8uUCFn0+fsgMqqTQNRmE4NIqUrnYO40g"
145: + "WjcepCEApkTqGf3RFaDMf9zpRvj9qUx18De+V0GC22uD2vPKpqRcvS2dSw6pHBW2"
146: + "NwEU+RgNhoPXrHt332PEYdwO0zOL7eSLBD9AmkpP2uDjpMQ02Lu9kXG6OOfanwfS"
147: + "jHioCvDXyl5pwSHwrHNWQRb5dLF12Fg41LMapDwR7awAKE9h6qHBonvCMBPMvqrr"
148: + "NktqQcoQkluR9MItONJI5XHADtU=");
149:
150: private static final String ldapURL3 = "ldap://dir.signtrust.de:389";
151:
152: private static final X509LDAPCertStoreParameters params3 = new X509LDAPCertStoreParameters.Builder(
153: ldapURL3, "o=Deutsche Post AG, c=de")
154: .setAACertificateSubjectAttributeName("ou")
155: .setAttributeAuthorityRevocationListIssuerAttributeName(
156: "cn")
157: .setAttributeCertificateAttributeSubjectAttributeName("cn")
158: .setAttributeCertificateRevocationListIssuerAttributeName(
159: "o")
160: .setAttributeDescriptorCertificateSubjectAttributeName("ou")
161: .setAuthorityRevocationListIssuerAttributeName("o")
162: .setCACertificateSubjectAttributeName("ou")
163: .setCertificateRevocationListIssuerAttributeName("o")
164: .setCrossCertificateSubjectAttributeName("o")
165: .setDeltaRevocationListIssuerAttributeName("o")
166: .setSearchForSerialNumberIn("serialNumber").build();
167:
168: private static final byte[] cert3 = Base64
169: .decode("MIICwDCCAimgAwIBAgIBKzANBgkqhkiG9w0BAQUFADA6MRAwDgYDVQQDEwdQQ0Ex"
170: + "OlBOMRkwFwYDVQQKExBEZXV0c2NoZSBQb3N0IEFHMQswCQYDVQQGEwJERTAeFw0w"
171: + "MDA0MTkyMjAwMDBaFw0wMzA0MTkyMjAwMDBaMIGOMRAwDgYDVQQEFAdN5G5jaGVy"
172: + "MQ4wDAYDVQQqEwVLbGF1czEWMBQGA1UEAxQNS2xhdXMgTeRuY2hlcjEVMBMGA1UE"
173: + "CRMMV2llc2Vuc3RyLiAzMQ4wDAYDVQQREwU2MzMyOTESMBAGA1UEBxMJRWdlbHNi"
174: + "YWNoMQswCQYDVQQGEwJERTEKMAgGA1UEBRMBMTCBnzANBgkqhkiG9w0BAQEFAAOB"
175: + "jQAwgYkCgYEAn7z6Ba9wpv/mNBIaricY/d0KpxGpqGAXdqKlvqkk/seJEoBLvmL7"
176: + "wZz88RPELQqzDhc4oXYohS2dh3NHus9FpSPMq0JzKAcE3ArrVDxwtXtlcwN2v7iS"
177: + "TcHurgLOb9C/r8JdsMHNgwHMkkdp96cJk/sioyP5sLPYmgWxg1JH0vMCAwEAAaOB"
178: + "gDB+MAwGA1UdEwEB/wQCMAAwDwYDVR0PAQH/BAUDAwfAADBKBgNVHSMEQzBBoTyk"
179: + "OjEQMA4GA1UEAxMHUENBMTpQTjEZMBcGA1UEChMQRGV1dHNjaGUgUG9zdCBBRzEL"
180: + "MAkGA1UEBhMCREWCAQEwEQYDVR0OBAoECEAeJ6R3USjxMA0GCSqGSIb3DQEBBQUA"
181: + "A4GBADMRtdiQJF2fg7IcedTjnAW+QGl/wNSKy7A4oaBQeahcruo+hzH+ZU+DsiSu"
182: + "TJZaf2X1eUUEPmV+5zZlopGa3HvFfgmIYIXBw9ZO3Qb/HWGsPNgW0yg5eXEGwNEt"
183: + "vV85BTMGuMjiuDw841IuAZaMKqOKnVXHmd2pLJz7Wv0MLJhw");
184:
185: private static final byte[] caCert3 = Base64
186: .decode("MIICUjCCAb6gAwIBAgIDD2ptMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w"
187: + "OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0"
188: + "aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjRSLUNBIDE6UE4w"
189: + "IhgPMjAwMDA0MTIwODIyMDNaGA8yMDA0MDQxMjA4MjIwM1owWzELMAkGA1UEBhMC"
190: + "REUxGTAXBgNVBAoUEERldXRzY2hlIFBvc3QgQUcxMTAMBgcCggYBCgcUEwExMCEG"
191: + "A1UEAxQaQ0EgREVSIERFVVRTQ0hFTiBQT1NUIDU6UE4wgZ8wDQYJKoZIhvcNAQEB"
192: + "BQADgY0AMIGJAoGBAIH3c+gig1KkY5ceR6n/AMq+xz7hi3f0PMdpwIe2v2w6Hu5k"
193: + "jipe++NvU3r6wakIY2royHl3gKWrExOisBico9aQmn8lMJnWZ7SUbB+WpRn0mAWN"
194: + "ZM9YT+/U5hRCffeeuLWClzrbScaWnAeaaI0G+N/QKnSSjrV/l64jogyADWCTAgMB"
195: + "AAGjEjAQMA4GA1UdDwEB/wQEAwIBBjAKBgYrJAMDAQIFAAOBgQAaV5WClEneXk9s"
196: + "LO8zTQAsf4KvDaLd1BFcFeYM7kLLRHKeWQ0MAd0xkuAMme5NVwWNpNZP74B4HX7Q"
197: + "/Q0h/wo/9LTgQaxw52lLs4Ml0HUyJbSFjoQ+sqgjg2fGNGw7aGkVNY5dQTAy8oSv"
198: + "iG8mxTsQ7Fxaush3cIB0qDDwXar/hg==");
199:
200: private static final byte[] crossCert3 = Base64
201: .decode("MIICVDCCAcCgAwIBAgIDDIOsMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w"
202: + "OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0"
203: + "aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjRSLUNBIDE6UE4w"
204: + "IhgPMjAwMDAzMjIwOTQzNTBaGA8yMDA0MDEyMTE2MDQ1M1owbzELMAkGA1UEBhMC"
205: + "REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11"
206: + "bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNVItQ0Eg"
207: + "MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAih5BUycfBpqKhU8RDsaS"
208: + "vV5AtzWeXQRColL9CH3t0DKnhjKAlJ8iccFtJNv+d3bh8bb9sh0maRSo647xP7hs"
209: + "HTjKgTE4zM5BYNfXvST79OtcMgAzrnDiGjQIIWv8xbfV1MqxxdtZJygrwzRMb9jG"
210: + "CAGoJEymoyzAMNG7tSdBWnUCBQDAAAABMAoGBiskAwMBAgUAA4GBAIBWrl6aEy4d"
211: + "2d6U/924YK8Tv9oChmaKVhklkiTzcKv1N8dhLnLTibq4/stop03CY3rKU4X5aTfu"
212: + "0J77FIV1Poy9jLT5Tm1NBpi71m4uO3AUoSeyhJXGQGsYFjAc3URqkznbTL/nr9re"
213: + "IoBhf6u9cX+idnN6Uy1q+j/LOrcy3zgj");
214:
215: public void performTest() throws Exception {
216: certStoretest();
217: x509StoreTest();
218: }
219:
220: private void certStoretest() throws Exception {
221: CertStore cs = CertStore.getInstance("X509LDAP", params1, "BC");
222: X509CertSelector sl = new X509CertSelector();
223: CertificateFactory cf = CertificateFactory.getInstance("X.509",
224: "BC");
225: X509Certificate xcert = (X509Certificate) cf
226: .generateCertificate(new ByteArrayInputStream(cert1));
227: sl.setCertificate(xcert);
228: Collection coll = cs.getCertificates(sl);
229: if (coll.isEmpty() || !coll.iterator().next().equals(xcert)) {
230: fail("certificate could not be picked from LDAP directory.");
231: }
232:
233: // System.out.println(coll.toArray()[0]);
234:
235: sl.setCertificate(null);
236: sl.setSubject(getSubject(xcert).getEncoded());
237: coll = cs.getCertificates(sl);
238: if (coll.isEmpty() || !coll.iterator().next().equals(xcert)) {
239: fail("certificate could not be picked from LDAP directory.");
240: }
241: X509CRLSelector sl2 = new X509CRLSelector();
242: X509CRL crl = (X509CRL) cf
243: .generateCRL(new ByteArrayInputStream(directCRL));
244: sl2.addIssuerName(getCRLIssuer(crl).getEncoded());
245: coll = cs.getCRLs(sl2);
246: if (!coll.iterator().hasNext()) {
247: fail("CRL could not be picked from LDAP directory.");
248: }
249: // System.out.println(coll.toArray()[0]);
250:
251: cs = CertStore.getInstance("X509LDAP", params2, "BC");
252: sl = new X509CertSelector();
253: xcert = (X509Certificate) cf
254: .generateCertificate(new ByteArrayInputStream(cert2));
255: sl.setCertificate(xcert);
256: coll = cs.getCertificates(sl);
257: if (coll.isEmpty() || !coll.iterator().next().equals(xcert)) {
258: fail("Certificate could not be picked from LDAP directory.");
259: }
260:
261: // System.out.println(coll.toArray()[0]);
262:
263: cs = CertStore.getInstance("X509LDAP", params3, "BC");
264: sl = new X509CertSelector();
265: xcert = (X509Certificate) cf
266: .generateCertificate(new ByteArrayInputStream(cert3));
267: sl.setCertificate(xcert);
268: coll = cs.getCertificates(sl);
269: if (coll.isEmpty() || !coll.iterator().next().equals(xcert)) {
270: fail("Certificate could not be picked from LDAP directory.");
271: }
272:
273: // System.out.println(coll.toArray()[0]);
274:
275: xcert = (X509Certificate) cf
276: .generateCertificate(new ByteArrayInputStream(caCert3));
277: sl = new X509CertSelector();
278: sl.setSubject(getSubject(xcert).getEncoded());
279: coll = cs.getCertificates(sl);
280: boolean found = false;
281: if (coll.isEmpty()) {
282: fail("Certificate could not be picked from LDAP directory.");
283: }
284:
285: for (Iterator it = coll.iterator(); it.hasNext();) {
286: if (it.next().equals(xcert)) {
287: found = true;
288: break;
289: }
290: }
291: if (!found) {
292: fail("Certificate could not be picked from LDAP directory.");
293: }
294:
295: // System.out.println(coll.toArray()[0]);
296:
297: sl = new X509CertSelector();
298: xcert = (X509Certificate) cf
299: .generateCertificate(new ByteArrayInputStream(
300: crossCert3));
301: sl = new X509CertSelector();
302: sl.setSubject(getSubject(xcert).getEncoded());
303: coll = cs.getCertificates(sl);
304: if (coll.isEmpty()) {
305: fail("Cross certificate pair could not be picked from LDAP directory.");
306: }
307: found = false;
308: for (Iterator it = coll.iterator(); it.hasNext();) {
309: if (it.next().equals(xcert)) {
310: found = true;
311: break;
312: }
313: }
314: if (!found) {
315: fail("Cross certificate pair could not be picked from LDAP directory.");
316: }
317:
318: // System.out.println(coll.toArray()[0]);
319: }
320:
321: private void x509StoreTest() throws Exception {
322: X509Store cs = X509Store.getInstance("CERTIFICATE/LDAP",
323: params1, "BC");
324:
325: X509CertStoreSelector sl = new X509CertStoreSelector();
326: CertificateFactory cf = CertificateFactory.getInstance("X.509",
327: "BC");
328: X509Certificate xcert = (X509Certificate) cf
329: .generateCertificate(new ByteArrayInputStream(cert1));
330: sl.setCertificate(xcert);
331: Collection coll = cs.getMatches(sl);
332: if (coll.isEmpty() || !coll.iterator().next().equals(xcert)) {
333: fail("certificate could not be picked from LDAP directory.");
334: }
335:
336: // System.out.println(coll.toArray()[0]);
337:
338: sl.setCertificate(null);
339: sl.setSubject(getSubject(xcert).getEncoded());
340: coll = cs.getMatches(sl);
341: if (coll.isEmpty() || !coll.iterator().next().equals(xcert)) {
342: fail("certificate could not be picked from LDAP directory.");
343: }
344: X509CRLStoreSelector sl2 = new X509CRLStoreSelector();
345: X509CRL crl = (X509CRL) cf
346: .generateCRL(new ByteArrayInputStream(directCRL));
347: sl2.setIssuers(Collections.singleton(crl
348: .getIssuerX500Principal()));
349: cs = X509Store.getInstance("CRL/LDAP", params1, "BC");
350: coll = cs.getMatches(sl2);
351: if (!coll.iterator().hasNext()) {
352: fail("CRL could not be picked from LDAP directory.");
353: }
354: // System.out.println(coll.toArray()[0]);
355:
356: cs = X509Store.getInstance("CERTIFICATE/LDAP", params2, "BC");
357: sl = new X509CertStoreSelector();
358: xcert = (X509Certificate) cf
359: .generateCertificate(new ByteArrayInputStream(cert2));
360: sl.setCertificate(xcert);
361: coll = cs.getMatches(sl);
362: if (coll.isEmpty() || !coll.iterator().next().equals(xcert)) {
363: fail("Certificate could not be picked from LDAP directory.");
364: }
365:
366: // System.out.println(coll.toArray()[0]);
367:
368: cs = X509Store.getInstance("CERTIFICATE/LDAP", params3, "BC");
369: sl = new X509CertStoreSelector();
370: xcert = (X509Certificate) cf
371: .generateCertificate(new ByteArrayInputStream(cert3));
372: sl.setCertificate(xcert);
373: coll = cs.getMatches(sl);
374: if (coll.isEmpty() || !coll.iterator().next().equals(xcert)) {
375: fail("Certificate could not be picked from LDAP directory.");
376: }
377:
378: // System.out.println(coll.toArray()[0]);
379:
380: xcert = (X509Certificate) cf
381: .generateCertificate(new ByteArrayInputStream(caCert3));
382: sl = new X509CertStoreSelector();
383: sl.setSubject(getSubject(xcert).getEncoded());
384: coll = cs.getMatches(sl);
385: boolean found = false;
386: if (coll.isEmpty()) {
387: fail("Certificate could not be picked from LDAP directory.");
388: }
389:
390: for (Iterator it = coll.iterator(); it.hasNext();) {
391: if (it.next().equals(xcert)) {
392: found = true;
393: break;
394: }
395: }
396: if (!found) {
397: fail("Certificate could not be picked from LDAP directory.");
398: }
399:
400: // System.out.println(coll.toArray()[0]);
401:
402: sl = new X509CertStoreSelector();
403: xcert = (X509Certificate) cf
404: .generateCertificate(new ByteArrayInputStream(
405: crossCert3));
406: sl.setSubject(getSubject(xcert).getEncoded());
407: coll = cs.getMatches(sl);
408: if (coll.isEmpty()) {
409: fail("Cross certificate pair could not be picked from LDAP directory.");
410: }
411: found = false;
412: for (Iterator it = coll.iterator(); it.hasNext();) {
413: if (it.next().equals(xcert)) {
414: found = true;
415: break;
416: }
417: }
418: if (!found) {
419: fail("Cross certificate pair could not be picked from LDAP directory.");
420: }
421:
422: // System.out.println(coll.toArray()[0]);
423:
424: }
425:
426: private X509Principal getSubject(X509Certificate cert)
427: throws CertificateEncodingException {
428: return PrincipalUtil.getSubjectX509Principal(cert);
429: }
430:
431: private X509Principal getCRLIssuer(X509CRL crl) throws CRLException {
432: return PrincipalUtil.getIssuerX509Principal(crl);
433: }
434:
435: public String getName() {
436: return "LDAPCertStoreTest";
437: }
438:
439: public static void main(String[] args) {
440: Security.addProvider(new BouncyCastleProvider());
441: runTest(new X509LDAPCertStoreTest());
442: }
443: }
|