001: package org.bouncycastle.ocsp.test;
002:
003: import org.bouncycastle.asn1.ASN1Encodable;
004: import org.bouncycastle.asn1.ASN1OctetString;
005: import org.bouncycastle.asn1.DEROctetString;
006: import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
007: import org.bouncycastle.asn1.x509.GeneralName;
008: import org.bouncycastle.asn1.x509.X509Extension;
009: import org.bouncycastle.asn1.x509.X509Extensions;
010: import org.bouncycastle.asn1.x509.X509Name;
011: import org.bouncycastle.jce.X509Principal;
012: import org.bouncycastle.jce.provider.BouncyCastleProvider;
013: import org.bouncycastle.ocsp.BasicOCSPResp;
014: import org.bouncycastle.ocsp.BasicOCSPRespGenerator;
015: import org.bouncycastle.ocsp.CertificateID;
016: import org.bouncycastle.ocsp.CertificateStatus;
017: import org.bouncycastle.ocsp.OCSPReq;
018: import org.bouncycastle.ocsp.OCSPReqGenerator;
019: import org.bouncycastle.ocsp.OCSPResp;
020: import org.bouncycastle.ocsp.OCSPRespGenerator;
021: import org.bouncycastle.ocsp.Req;
022: import org.bouncycastle.ocsp.SingleResp;
023: import org.bouncycastle.util.encoders.Base64;
024: import org.bouncycastle.util.test.SimpleTest;
025: import org.bouncycastle.x509.extension.X509ExtensionUtil;
026:
027: import java.io.ByteArrayInputStream;
028: import java.math.BigInteger;
029: import java.security.KeyPair;
030: import java.security.Security;
031: import java.security.cert.X509Certificate;
032: import java.util.Date;
033: import java.util.Random;
034: import java.util.Set;
035: import java.util.Vector;
036:
037: public class OCSPTest extends SimpleTest {
038: byte[] testResp1 = Base64
039: .decode("MIIFnAoBAKCCBZUwggWRBgkrBgEFBQcwAQEEggWCMIIFfjCCARehgZ8wgZwx"
040: + "CzAJBgNVBAYTAklOMRcwFQYDVQQIEw5BbmRocmEgcHJhZGVzaDESMBAGA1UE"
041: + "BxMJSHlkZXJhYmFkMQwwCgYDVQQKEwNUQ1MxDDAKBgNVBAsTA0FUQzEeMBwG"
042: + "A1UEAxMVVENTLUNBIE9DU1AgUmVzcG9uZGVyMSQwIgYJKoZIhvcNAQkBFhVv"
043: + "Y3NwQHRjcy1jYS50Y3MuY28uaW4YDzIwMDMwNDAyMTIzNDU4WjBiMGAwOjAJ"
044: + "BgUrDgMCGgUABBRs07IuoCWNmcEl1oHwIak1BPnX8QQUtGyl/iL9WJ1VxjxF"
045: + "j0hAwJ/s1AcCAQKhERgPMjAwMjA4MjkwNzA5MjZaGA8yMDAzMDQwMjEyMzQ1"
046: + "OFowDQYJKoZIhvcNAQEFBQADgYEAfbN0TCRFKdhsmvOdUoiJ+qvygGBzDxD/"
047: + "VWhXYA+16AphHLIWNABR3CgHB3zWtdy2j7DJmQ/R7qKj7dUhWLSqclAiPgFt"
048: + "QQ1YvSJAYfEIdyHkxv4NP0LSogxrumANcDyC9yt/W9yHjD2ICPBIqCsZLuLk"
049: + "OHYi5DlwWe9Zm9VFwCGgggPMMIIDyDCCA8QwggKsoAMCAQICAQYwDQYJKoZI"
050: + "hvcNAQEFBQAwgZQxFDASBgNVBAMTC1RDUy1DQSBPQ1NQMSYwJAYJKoZIhvcN"
051: + "AQkBFhd0Y3MtY2FAdGNzLWNhLnRjcy5jby5pbjEMMAoGA1UEChMDVENTMQww"
052: + "CgYDVQQLEwNBVEMxEjAQBgNVBAcTCUh5ZGVyYWJhZDEXMBUGA1UECBMOQW5k"
053: + "aHJhIHByYWRlc2gxCzAJBgNVBAYTAklOMB4XDTAyMDgyOTA3MTE0M1oXDTAz"
054: + "MDgyOTA3MTE0M1owgZwxCzAJBgNVBAYTAklOMRcwFQYDVQQIEw5BbmRocmEg"
055: + "cHJhZGVzaDESMBAGA1UEBxMJSHlkZXJhYmFkMQwwCgYDVQQKEwNUQ1MxDDAK"
056: + "BgNVBAsTA0FUQzEeMBwGA1UEAxMVVENTLUNBIE9DU1AgUmVzcG9uZGVyMSQw"
057: + "IgYJKoZIhvcNAQkBFhVvY3NwQHRjcy1jYS50Y3MuY28uaW4wgZ8wDQYJKoZI"
058: + "hvcNAQEBBQADgY0AMIGJAoGBAM+XWW4caMRv46D7L6Bv8iwtKgmQu0SAybmF"
059: + "RJiz12qXzdvTLt8C75OdgmUomxp0+gW/4XlTPUqOMQWv463aZRv9Ust4f8MH"
060: + "EJh4ekP/NS9+d8vEO3P40ntQkmSMcFmtA9E1koUtQ3MSJlcs441JjbgUaVnm"
061: + "jDmmniQnZY4bU3tVAgMBAAGjgZowgZcwDAYDVR0TAQH/BAIwADALBgNVHQ8E"
062: + "BAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwNgYIKwYBBQUHAQEEKjAoMCYG"
063: + "CCsGAQUFBzABhhpodHRwOi8vMTcyLjE5LjQwLjExMDo3NzAwLzAtBgNVHR8E"
064: + "JjAkMCKgIKAehhxodHRwOi8vMTcyLjE5LjQwLjExMC9jcmwuY3JsMA0GCSqG"
065: + "SIb3DQEBBQUAA4IBAQB6FovM3B4VDDZ15o12gnADZsIk9fTAczLlcrmXLNN4"
066: + "PgmqgnwF0Ymj3bD5SavDOXxbA65AZJ7rBNAguLUo+xVkgxmoBH7R2sBxjTCc"
067: + "r07NEadxM3HQkt0aX5XYEl8eRoifwqYAI9h0ziZfTNes8elNfb3DoPPjqq6V"
068: + "mMg0f0iMS4W8LjNPorjRB+kIosa1deAGPhq0eJ8yr0/s2QR2/WFD5P4aXc8I"
069: + "KWleklnIImS3zqiPrq6tl2Bm8DZj7vXlTOwmraSQxUwzCKwYob1yGvNOUQTq"
070: + "pG6jxn7jgDawHU1+WjWQe4Q34/pWeGLysxTraMa+Ug9kPe+jy/qRX2xwvKBZ"
071: + "====");
072:
073: byte[] testResp2 = Base64
074: .decode("MIII1QoBAKCCCM4wggjKBgkrBgEFBQcwAQEEggi7MIIItzCBjqADAgEAoSMw"
075: + "ITEfMB0GA1UEAxMWT0NTUCBjZXJ0LVFBLUNMSUVOVC04NxgPMjAwMzA1MTky"
076: + "MDI2MzBaMFEwTzA6MAkGBSsOAwIaBQAEFJniwiUuyrhKIEF2TjVdVdCAOw0z"
077: + "BBR2olPKrPOJUVyGZ7BXOC4L2BmAqgIBL4AAGA8yMDAzMDUxOTIwMjYzMFow"
078: + "DQYJKoZIhvcNAQEEBQADggEBALImFU3kUtpNVf4tIFKg/1sDHvGpk5Pk0uhH"
079: + "TiNp6vdPfWjOgPkVXskx9nOTabVOBE8RusgwEcK1xeBXSHODb6mnjt9pkfv3"
080: + "ZdbFLFvH/PYjOb6zQOgdIOXhquCs5XbcaSFCX63hqnSaEqvc9w9ctmQwds5X"
081: + "tCuyCB1fWu/ie8xfuXR5XZKTBf5c6dO82qFE65gTYbGOxJBYiRieIPW1XutZ"
082: + "A76qla4m+WdxubV6SPG8PVbzmAseqjsJRn4jkSKOGenqSOqbPbZn9oBsU0Ku"
083: + "hul3pwsNJvcBvw2qxnWybqSzV+n4OvYXk+xFmtTjw8H9ChV3FYYDs8NuUAKf"
084: + "jw1IjWegggcOMIIHCjCCAzMwggIboAMCAQICAQIwDQYJKoZIhvcNAQEEBQAw"
085: + "bzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1BMRAwDgYDVQQHEwdXYWx0aGFt"
086: + "MRYwFAYDVQQKEw1Gb3J1bSBTeXN0ZW1zMQswCQYDVQQLEwJRQTEcMBoGA1UE"
087: + "AxMTQ2VydGlmaWNhdGUgTWFuYWdlcjAeFw0wMzAzMjEwNTAwMDBaFw0yNTAz"
088: + "MjEwNTAwMDBaMCExHzAdBgNVBAMTFk9DU1AgY2VydC1RQS1DTElFTlQtODcw"
089: + "ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVuxRCZgJAYAftYuRy"
090: + "9axdtsHrkIJyVVRorLCTWOoLmx2tlrGqKbHOGKmvqEPEpeCDYQk+0WIlWMuM"
091: + "2pgiYAolwqSFBwCjkjQN3fCIHXiby0JBgCCLoe7wa0pZffE+8XZH0JdSjoT3"
092: + "2OYD19wWZeY2VB0JWJFWYAnIL+R5Eg7LwJ5QZSdvghnOWKTv60m/O1rC0see"
093: + "9lbPO+3jRuaDyCUKYy/YIKBYC9rtC4hS47jg70dTfmE2nccjn7rFCPBrVr4M"
094: + "5szqdRzwu3riL9W+IE99LTKXOH/24JX0S4woeGXMS6me7SyZE6x7P2tYkNXM"
095: + "OfXk28b3SJF75K7vX6T6ecWjAgMBAAGjKDAmMBMGA1UdJQQMMAoGCCsGAQUF"
096: + "BwMJMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEEBQADggEBAKNSn7pp"
097: + "UEC1VTN/Iqk8Sc2cAYM7KSmeB++tuyes1iXY4xSQaEgOxRa5AvPAKnXKSzfY"
098: + "vqi9WLdzdkpTo4AzlHl5nqU/NCUv3yOKI9lECVMgMxLAvZgMALS5YXNZsqrs"
099: + "hP3ASPQU99+5CiBGGYa0PzWLstXLa6SvQYoHG2M8Bb2lHwgYKsyrUawcfc/s"
100: + "jE3jFJeyCyNwzH0eDJUVvW1/I3AhLNWcPaT9/VfyIWu5qqZU+ukV/yQXrKiB"
101: + "glY8v4QDRD4aWQlOuiV2r9sDRldOPJe2QSFDBe4NtBbynQ+MRvF2oQs/ocu+"
102: + "OAHX7uiskg9GU+9cdCWPwJf9cP/Zem6MemgwggPPMIICt6ADAgECAgEBMA0G"
103: + "CSqGSIb3DQEBBQUAMG8xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNQTEQMA4G"
104: + "A1UEBxMHV2FsdGhhbTEWMBQGA1UEChMNRm9ydW0gU3lzdGVtczELMAkGA1UE"
105: + "CxMCUUExHDAaBgNVBAMTE0NlcnRpZmljYXRlIE1hbmFnZXIwHhcNMDMwMzIx"
106: + "MDUwMDAwWhcNMjUwMzIxMDUwMDAwWjBvMQswCQYDVQQGEwJVUzELMAkGA1UE"
107: + "CBMCTUExEDAOBgNVBAcTB1dhbHRoYW0xFjAUBgNVBAoTDUZvcnVtIFN5c3Rl"
108: + "bXMxCzAJBgNVBAsTAlFBMRwwGgYDVQQDExNDZXJ0aWZpY2F0ZSBNYW5hZ2Vy"
109: + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4VeU+48VBjI0mGRt"
110: + "9qlD+WAhx3vv4KCOD5f3HWLj8D2DcoszVTVDqtRK+HS1eSpO/xWumyXhjV55"
111: + "FhG2eYi4e0clv0WyswWkGLqo7IxYn3ZhVmw04ohdTjdhVv8oS+96MUqPmvVW"
112: + "+MkVRyqm75HdgWhKRr/lEpDNm+RJe85xMCipkyesJG58p5tRmAZAAyRs3jYw"
113: + "5YIFwDOnt6PCme7ui4xdas2zolqOlynMuq0ctDrUPKGLlR4mVBzgAVPeatcu"
114: + "ivEQdB3rR6UN4+nv2jx9kmQNNb95R1M3J9xHfOWX176UWFOZHJwVq8eBGF9N"
115: + "pav4ZGBAyqagW7HMlo7Hw0FzUwIDAQABo3YwdDARBglghkgBhvhCAQEEBAMC"
116: + "AJcwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU64zBxl1yKES8tjU3/rBA"
117: + "NaeBpjkwHwYDVR0jBBgwFoAU64zBxl1yKES8tjU3/rBANaeBpjkwDgYDVR0P"
118: + "AQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IBAQAzHnf+Z+UgxDVOpCu0DHF+"
119: + "qYZf8IaUQxLhUD7wjwnt3lJ0QV1z4oyc6Vs9J5xa8Mvf7u1WMmOxvN8r8Kb0"
120: + "k8DlFszLd0Qwr+NVu5NQO4Vn01UAzCtH4oX2bgrVzotqDnzZ4TcIr11EX3Nb"
121: + "tO8yWWl+xWIuxKoAO8a0Rh97TyYfAj4++GIm43b2zIvRXEWAytjz7rXUMwRC"
122: + "1ipRQwSA9gyw2y0s8emV/VwJQXsTe9xtDqlEC67b90V/BgL/jxck5E8yrY9Z"
123: + "gNxlOgcqscObisAkB5I6GV+dfa+BmZrhSJ/bvFMUrnFzjLFvZp/9qiK11r5K"
124: + "A5oyOoNv0w+8bbtMNEc1" + "====");
125:
126: public String getName() {
127: return "OCSP";
128: }
129:
130: private void testECDSA() throws Exception {
131: String signDN = "O=Bouncy Castle, C=AU";
132: KeyPair signKP = OCSPTestUtil.makeECKeyPair();
133: X509Certificate testCert = OCSPTestUtil.makeECDSACertificate(
134: signKP, signDN, signKP, signDN);
135:
136: String origDN = "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU";
137: GeneralName origName = new GeneralName(new X509Name(origDN));
138:
139: //
140: // general id value for our test issuer cert and a serial number.
141: //
142: CertificateID id = new CertificateID(CertificateID.HASH_SHA1,
143: testCert, BigInteger.valueOf(1));
144:
145: //
146: // basic request generation
147: //
148: OCSPReqGenerator gen = new OCSPReqGenerator();
149:
150: gen.addRequest(new CertificateID(CertificateID.HASH_SHA1,
151: testCert, BigInteger.valueOf(1)));
152:
153: OCSPReq req = gen.generate();
154:
155: if (req.isSigned()) {
156: fail("signed but shouldn't be");
157: }
158:
159: X509Certificate[] certs = req.getCerts("BC");
160:
161: if (certs != null) {
162: fail("null certs expected, but not found");
163: }
164:
165: Req[] requests = req.getRequestList();
166:
167: if (!requests[0].getCertID().equals(id)) {
168: fail("Failed isFor test");
169: }
170:
171: //
172: // request generation with signing
173: //
174: X509Certificate[] chain = new X509Certificate[1];
175:
176: gen = new OCSPReqGenerator();
177:
178: gen.setRequestorName(new GeneralName(GeneralName.directoryName,
179: new X509Principal("CN=fred")));
180:
181: gen.addRequest(new CertificateID(CertificateID.HASH_SHA1,
182: testCert, BigInteger.valueOf(1)));
183:
184: chain[0] = testCert;
185:
186: req = gen.generate("SHA1withECDSA", signKP.getPrivate(), chain,
187: "BC");
188:
189: if (!req.isSigned()) {
190: fail("not signed but should be");
191: }
192:
193: if (!req.verify(signKP.getPublic(), "BC")) {
194: fail("signature failed to verify");
195: }
196:
197: requests = req.getRequestList();
198:
199: if (!requests[0].getCertID().equals(id)) {
200: fail("Failed isFor test");
201: }
202:
203: certs = req.getCerts("BC");
204:
205: if (certs == null) {
206: fail("null certs found");
207: }
208:
209: if (certs.length != 1 || !certs[0].equals(testCert)) {
210: fail("incorrect certs found in request");
211: }
212:
213: //
214: // encoding test
215: //
216: byte[] reqEnc = req.getEncoded();
217:
218: OCSPReq newReq = new OCSPReq(reqEnc);
219:
220: if (!newReq.verify(signKP.getPublic(), "BC")) {
221: fail("newReq signature failed to verify");
222: }
223:
224: //
225: // request generation with signing and nonce
226: //
227: chain = new X509Certificate[1];
228:
229: gen = new OCSPReqGenerator();
230:
231: Vector oids = new Vector();
232: Vector values = new Vector();
233: byte[] sampleNonce = new byte[16];
234: Random rand = new Random();
235:
236: rand.nextBytes(sampleNonce);
237:
238: gen.setRequestorName(new GeneralName(GeneralName.directoryName,
239: new X509Principal("CN=fred")));
240:
241: oids.addElement(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
242: values.addElement(new X509Extension(false, new DEROctetString(
243: new DEROctetString(sampleNonce))));
244:
245: gen.setRequestExtensions(new X509Extensions(oids, values));
246:
247: gen.addRequest(new CertificateID(CertificateID.HASH_SHA1,
248: testCert, BigInteger.valueOf(1)));
249:
250: chain[0] = testCert;
251:
252: req = gen.generate("SHA1withECDSA", signKP.getPrivate(), chain,
253: "BC");
254:
255: if (!req.isSigned()) {
256: fail("not signed but should be");
257: }
258:
259: if (!req.verify(signKP.getPublic(), "BC")) {
260: fail("signature failed to verify");
261: }
262:
263: //
264: // extension check.
265: //
266: Set extOids = req.getCriticalExtensionOIDs();
267:
268: if (extOids.size() != 0) {
269: fail("wrong number of critical extensions in OCSP request.");
270: }
271:
272: extOids = req.getNonCriticalExtensionOIDs();
273:
274: if (extOids.size() != 1) {
275: fail("wrong number of non-critical extensions in OCSP request.");
276: }
277:
278: byte[] extValue = req
279: .getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nonce
280: .getId());
281:
282: ASN1Encodable extObj = X509ExtensionUtil
283: .fromExtensionValue(extValue);
284:
285: if (!(extObj instanceof ASN1OctetString)) {
286: fail("wrong extension type found.");
287: }
288:
289: if (!areEqual(((ASN1OctetString) extObj).getOctets(),
290: sampleNonce)) {
291: fail("wrong extension value found.");
292: }
293:
294: //
295: // request list check
296: //
297: requests = req.getRequestList();
298:
299: if (!requests[0].getCertID().equals(id)) {
300: fail("Failed isFor test");
301: }
302:
303: //
304: // response generation
305: //
306: BasicOCSPRespGenerator respGen = new BasicOCSPRespGenerator(
307: signKP.getPublic());
308:
309: respGen.addResponse(id, CertificateStatus.GOOD);
310:
311: respGen.generate("SHA1withECDSA", signKP.getPrivate(), chain,
312: new Date(), "BC");
313: }
314:
315: public void performTest() throws Exception {
316: String signDN = "O=Bouncy Castle, C=AU";
317: KeyPair signKP = OCSPTestUtil.makeKeyPair();
318: X509Certificate testCert = OCSPTestUtil.makeCertificate(signKP,
319: signDN, signKP, signDN);
320:
321: String origDN = "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU";
322: GeneralName origName = new GeneralName(new X509Name(origDN));
323:
324: //
325: // general id value for our test issuer cert and a serial number.
326: //
327: CertificateID id = new CertificateID(CertificateID.HASH_SHA1,
328: testCert, BigInteger.valueOf(1));
329:
330: //
331: // basic request generation
332: //
333: OCSPReqGenerator gen = new OCSPReqGenerator();
334:
335: gen.addRequest(new CertificateID(CertificateID.HASH_SHA1,
336: testCert, BigInteger.valueOf(1)));
337:
338: OCSPReq req = gen.generate();
339:
340: if (req.isSigned()) {
341: fail("signed but shouldn't be");
342: }
343:
344: X509Certificate[] certs = req.getCerts("BC");
345:
346: if (certs != null) {
347: fail("null certs expected, but not found");
348: }
349:
350: Req[] requests = req.getRequestList();
351:
352: if (!requests[0].getCertID().equals(id)) {
353: fail("Failed isFor test");
354: }
355:
356: //
357: // request generation with signing
358: //
359: X509Certificate[] chain = new X509Certificate[1];
360:
361: gen = new OCSPReqGenerator();
362:
363: gen.setRequestorName(new GeneralName(GeneralName.directoryName,
364: new X509Principal("CN=fred")));
365:
366: gen.addRequest(new CertificateID(CertificateID.HASH_SHA1,
367: testCert, BigInteger.valueOf(1)));
368:
369: chain[0] = testCert;
370:
371: req = gen.generate("SHA1withRSA", signKP.getPrivate(), chain,
372: "BC");
373:
374: if (!req.isSigned()) {
375: fail("not signed but should be");
376: }
377:
378: if (!req.verify(signKP.getPublic(), "BC")) {
379: fail("signature failed to verify");
380: }
381:
382: requests = req.getRequestList();
383:
384: if (!requests[0].getCertID().equals(id)) {
385: fail("Failed isFor test");
386: }
387:
388: certs = req.getCerts("BC");
389:
390: if (certs == null) {
391: fail("null certs found");
392: }
393:
394: if (certs.length != 1 || !certs[0].equals(testCert)) {
395: fail("incorrect certs found in request");
396: }
397:
398: //
399: // encoding test
400: //
401: byte[] reqEnc = req.getEncoded();
402:
403: OCSPReq newReq = new OCSPReq(reqEnc);
404:
405: if (!newReq.verify(signKP.getPublic(), "BC")) {
406: fail("newReq signature failed to verify");
407: }
408:
409: //
410: // request generation with signing and nonce
411: //
412: chain = new X509Certificate[1];
413:
414: gen = new OCSPReqGenerator();
415:
416: Vector oids = new Vector();
417: Vector values = new Vector();
418: byte[] sampleNonce = new byte[16];
419: Random rand = new Random();
420:
421: rand.nextBytes(sampleNonce);
422:
423: gen.setRequestorName(new GeneralName(GeneralName.directoryName,
424: new X509Principal("CN=fred")));
425:
426: oids.addElement(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
427: values.addElement(new X509Extension(false, new DEROctetString(
428: new DEROctetString(sampleNonce))));
429:
430: gen.setRequestExtensions(new X509Extensions(oids, values));
431:
432: gen.addRequest(new CertificateID(CertificateID.HASH_SHA1,
433: testCert, BigInteger.valueOf(1)));
434:
435: chain[0] = testCert;
436:
437: req = gen.generate("SHA1withRSA", signKP.getPrivate(), chain,
438: "BC");
439:
440: if (!req.isSigned()) {
441: fail("not signed but should be");
442: }
443:
444: if (!req.verify(signKP.getPublic(), "BC")) {
445: fail("signature failed to verify");
446: }
447:
448: //
449: // extension check.
450: //
451: Set extOids = req.getCriticalExtensionOIDs();
452:
453: if (extOids.size() != 0) {
454: fail("wrong number of critical extensions in OCSP request.");
455: }
456:
457: extOids = req.getNonCriticalExtensionOIDs();
458:
459: if (extOids.size() != 1) {
460: fail("wrong number of non-critical extensions in OCSP request.");
461: }
462:
463: byte[] extValue = req
464: .getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nonce
465: .getId());
466:
467: ASN1Encodable extObj = X509ExtensionUtil
468: .fromExtensionValue(extValue);
469:
470: if (!(extObj instanceof ASN1OctetString)) {
471: fail("wrong extension type found.");
472: }
473:
474: if (!areEqual(((ASN1OctetString) extObj).getOctets(),
475: sampleNonce)) {
476: fail("wrong extension value found.");
477: }
478:
479: //
480: // request list check
481: //
482: requests = req.getRequestList();
483:
484: if (!requests[0].getCertID().equals(id)) {
485: fail("Failed isFor test");
486: }
487:
488: //
489: // response parsing - test 1
490: //
491: OCSPResp response = new OCSPResp(new ByteArrayInputStream(
492: testResp1));
493:
494: if (response.getStatus() != 0) {
495: fail("response status not zero.");
496: }
497:
498: BasicOCSPResp brep = (BasicOCSPResp) response
499: .getResponseObject();
500: chain = brep.getCerts("BC");
501:
502: if (!brep.verify(chain[0].getPublicKey(), "BC")) {
503: fail("response 1 failed to verify.");
504: }
505:
506: //
507: // test 2
508: //
509: SingleResp[] singleResp = brep.getResponses();
510:
511: response = new OCSPResp(new ByteArrayInputStream(testResp2));
512:
513: if (response.getStatus() != 0) {
514: fail("response status not zero.");
515: }
516:
517: brep = (BasicOCSPResp) response.getResponseObject();
518: chain = brep.getCerts("BC");
519:
520: if (!brep.verify(chain[0].getPublicKey(), "BC")) {
521: fail("response 2 failed to verify.");
522: }
523:
524: singleResp = brep.getResponses();
525:
526: //
527: // simple response generation
528: //
529: OCSPRespGenerator respGen = new OCSPRespGenerator();
530: OCSPResp resp = respGen.generate(OCSPRespGenerator.SUCCESSFUL,
531: response.getResponseObject());
532:
533: if (!resp.getResponseObject().equals(
534: response.getResponseObject())) {
535: fail("response fails to match");
536: }
537:
538: testECDSA();
539: }
540:
541: public static void main(String[] args) {
542: Security.addProvider(new BouncyCastleProvider());
543:
544: runTest(new OCSPTest());
545: }
546: }
|