001: package org.bouncycastle.cms.test;
002:
003: import junit.framework.Test;
004: import junit.framework.TestCase;
005: import junit.framework.TestSuite;
006: import org.bouncycastle.asn1.ASN1InputStream;
007: import org.bouncycastle.asn1.cms.ContentInfo;
008: import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
009: import org.bouncycastle.asn1.x509.X509Name;
010: import org.bouncycastle.cms.CMSEnvelopedData;
011: import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
012: import org.bouncycastle.cms.CMSProcessable;
013: import org.bouncycastle.cms.CMSProcessableByteArray;
014: import org.bouncycastle.cms.CMSSignedData;
015: import org.bouncycastle.cms.CMSSignedDataGenerator;
016: import org.bouncycastle.cms.CMSSignedDataParser;
017: import org.bouncycastle.cms.CMSSignedDataStreamGenerator;
018: import org.bouncycastle.cms.CMSTypedStream;
019: import org.bouncycastle.cms.RecipientInformation;
020: import org.bouncycastle.cms.RecipientInformationStore;
021: import org.bouncycastle.cms.SignerInformation;
022: import org.bouncycastle.cms.SignerInformationStore;
023: import org.bouncycastle.x509.X509V3CertificateGenerator;
024:
025: import java.io.ByteArrayInputStream;
026: import java.io.ByteArrayOutputStream;
027: import java.io.IOException;
028: import java.io.OutputStream;
029: import java.math.BigInteger;
030: import java.security.GeneralSecurityException;
031: import java.security.KeyPair;
032: import java.security.KeyPairGenerator;
033: import java.security.MessageDigest;
034: import java.security.NoSuchAlgorithmException;
035: import java.security.NoSuchProviderException;
036: import java.security.PrivateKey;
037: import java.security.PublicKey;
038: import java.security.SecureRandom;
039: import java.security.cert.CertStore;
040: import java.security.cert.CollectionCertStoreParameters;
041: import java.security.cert.X509Certificate;
042: import java.util.ArrayList;
043: import java.util.Arrays;
044: import java.util.Collection;
045: import java.util.Date;
046: import java.util.Iterator;
047: import java.util.List;
048:
049: public class SunProviderTest extends TestCase {
050: static KeyPair keyPair;
051: static X509Certificate keyCert;
052: private static final String TEST_MESSAGE = "Hello World!";
053:
054: static {
055: try {
056: keyPair = generateKeyPair();
057: String origDN = "O=Bouncy Castle, C=AU";
058: keyCert = makeCertificate(keyPair, origDN, keyPair, origDN);
059: } catch (Exception e) {
060: throw new RuntimeException(e);
061: }
062: }
063:
064: public void testSHA1WithRSAEncapsulated() throws Exception {
065: List certList = new ArrayList();
066: CMSProcessable msg = new CMSProcessableByteArray(TEST_MESSAGE
067: .getBytes());
068:
069: certList.add(keyCert);
070:
071: CertStore certsAndCrls = CertStore.getInstance("Collection",
072: new CollectionCertStoreParameters(certList), "SUN");
073:
074: CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
075:
076: gen.addSigner(keyPair.getPrivate(), keyCert,
077: CMSSignedDataGenerator.DIGEST_SHA1);
078:
079: gen.addCertificatesAndCRLs(certsAndCrls);
080:
081: CMSSignedData s = gen.generate(msg, true, "SunRsaSign");
082:
083: ByteArrayInputStream bIn = new ByteArrayInputStream(s
084: .getEncoded());
085: ASN1InputStream aIn = new ASN1InputStream(bIn);
086:
087: s = new CMSSignedData(ContentInfo.getInstance(aIn.readObject()));
088:
089: certsAndCrls = s.getCertificatesAndCRLs("Collection", "SUN");
090:
091: SignerInformationStore signers = s.getSignerInfos();
092: Collection c = signers.getSigners();
093: Iterator it = c.iterator();
094:
095: while (it.hasNext()) {
096: SignerInformation signer = (SignerInformation) it.next();
097: Collection certCollection = certsAndCrls
098: .getCertificates(signer.getSID());
099:
100: Iterator certIt = certCollection.iterator();
101: X509Certificate cert = (X509Certificate) certIt.next();
102:
103: assertEquals(true, signer.verify(cert, "SunRsaSign"));
104: }
105: }
106:
107: public void testSHA1WithRSAStream() throws Exception {
108: List certList = new ArrayList();
109: ByteArrayOutputStream bOut = new ByteArrayOutputStream();
110:
111: certList.add(keyCert);
112:
113: CertStore certsAndCrls = CertStore.getInstance("Collection",
114: new CollectionCertStoreParameters(certList), "SUN");
115:
116: CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
117:
118: gen.addSigner(keyPair.getPrivate(), keyCert,
119: CMSSignedDataStreamGenerator.DIGEST_SHA1, "SunRsaSign");
120:
121: gen.addCertificatesAndCRLs(certsAndCrls);
122:
123: OutputStream sigOut = gen.open(bOut);
124:
125: sigOut.write(TEST_MESSAGE.getBytes());
126:
127: sigOut.close();
128:
129: CMSSignedDataParser sp = new CMSSignedDataParser(
130: new CMSTypedStream(new ByteArrayInputStream(
131: TEST_MESSAGE.getBytes())), bOut.toByteArray());
132:
133: sp.getSignedContent().drain();
134:
135: //
136: // compute expected content digest
137: //
138: MessageDigest md = MessageDigest.getInstance("SHA1", "SUN");
139:
140: byte[] contentDigest = md.digest(TEST_MESSAGE.getBytes());
141: CertStore certStore = sp.getCertificatesAndCRLs("Collection",
142: "SUN");
143: SignerInformationStore signers = sp.getSignerInfos();
144:
145: Collection c = signers.getSigners();
146: Iterator it = c.iterator();
147:
148: while (it.hasNext()) {
149: SignerInformation signer = (SignerInformation) it.next();
150: Collection certCollection = certStore
151: .getCertificates(signer.getSID());
152:
153: Iterator certIt = certCollection.iterator();
154: X509Certificate cert = (X509Certificate) certIt.next();
155:
156: assertEquals(true, signer.verify(cert, "SunRsaSign"));
157:
158: if (contentDigest != null) {
159: assertTrue(MessageDigest.isEqual(contentDigest, signer
160: .getContentDigest()));
161: }
162: }
163: }
164:
165: public void testKeyTransDES() throws Exception {
166: testKeyTrans(CMSEnvelopedDataGenerator.DES_EDE3_CBC);
167: }
168:
169: public void testKeyTransAES128() throws Exception {
170: testKeyTrans(CMSEnvelopedDataGenerator.AES128_CBC);
171: }
172:
173: public void testKeyTransAES192() throws Exception {
174: testKeyTrans(CMSEnvelopedDataGenerator.AES192_CBC);
175: }
176:
177: public void testKeyTransAES256() throws Exception {
178: testKeyTrans(CMSEnvelopedDataGenerator.AES256_CBC);
179: }
180:
181: private void testKeyTrans(String algorithm) throws Exception {
182: byte[] data = "WallaWallaWashington".getBytes();
183:
184: CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
185:
186: edGen.addKeyTransRecipient(keyCert);
187:
188: CMSEnvelopedData ed = edGen.generate(
189: new CMSProcessableByteArray(data), algorithm, "SunJCE");
190:
191: RecipientInformationStore recipients = ed.getRecipientInfos();
192:
193: assertEquals(ed.getEncryptionAlgOID(), algorithm);
194:
195: Collection c = recipients.getRecipients();
196:
197: assertEquals(1, c.size());
198:
199: Iterator it = c.iterator();
200:
201: while (it.hasNext()) {
202: RecipientInformation recipient = (RecipientInformation) it
203: .next();
204:
205: assertEquals(recipient.getKeyEncryptionAlgOID(),
206: PKCSObjectIdentifiers.rsaEncryption.getId());
207:
208: byte[] recData = recipient.getContent(keyPair.getPrivate(),
209: "SunJCE");
210:
211: assertEquals(true, Arrays.equals(data, recData));
212: }
213: }
214:
215: private static KeyPair generateKeyPair()
216: throws NoSuchProviderException, NoSuchAlgorithmException {
217: KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA",
218: "SunRsaSign");
219:
220: kpg.initialize(512, new SecureRandom());
221:
222: return kpg.generateKeyPair();
223: }
224:
225: private static X509Certificate makeCertificate(KeyPair subKP,
226: String _subDN, KeyPair issKP, String _issDN)
227: throws GeneralSecurityException, IOException {
228:
229: PublicKey subPub = subKP.getPublic();
230: PrivateKey issPriv = issKP.getPrivate();
231: PublicKey issPub = issKP.getPublic();
232:
233: X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
234:
235: v3CertGen.reset();
236: v3CertGen.setSerialNumber(BigInteger.valueOf(1));
237: v3CertGen.setIssuerDN(new X509Name(_issDN));
238: v3CertGen.setNotBefore(new Date(System.currentTimeMillis()));
239: v3CertGen.setNotAfter(new Date(System.currentTimeMillis()
240: + (1000L * 60 * 60 * 24 * 100)));
241: v3CertGen.setSubjectDN(new X509Name(_subDN));
242: v3CertGen.setPublicKey(subPub);
243:
244: v3CertGen.setSignatureAlgorithm("SHA1WithRSA");
245:
246: X509Certificate _cert = v3CertGen.generate(issPriv,
247: "SunRsaSign");
248:
249: _cert.checkValidity(new Date());
250: _cert.verify(issPub);
251:
252: return _cert;
253: }
254:
255: public static Test suite() throws Exception {
256: return new TestSuite(SunProviderTest.class);
257: }
258: }
|