001: package org.bouncycastle.jce.provider.test;
002:
003: import org.bouncycastle.asn1.x509.BasicConstraints;
004: import org.bouncycastle.asn1.x509.CRLNumber;
005: import org.bouncycastle.asn1.x509.CRLReason;
006: import org.bouncycastle.asn1.x509.KeyUsage;
007: import org.bouncycastle.asn1.x509.X509Extensions;
008: import org.bouncycastle.jce.PrincipalUtil;
009: import org.bouncycastle.jce.X509Principal;
010: import org.bouncycastle.x509.X509V1CertificateGenerator;
011: import org.bouncycastle.x509.X509V2CRLGenerator;
012: import org.bouncycastle.x509.X509V3CertificateGenerator;
013: import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;
014: import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure;
015:
016: import java.math.BigInteger;
017: import java.security.InvalidKeyException;
018: import java.security.KeyPair;
019: import java.security.KeyPairGenerator;
020: import java.security.NoSuchAlgorithmException;
021: import java.security.NoSuchProviderException;
022: import java.security.Principal;
023: import java.security.PrivateKey;
024: import java.security.PublicKey;
025: import java.security.SecureRandom;
026: import java.security.SignatureException;
027: import java.security.cert.CertificateEncodingException;
028: import java.security.cert.CertificateException;
029: import java.security.cert.CertificateExpiredException;
030: import java.security.cert.CertificateNotYetValidException;
031: import java.security.cert.X509CRL;
032: import java.security.cert.X509Certificate;
033: import java.util.Date;
034: import java.util.Set;
035:
036: /**
037: * Test Utils
038: */
039: class TestUtils {
040: /**
041: * Create a random 1024 bit RSA key pair
042: */
043: public static KeyPair generateRSAKeyPair() throws Exception {
044: KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA",
045: "BC");
046:
047: kpGen.initialize(1024, new SecureRandom());
048:
049: return kpGen.generateKeyPair();
050: }
051:
052: public static X509Certificate generateRootCert(KeyPair pair)
053: throws Exception {
054: X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
055:
056: certGen.setSerialNumber(BigInteger.valueOf(1));
057: certGen
058: .setIssuerDN(new X509Principal("CN=Test CA Certificate"));
059: certGen.setNotBefore(new Date(
060: System.currentTimeMillis() - 50000));
061: certGen
062: .setNotAfter(new Date(
063: System.currentTimeMillis() + 50000));
064: certGen
065: .setSubjectDN(new X509Principal(
066: "CN=Test CA Certificate"));
067: certGen.setPublicKey(pair.getPublic());
068: certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
069:
070: return certGen.generateX509Certificate(pair.getPrivate(), "BC");
071: }
072:
073: public static X509Certificate generateIntermediateCert(
074: PublicKey intKey, PrivateKey caKey, X509Certificate caCert)
075: throws Exception {
076: X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
077:
078: certGen.setSerialNumber(BigInteger.valueOf(1));
079: certGen.setIssuerDN(PrincipalUtil
080: .getSubjectX509Principal(caCert));
081: certGen.setNotBefore(new Date(
082: System.currentTimeMillis() - 50000));
083: certGen
084: .setNotAfter(new Date(
085: System.currentTimeMillis() + 50000));
086: certGen.setSubjectDN(new X509Principal(
087: "CN=Test Intermediate Certificate"));
088: certGen.setPublicKey(intKey);
089: certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
090:
091: certGen.addExtension(X509Extensions.AuthorityKeyIdentifier,
092: false, new AuthorityKeyIdentifierStructure(caCert));
093: certGen.addExtension(X509Extensions.SubjectKeyIdentifier,
094: false, new SubjectKeyIdentifierStructure(intKey));
095: certGen.addExtension(X509Extensions.BasicConstraints, true,
096: new BasicConstraints(0));
097: certGen.addExtension(X509Extensions.KeyUsage, true,
098: new KeyUsage(KeyUsage.digitalSignature
099: | KeyUsage.keyCertSign | KeyUsage.cRLSign));
100:
101: return certGen.generateX509Certificate(caKey, "BC");
102: }
103:
104: public static X509Certificate generateEndEntityCert(
105: PublicKey entityKey, PrivateKey caKey,
106: X509Certificate caCert) throws Exception {
107: X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
108:
109: certGen.setSerialNumber(BigInteger.valueOf(1));
110: certGen.setIssuerDN(PrincipalUtil
111: .getSubjectX509Principal(caCert));
112: certGen.setNotBefore(new Date(
113: System.currentTimeMillis() - 50000));
114: certGen
115: .setNotAfter(new Date(
116: System.currentTimeMillis() + 50000));
117: certGen.setSubjectDN(new X509Principal(
118: "CN=Test End Certificate"));
119: certGen.setPublicKey(entityKey);
120: certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
121:
122: certGen.addExtension(X509Extensions.AuthorityKeyIdentifier,
123: false, new AuthorityKeyIdentifierStructure(caCert));
124: certGen.addExtension(X509Extensions.SubjectKeyIdentifier,
125: false, new SubjectKeyIdentifierStructure(entityKey));
126: certGen.addExtension(X509Extensions.BasicConstraints, true,
127: new BasicConstraints(false));
128: certGen.addExtension(X509Extensions.KeyUsage, true,
129: new KeyUsage(KeyUsage.digitalSignature
130: | KeyUsage.keyEncipherment));
131:
132: return certGen.generateX509Certificate(caKey, "BC");
133: }
134:
135: public static X509CRL createCRL(X509Certificate caCert,
136: PrivateKey caKey, BigInteger serialNumber) throws Exception {
137: X509V2CRLGenerator crlGen = new X509V2CRLGenerator();
138: Date now = new Date();
139: BigInteger revokedSerialNumber = BigInteger.valueOf(2);
140:
141: crlGen.setIssuerDN(PrincipalUtil
142: .getSubjectX509Principal(caCert));
143:
144: crlGen.setThisUpdate(now);
145: crlGen.setNextUpdate(new Date(now.getTime() + 100000));
146: crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
147:
148: crlGen.addCRLEntry(serialNumber, now,
149: CRLReason.privilegeWithdrawn);
150:
151: crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier,
152: false, new AuthorityKeyIdentifierStructure(caCert));
153: crlGen.addExtension(X509Extensions.CRLNumber, false,
154: new CRLNumber(BigInteger.valueOf(1)));
155:
156: return crlGen.generateX509CRL(caKey, "BC");
157: }
158:
159: public static X509Certificate createExceptionCertificate(
160: boolean exceptionOnEncode) {
161: return new ExceptionCertificate(exceptionOnEncode);
162: }
163:
164: private static class ExceptionCertificate extends X509Certificate {
165: private boolean _exceptionOnEncode;
166:
167: public ExceptionCertificate(boolean exceptionOnEncode) {
168: _exceptionOnEncode = exceptionOnEncode;
169: }
170:
171: public void checkValidity() throws CertificateExpiredException,
172: CertificateNotYetValidException {
173: throw new CertificateNotYetValidException();
174: }
175:
176: public void checkValidity(Date date)
177: throws CertificateExpiredException,
178: CertificateNotYetValidException {
179: throw new CertificateExpiredException();
180: }
181:
182: public int getVersion() {
183: return 0;
184: }
185:
186: public BigInteger getSerialNumber() {
187: return null;
188: }
189:
190: public Principal getIssuerDN() {
191: return null;
192: }
193:
194: public Principal getSubjectDN() {
195: return null;
196: }
197:
198: public Date getNotBefore() {
199: return null;
200: }
201:
202: public Date getNotAfter() {
203: return null;
204: }
205:
206: public byte[] getTBSCertificate()
207: throws CertificateEncodingException {
208: throw new CertificateEncodingException();
209: }
210:
211: public byte[] getSignature() {
212: return new byte[0];
213: }
214:
215: public String getSigAlgName() {
216: return null;
217: }
218:
219: public String getSigAlgOID() {
220: return null;
221: }
222:
223: public byte[] getSigAlgParams() {
224: return new byte[0];
225: }
226:
227: public boolean[] getIssuerUniqueID() {
228: return new boolean[0];
229: }
230:
231: public boolean[] getSubjectUniqueID() {
232: return new boolean[0];
233: }
234:
235: public boolean[] getKeyUsage() {
236: return new boolean[0];
237: }
238:
239: public int getBasicConstraints() {
240: return 0;
241: }
242:
243: public byte[] getEncoded() throws CertificateEncodingException {
244: if (_exceptionOnEncode) {
245: throw new CertificateEncodingException();
246: }
247:
248: return new byte[0];
249: }
250:
251: public void verify(PublicKey key) throws CertificateException,
252: NoSuchAlgorithmException, InvalidKeyException,
253: NoSuchProviderException, SignatureException {
254: throw new CertificateException();
255: }
256:
257: public void verify(PublicKey key, String sigProvider)
258: throws CertificateException, NoSuchAlgorithmException,
259: InvalidKeyException, NoSuchProviderException,
260: SignatureException {
261: throw new CertificateException();
262: }
263:
264: public String toString() {
265: return null;
266: }
267:
268: public PublicKey getPublicKey() {
269: return null;
270: }
271:
272: public boolean hasUnsupportedCriticalExtension() {
273: return false;
274: }
275:
276: public Set getCriticalExtensionOIDs() {
277: return null;
278: }
279:
280: public Set getNonCriticalExtensionOIDs() {
281: return null;
282: }
283:
284: public byte[] getExtensionValue(String oid) {
285: return new byte[0];
286: }
287: }
288: }
|