1
package org.bouncycastle.jce.provider.test;
3
import java.io.ByteArrayInputStream;
4
import java.math.BigInteger;
5
import java.security.KeyPair;
6
import java.security.Security;
7
import org.bouncycastle.jce.cert.CertPath;
8
import org.bouncycastle.jce.cert.CertPathBuilder;
9
import org.bouncycastle.jce.cert.CertStore;
10
import org.bouncycastle.jce.cert.CertificateFactory;
11
import org.bouncycastle.jce.cert.CollectionCertStoreParameters;
12
import org.bouncycastle.jce.cert.PKIXBuilderParameters;
13
import org.bouncycastle.jce.cert.PKIXCertPathBuilderResult;
14
import org.bouncycastle.jce.cert.TrustAnchor;
15
import java.security.cert.X509CRL;
16
import org.bouncycastle.jce.cert.X509CertSelector;
17
import java.security.cert.X509Certificate;
18
import java.util.ArrayList;
19
import java.util.Calendar;
20
import java.util.Collections;
21
import java.util.Date;
22
import java.util.HashSet;
23
import java.util.List;
26
import org.bouncycastle.jce.PrincipalUtil;
27
import org.bouncycastle.jce.provider.BouncyCastleProvider;
28
import org.bouncycastle.util.test.SimpleTestResult;
29
import org.bouncycastle.util.test.Test;
30
import org.bouncycastle.util.test.TestResult;
32
public class CertPathBuilderTest
36
public TestResult baseTest()
40
CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
42
// initialise CertStore
43
X509Certificate rootCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(CertPathTest.rootCertBin));
44
X509Certificate interCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(CertPathTest.interCertBin));
45
X509Certificate finalCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(CertPathTest.finalCertBin));
46
X509CRL rootCrl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(CertPathTest.rootCrlBin));
47
X509CRL interCrl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(CertPathTest.interCrlBin));
48
List list = new ArrayList();
54
CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list);
55
CertStore store = CertStore.getInstance("Collection", ccsp, "BC");
56
Calendar validDate = Calendar.getInstance();
57
validDate.set(2002,2,21,2,21,10);
59
//Searching for rootCert by subjectDN without CRL
60
Set trust = new HashSet();
61
trust.add(new TrustAnchor(rootCert, null));
63
CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX","BC");
64
X509CertSelector targetConstraints = new X509CertSelector();
65
targetConstraints.setSubject(PrincipalUtil.getSubjectX509Principal(finalCert).getEncoded());
66
PKIXBuilderParameters params = new PKIXBuilderParameters(trust, targetConstraints);
67
params.addCertStore(store);
68
params.setDate(validDate.getTime());
69
PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) cpb.build(params);
70
CertPath path = result.getCertPath();
72
if (path.getCertificates().size() != 2)
74
return new SimpleTestResult(false, this.getName() + ": wrong number of certs in baseTest path");
79
return new SimpleTestResult(false, this.getName() + ": exception - " + e.toString(), e);
82
return new SimpleTestResult(true, this.getName() + ": Okay");
85
public TestResult v0Test()
89
// create certificates and CRLs
90
KeyPair rootPair = TestUtils.generateRSAKeyPair();
91
KeyPair interPair = TestUtils.generateRSAKeyPair();
92
KeyPair endPair = TestUtils.generateRSAKeyPair();
94
X509Certificate rootCert = TestUtils.generateRootCert(rootPair);
95
X509Certificate interCert = TestUtils.generateIntermediateCert(interPair.getPublic(), rootPair.getPrivate(), rootCert);
96
X509Certificate endCert = TestUtils.generateEndEntityCert(endPair.getPublic(), interPair.getPrivate(), interCert);
98
BigInteger revokedSerialNumber = BigInteger.valueOf(2);
99
X509CRL rootCRL = TestUtils.createCRL(rootCert, rootPair.getPrivate(), revokedSerialNumber);
100
X509CRL interCRL = TestUtils.createCRL(interCert, interPair.getPrivate(), revokedSerialNumber);
102
// create CertStore to support path building
103
List list = new ArrayList();
111
CollectionCertStoreParameters params = new CollectionCertStoreParameters(list);
112
CertStore store = CertStore.getInstance("Collection", params);
115
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");
116
X509CertSelector pathConstraints = new X509CertSelector();
118
pathConstraints.setSubject(PrincipalUtil.getSubjectX509Principal(endCert).getEncoded());
120
PKIXBuilderParameters buildParams = new PKIXBuilderParameters(Collections.singleton(new TrustAnchor(rootCert, null)), pathConstraints);
122
buildParams.addCertStore(store);
123
buildParams.setDate(new Date());
125
PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult)builder.build(buildParams);
126
CertPath path = result.getCertPath();
128
if (path.getCertificates().size() != 2)
130
return new SimpleTestResult(false, this.getName() + ": wrong number of certs in v0Test path");
135
return new SimpleTestResult(false, this.getName() + ": exception - " + e.toString(), e);
138
return new SimpleTestResult(true, this.getName() + ": Okay");
142
* @see org.bouncycastle.util.test.Test#perform()
144
public TestResult perform()
146
TestResult res = baseTest();
147
if (!res.isSuccessful())
155
public String getName()
157
return "CertPathBuilder";
160
public static void main(
163
Security.addProvider(new BouncyCastleProvider());
165
Test test = new CertPathBuilderTest();
166
TestResult result = test.perform();
168
System.out.println(result.toString());