1
package org.bouncycastle.asn1.test;
3
import org.bouncycastle.asn1.ASN1EncodableVector;
4
import org.bouncycastle.asn1.ASN1InputStream;
5
import org.bouncycastle.asn1.ASN1OutputStream;
6
import org.bouncycastle.asn1.DERInteger;
7
import org.bouncycastle.asn1.DERNull;
8
import org.bouncycastle.asn1.DERObject;
9
import org.bouncycastle.asn1.DEROctetString;
10
import org.bouncycastle.asn1.DERSequence;
11
import org.bouncycastle.asn1.oiw.ElGamalParameter;
12
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
13
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
14
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
15
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
16
import org.bouncycastle.asn1.x509.GeneralName;
17
import org.bouncycastle.asn1.x509.GeneralNames;
18
import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
19
import org.bouncycastle.asn1.x509.KeyUsage;
20
import org.bouncycastle.asn1.x509.RSAPublicKeyStructure;
21
import org.bouncycastle.asn1.x509.ReasonFlags;
22
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
23
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
24
import org.bouncycastle.asn1.x509.TBSCertList;
25
import org.bouncycastle.asn1.x509.TBSCertificateStructure;
26
import org.bouncycastle.asn1.x509.Time;
27
import org.bouncycastle.asn1.x509.V1TBSCertificateGenerator;
28
import org.bouncycastle.asn1.x509.V2TBSCertListGenerator;
29
import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
30
import org.bouncycastle.asn1.x509.X509Extension;
31
import org.bouncycastle.asn1.x509.X509Extensions;
32
import org.bouncycastle.asn1.x509.X509Name;
33
import org.bouncycastle.util.Arrays;
34
import org.bouncycastle.util.encoders.Base64;
35
import org.bouncycastle.util.test.SimpleTest;
37
import java.io.ByteArrayInputStream;
38
import java.io.ByteArrayOutputStream;
39
import java.io.IOException;
40
import java.math.BigInteger;
41
import java.util.Date;
42
import java.util.Hashtable;
43
import java.util.Vector;
45
public class GenerationTest
48
private byte[] v1Cert = Base64.decode(
49
"MIGtAgEBMA0GCSqGSIb3DQEBBAUAMCUxCzAJBgNVBAMMAkFVMRYwFAYDVQQKDA1Cb"
50
+ "3VuY3kgQ2FzdGxlMB4XDTcwMDEwMTAwMDAwMVoXDTcwMDEwMTAwMDAxMlowNjELMA"
51
+ "kGA1UEAwwCQVUxFjAUBgNVBAoMDUJvdW5jeSBDYXN0bGUxDzANBgNVBAsMBlRlc3Q"
52
+ "gMTAaMA0GCSqGSIb3DQEBAQUAAwkAMAYCAQECAQI=");
54
private byte[] v3Cert = Base64.decode(
55
"MIIBSKADAgECAgECMA0GCSqGSIb3DQEBBAUAMCUxCzAJBgNVBAMMAkFVMRYwFAYD"
56
+ "VQQKDA1Cb3VuY3kgQ2FzdGxlMB4XDTcwMDEwMTAwMDAwMVoXDTcwMDEwMTAwMDAw"
57
+ "MlowNjELMAkGA1UEAwwCQVUxFjAUBgNVBAoMDUJvdW5jeSBDYXN0bGUxDzANBgNV"
58
+ "BAsMBlRlc3QgMjAYMBAGBisOBwIBATAGAgEBAgECAwQAAgEDo4GVMIGSMGEGA1Ud"
59
+ "IwEB/wRXMFWAFDZPdpHPzKi7o8EJokkQU2uqCHRRoTqkODA2MQswCQYDVQQDDAJB"
60
+ "VTEWMBQGA1UECgwNQm91bmN5IENhc3RsZTEPMA0GA1UECwwGVGVzdCAyggECMCAG"
61
+ "A1UdDgEB/wQWBBQ2T3aRz8you6PBCaJJEFNrqgh0UTALBgNVHQ8EBAMCBBA=");
63
private byte[] v3CertNullSubject = Base64.decode(
64
"MIHGoAMCAQICAQIwDQYJKoZIhvcNAQEEBQAwJTELMAkGA1UEAwwCQVUxFjAUBgNVB"
65
+ "AoMDUJvdW5jeSBDYXN0bGUwHhcNNzAwMTAxMDAwMDAxWhcNNzAwMTAxMDAwMDAyWj"
66
+ "AAMBgwEAYGKw4HAgEBMAYCAQECAQIDBAACAQOjSjBIMEYGA1UdEQEB/wQ8MDqkODA"
67
+ "2MQswCQYDVQQDDAJBVTEWMBQGA1UECgwNQm91bmN5IENhc3RsZTEPMA0GA1UECwwG"
70
private byte[] v2CertList = Base64.decode(
71
"MIIBRQIBATANBgkqhkiG9w0BAQUFADAlMQswCQYDVQQDDAJBVTEWMBQGA1UECgwN"
72
+ "Qm91bmN5IENhc3RsZRcNNzAwMTAxMDAwMDAwWhcNNzAwMTAxMDAwMDAyWjAkMCIC"
73
+ "AQEXDTcwMDEwMTAwMDAwMVowDjAMBgNVHRUEBQoDAIAAoIHFMIHCMGEGA1UdIwEB"
74
+ "/wRXMFWAFDZPdpHPzKi7o8EJokkQU2uqCHRRoTqkODA2MQswCQYDVQQDDAJBVTEW"
75
+ "MBQGA1UECgwNQm91bmN5IENhc3RsZTEPMA0GA1UECwwGVGVzdCAyggECMEMGA1Ud"
76
+ "EgQ8MDqkODA2MQswCQYDVQQDDAJBVTEWMBQGA1UECgwNQm91bmN5IENhc3RsZTEP"
77
+ "MA0GA1UECwwGVGVzdCAzMAoGA1UdFAQDAgEBMAwGA1UdHAEB/wQCMAA=");
79
private void tbsV1CertGen()
82
V1TBSCertificateGenerator gen = new V1TBSCertificateGenerator();
83
Date startDate = new Date(1000);
84
Date endDate = new Date(12000);
86
gen.setSerialNumber(new DERInteger(1));
88
gen.setStartDate(new Time(startDate));
89
gen.setEndDate(new Time(endDate));
91
gen.setIssuer(new X509Name("CN=AU,O=Bouncy Castle"));
92
gen.setSubject(new X509Name("CN=AU,O=Bouncy Castle,OU=Test 1"));
94
gen.setSignature(new AlgorithmIdentifier(PKCSObjectIdentifiers.md5WithRSAEncryption, new DERNull()));
96
SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()),
97
new RSAPublicKeyStructure(BigInteger.valueOf(1), BigInteger.valueOf(2)));
99
gen.setSubjectPublicKeyInfo(info);
101
TBSCertificateStructure tbs = gen.generateTBSCertificate();
102
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
103
ASN1OutputStream aOut = new ASN1OutputStream(bOut);
105
aOut.writeObject(tbs);
107
if (!Arrays.areEqual(bOut.toByteArray(), v1Cert))
109
fail("failed v1 cert generation");
115
ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(v1Cert));
116
DERObject o = aIn.readObject();
118
bOut = new ByteArrayOutputStream();
119
aOut = new ASN1OutputStream(bOut);
123
if (!Arrays.areEqual(bOut.toByteArray(), v1Cert))
125
fail("failed v1 cert read back test");
129
private AuthorityKeyIdentifier createAuthorityKeyId(
130
SubjectPublicKeyInfo info,
134
GeneralName genName = new GeneralName(name);
135
ASN1EncodableVector v = new ASN1EncodableVector();
139
return new AuthorityKeyIdentifier(
140
info, new GeneralNames(new DERSequence(v)), BigInteger.valueOf(sNumber));
143
private void tbsV3CertGen()
146
V3TBSCertificateGenerator gen = new V3TBSCertificateGenerator();
147
Date startDate = new Date(1000);
148
Date endDate = new Date(2000);
150
gen.setSerialNumber(new DERInteger(2));
152
gen.setStartDate(new Time(startDate));
153
gen.setEndDate(new Time(endDate));
155
gen.setIssuer(new X509Name("CN=AU,O=Bouncy Castle"));
156
gen.setSubject(new X509Name("CN=AU,O=Bouncy Castle,OU=Test 2"));
158
gen.setSignature(new AlgorithmIdentifier(PKCSObjectIdentifiers.md5WithRSAEncryption, new DERNull()));
160
SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(BigInteger.valueOf(1), BigInteger.valueOf(2))), new DERInteger(3));
162
gen.setSubjectPublicKeyInfo(info);
167
Vector order = new Vector();
168
Hashtable extensions = new Hashtable();
170
order.addElement(X509Extensions.AuthorityKeyIdentifier);
171
order.addElement(X509Extensions.SubjectKeyIdentifier);
172
order.addElement(X509Extensions.KeyUsage);
174
extensions.put(X509Extensions.AuthorityKeyIdentifier, new X509Extension(true, new DEROctetString(createAuthorityKeyId(info, new X509Name("CN=AU,O=Bouncy Castle,OU=Test 2"), 2))));
175
extensions.put(X509Extensions.SubjectKeyIdentifier, new X509Extension(true, new DEROctetString(new SubjectKeyIdentifier(info))));
176
extensions.put(X509Extensions.KeyUsage, new X509Extension(false, new DEROctetString(new KeyUsage(KeyUsage.dataEncipherment))));
178
X509Extensions ex = new X509Extensions(order, extensions);
180
gen.setExtensions(ex);
182
TBSCertificateStructure tbs = gen.generateTBSCertificate();
183
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
184
ASN1OutputStream aOut = new ASN1OutputStream(bOut);
186
aOut.writeObject(tbs);
188
if (!Arrays.areEqual(bOut.toByteArray(), v3Cert))
190
fail("failed v3 cert generation");
196
ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(v3Cert));
197
DERObject o = aIn.readObject();
199
bOut = new ByteArrayOutputStream();
200
aOut = new ASN1OutputStream(bOut);
204
if (!Arrays.areEqual(bOut.toByteArray(), v3Cert))
206
fail("failed v3 cert read back test");
210
private void tbsV3CertGenWithNullSubject()
213
V3TBSCertificateGenerator gen = new V3TBSCertificateGenerator();
214
Date startDate = new Date(1000);
215
Date endDate = new Date(2000);
217
gen.setSerialNumber(new DERInteger(2));
219
gen.setStartDate(new Time(startDate));
220
gen.setEndDate(new Time(endDate));
222
gen.setIssuer(new X509Name("CN=AU,O=Bouncy Castle"));
224
gen.setSignature(new AlgorithmIdentifier(PKCSObjectIdentifiers.md5WithRSAEncryption, new DERNull()));
226
SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(BigInteger.valueOf(1), BigInteger.valueOf(2))), new DERInteger(3));
228
gen.setSubjectPublicKeyInfo(info);
232
gen.generateTBSCertificate();
233
fail("null subject not caught!");
235
catch (IllegalStateException e)
237
if (!e.getMessage().equals("not all mandatory fields set in V3 TBScertificate generator"))
239
fail("unexpected exception", e);
246
Vector order = new Vector();
247
Hashtable extensions = new Hashtable();
249
order.addElement(X509Extensions.SubjectAlternativeName);
251
extensions.put(X509Extensions.SubjectAlternativeName, new X509Extension(true, new DEROctetString(new GeneralNames(new GeneralName(new X509Name("CN=AU,O=Bouncy Castle,OU=Test 2"))))));
253
X509Extensions ex = new X509Extensions(order, extensions);
255
gen.setExtensions(ex);
257
TBSCertificateStructure tbs = gen.generateTBSCertificate();
258
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
259
ASN1OutputStream aOut = new ASN1OutputStream(bOut);
261
aOut.writeObject(tbs);
263
if (!Arrays.areEqual(bOut.toByteArray(), v3CertNullSubject))
265
fail("failed v3 null sub cert generation");
271
ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(v3CertNullSubject));
272
DERObject o = aIn.readObject();
274
bOut = new ByteArrayOutputStream();
275
aOut = new ASN1OutputStream(bOut);
279
if (!Arrays.areEqual(bOut.toByteArray(), v3CertNullSubject))
281
fail("failed v3 null sub cert read back test");
285
private void tbsV2CertListGen()
288
V2TBSCertListGenerator gen = new V2TBSCertListGenerator();
290
gen.setIssuer(new X509Name("CN=AU,O=Bouncy Castle"));
292
gen.addCRLEntry(new DERInteger(1), new Time(new Date(1000)), ReasonFlags.aACompromise);
294
gen.setNextUpdate(new Time(new Date(2000)));
296
gen.setThisUpdate(new Time(new Date(500)));
298
gen.setSignature(new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption, new DERNull()));
303
Vector order = new Vector();
304
Hashtable extensions = new Hashtable();
305
SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(BigInteger.valueOf(1), BigInteger.valueOf(2))), new DERInteger(3));
307
order.addElement(X509Extensions.AuthorityKeyIdentifier);
308
order.addElement(X509Extensions.IssuerAlternativeName);
309
order.addElement(X509Extensions.CRLNumber);
310
order.addElement(X509Extensions.IssuingDistributionPoint);
312
extensions.put(X509Extensions.AuthorityKeyIdentifier, new X509Extension(true, new DEROctetString(createAuthorityKeyId(info, new X509Name("CN=AU,O=Bouncy Castle,OU=Test 2"), 2))));
313
extensions.put(X509Extensions.IssuerAlternativeName, new X509Extension(false, new DEROctetString(new GeneralNames(new DERSequence(new GeneralName(new X509Name("CN=AU,O=Bouncy Castle,OU=Test 3")))))));
314
extensions.put(X509Extensions.CRLNumber, new X509Extension(false, new DEROctetString(new DERInteger(1))));
315
extensions.put(X509Extensions.IssuingDistributionPoint, new X509Extension(true, new DEROctetString(new IssuingDistributionPoint(new DERSequence()))));
317
X509Extensions ex = new X509Extensions(order, extensions);
319
gen.setExtensions(ex);
321
TBSCertList tbs = gen.generateTBSCertList();
322
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
323
ASN1OutputStream aOut = new ASN1OutputStream(bOut);
325
aOut.writeObject(tbs);
327
if (!Arrays.areEqual(bOut.toByteArray(), v2CertList))
329
fail("failed v2 cert list generation");
335
ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(v2CertList));
336
DERObject o = aIn.readObject();
338
bOut = new ByteArrayOutputStream();
339
aOut = new ASN1OutputStream(bOut);
343
if (!Arrays.areEqual(bOut.toByteArray(), v2CertList))
345
fail("failed v2 cert list read back test");
349
public void performTest()
354
tbsV3CertGenWithNullSubject();
358
public String getName()
363
public static void main(
366
runTest(new GenerationTest());