1
package org.bouncycastle.cert.test;
3
import java.io.ByteArrayInputStream;
4
import java.math.BigInteger;
5
import java.security.KeyFactory;
6
import java.security.PrivateKey;
7
import java.security.Security;
8
import java.security.cert.CertificateFactory;
9
import java.security.cert.X509Certificate;
10
import java.security.spec.RSAPrivateCrtKeySpec;
11
import java.util.Date;
13
import org.bouncycastle.asn1.ASN1EncodableVector;
14
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
15
import org.bouncycastle.asn1.DERSequence;
16
import org.bouncycastle.asn1.x500.X500Name;
17
import org.bouncycastle.asn1.x509.GeneralName;
18
import org.bouncycastle.asn1.x509.Target;
19
import org.bouncycastle.asn1.x509.TargetInformation;
20
import org.bouncycastle.asn1.x509.X509Extension;
21
import org.bouncycastle.cert.AttributeCertificateHolder;
22
import org.bouncycastle.cert.AttributeCertificateIssuer;
23
import org.bouncycastle.cert.X509AttributeCertificateHolder;
24
import org.bouncycastle.cert.X509CertificateHolder;
25
import org.bouncycastle.cert.X509v2AttributeCertificateBuilder;
26
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
27
import org.bouncycastle.cert.selector.X509AttributeCertificateSelectorBuilder;
28
import org.bouncycastle.jce.provider.BouncyCastleProvider;
29
import org.bouncycastle.operator.ContentSigner;
30
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
31
import org.bouncycastle.util.encoders.Base64;
32
import org.bouncycastle.util.test.SimpleTest;
33
import org.bouncycastle.util.test.Test;
34
import org.bouncycastle.util.test.TestResult;
36
public class AttrCertSelectorTest
39
private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
41
static final RSAPrivateCrtKeySpec RSA_PRIVATE_KEY_SPEC = new RSAPrivateCrtKeySpec(
43
"b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
45
new BigInteger("11", 16),
47
"9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89",
49
"c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb",
51
"f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5",
53
"b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391",
55
"d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd",
57
"b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19",
60
static final byte[] holderCert = Base64
61
.decode("MIIGjTCCBXWgAwIBAgICAPswDQYJKoZIhvcNAQEEBQAwaTEdMBsGCSqGSIb3DQEJ"
62
+ "ARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZpcmdpbmlhIFRlY2ggQ2VydGlm"
63
+ "aWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0MQswCQYDVQQGEwJVUzAeFw0w"
64
+ "MzAxMzExMzUyMTRaFw0wNDAxMzExMzUyMTRaMIGDMRswGQYJKoZIhvcNAQkBFgxz"
65
+ "c2hhaEB2dC5lZHUxGzAZBgNVBAMTElN1bWl0IFNoYWggKHNzaGFoKTEbMBkGA1UE"
66
+ "CxMSVmlyZ2luaWEgVGVjaCBVc2VyMRAwDgYDVQQLEwdDbGFzcyAxMQswCQYDVQQK"
67
+ "EwJ2dDELMAkGA1UEBhMCVVMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPDc"
68
+ "scgSKmsEp0VegFkuitD5j5PUkDuzLjlfaYONt2SN8WeqU4j2qtlCnsipa128cyKS"
69
+ "JzYe9duUdNxquh5BPIkMkHBw4jHoQA33tk0J/sydWdN74/AHPpPieK5GHwhU7GTG"
70
+ "rCCS1PJRxjXqse79ExAlul+gjQwHeldAC+d4A6oZAgMBAAGjggOmMIIDojAMBgNV"
71
+ "HRMBAf8EAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAOBgNVHQ8BAf8EBAMCA/gwHQYD"
72
+ "VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBRUIoWAzlXbzBYE"
73
+ "yVTjQFWyMMKo1jCBkwYDVR0jBIGLMIGIgBTgc3Fm+TGqKDhen+oKfbl+xVbj2KFt"
74
+ "pGswaTEdMBsGCSqGSIb3DQEJARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZp"
75
+ "cmdpbmlhIFRlY2ggQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0"
76
+ "MQswCQYDVQQGEwJVU4IBADCBiwYJYIZIAYb4QgENBH4WfFZpcmdpbmlhIFRlY2gg"
77
+ "Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgZGlnaXRhbCBjZXJ0aWZpY2F0ZXMgYXJl"
78
+ "IHN1YmplY3QgdG8gcG9saWNpZXMgbG9jYXRlZCBhdCBodHRwOi8vd3d3LnBraS52"
79
+ "dC5lZHUvY2EvY3BzLy4wFwYDVR0RBBAwDoEMc3NoYWhAdnQuZWR1MBkGA1UdEgQS"
80
+ "MBCBDmlybWhlbHBAdnQuZWR1MEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcwAoYn"
81
+ "aHR0cDovL2JveDE3Ny5jYy52dC5lZHUvY2EvaXNzdWVycy5odG1sMEQGA1UdHwQ9"
82
+ "MDswOaA3oDWGM2h0dHA6Ly9ib3gxNzcuY2MudnQuZWR1L2h0ZG9jcy1wdWJsaWMv"
83
+ "Y3JsL2NhY3JsLmNybDBUBgNVHSAETTBLMA0GCysGAQQBtGgFAQEBMDoGCysGAQQB"
84
+ "tGgFAQEBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cucGtpLnZ0LmVkdS9jYS9j"
85
+ "cHMvMD8GCWCGSAGG+EIBBAQyFjBodHRwOi8vYm94MTc3LmNjLnZ0LmVkdS9jZ2kt"
86
+ "cHVibGljL2NoZWNrX3Jldl9jYT8wPAYJYIZIAYb4QgEDBC8WLWh0dHA6Ly9ib3gx"
87
+ "NzcuY2MudnQuZWR1L2NnaS1wdWJsaWMvY2hlY2tfcmV2PzBLBglghkgBhvhCAQcE"
88
+ "PhY8aHR0cHM6Ly9ib3gxNzcuY2MudnQuZWR1L35PcGVuQ0E4LjAxMDYzMC9jZ2kt"
89
+ "cHVibGljL3JlbmV3YWw/MCwGCWCGSAGG+EIBCAQfFh1odHRwOi8vd3d3LnBraS52"
90
+ "dC5lZHUvY2EvY3BzLzANBgkqhkiG9w0BAQQFAAOCAQEAHJ2ls9yjpZVcu5DqiE67"
91
+ "r7BfkdMnm7IOj2v8cd4EAlPp6OPBmjwDMwvKRBb/P733kLBqFNWXWKTpT008R0KB"
92
+ "8kehbx4h0UPz9vp31zhGv169+5iReQUUQSIwTGNWGLzrT8kPdvxiSAvdAJxcbRBm"
93
+ "KzDic5I8PoGe48kSCkPpT1oNmnivmcu5j1SMvlx0IS2BkFMksr0OHiAW1elSnE/N"
94
+ "RuX2k73b3FucwVxB3NRo3vgoHPCTnh9r4qItAHdxFlF+pPtbw2oHESKRfMRfOIHz"
95
+ "CLQWSIa6Tvg4NIV3RRJ0sbCObesyg08lymalQMdkXwtRn5eGE00SHWwEUjSXP2gR"
98
public String getName()
100
return "AttrCertSelector";
103
private X509AttributeCertificateHolder createAttrCert() throws Exception
105
CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC");
106
X509Certificate iCert = (X509Certificate) fact
107
.generateCertificate(new ByteArrayInputStream(holderCert));
108
X509CertificateHolder iCertHolder = new JcaX509CertificateHolder(iCert);
110
// a sample key pair.
112
// RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
114
// "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
115
// 16), new BigInteger("11", 16));
122
KeyFactory kFact = KeyFactory.getInstance("RSA", "BC");
124
privKey = kFact.generatePrivate(RSA_PRIVATE_KEY_SPEC);
126
X509v2AttributeCertificateBuilder gen = new X509v2AttributeCertificateBuilder(
127
new AttributeCertificateHolder(iCertHolder.getSubject()),
128
new AttributeCertificateIssuer(new X500Name("cn=test")),
130
new Date(System.currentTimeMillis() - 50000),
131
new Date(System.currentTimeMillis() + 50000));
133
// the actual attributes
134
GeneralName roleName = new GeneralName(GeneralName.rfc822Name,
135
"DAU123456789@test.com");
136
ASN1EncodableVector roleSyntax = new ASN1EncodableVector();
137
roleSyntax.add(roleName);
139
// roleSyntax OID: 2.5.24.72
140
gen.addAttribute(new ASN1ObjectIdentifier("2.5.24.72"), new DERSequence(roleSyntax));
143
ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider(BC).build(privKey);
145
Target targetName = new Target(Target.targetName, new GeneralName(GeneralName.dNSName,
148
Target targetGroup = new Target(Target.targetGroup, new GeneralName(
149
GeneralName.directoryName, "o=Test, ou=Test"));
150
Target[] targets = new Target[2];
151
targets[0] = targetName;
152
targets[1] = targetGroup;
153
TargetInformation targetInformation = new TargetInformation(targets);
155
gen.addExtension(X509Extension.targetInformation, true, targetInformation);
157
return gen.build(sigGen);
160
public void testSelector() throws Exception
162
X509AttributeCertificateHolder aCert = createAttrCert();
163
X509AttributeCertificateSelectorBuilder sel = new X509AttributeCertificateSelectorBuilder();
164
sel.setAttributeCert(aCert);
165
boolean match = sel.build().match(aCert);
168
fail("Selector does not match attribute certificate.");
170
sel.setAttributeCert(null);
171
match = sel.build().match(aCert);
174
fail("Selector does not match attribute certificate.");
176
sel.setHolder(aCert.getHolder());
177
match = sel.build().match(aCert);
180
fail("Selector does not match attribute certificate holder.");
183
sel.setIssuer(aCert.getIssuer());
184
match = sel.build().match(aCert);
187
fail("Selector does not match attribute certificate issuer.");
191
CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC");
192
X509CertificateHolder iCert = new JcaX509CertificateHolder((X509Certificate) fact
193
.generateCertificate(new ByteArrayInputStream(holderCert)));
194
match = aCert.getHolder().match(iCert);
197
fail("Issuer holder does not match signing certificate of attribute certificate.");
200
sel.setSerialNumber(aCert.getSerialNumber());
201
match = sel.build().match(aCert);
204
fail("Selector does not match attribute certificate serial number.");
207
sel.setAttributeCertificateValid(new Date());
208
match = sel.build().match(aCert);
211
fail("Selector does not match attribute certificate time.");
214
sel.addTargetName(new GeneralName(2, "www.test.com"));
215
match = sel.build().match(aCert);
218
fail("Selector does not match attribute certificate target name.");
220
sel.setTargetNames(null);
221
sel.addTargetGroup(new GeneralName(4, "o=Test, ou=Test"));
222
match = sel.build().match(aCert);
225
fail("Selector does not match attribute certificate target group.");
227
sel.setTargetGroups(null);
230
public void performTest() throws Exception
232
Security.addProvider(new BouncyCastleProvider());
236
public static void main(String[] args)
238
Test test = new AttrCertSelectorTest();
239
TestResult result = test.perform();
240
System.out.println(result);