← Back to branch summary

~brian-thomason/+junk/bouncycastle

« back to all changes in this revision

Viewing changes to test/src/org/bouncycastle/cert/test/AttrCertSelectorTest.java

  • Committer: Brian Thomason
  • Date: 2011-12-20 17:20:32 UTC
  • Revision ID: brian.thomason@canonical.com-20111220172032-rdtm13jgdxtksacr
Initial import

Show diffs side-by-side

added added

removed removed

Lines of Context:
test/src/org/bouncycastle/cert/test/AttrCertSelectorTest.java
 
1
package org.bouncycastle.cert.test;
 
2
 
 
3
import java.io.ByteArrayInputStream;
 
4
import java.math.BigInteger;
 
5
import java.security.KeyFactory;
 
6
import java.security.PrivateKey;
 
7
import java.security.Security;
 
8
import java.security.cert.CertificateFactory;
 
9
import java.security.cert.X509Certificate;
 
10
import java.security.spec.RSAPrivateCrtKeySpec;
 
11
import java.util.Date;
 
12
 
 
13
import org.bouncycastle.asn1.ASN1EncodableVector;
 
14
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 
15
import org.bouncycastle.asn1.DERSequence;
 
16
import org.bouncycastle.asn1.x500.X500Name;
 
17
import org.bouncycastle.asn1.x509.GeneralName;
 
18
import org.bouncycastle.asn1.x509.Target;
 
19
import org.bouncycastle.asn1.x509.TargetInformation;
 
20
import org.bouncycastle.asn1.x509.X509Extension;
 
21
import org.bouncycastle.cert.AttributeCertificateHolder;
 
22
import org.bouncycastle.cert.AttributeCertificateIssuer;
 
23
import org.bouncycastle.cert.X509AttributeCertificateHolder;
 
24
import org.bouncycastle.cert.X509CertificateHolder;
 
25
import org.bouncycastle.cert.X509v2AttributeCertificateBuilder;
 
26
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
 
27
import org.bouncycastle.cert.selector.X509AttributeCertificateSelectorBuilder;
 
28
import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
29
import org.bouncycastle.operator.ContentSigner;
 
30
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 
31
import org.bouncycastle.util.encoders.Base64;
 
32
import org.bouncycastle.util.test.SimpleTest;
 
33
import org.bouncycastle.util.test.Test;
 
34
import org.bouncycastle.util.test.TestResult;
 
35
 
 
36
public class AttrCertSelectorTest
 
37
    extends SimpleTest
 
38
{
 
39
    private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
 
40
 
 
41
    static final RSAPrivateCrtKeySpec RSA_PRIVATE_KEY_SPEC = new RSAPrivateCrtKeySpec(
 
42
        new BigInteger(
 
43
            "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
 
44
            16),
 
45
        new BigInteger("11", 16),
 
46
        new BigInteger(
 
47
            "9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89",
 
48
            16), new BigInteger(
 
49
            "c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb",
 
50
            16), new BigInteger(
 
51
            "f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5",
 
52
            16), new BigInteger(
 
53
            "b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391",
 
54
            16), new BigInteger(
 
55
            "d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd",
 
56
            16), new BigInteger(
 
57
            "b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19",
 
58
            16));
 
59
 
 
60
    static final byte[] holderCert = Base64
 
61
        .decode("MIIGjTCCBXWgAwIBAgICAPswDQYJKoZIhvcNAQEEBQAwaTEdMBsGCSqGSIb3DQEJ"
 
62
            + "ARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZpcmdpbmlhIFRlY2ggQ2VydGlm"
 
63
            + "aWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0MQswCQYDVQQGEwJVUzAeFw0w"
 
64
            + "MzAxMzExMzUyMTRaFw0wNDAxMzExMzUyMTRaMIGDMRswGQYJKoZIhvcNAQkBFgxz"
 
65
            + "c2hhaEB2dC5lZHUxGzAZBgNVBAMTElN1bWl0IFNoYWggKHNzaGFoKTEbMBkGA1UE"
 
66
            + "CxMSVmlyZ2luaWEgVGVjaCBVc2VyMRAwDgYDVQQLEwdDbGFzcyAxMQswCQYDVQQK"
 
67
            + "EwJ2dDELMAkGA1UEBhMCVVMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPDc"
 
68
            + "scgSKmsEp0VegFkuitD5j5PUkDuzLjlfaYONt2SN8WeqU4j2qtlCnsipa128cyKS"
 
69
            + "JzYe9duUdNxquh5BPIkMkHBw4jHoQA33tk0J/sydWdN74/AHPpPieK5GHwhU7GTG"
 
70
            + "rCCS1PJRxjXqse79ExAlul+gjQwHeldAC+d4A6oZAgMBAAGjggOmMIIDojAMBgNV"
 
71
            + "HRMBAf8EAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAOBgNVHQ8BAf8EBAMCA/gwHQYD"
 
72
            + "VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBRUIoWAzlXbzBYE"
 
73
            + "yVTjQFWyMMKo1jCBkwYDVR0jBIGLMIGIgBTgc3Fm+TGqKDhen+oKfbl+xVbj2KFt"
 
74
            + "pGswaTEdMBsGCSqGSIb3DQEJARYOaXJtaGVscEB2dC5lZHUxLjAsBgNVBAMTJVZp"
 
75
            + "cmdpbmlhIFRlY2ggQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxCzAJBgNVBAoTAnZ0"
 
76
            + "MQswCQYDVQQGEwJVU4IBADCBiwYJYIZIAYb4QgENBH4WfFZpcmdpbmlhIFRlY2gg"
 
77
            + "Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgZGlnaXRhbCBjZXJ0aWZpY2F0ZXMgYXJl"
 
78
            + "IHN1YmplY3QgdG8gcG9saWNpZXMgbG9jYXRlZCBhdCBodHRwOi8vd3d3LnBraS52"
 
79
            + "dC5lZHUvY2EvY3BzLy4wFwYDVR0RBBAwDoEMc3NoYWhAdnQuZWR1MBkGA1UdEgQS"
 
80
            + "MBCBDmlybWhlbHBAdnQuZWR1MEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcwAoYn"
 
81
            + "aHR0cDovL2JveDE3Ny5jYy52dC5lZHUvY2EvaXNzdWVycy5odG1sMEQGA1UdHwQ9"
 
82
            + "MDswOaA3oDWGM2h0dHA6Ly9ib3gxNzcuY2MudnQuZWR1L2h0ZG9jcy1wdWJsaWMv"
 
83
            + "Y3JsL2NhY3JsLmNybDBUBgNVHSAETTBLMA0GCysGAQQBtGgFAQEBMDoGCysGAQQB"
 
84
            + "tGgFAQEBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cucGtpLnZ0LmVkdS9jYS9j"
 
85
            + "cHMvMD8GCWCGSAGG+EIBBAQyFjBodHRwOi8vYm94MTc3LmNjLnZ0LmVkdS9jZ2kt"
 
86
            + "cHVibGljL2NoZWNrX3Jldl9jYT8wPAYJYIZIAYb4QgEDBC8WLWh0dHA6Ly9ib3gx"
 
87
            + "NzcuY2MudnQuZWR1L2NnaS1wdWJsaWMvY2hlY2tfcmV2PzBLBglghkgBhvhCAQcE"
 
88
            + "PhY8aHR0cHM6Ly9ib3gxNzcuY2MudnQuZWR1L35PcGVuQ0E4LjAxMDYzMC9jZ2kt"
 
89
            + "cHVibGljL3JlbmV3YWw/MCwGCWCGSAGG+EIBCAQfFh1odHRwOi8vd3d3LnBraS52"
 
90
            + "dC5lZHUvY2EvY3BzLzANBgkqhkiG9w0BAQQFAAOCAQEAHJ2ls9yjpZVcu5DqiE67"
 
91
            + "r7BfkdMnm7IOj2v8cd4EAlPp6OPBmjwDMwvKRBb/P733kLBqFNWXWKTpT008R0KB"
 
92
            + "8kehbx4h0UPz9vp31zhGv169+5iReQUUQSIwTGNWGLzrT8kPdvxiSAvdAJxcbRBm"
 
93
            + "KzDic5I8PoGe48kSCkPpT1oNmnivmcu5j1SMvlx0IS2BkFMksr0OHiAW1elSnE/N"
 
94
            + "RuX2k73b3FucwVxB3NRo3vgoHPCTnh9r4qItAHdxFlF+pPtbw2oHESKRfMRfOIHz"
 
95
            + "CLQWSIa6Tvg4NIV3RRJ0sbCObesyg08lymalQMdkXwtRn5eGE00SHWwEUjSXP2gR"
 
96
            + "3g==");
 
97
 
 
98
    public String getName()
 
99
    {
 
100
        return "AttrCertSelector";
 
101
    }
 
102
 
 
103
    private X509AttributeCertificateHolder createAttrCert() throws Exception
 
104
    {
 
105
        CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC");
 
106
        X509Certificate iCert = (X509Certificate) fact
 
107
            .generateCertificate(new ByteArrayInputStream(holderCert));
 
108
        X509CertificateHolder iCertHolder = new JcaX509CertificateHolder(iCert);
 
109
        //
 
110
        // a sample key pair.
 
111
        //
 
112
        // RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
 
113
        // new BigInteger(
 
114
        // "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
 
115
        // 16), new BigInteger("11", 16));
 
116
 
 
117
        //
 
118
        // set up the keys
 
119
        //
 
120
        PrivateKey privKey;
 
121
 
 
122
        KeyFactory kFact = KeyFactory.getInstance("RSA", "BC");
 
123
 
 
124
        privKey = kFact.generatePrivate(RSA_PRIVATE_KEY_SPEC);
 
125
 
 
126
        X509v2AttributeCertificateBuilder gen = new X509v2AttributeCertificateBuilder(
 
127
                new AttributeCertificateHolder(iCertHolder.getSubject()),
 
128
                new AttributeCertificateIssuer(new X500Name("cn=test")),
 
129
                BigInteger.ONE,
 
130
                new Date(System.currentTimeMillis() - 50000),
 
131
                new Date(System.currentTimeMillis() + 50000));
 
132
 
 
133
        // the actual attributes
 
134
        GeneralName roleName = new GeneralName(GeneralName.rfc822Name,
 
135
            "DAU123456789@test.com");
 
136
        ASN1EncodableVector roleSyntax = new ASN1EncodableVector();
 
137
        roleSyntax.add(roleName);
 
138
 
 
139
        // roleSyntax OID: 2.5.24.72
 
140
        gen.addAttribute(new ASN1ObjectIdentifier("2.5.24.72"), new DERSequence(roleSyntax));
 
141
 
 
142
 
 
143
        ContentSigner sigGen = new JcaContentSignerBuilder("SHA1WithRSAEncryption").setProvider(BC).build(privKey);
 
144
 
 
145
        Target targetName = new Target(Target.targetName, new GeneralName(GeneralName.dNSName,
 
146
            "www.test.com"));
 
147
 
 
148
        Target targetGroup = new Target(Target.targetGroup, new GeneralName(
 
149
            GeneralName.directoryName, "o=Test, ou=Test"));
 
150
        Target[] targets = new Target[2];
 
151
        targets[0] = targetName;
 
152
        targets[1] = targetGroup;
 
153
        TargetInformation targetInformation = new TargetInformation(targets);
 
154
 
 
155
        gen.addExtension(X509Extension.targetInformation, true, targetInformation);
 
156
 
 
157
        return gen.build(sigGen);
 
158
    }
 
159
 
 
160
    public void testSelector() throws Exception
 
161
    {
 
162
        X509AttributeCertificateHolder aCert = createAttrCert();
 
163
        X509AttributeCertificateSelectorBuilder sel = new X509AttributeCertificateSelectorBuilder();
 
164
        sel.setAttributeCert(aCert);
 
165
        boolean match = sel.build().match(aCert);
 
166
        if (!match)
 
167
        {
 
168
            fail("Selector does not match attribute certificate.");
 
169
        }
 
170
        sel.setAttributeCert(null);
 
171
        match = sel.build().match(aCert);
 
172
        if (!match)
 
173
        {
 
174
            fail("Selector does not match attribute certificate.");
 
175
        }
 
176
        sel.setHolder(aCert.getHolder());
 
177
        match = sel.build().match(aCert);
 
178
        if (!match)
 
179
        {
 
180
            fail("Selector does not match attribute certificate holder.");
 
181
        }
 
182
        sel.setHolder(null);
 
183
        sel.setIssuer(aCert.getIssuer());
 
184
        match = sel.build().match(aCert);
 
185
        if (!match)
 
186
        {
 
187
            fail("Selector does not match attribute certificate issuer.");
 
188
        }
 
189
        sel.setIssuer(null);
 
190
 
 
191
        CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC");
 
192
        X509CertificateHolder iCert = new JcaX509CertificateHolder((X509Certificate) fact
 
193
            .generateCertificate(new ByteArrayInputStream(holderCert)));
 
194
        match = aCert.getHolder().match(iCert);
 
195
        if (!match)
 
196
        {
 
197
            fail("Issuer holder does not match signing certificate of attribute certificate.");
 
198
        }
 
199
 
 
200
        sel.setSerialNumber(aCert.getSerialNumber());
 
201
        match = sel.build().match(aCert);
 
202
        if (!match)
 
203
        {
 
204
            fail("Selector does not match attribute certificate serial number.");
 
205
        }
 
206
 
 
207
        sel.setAttributeCertificateValid(new Date());
 
208
        match = sel.build().match(aCert);
 
209
        if (!match)
 
210
        {
 
211
            fail("Selector does not match attribute certificate time.");
 
212
        }
 
213
 
 
214
        sel.addTargetName(new GeneralName(2, "www.test.com"));
 
215
        match = sel.build().match(aCert);
 
216
        if (!match)
 
217
        {
 
218
            fail("Selector does not match attribute certificate target name.");
 
219
        }
 
220
        sel.setTargetNames(null);
 
221
        sel.addTargetGroup(new GeneralName(4, "o=Test, ou=Test"));
 
222
        match = sel.build().match(aCert);
 
223
        if (!match)
 
224
        {
 
225
            fail("Selector does not match attribute certificate target group.");
 
226
        }
 
227
        sel.setTargetGroups(null);
 
228
    }
 
229
 
 
230
    public void performTest() throws Exception
 
231
    {
 
232
        Security.addProvider(new BouncyCastleProvider());
 
233
        testSelector();
 
234
    }
 
235
 
 
236
    public static void main(String[] args)
 
237
    {
 
238
        Test test = new AttrCertSelectorTest();
 
239
        TestResult result = test.perform();
 
240
        System.out.println(result);
 
241
    }
 
242
}
 
243