1
package org.bouncycastle.tsp.test;
3
import java.math.BigInteger;
4
import java.security.KeyPair;
5
import java.security.PrivateKey;
6
import java.security.cert.CertStore;
7
import java.security.cert.CollectionCertStoreParameters;
8
import java.security.cert.X509Certificate;
9
import java.util.ArrayList;
10
import java.util.Collection;
11
import java.util.Date;
12
import java.util.HashSet;
13
import java.util.List;
15
import junit.framework.TestCase;
16
import org.bouncycastle.asn1.cmp.PKIFailureInfo;
17
import org.bouncycastle.asn1.cms.AttributeTable;
18
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
19
import org.bouncycastle.tsp.GenTimeAccuracy;
20
import org.bouncycastle.tsp.TSPAlgorithms;
21
import org.bouncycastle.tsp.TSPValidationException;
22
import org.bouncycastle.tsp.TimeStampRequest;
23
import org.bouncycastle.tsp.TimeStampRequestGenerator;
24
import org.bouncycastle.tsp.TimeStampResponse;
25
import org.bouncycastle.tsp.TimeStampResponseGenerator;
26
import org.bouncycastle.tsp.TimeStampToken;
27
import org.bouncycastle.tsp.TimeStampTokenGenerator;
28
import org.bouncycastle.tsp.TimeStampTokenInfo;
29
import org.bouncycastle.util.Arrays;
34
public void testGeneral()
37
String signDN = "O=Bouncy Castle, C=AU";
38
KeyPair signKP = TSPTestUtil.makeKeyPair();
39
X509Certificate signCert = TSPTestUtil.makeCACertificate(signKP,
40
signDN, signKP, signDN);
42
String origDN = "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU";
43
KeyPair origKP = TSPTestUtil.makeKeyPair();
44
X509Certificate origCert = TSPTestUtil.makeCertificate(origKP,
45
origDN, signKP, signDN);
49
List certList = new ArrayList();
50
certList.add(origCert);
51
certList.add(signCert);
53
CertStore certs = CertStore.getInstance("Collection",
54
new CollectionCertStoreParameters(certList), "BC");
56
basicTest(origKP.getPrivate(), origCert, certs);
57
responseValidationTest(origKP.getPrivate(), origCert, certs);
58
incorrectHashTest(origKP.getPrivate(), origCert, certs);
59
badAlgorithmTest(origKP.getPrivate(), origCert, certs);
60
timeNotAvailableTest(origKP.getPrivate(), origCert, certs);
61
badPolicyTest(origKP.getPrivate(), origCert, certs);
62
tokenEncodingTest(origKP.getPrivate(), origCert, certs);
63
certReqTest(origKP.getPrivate(), origCert, certs);
64
testAccuracyZeroCerts(origKP.getPrivate(), origCert, certs);
65
testAccuracyWithCertsAndOrdering(origKP.getPrivate(), origCert, certs);
66
testNoNonse(origKP.getPrivate(), origCert, certs);
69
private void basicTest(
70
PrivateKey privateKey,
75
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
76
privateKey, cert, TSPAlgorithms.SHA1, "1.2");
78
tsTokenGen.setCertificatesAndCRLs(certs);
80
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
81
TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100));
83
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
85
TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date(), "BC");
87
tsResp = new TimeStampResponse(tsResp.getEncoded());
89
TimeStampToken tsToken = tsResp.getTimeStampToken();
91
tsToken.validate(cert, "BC");
93
AttributeTable table = tsToken.getSignedAttributes();
95
assertNotNull("no signingCertificate attribute found", table.get(PKCSObjectIdentifiers.id_aa_signingCertificate));
98
private void responseValidationTest(
99
PrivateKey privateKey,
100
X509Certificate cert,
104
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
105
privateKey, cert, TSPAlgorithms.MD5, "1.2");
107
tsTokenGen.setCertificatesAndCRLs(certs);
109
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
110
TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100));
112
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
114
TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date(), "BC");
116
tsResp = new TimeStampResponse(tsResp.getEncoded());
118
TimeStampToken tsToken = tsResp.getTimeStampToken();
120
tsToken.validate(cert, "BC");
125
tsResp.validate(request);
129
request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(101));
131
tsResp.validate(request);
133
fail("response validation failed on invalid nonce.");
135
catch (TSPValidationException e)
142
request = reqGen.generate(TSPAlgorithms.SHA1, new byte[22], BigInteger.valueOf(100));
144
tsResp.validate(request);
146
fail("response validation failed on wrong digest.");
148
catch (TSPValidationException e)
155
request = reqGen.generate(TSPAlgorithms.MD5, new byte[20], BigInteger.valueOf(100));
157
tsResp.validate(request);
159
fail("response validation failed on wrong digest.");
161
catch (TSPValidationException e)
167
private void incorrectHashTest(
168
PrivateKey privateKey,
169
X509Certificate cert,
173
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
174
privateKey, cert, TSPAlgorithms.SHA1, "1.2");
176
tsTokenGen.setCertificatesAndCRLs(certs);
178
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
179
TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[16]);
181
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
183
TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date(), "BC");
185
tsResp = new TimeStampResponse(tsResp.getEncoded());
187
TimeStampToken tsToken = tsResp.getTimeStampToken();
191
fail("incorrectHash - token not null.");
194
PKIFailureInfo failInfo = tsResp.getFailInfo();
196
if (failInfo == null)
198
fail("incorrectHash - failInfo set to null.");
201
if (failInfo.intValue() != PKIFailureInfo.badDataFormat)
203
fail("incorrectHash - wrong failure info returned.");
207
private void badAlgorithmTest(
208
PrivateKey privateKey,
209
X509Certificate cert,
213
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
214
privateKey, cert, TSPAlgorithms.SHA1, "1.2");
216
tsTokenGen.setCertificatesAndCRLs(certs);
218
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
219
TimeStampRequest request = reqGen.generate("1.2.3.4.5", new byte[20]);
221
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
223
TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date(), "BC");
225
tsResp = new TimeStampResponse(tsResp.getEncoded());
227
TimeStampToken tsToken = tsResp.getTimeStampToken();
231
fail("badAlgorithm - token not null.");
234
PKIFailureInfo failInfo = tsResp.getFailInfo();
236
if (failInfo == null)
238
fail("badAlgorithm - failInfo set to null.");
241
if (failInfo.intValue() != PKIFailureInfo.badAlg)
243
fail("badAlgorithm - wrong failure info returned.");
247
private void timeNotAvailableTest(
248
PrivateKey privateKey,
249
X509Certificate cert,
253
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
254
privateKey, cert, TSPAlgorithms.SHA1, "1.2");
256
tsTokenGen.setCertificatesAndCRLs(certs);
258
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
259
TimeStampRequest request = reqGen.generate("1.2.3.4.5", new byte[20]);
261
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
263
TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), null, "BC");
265
tsResp = new TimeStampResponse(tsResp.getEncoded());
267
TimeStampToken tsToken = tsResp.getTimeStampToken();
271
fail("timeNotAvailable - token not null.");
274
PKIFailureInfo failInfo = tsResp.getFailInfo();
276
if (failInfo == null)
278
fail("timeNotAvailable - failInfo set to null.");
281
if (failInfo.intValue() != PKIFailureInfo.timeNotAvailable)
283
fail("timeNotAvailable - wrong failure info returned.");
287
private void badPolicyTest(
288
PrivateKey privateKey,
289
X509Certificate cert,
293
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
294
privateKey, cert, TSPAlgorithms.SHA1, "1.2");
296
tsTokenGen.setCertificatesAndCRLs(certs);
298
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
300
reqGen.setReqPolicy("1.1");
302
TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20]);
304
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED, new HashSet());
306
TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date(), "BC");
308
tsResp = new TimeStampResponse(tsResp.getEncoded());
310
TimeStampToken tsToken = tsResp.getTimeStampToken();
314
fail("badPolicy - token not null.");
317
PKIFailureInfo failInfo = tsResp.getFailInfo();
319
if (failInfo == null)
321
fail("badPolicy - failInfo set to null.");
324
if (failInfo.intValue() != PKIFailureInfo.unacceptedPolicy)
326
fail("badPolicy - wrong failure info returned.");
330
private void certReqTest(
331
PrivateKey privateKey,
332
X509Certificate cert,
336
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
337
privateKey, cert, TSPAlgorithms.MD5, "1.2");
339
tsTokenGen.setCertificatesAndCRLs(certs);
341
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
344
// request with certReq false
346
reqGen.setCertReq(false);
348
TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100));
350
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
352
TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date(), "BC");
354
tsResp = new TimeStampResponse(tsResp.getEncoded());
356
TimeStampToken tsToken = tsResp.getTimeStampToken();
358
assertNull(tsToken.getTimeStampInfo().getGenTimeAccuracy()); // check for abscence of accuracy
360
assertEquals("1.2", tsToken.getTimeStampInfo().getPolicy());
364
tsToken.validate(cert, "BC");
366
catch (TSPValidationException e)
368
fail("certReq(false) verification of token failed.");
371
CertStore respCerts = tsToken.getCertificatesAndCRLs("Collection", "BC");
373
Collection certsColl = respCerts.getCertificates(null);
375
if (!certsColl.isEmpty())
377
fail("certReq(false) found certificates in response.");
382
private void tokenEncodingTest(
383
PrivateKey privateKey,
384
X509Certificate cert,
388
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
389
privateKey, cert, TSPAlgorithms.SHA1, "1.2.3.4.5.6");
391
tsTokenGen.setCertificatesAndCRLs(certs);
393
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
394
TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100));
395
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
396
TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date(), "BC");
398
tsResp = new TimeStampResponse(tsResp.getEncoded());
400
TimeStampResponse tsResponse = new TimeStampResponse(tsResp.getEncoded());
402
if (!Arrays.areEqual(tsResponse.getEncoded(), tsResp.getEncoded())
403
|| !Arrays.areEqual(tsResponse.getTimeStampToken().getEncoded(),
404
tsResp.getTimeStampToken().getEncoded()))
410
private void testAccuracyZeroCerts(
411
PrivateKey privateKey,
412
X509Certificate cert,
416
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
417
privateKey, cert, TSPAlgorithms.MD5, "1.2");
419
tsTokenGen.setCertificatesAndCRLs(certs);
421
tsTokenGen.setAccuracySeconds(1);
422
tsTokenGen.setAccuracyMillis(2);
423
tsTokenGen.setAccuracyMicros(3);
425
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
426
TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100));
428
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
430
TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date(), "BC");
432
tsResp = new TimeStampResponse(tsResp.getEncoded());
434
TimeStampToken tsToken = tsResp.getTimeStampToken();
436
tsToken.validate(cert, "BC");
441
tsResp.validate(request);
446
TimeStampTokenInfo tstInfo = tsToken.getTimeStampInfo();
451
GenTimeAccuracy accuracy = tstInfo.getGenTimeAccuracy();
453
assertEquals(1, accuracy.getSeconds());
454
assertEquals(2, accuracy.getMillis());
455
assertEquals(3, accuracy.getMicros());
457
assertEquals(new BigInteger("23"), tstInfo.getSerialNumber());
459
assertEquals("1.2", tstInfo.getPolicy());
464
CertStore store = tsToken.getCertificatesAndCRLs("Collection", "BC");
466
Collection certificates = store.getCertificates(null);
468
assertEquals(0, certificates.size());
471
private void testAccuracyWithCertsAndOrdering(
472
PrivateKey privateKey,
473
X509Certificate cert,
477
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
478
privateKey, cert, TSPAlgorithms.MD5, "1.2.3");
480
tsTokenGen.setCertificatesAndCRLs(certs);
482
tsTokenGen.setAccuracySeconds(3);
483
tsTokenGen.setAccuracyMillis(1);
484
tsTokenGen.setAccuracyMicros(2);
486
tsTokenGen.setOrdering(true);
488
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
490
reqGen.setCertReq(true);
492
TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100));
494
assertTrue(request.getCertReq());
496
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
498
TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date(), "BC");
500
tsResp = new TimeStampResponse(tsResp.getEncoded());
502
TimeStampToken tsToken = tsResp.getTimeStampToken();
504
tsToken.validate(cert, "BC");
509
tsResp.validate(request);
514
TimeStampTokenInfo tstInfo = tsToken.getTimeStampInfo();
519
GenTimeAccuracy accuracy = tstInfo.getGenTimeAccuracy();
521
assertEquals(3, accuracy.getSeconds());
522
assertEquals(1, accuracy.getMillis());
523
assertEquals(2, accuracy.getMicros());
525
assertEquals(new BigInteger("23"), tstInfo.getSerialNumber());
527
assertEquals("1.2.3", tstInfo.getPolicy());
529
assertEquals(true, tstInfo.isOrdered());
531
assertEquals(tstInfo.getNonce(), BigInteger.valueOf(100));
536
CertStore store = tsToken.getCertificatesAndCRLs("Collection", "BC");
538
Collection certificates = store.getCertificates(null);
540
assertEquals(2, certificates.size());
543
private void testNoNonse(
544
PrivateKey privateKey,
545
X509Certificate cert,
549
TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
550
privateKey, cert, TSPAlgorithms.MD5, "1.2.3");
552
tsTokenGen.setCertificatesAndCRLs(certs);
554
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
555
TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA1, new byte[20]);
557
assertFalse(request.getCertReq());
559
TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
561
TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("24"), new Date(), "BC");
563
tsResp = new TimeStampResponse(tsResp.getEncoded());
565
TimeStampToken tsToken = tsResp.getTimeStampToken();
567
tsToken.validate(cert, "BC");
572
tsResp.validate(request);
577
TimeStampTokenInfo tstInfo = tsToken.getTimeStampInfo();
582
GenTimeAccuracy accuracy = tstInfo.getGenTimeAccuracy();
584
assertNull(accuracy);
586
assertEquals(new BigInteger("24"), tstInfo.getSerialNumber());
588
assertEquals("1.2.3", tstInfo.getPolicy());
590
assertEquals(false, tstInfo.isOrdered());
592
assertNull(tstInfo.getNonce());
597
CertStore store = tsToken.getCertificatesAndCRLs("Collection", "BC");
599
Collection certificates = store.getCertificates(null);
601
assertEquals(0, certificates.size());