| package org.bouncycastle.jce.provider.test; |
| |
| import java.math.BigInteger; |
| import java.security.KeyFactory; |
| import java.security.PrivateKey; |
| import java.security.PublicKey; |
| import java.security.Security; |
| import java.security.cert.X509Certificate; |
| import java.security.spec.RSAPrivateCrtKeySpec; |
| import java.security.spec.RSAPublicKeySpec; |
| import java.util.Date; |
| import java.util.Set; |
| import java.util.Vector; |
| |
| import org.bouncycastle.jce.X509Principal; |
| import org.bouncycastle.jce.provider.BouncyCastleProvider; |
| import org.bouncycastle.util.Arrays; |
| import org.bouncycastle.util.test.SimpleTest; |
| import org.bouncycastle.x509.X509V3CertificateGenerator; |
| |
| public class CertUniqueIDTest |
| extends SimpleTest |
| { |
| public String getName() |
| { |
| return "CertUniqueID"; |
| } |
| |
| public void performTest() throws Exception |
| { |
| checkCreation1(); |
| } |
| |
| /** |
| * we generate a self signed certificate for the sake of testing - RSA |
| */ |
| public void checkCreation1() |
| throws Exception |
| { |
| // |
| // a sample key pair. |
| // |
| RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec( |
| new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), |
| new BigInteger("11", 16)); |
| |
| RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec( |
| new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), |
| new BigInteger("11", 16), |
| new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16), |
| new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16), |
| new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16), |
| new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16), |
| new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16), |
| new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16)); |
| |
| // |
| // set up the keys |
| // |
| PrivateKey privKey; |
| PublicKey pubKey; |
| |
| KeyFactory fact = KeyFactory.getInstance("RSA", "BC"); |
| |
| privKey = fact.generatePrivate(privKeySpec); |
| pubKey = fact.generatePublic(pubKeySpec); |
| |
| // |
| // distinguished name table. |
| // |
| Vector ord = new Vector(); |
| Vector values = new Vector(); |
| |
| ord.addElement(X509Principal.C); |
| ord.addElement(X509Principal.O); |
| ord.addElement(X509Principal.L); |
| ord.addElement(X509Principal.ST); |
| ord.addElement(X509Principal.E); |
| |
| values.addElement("AU"); |
| values.addElement("The Legion of the Bouncy Castle"); |
| values.addElement("Melbourne"); |
| values.addElement("Victoria"); |
| values.addElement("feedback-crypto@bouncycastle.org"); |
| |
| // |
| // extensions |
| // |
| |
| // |
| // create the certificate - version 3 - without subject unique ID |
| // |
| X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); |
| |
| certGen.setSerialNumber(BigInteger.valueOf(1)); |
| certGen.setIssuerDN(new X509Principal(ord, values)); |
| certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000)); |
| certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); |
| certGen.setSubjectDN(new X509Principal(ord, values)); |
| certGen.setPublicKey(pubKey); |
| certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); |
| |
| X509Certificate cert = certGen.generate(privKey); |
| |
| cert.checkValidity(new Date()); |
| |
| cert.verify(pubKey); |
| |
| Set dummySet = cert.getNonCriticalExtensionOIDs(); |
| if (dummySet != null) |
| { |
| fail("non-critical oid set should be null"); |
| } |
| dummySet = cert.getCriticalExtensionOIDs(); |
| if (dummySet != null) |
| { |
| fail("critical oid set should be null"); |
| } |
| |
| // |
| // create the certificate - version 3 - with subject unique ID |
| // |
| certGen = new X509V3CertificateGenerator(); |
| |
| certGen.setSerialNumber(BigInteger.valueOf(1)); |
| certGen.setIssuerDN(new X509Principal(ord, values)); |
| certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000)); |
| certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); |
| certGen.setSubjectDN(new X509Principal(ord, values)); |
| certGen.setPublicKey(pubKey); |
| certGen.setSignatureAlgorithm("MD5WithRSAEncryption"); |
| |
| boolean[] subjectUniqID = {true, false, false, false, true, false, false, true, false, true, true}; |
| |
| certGen.setSubjectUniqueID(subjectUniqID); |
| |
| boolean[] issuerUniqID = {false, false, true, false, true, false, false, false, true, false, false, true, false, true, true}; |
| |
| certGen.setIssuerUniqueID(issuerUniqID); |
| |
| cert = certGen.generate(privKey); |
| |
| cert.checkValidity(new Date()); |
| |
| cert.verify(pubKey); |
| |
| boolean[] subjectUniqueId = cert.getSubjectUniqueID(); |
| if (!Arrays.areEqual(subjectUniqID, subjectUniqueId)) |
| { |
| fail("Subject unique id is not correct, original: "+arrayToString(subjectUniqID)+", from cert: "+arrayToString(subjectUniqueId)); |
| } |
| |
| boolean[] issuerUniqueId = cert.getIssuerUniqueID(); |
| if (!Arrays.areEqual(issuerUniqID, issuerUniqueId)) |
| { |
| fail("Issuer unique id is not correct, original: "+arrayToString(issuerUniqID)+", from cert: "+arrayToString(subjectUniqueId)); |
| } |
| } |
| |
| private String arrayToString(boolean[] array) |
| { |
| StringBuffer b = new StringBuffer(); |
| |
| for (int i = 0; i != array.length; i++) |
| { |
| b.append(array[i] ? "1" : "0"); |
| } |
| |
| return b.toString(); |
| } |
| public static void main( |
| String[] args) |
| { |
| Security.addProvider(new BouncyCastleProvider()); |
| |
| runTest(new CertUniqueIDTest()); |
| } |
| } |