Examples with AuthorityKeyIdentifier com.github.zhenwei.core.asn1.x509.AuthorityKeyIdentifier used on opensource projects

Search in sources :

Example 46 with AuthorityKeyIdentifier

use of com.github.zhenwei.core.asn1.x509.AuthorityKeyIdentifier in project candlepin by candlepin.

the class X509CRLStreamWriterTest method testAddEntryToBigCRL.

@Test
public void testAddEntryToBigCRL() throws Exception {
    X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuer, new Date());
    AuthorityKeyIdentifier identifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(keyPair.getPublic());
    crlBuilder.addExtension(Extension.authorityKeyIdentifier, false, identifier);
    /* With a CRL number of 127, incrementing it should cause the number of bytes in the length
         * portion of the TLV to increase by one.*/
    crlBuilder.addExtension(Extension.cRLNumber, false, new CRLNumber(new BigInteger("127")));
    BigInteger serial = new BigInteger("741696FE9E30AD27", 16);
    Set<BigInteger> expected = new HashSet<>();
    for (int i = 0; i < 10000; i++) {
        serial = serial.add(BigInteger.TEN);
        crlBuilder.addCRLEntry(serial, new Date(), CRLReason.privilegeWithdrawn);
        expected.add(serial);
    }
    X509CRLHolder holder = crlBuilder.build(signer);
    File crlToChange = writeCRL(holder);
    File outfile = new File(folder.getRoot(), "new.crl");
    X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic());
    // Add enough items to cause the number of length bytes to change
    Set<BigInteger> newSerials = new HashSet<>(Arrays.asList(new BigInteger("2358215310"), new BigInteger("7231352433"), new BigInteger("8233181205"), new BigInteger("1455615868"), new BigInteger("4323487764"), new BigInteger("6673256679")));
    for (BigInteger i : newSerials) {
        stream.add(i, new Date(), CRLReason.privilegeWithdrawn);
        expected.add(i);
    }
    stream.preScan(crlToChange).lock();
    OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile));
    stream.write(o);
    o.close();
    X509CRL changedCrl = readCRL();
    Set<BigInteger> discoveredSerials = new HashSet<>();
    for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) {
        discoveredSerials.add(entry.getSerialNumber());
    }
    assertEquals(expected, discoveredSerials);
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) X509CRL(java.security.cert.X509CRL) CRLNumber(org.bouncycastle.asn1.x509.CRLNumber) BufferedOutputStream(java.io.BufferedOutputStream) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) Date(java.util.Date) X509CRLEntry(java.security.cert.X509CRLEntry) FileOutputStream(java.io.FileOutputStream) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) File(java.io.File) BufferedOutputStream(java.io.BufferedOutputStream) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 47 with AuthorityKeyIdentifier

use of com.github.zhenwei.core.asn1.x509.AuthorityKeyIdentifier in project candlepin by candlepin.

the class X509CRLStreamWriterTest method testAddEntryToEmptyCRL.

@Test
public void testAddEntryToEmptyCRL() throws Exception {
    Date oneHourAgo = new Date(new Date().getTime() - 60L * 60L * 1000L);
    Date oneHourHence = new Date(new Date().getTime() + 60L * 60L * 1000L);
    X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuer, oneHourAgo);
    AuthorityKeyIdentifier identifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(keyPair.getPublic());
    crlBuilder.addExtension(Extension.authorityKeyIdentifier, false, identifier);
    /* With a CRL number of 127, incrementing it should cause the number of bytes in the length
         * portion of the TLV to increase by one.*/
    crlBuilder.addExtension(Extension.cRLNumber, false, new CRLNumber(new BigInteger("127")));
    crlBuilder.setNextUpdate(oneHourHence);
    X509CRLHolder holder = crlBuilder.build(signer);
    File crlToChange = writeCRL(holder);
    File outfile = new File(folder.getRoot(), "new.crl");
    X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic());
    // Add enough items to cause the number of length bytes to change
    Set<BigInteger> newSerials = new HashSet<>(Arrays.asList(new BigInteger("2358215310"), new BigInteger("7231352433"), new BigInteger("8233181205"), new BigInteger("1455615868"), new BigInteger("4323487764"), new BigInteger("6673256679")));
    for (BigInteger i : newSerials) {
        stream.add(i, new Date(), CRLReason.privilegeWithdrawn);
    }
    stream.preScan(crlToChange).lock();
    OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile));
    stream.write(o);
    o.close();
    X509CRL changedCrl = readCRL();
    Set<BigInteger> discoveredSerials = new HashSet<>();
    for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) {
        discoveredSerials.add(entry.getSerialNumber());
    }
    X509CRL originalCrl = new JcaX509CRLConverter().setProvider(BC_PROVIDER).getCRL(holder);
    assertNotNull(changedCrl.getNextUpdate());
    long changedCrlUpdateDelta = changedCrl.getNextUpdate().getTime() - changedCrl.getThisUpdate().getTime();
    assertEquals(changedCrlUpdateDelta, oneHourHence.getTime() - oneHourAgo.getTime());
    assertThat(changedCrl.getThisUpdate(), OrderingComparison.greaterThan(originalCrl.getThisUpdate()));
    assertEquals(newSerials, discoveredSerials);
    assertEquals(originalCrl.getIssuerX500Principal(), changedCrl.getIssuerX500Principal());
    ASN1ObjectIdentifier crlNumberOID = Extension.cRLNumber;
    byte[] oldCrlNumberBytes = originalCrl.getExtensionValue(crlNumberOID.getId());
    byte[] newCrlNumberBytes = changedCrl.getExtensionValue(crlNumberOID.getId());
    DEROctetString oldOctet = (DEROctetString) DERTaggedObject.fromByteArray(oldCrlNumberBytes);
    DEROctetString newOctet = (DEROctetString) DERTaggedObject.fromByteArray(newCrlNumberBytes);
    ASN1Integer oldNumber = (ASN1Integer) DERTaggedObject.fromByteArray(oldOctet.getOctets());
    ASN1Integer newNumber = (ASN1Integer) DERTaggedObject.fromByteArray(newOctet.getOctets());
    assertEquals(oldNumber.getValue().add(BigInteger.ONE), newNumber.getValue());
    ASN1ObjectIdentifier authorityKeyOID = Extension.authorityKeyIdentifier;
    byte[] oldAuthorityKeyId = originalCrl.getExtensionValue(authorityKeyOID.getId());
    byte[] newAuthorityKeyId = changedCrl.getExtensionValue(authorityKeyOID.getId());
    assertArrayEquals(oldAuthorityKeyId, newAuthorityKeyId);
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) X509CRL(java.security.cert.X509CRL) CRLNumber(org.bouncycastle.asn1.x509.CRLNumber) BufferedOutputStream(java.io.BufferedOutputStream) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) Date(java.util.Date) DEROctetString(org.bouncycastle.asn1.DEROctetString) X509CRLEntry(java.security.cert.X509CRLEntry) JcaX509CRLConverter(org.bouncycastle.cert.jcajce.JcaX509CRLConverter) FileOutputStream(java.io.FileOutputStream) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) File(java.io.File) BufferedOutputStream(java.io.BufferedOutputStream) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 48 with AuthorityKeyIdentifier

use of com.github.zhenwei.core.asn1.x509.AuthorityKeyIdentifier in project candlepin by candlepin.

the class X509CRLStreamWriterTest method createCRLBuilder.

private X509v2CRLBuilder createCRLBuilder() throws Exception {
    X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuer, new Date());
    AuthorityKeyIdentifier identifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(keyPair.getPublic());
    crlBuilder.addExtension(Extension.authorityKeyIdentifier, false, identifier);
    /* With a CRL number of 127, incrementing it should cause the number of bytes in the length
         * portion of the TLV to increase by one.*/
    crlBuilder.addExtension(Extension.cRLNumber, false, new CRLNumber(new BigInteger("127")));
    crlBuilder.addCRLEntry(new BigInteger("100"), new Date(), CRLReason.unspecified);
    return crlBuilder;
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) CRLNumber(org.bouncycastle.asn1.x509.CRLNumber) BigInteger(java.math.BigInteger) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) Date(java.util.Date)

Example 49 with AuthorityKeyIdentifier

use of com.github.zhenwei.core.asn1.x509.AuthorityKeyIdentifier in project candlepin by candlepin.

the class X509CRLStreamWriterTest method testKeySizeChange.

@Test
public void testKeySizeChange() throws Exception {
    int[] sizes = { 1024, 4096 };
    for (int size : sizes) {
        X509CRLHolder holder = createCRL();
        File crlToChange = writeCRL(holder);
        generator.initialize(size);
        KeyPair differentKeyPair = generator.generateKeyPair();
        X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) differentKeyPair.getPrivate(), (RSAPublicKey) differentKeyPair.getPublic());
        stream.preScan(crlToChange).lock();
        OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile));
        stream.write(o);
        o.close();
        X509CRL originalCrl = new JcaX509CRLConverter().setProvider(BC_PROVIDER).getCRL(holder);
        X509CRL changedCrl = readCRL(differentKeyPair.getPublic());
        Set<BigInteger> discoveredSerials = new HashSet<>();
        for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) {
            discoveredSerials.add(entry.getSerialNumber());
        }
        Set<BigInteger> expected = new HashSet<>();
        expected.add(new BigInteger("100"));
        assertEquals(expected, discoveredSerials);
        // Since the key changed, the authorityKeyIdentifier must change
        byte[] oldAkiBytes = originalCrl.getExtensionValue(Extension.authorityKeyIdentifier.getId());
        byte[] newAkiBytes = changedCrl.getExtensionValue(Extension.authorityKeyIdentifier.getId());
        oldAkiBytes = ASN1OctetString.getInstance(oldAkiBytes).getOctets();
        newAkiBytes = ASN1OctetString.getInstance(newAkiBytes).getOctets();
        AuthorityKeyIdentifier oldAki = AuthorityKeyIdentifier.getInstance(oldAkiBytes);
        AuthorityKeyIdentifier newAki = AuthorityKeyIdentifier.getInstance(newAkiBytes);
        AuthorityKeyIdentifier identifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(keyPair.getPublic());
        assertEquals(oldAki, identifier);
        AuthorityKeyIdentifier differentIdentifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(differentKeyPair.getPublic());
        assertEquals(newAki, differentIdentifier);
    }
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) KeyPair(java.security.KeyPair) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) X509CRL(java.security.cert.X509CRL) BufferedOutputStream(java.io.BufferedOutputStream) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) X509CRLEntry(java.security.cert.X509CRLEntry) JcaX509CRLConverter(org.bouncycastle.cert.jcajce.JcaX509CRLConverter) FileOutputStream(java.io.FileOutputStream) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger) File(java.io.File) BufferedOutputStream(java.io.BufferedOutputStream) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 50 with AuthorityKeyIdentifier

use of com.github.zhenwei.core.asn1.x509.AuthorityKeyIdentifier in project candlepin by candlepin.

the class X509CRLEntryStreamTest method testCRLwithoutUpdateTime.

@Test
public void testCRLwithoutUpdateTime() throws Exception {
    X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuer, new Date());
    AuthorityKeyIdentifier identifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(keyPair.getPublic());
    crlBuilder.addExtension(Extension.authorityKeyIdentifier, false, identifier);
    crlBuilder.addExtension(Extension.cRLNumber, false, new CRLNumber(new BigInteger("127")));
    crlBuilder.addCRLEntry(new BigInteger("100"), new Date(), CRLReason.unspecified);
    X509CRLHolder holder = crlBuilder.build(signer);
    File noUpdateTimeCrl = new File(folder.getRoot(), "test.crl");
    FileUtils.writeByteArrayToFile(noUpdateTimeCrl, holder.getEncoded());
    X509CRLEntryStream stream = new X509CRLEntryStream(noUpdateTimeCrl);
    try {
        Set<BigInteger> streamedSerials = new HashSet<>();
        while (stream.hasNext()) {
            streamedSerials.add(getSerial(stream.next()));
        }
        assertEquals(1, streamedSerials.size());
        assertTrue(streamedSerials.contains(new BigInteger("100")));
    } finally {
        stream.close();
    }
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) CRLNumber(org.bouncycastle.asn1.x509.CRLNumber) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) File(java.io.File) Date(java.util.Date) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

AuthorityKeyIdentifier (org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)49 BigInteger (java.math.BigInteger)24 X509Certificate (java.security.cert.X509Certificate)21 IOException (java.io.IOException)17 GeneralName (org.bouncycastle.asn1.x509.GeneralName)16 Test (org.junit.Test)16 SubjectKeyIdentifier (org.bouncycastle.asn1.x509.SubjectKeyIdentifier)15 Date (java.util.Date)14 X500Name (org.bouncycastle.asn1.x500.X500Name)13 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)13 JcaX509ExtensionUtils (org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)13 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)11 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)10 DEROctetString (org.bouncycastle.asn1.DEROctetString)9 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)9 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)8 X509v2CRLBuilder (org.bouncycastle.cert.X509v2CRLBuilder)8 ContentSigner (org.bouncycastle.operator.ContentSigner)8 HashSet (java.util.HashSet)7 Extension (org.bouncycastle.asn1.x509.Extension)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial