use of com.mindbright.asn1.ASN1BitString in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testIsWithinValidityWindow.
/**
* Provides test coverage for the {@code isWithinValidityWindow} methods.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testIsWithinValidityWindow() throws Exception {
final long notBefore = System.currentTimeMillis();
final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
final byte[] modulusBytes = new byte[256];
modulusBytes[0] = 0x40;
modulusBytes[255] = 0x01;
final BigInteger modulus = new BigInteger(modulusBytes);
final BigInteger exponent = BigInteger.valueOf(65537L);
final RSAPublicKey publicKey = new RSAPublicKey(modulus, exponent);
final X509Certificate c = new X509Certificate(X509CertificateVersion.V1, BigInteger.valueOf(123456789L), SignatureAlgorithmIdentifier.SHA_256_WITH_RSA.getOID(), null, new ASN1BitString(new boolean[1024]), new DN("CN=Issuer,O=Example Corp,C=US"), notBefore, notAfter, new DN("CN=ldap.example.com,O=Example Corp,C=US"), PublicKeyAlgorithmIdentifier.RSA.getOID(), null, publicKey.encode(), publicKey, null, null);
// NOTE: For some moronic reasons, certificates tend to use UTCTime instead
// of generalized time when encoding notBefore and notAfter values, despite
// the spec allowing either one, and despite UTCTime only supporting a
// two-digit year and no sub-second component. So we can't check for
// exact equivalence of the notBefore and notAfter values. Instead, we'll
// test with values at least 2000 milliseconds away from those values. And
// just call the version that doesn't take any arguments to get coverage.
c.isWithinValidityWindow();
assertTrue(c.isWithinValidityWindow(c.getNotBeforeDate()));
assertTrue(c.isWithinValidityWindow(c.getNotBeforeTime()));
assertFalse(c.isWithinValidityWindow(c.getNotBeforeTime() - 2000L));
assertTrue(c.isWithinValidityWindow(c.getNotBeforeTime() + 2000L));
assertTrue(c.isWithinValidityWindow(c.getNotAfterDate()));
assertTrue(c.isWithinValidityWindow(c.getNotAfterTime()));
assertTrue(c.isWithinValidityWindow(c.getNotAfterTime() - 2000L));
assertFalse(c.isWithinValidityWindow(c.getNotAfterTime() + 2000L));
}
use of com.mindbright.asn1.ASN1BitString in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testIsIssuerForVerifiedUsingKeyIDs.
/**
* Tests the {@code isIssuerFor} methods for a case in which the relationship
* can be established by key identifiers.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testIsIssuerForVerifiedUsingKeyIDs() throws Exception {
final X509Certificate serverCert = new X509Certificate(X509CertificateVersion.V3, BigInteger.valueOf(12345L), SignatureAlgorithmIdentifier.SHA_256_WITH_RSA.getOID(), new ASN1Null(), new ASN1BitString(true, false, true, false, true), new DN("CN=Example Issuer,O=Example Corporation,C=US"), System.currentTimeMillis(), System.currentTimeMillis() + (365L * 86_400_000L), new DN("CN=ldap.example.com,O=Example Corporation,C=US"), PublicKeyAlgorithmIdentifier.RSA.getOID(), new ASN1Null(), new ASN1BitString(false, true, false, true, false), null, null, null, new SubjectKeyIdentifierExtension(false, new ASN1OctetString("serverCertKeyIdentifier")), new AuthorityKeyIdentifierExtension(false, new ASN1OctetString("issuerCertKeyIdentifier"), null, null));
final X509Certificate issuerCert = new X509Certificate(X509CertificateVersion.V3, BigInteger.valueOf(12345L), SignatureAlgorithmIdentifier.SHA_256_WITH_RSA.getOID(), new ASN1Null(), new ASN1BitString(true, false, true, false, true), new DN("CN=Example Issuer,O=Example Corporation,C=US"), System.currentTimeMillis(), System.currentTimeMillis() + (365L * 86_400_000L), new DN("CN=Example Issuer,O=Example Corporation,C=US"), PublicKeyAlgorithmIdentifier.RSA.getOID(), new ASN1Null(), new ASN1BitString(false, true, false, true, false), null, null, null, new SubjectAlternativeNameExtension(false, new GeneralNamesBuilder().addRFC822Name("ca@example.com").build()), new SubjectKeyIdentifierExtension(false, new ASN1OctetString("issuerCertKeyIdentifier")), new AuthorityKeyIdentifierExtension(false, new ASN1OctetString("issuerCertKeyIdentifier"), null, null));
assertTrue(issuerCert.isIssuerFor(serverCert));
assertTrue(issuerCert.isIssuerFor(serverCert, new StringBuilder()));
assertFalse(serverCert.isIssuerFor(serverCert));
assertFalse(serverCert.isIssuerFor(serverCert, new StringBuilder()));
}
use of com.mindbright.asn1.ASN1BitString in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testDecodeMalformedIssuerDN.
/**
* Tests the behavior when trying to decode a certificate with a malformed
* issuer DN element.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { CertException.class })
public void testDecodeMalformedIssuerDN() throws Exception {
final long notBefore = System.currentTimeMillis();
final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1OctetString("malformed issuer DN"), new ASN1Sequence(new ASN1UTCTime(notBefore), new ASN1UTCTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024]))), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
new X509Certificate(valueSequence.encode());
}
use of com.mindbright.asn1.ASN1BitString in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testIsIssuerForDisprovedByUsingKeyIDs.
/**
* Tests the {@code isIssuerFor} methods for a case in which the relationship
* can be disproved by key identifiers.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testIsIssuerForDisprovedByUsingKeyIDs() throws Exception {
final X509Certificate serverCert = new X509Certificate(X509CertificateVersion.V3, BigInteger.valueOf(12345L), SignatureAlgorithmIdentifier.SHA_256_WITH_RSA.getOID(), new ASN1Null(), new ASN1BitString(true, false, true, false, true), new DN("CN=Example Issuer,O=Example Corporation,C=US"), System.currentTimeMillis(), System.currentTimeMillis() + (365L * 86_400_000L), new DN("CN=ldap.example.com,O=Example Corporation,C=US"), PublicKeyAlgorithmIdentifier.RSA.getOID(), new ASN1Null(), new ASN1BitString(false, true, false, true, false), null, null, null, new SubjectKeyIdentifierExtension(false, new ASN1OctetString("serverCertKeyIdentifier")), new AuthorityKeyIdentifierExtension(false, new ASN1OctetString("issuerCertKeyIdentifier"), null, null));
final X509Certificate issuerCert = new X509Certificate(X509CertificateVersion.V3, BigInteger.valueOf(12345L), SignatureAlgorithmIdentifier.SHA_256_WITH_RSA.getOID(), new ASN1Null(), new ASN1BitString(true, false, true, false, true), new DN("CN=Example Issuer,O=Example Corporation,C=US"), System.currentTimeMillis(), System.currentTimeMillis() + (365L * 86_400_000L), new DN("CN=Example Issuer,O=Example Corporation,C=US"), PublicKeyAlgorithmIdentifier.RSA.getOID(), new ASN1Null(), new ASN1BitString(false, true, false, true, false), null, null, null, new SubjectKeyIdentifierExtension(false, new ASN1OctetString("differentIssuerCertKeyIdentifier")), new AuthorityKeyIdentifierExtension(false, new ASN1OctetString("differentIssuerCertKeyIdentifier"), null, null));
assertFalse(issuerCert.isIssuerFor(serverCert));
assertFalse(issuerCert.isIssuerFor(serverCert, new StringBuilder()));
assertFalse(serverCert.isIssuerFor(serverCert));
assertFalse(serverCert.isIssuerFor(serverCert, new StringBuilder()));
}
use of com.mindbright.asn1.ASN1BitString in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testDecodeMalformedSubjectUniqueID.
/**
* Tests the behavior when trying to decode a certificate with a malformed
* subject unique ID.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { CertException.class })
public void testDecodeMalformedSubjectUniqueID() throws Exception {
final long notBefore = System.currentTimeMillis();
final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1GeneralizedTime(notBefore), new ASN1GeneralizedTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024])), new ASN1Element((byte) 0x82)), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
new X509Certificate(valueSequence.encode());
}
Aggregations