Search in sources :

Example 6 with ASN1BitString

use of com.mindbright.asn1.ASN1BitString in project ldapsdk by pingidentity.

the class X509CertificateTestCase method testIsWithinValidityWindow.

/**
 * Provides test coverage for the {@code isWithinValidityWindow} methods.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testIsWithinValidityWindow() throws Exception {
    final long notBefore = System.currentTimeMillis();
    final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
    final byte[] modulusBytes = new byte[256];
    modulusBytes[0] = 0x40;
    modulusBytes[255] = 0x01;
    final BigInteger modulus = new BigInteger(modulusBytes);
    final BigInteger exponent = BigInteger.valueOf(65537L);
    final RSAPublicKey publicKey = new RSAPublicKey(modulus, exponent);
    final X509Certificate c = new X509Certificate(X509CertificateVersion.V1, BigInteger.valueOf(123456789L), SignatureAlgorithmIdentifier.SHA_256_WITH_RSA.getOID(), null, new ASN1BitString(new boolean[1024]), new DN("CN=Issuer,O=Example Corp,C=US"), notBefore, notAfter, new DN("CN=ldap.example.com,O=Example Corp,C=US"), PublicKeyAlgorithmIdentifier.RSA.getOID(), null, publicKey.encode(), publicKey, null, null);
    // NOTE:  For some moronic reasons, certificates tend to use UTCTime instead
    // of generalized time when encoding notBefore and notAfter values, despite
    // the spec allowing either one, and despite UTCTime only supporting a
    // two-digit year and no sub-second component.  So we can't check for
    // exact equivalence  of the notBefore and notAfter values.  Instead, we'll
    // test with values at least 2000 milliseconds away from those values.  And
    // just call the version that doesn't take any arguments to get coverage.
    c.isWithinValidityWindow();
    assertTrue(c.isWithinValidityWindow(c.getNotBeforeDate()));
    assertTrue(c.isWithinValidityWindow(c.getNotBeforeTime()));
    assertFalse(c.isWithinValidityWindow(c.getNotBeforeTime() - 2000L));
    assertTrue(c.isWithinValidityWindow(c.getNotBeforeTime() + 2000L));
    assertTrue(c.isWithinValidityWindow(c.getNotAfterDate()));
    assertTrue(c.isWithinValidityWindow(c.getNotAfterTime()));
    assertTrue(c.isWithinValidityWindow(c.getNotAfterTime() - 2000L));
    assertFalse(c.isWithinValidityWindow(c.getNotAfterTime() + 2000L));
}
Also used : BigInteger(java.math.BigInteger) ASN1BigInteger(com.unboundid.asn1.ASN1BigInteger) DN(com.unboundid.ldap.sdk.DN) ASN1BitString(com.unboundid.asn1.ASN1BitString) Test(org.testng.annotations.Test)

Example 7 with ASN1BitString

use of com.mindbright.asn1.ASN1BitString in project ldapsdk by pingidentity.

the class X509CertificateTestCase method testIsIssuerForVerifiedUsingKeyIDs.

/**
 * Tests the {@code isIssuerFor} methods for a case in which the relationship
 * can be established by key identifiers.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testIsIssuerForVerifiedUsingKeyIDs() throws Exception {
    final X509Certificate serverCert = new X509Certificate(X509CertificateVersion.V3, BigInteger.valueOf(12345L), SignatureAlgorithmIdentifier.SHA_256_WITH_RSA.getOID(), new ASN1Null(), new ASN1BitString(true, false, true, false, true), new DN("CN=Example Issuer,O=Example Corporation,C=US"), System.currentTimeMillis(), System.currentTimeMillis() + (365L * 86_400_000L), new DN("CN=ldap.example.com,O=Example Corporation,C=US"), PublicKeyAlgorithmIdentifier.RSA.getOID(), new ASN1Null(), new ASN1BitString(false, true, false, true, false), null, null, null, new SubjectKeyIdentifierExtension(false, new ASN1OctetString("serverCertKeyIdentifier")), new AuthorityKeyIdentifierExtension(false, new ASN1OctetString("issuerCertKeyIdentifier"), null, null));
    final X509Certificate issuerCert = new X509Certificate(X509CertificateVersion.V3, BigInteger.valueOf(12345L), SignatureAlgorithmIdentifier.SHA_256_WITH_RSA.getOID(), new ASN1Null(), new ASN1BitString(true, false, true, false, true), new DN("CN=Example Issuer,O=Example Corporation,C=US"), System.currentTimeMillis(), System.currentTimeMillis() + (365L * 86_400_000L), new DN("CN=Example Issuer,O=Example Corporation,C=US"), PublicKeyAlgorithmIdentifier.RSA.getOID(), new ASN1Null(), new ASN1BitString(false, true, false, true, false), null, null, null, new SubjectAlternativeNameExtension(false, new GeneralNamesBuilder().addRFC822Name("ca@example.com").build()), new SubjectKeyIdentifierExtension(false, new ASN1OctetString("issuerCertKeyIdentifier")), new AuthorityKeyIdentifierExtension(false, new ASN1OctetString("issuerCertKeyIdentifier"), null, null));
    assertTrue(issuerCert.isIssuerFor(serverCert));
    assertTrue(issuerCert.isIssuerFor(serverCert, new StringBuilder()));
    assertFalse(serverCert.isIssuerFor(serverCert));
    assertFalse(serverCert.isIssuerFor(serverCert, new StringBuilder()));
}
Also used : ASN1OctetString(com.unboundid.asn1.ASN1OctetString) DN(com.unboundid.ldap.sdk.DN) ASN1BitString(com.unboundid.asn1.ASN1BitString) ASN1Null(com.unboundid.asn1.ASN1Null) Test(org.testng.annotations.Test)

Example 8 with ASN1BitString

use of com.mindbright.asn1.ASN1BitString in project ldapsdk by pingidentity.

the class X509CertificateTestCase method testDecodeMalformedIssuerDN.

/**
 * Tests the behavior when trying to decode a certificate with a malformed
 * issuer DN element.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test(expectedExceptions = { CertException.class })
public void testDecodeMalformedIssuerDN() throws Exception {
    final long notBefore = System.currentTimeMillis();
    final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
    final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1OctetString("malformed issuer DN"), new ASN1Sequence(new ASN1UTCTime(notBefore), new ASN1UTCTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024]))), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
    new X509Certificate(valueSequence.encode());
}
Also used : ASN1OctetString(com.unboundid.asn1.ASN1OctetString) ASN1UTCTime(com.unboundid.asn1.ASN1UTCTime) ASN1BigInteger(com.unboundid.asn1.ASN1BigInteger) DN(com.unboundid.ldap.sdk.DN) ASN1Integer(com.unboundid.asn1.ASN1Integer) OID(com.unboundid.util.OID) ASN1BitString(com.unboundid.asn1.ASN1BitString) ASN1Sequence(com.unboundid.asn1.ASN1Sequence) ASN1Element(com.unboundid.asn1.ASN1Element) ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier) ASN1Null(com.unboundid.asn1.ASN1Null) Test(org.testng.annotations.Test)

Example 9 with ASN1BitString

use of com.mindbright.asn1.ASN1BitString in project ldapsdk by pingidentity.

the class X509CertificateTestCase method testIsIssuerForDisprovedByUsingKeyIDs.

/**
 * Tests the {@code isIssuerFor} methods for a case in which the relationship
 * can be disproved by key identifiers.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testIsIssuerForDisprovedByUsingKeyIDs() throws Exception {
    final X509Certificate serverCert = new X509Certificate(X509CertificateVersion.V3, BigInteger.valueOf(12345L), SignatureAlgorithmIdentifier.SHA_256_WITH_RSA.getOID(), new ASN1Null(), new ASN1BitString(true, false, true, false, true), new DN("CN=Example Issuer,O=Example Corporation,C=US"), System.currentTimeMillis(), System.currentTimeMillis() + (365L * 86_400_000L), new DN("CN=ldap.example.com,O=Example Corporation,C=US"), PublicKeyAlgorithmIdentifier.RSA.getOID(), new ASN1Null(), new ASN1BitString(false, true, false, true, false), null, null, null, new SubjectKeyIdentifierExtension(false, new ASN1OctetString("serverCertKeyIdentifier")), new AuthorityKeyIdentifierExtension(false, new ASN1OctetString("issuerCertKeyIdentifier"), null, null));
    final X509Certificate issuerCert = new X509Certificate(X509CertificateVersion.V3, BigInteger.valueOf(12345L), SignatureAlgorithmIdentifier.SHA_256_WITH_RSA.getOID(), new ASN1Null(), new ASN1BitString(true, false, true, false, true), new DN("CN=Example Issuer,O=Example Corporation,C=US"), System.currentTimeMillis(), System.currentTimeMillis() + (365L * 86_400_000L), new DN("CN=Example Issuer,O=Example Corporation,C=US"), PublicKeyAlgorithmIdentifier.RSA.getOID(), new ASN1Null(), new ASN1BitString(false, true, false, true, false), null, null, null, new SubjectKeyIdentifierExtension(false, new ASN1OctetString("differentIssuerCertKeyIdentifier")), new AuthorityKeyIdentifierExtension(false, new ASN1OctetString("differentIssuerCertKeyIdentifier"), null, null));
    assertFalse(issuerCert.isIssuerFor(serverCert));
    assertFalse(issuerCert.isIssuerFor(serverCert, new StringBuilder()));
    assertFalse(serverCert.isIssuerFor(serverCert));
    assertFalse(serverCert.isIssuerFor(serverCert, new StringBuilder()));
}
Also used : ASN1OctetString(com.unboundid.asn1.ASN1OctetString) DN(com.unboundid.ldap.sdk.DN) ASN1BitString(com.unboundid.asn1.ASN1BitString) ASN1Null(com.unboundid.asn1.ASN1Null) Test(org.testng.annotations.Test)

Example 10 with ASN1BitString

use of com.mindbright.asn1.ASN1BitString in project ldapsdk by pingidentity.

the class X509CertificateTestCase method testDecodeMalformedSubjectUniqueID.

/**
 * Tests the behavior when trying to decode a certificate with a malformed
 * subject unique ID.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test(expectedExceptions = { CertException.class })
public void testDecodeMalformedSubjectUniqueID() throws Exception {
    final long notBefore = System.currentTimeMillis();
    final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
    final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1GeneralizedTime(notBefore), new ASN1GeneralizedTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024])), new ASN1Element((byte) 0x82)), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
    new X509Certificate(valueSequence.encode());
}
Also used : ASN1Sequence(com.unboundid.asn1.ASN1Sequence) ASN1Element(com.unboundid.asn1.ASN1Element) ASN1BigInteger(com.unboundid.asn1.ASN1BigInteger) DN(com.unboundid.ldap.sdk.DN) ASN1GeneralizedTime(com.unboundid.asn1.ASN1GeneralizedTime) ASN1Integer(com.unboundid.asn1.ASN1Integer) OID(com.unboundid.util.OID) ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier) ASN1BitString(com.unboundid.asn1.ASN1BitString) ASN1Null(com.unboundid.asn1.ASN1Null) Test(org.testng.annotations.Test)

Aggregations

ASN1BitString (com.unboundid.asn1.ASN1BitString)72 Test (org.testng.annotations.Test)62 DN (com.unboundid.ldap.sdk.DN)49 ASN1Null (com.unboundid.asn1.ASN1Null)36 OID (com.unboundid.util.OID)33 ASN1ObjectIdentifier (com.unboundid.asn1.ASN1ObjectIdentifier)26 ASN1OctetString (com.unboundid.asn1.ASN1OctetString)25 ASN1Sequence (com.unboundid.asn1.ASN1Sequence)24 ASN1Element (com.unboundid.asn1.ASN1Element)23 ASN1BigInteger (com.unboundid.asn1.ASN1BigInteger)22 ASN1Integer (com.unboundid.asn1.ASN1Integer)20 IOException (java.io.IOException)16 ASN1BitString (com.github.zhenwei.core.asn1.ASN1BitString)14 ASN1BitString (org.bouncycastle.asn1.ASN1BitString)11 BigInteger (java.math.BigInteger)10 ArrayList (java.util.ArrayList)10 ASN1GeneralizedTime (com.unboundid.asn1.ASN1GeneralizedTime)9 NotNull (com.unboundid.util.NotNull)9 Date (java.util.Date)8 KeyPair (java.security.KeyPair)7