use of com.unboundid.asn1.ASN1BitString in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testDecodeMalformedPublicKey.
/**
* Tests the behavior when trying to decode a certificate with a malformed
* public key info structure.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { CertException.class })
public void testDecodeMalformedPublicKey() throws Exception {
final long notBefore = System.currentTimeMillis();
final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1GeneralizedTime(notBefore), new ASN1GeneralizedTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1OctetString("not a valid sequence")), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
new X509Certificate(valueSequence.encode());
}
use of com.unboundid.asn1.ASN1BitString in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testValidCertificateWithRSAKeyNoOptionalElements.
/**
* Tests a valid X.509 certificate with an RSA public key and no optional
* elements.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testValidCertificateWithRSAKeyNoOptionalElements() throws Exception {
final long notBefore = System.currentTimeMillis();
final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
final byte[] modulusBytes = new byte[256];
modulusBytes[0] = 0x40;
modulusBytes[255] = 0x01;
final BigInteger modulus = new BigInteger(modulusBytes);
final BigInteger exponent = BigInteger.valueOf(65537L);
final RSAPublicKey publicKey = new RSAPublicKey(modulus, exponent);
X509Certificate c = new X509Certificate(X509CertificateVersion.V1, BigInteger.valueOf(123456789L), SignatureAlgorithmIdentifier.SHA_256_WITH_RSA.getOID(), null, new ASN1BitString(new boolean[1024]), new DN("CN=Issuer,O=Example Corp,C=US"), notBefore, notAfter, new DN("CN=ldap.example.com,O=Example Corp,C=US"), PublicKeyAlgorithmIdentifier.RSA.getOID(), null, publicKey.encode(), publicKey, null, null);
assertNotNull(c.getX509CertificateBytes());
c = new X509Certificate(c.encode().encode());
assertNotNull(c.getVersion());
assertEquals(c.getVersion(), X509CertificateVersion.V1);
assertNotNull(c.getSerialNumber());
assertEquals(c.getSerialNumber(), BigInteger.valueOf(123456789L));
assertNotNull(c.getSignatureAlgorithmOID());
assertEquals(c.getSignatureAlgorithmOID(), SignatureAlgorithmIdentifier.SHA_256_WITH_RSA.getOID());
assertNotNull(c.getSignatureAlgorithmName());
assertEquals(c.getSignatureAlgorithmName(), "SHA-256 with RSA");
assertNotNull(c.getSignatureAlgorithmNameOrOID());
assertEquals(c.getSignatureAlgorithmNameOrOID(), "SHA-256 with RSA");
assertNull(c.getSignatureAlgorithmParameters());
assertNotNull(c.getIssuerDN());
assertEquals(c.getIssuerDN(), new DN("CN=Issuer,O=Example Corp,C=US"));
// NOTE: For some moronic reasons, certificates tend to use UTCTime instead
// of generalized time when encoding notBefore and notAfter values, despite
// the spec allowing either one, and despite UTCTime only supporting a
// two-digit year and no sub-second component. So we can't check for
// exact equivalence of the notBefore and notAfter values. Instead, just
// make sure that the values are within 2000 milliseconds of the expected
// value.
assertTrue(Math.abs(c.getNotBeforeTime() - notBefore) < 2000L);
assertNotNull(c.getNotBeforeDate());
assertEquals(c.getNotBeforeDate(), new Date(c.getNotBeforeTime()));
assertTrue(Math.abs(c.getNotAfterTime() - notAfter) < 2000L);
assertNotNull(c.getNotAfterDate());
assertEquals(c.getNotAfterDate(), new Date(c.getNotAfterTime()));
assertNotNull(c.getSubjectDN());
assertEquals(c.getSubjectDN(), new DN("CN=ldap.example.com,O=Example Corp,C=US"));
assertNotNull(c.getPublicKeyAlgorithmOID());
assertEquals(c.getPublicKeyAlgorithmOID(), PublicKeyAlgorithmIdentifier.RSA.getOID());
assertNotNull(c.getPublicKeyAlgorithmName());
assertEquals(c.getPublicKeyAlgorithmName(), "RSA");
assertNotNull(c.getPublicKeyAlgorithmNameOrOID());
assertEquals(c.getPublicKeyAlgorithmNameOrOID(), "RSA");
assertNull(c.getPublicKeyAlgorithmParameters());
assertNotNull(c.getEncodedPublicKey());
assertNotNull(c.getDecodedPublicKey());
assertTrue(c.getDecodedPublicKey() instanceof RSAPublicKey);
assertNull(c.getIssuerUniqueID());
assertNull(c.getSubjectUniqueID());
assertNotNull(c.getExtensions());
assertTrue(c.getExtensions().isEmpty());
assertNotNull(c.getSignatureValue());
assertNotNull(c.toString());
assertNotNull(c.toPEM());
assertFalse(c.toPEM().isEmpty());
assertNotNull(c.toPEMString());
assertNotNull(c.getX509CertificateBytes());
assertNotNull(c.getSHA1Fingerprint());
assertNotNull(c.getSHA256Fingerprint());
assertNotNull(c.toCertificate());
}
use of com.unboundid.asn1.ASN1BitString in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testVerifySignatureInvalidSignature.
/**
* Tests the behavior of the {@code verifySignature} method with an
* invalid signature.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { CertException.class })
public void testVerifySignatureInvalidSignature() throws Exception {
final ObjectPair<X509Certificate, KeyPair> p = X509Certificate.generateSelfSignedCertificate(SignatureAlgorithmIdentifier.SHA_256_WITH_RSA, PublicKeyAlgorithmIdentifier.RSA, 2048, new DN("CN=ldap.example.com,O=Example Corporation,C=US"), System.currentTimeMillis(), System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365L), new SubjectAlternativeNameExtension(false, new GeneralNamesBuilder().addDNSName("ldap.example.com").build()));
final X509Certificate c = p.getFirst();
final X509CertificateExtension[] extensions = new X509CertificateExtension[c.getExtensions().size()];
c.getExtensions().toArray(extensions);
final X509Certificate cert = new X509Certificate(c.getVersion(), c.getSerialNumber(), c.getSignatureAlgorithmOID(), c.getSignatureAlgorithmParameters(), new ASN1BitString(ASN1BitString.getBitsForBytes(new byte[256])), c.getIssuerDN(), c.getNotBeforeTime(), c.getNotAfterTime(), c.getSubjectDN(), c.getPublicKeyAlgorithmOID(), null, c.getEncodedPublicKey(), c.getDecodedPublicKey(), c.getIssuerUniqueID(), c.getSubjectUniqueID(), extensions);
cert.verifySignature(null);
}
use of com.unboundid.asn1.ASN1BitString in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testValidCertificateWithUnknownSignatureAndPublicKeyAlgorithms.
/**
* Tests a valid X.509 certificate with unknown signature and public key
* algorithms.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testValidCertificateWithUnknownSignatureAndPublicKeyAlgorithms() throws Exception {
final long notBefore = System.currentTimeMillis();
final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
X509Certificate c = new X509Certificate(X509CertificateVersion.V1, BigInteger.valueOf(123456789L), new OID("1.2.3.4"), new ASN1Null(), new ASN1BitString(new boolean[1235]), new DN("CN=Issuer,O=Example Corp,C=US"), notBefore, notAfter, new DN("CN=ldap.example.com,O=Example Corp,C=US"), new OID("1.2.3.5"), new ASN1Null(), new ASN1BitString(new boolean[123]), null, null, null);
assertNotNull(c.getX509CertificateBytes());
c = new X509Certificate(c.encode().encode());
assertNotNull(c.getVersion());
assertEquals(c.getVersion(), X509CertificateVersion.V1);
assertNotNull(c.getSerialNumber());
assertEquals(c.getSerialNumber(), BigInteger.valueOf(123456789L));
assertNotNull(c.getSignatureAlgorithmOID());
assertEquals(c.getSignatureAlgorithmOID(), new OID("1.2.3.4"));
assertNull(c.getSignatureAlgorithmName());
assertNotNull(c.getSignatureAlgorithmNameOrOID());
assertEquals(c.getSignatureAlgorithmNameOrOID(), "1.2.3.4");
assertNotNull(c.getSignatureAlgorithmParameters());
assertNotNull(c.getIssuerDN());
assertEquals(c.getIssuerDN(), new DN("CN=Issuer,O=Example Corp,C=US"));
// NOTE: For some moronic reasons, certificates tend to use UTCTime instead
// of generalized time when encoding notBefore and notAfter values, despite
// the spec allowing either one, and despite UTCTime only supporting a
// two-digit year and no sub-second component. So we can't check for
// exact equivalence of the notBefore and notAfter values. Instead, just
// make sure that the values are within 2000 milliseconds of the expected
// value.
assertTrue(Math.abs(c.getNotBeforeTime() - notBefore) < 2000L);
assertNotNull(c.getNotBeforeDate());
assertEquals(c.getNotBeforeDate(), new Date(c.getNotBeforeTime()));
assertTrue(Math.abs(c.getNotAfterTime() - notAfter) < 2000L);
assertNotNull(c.getNotAfterDate());
assertEquals(c.getNotAfterDate(), new Date(c.getNotAfterTime()));
assertNotNull(c.getSubjectDN());
assertEquals(c.getSubjectDN(), new DN("CN=ldap.example.com,O=Example Corp,C=US"));
assertNotNull(c.getPublicKeyAlgorithmOID());
assertEquals(c.getPublicKeyAlgorithmOID(), new OID("1.2.3.5"));
assertNull(c.getPublicKeyAlgorithmName());
assertNotNull(c.getPublicKeyAlgorithmNameOrOID());
assertEquals(c.getPublicKeyAlgorithmNameOrOID(), "1.2.3.5");
assertNotNull(c.getPublicKeyAlgorithmParameters());
assertNotNull(c.getEncodedPublicKey());
assertNull(c.getDecodedPublicKey());
assertNull(c.getIssuerUniqueID());
assertNull(c.getSubjectUniqueID());
assertNotNull(c.getExtensions());
assertTrue(c.getExtensions().isEmpty());
assertNotNull(c.getSignatureValue());
assertNotNull(c.toString());
assertNotNull(c.toPEM());
assertFalse(c.toPEM().isEmpty());
assertNotNull(c.toPEMString());
assertNotNull(c.getX509CertificateBytes());
assertNotNull(c.getSHA1Fingerprint());
assertNotNull(c.getSHA256Fingerprint());
assertNotNull(c.toCertificate());
}
use of com.unboundid.asn1.ASN1BitString in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testDecodeValidityNotSequence.
/**
* Tests the behavior when trying to decode a certificate with a validity
* element that cannot be parsed as a sequence.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { CertException.class })
public void testDecodeValidityNotSequence() throws Exception {
final long notBefore = System.currentTimeMillis();
final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1OctetString("not a valid sequence"), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024]))), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
new X509Certificate(valueSequence.encode());
}
Aggregations