use of com.unboundid.asn1.ASN1BitString in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testDecodeVersionNotInteger.
/**
* Tests the behavior when trying to decode a certificate with a version that
* cannot be parsed as an integer.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { CertException.class })
public void testDecodeVersionNotInteger() throws Exception {
final long notBefore = System.currentTimeMillis();
final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1UTCTime(notBefore), new ASN1UTCTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024]))), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
new X509Certificate(valueSequence.encode());
}
use of com.unboundid.asn1.ASN1BitString in project ldapsdk by pingidentity.
the class PKCS10CertificateSigningRequestTestCase method testCSRWithECKeyMalformedNamedCurve.
/**
* Tests a valid PKCS#10 certificate signing request with an EC public key
* and a malformed named curve.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testCSRWithECKeyMalformedNamedCurve() throws Exception {
final EllipticCurvePublicKey publicKey = new EllipticCurvePublicKey(BigInteger.valueOf(1234567890L), BigInteger.valueOf(9876543210L));
final ArrayList<ObjectPair<OID, ASN1Set>> nonExtensionAttributes = new ArrayList<>(2);
nonExtensionAttributes.add(new ObjectPair<>(new OID("1.2.3.4"), new ASN1Set()));
nonExtensionAttributes.add(new ObjectPair<>(new OID("1.2.3.5"), new ASN1Set()));
PKCS10CertificateSigningRequest csr = new PKCS10CertificateSigningRequest(PKCS10CertificateSigningRequestVersion.V1, SignatureAlgorithmIdentifier.SHA_256_WITH_ECDSA.getOID(), new ASN1Null(), new ASN1BitString(new boolean[2048]), new DN("CN=ldap.example.com,O=Example Corporation,C=US"), PublicKeyAlgorithmIdentifier.EC.getOID(), new ASN1OctetString(), publicKey.encode(), publicKey, nonExtensionAttributes, new SubjectKeyIdentifierExtension(false, new ASN1OctetString("keyIdentifier")), new SubjectAlternativeNameExtension(false, new GeneralNamesBuilder().addDNSName("ldap.example.com").build()));
assertNotNull(csr.toString());
assertNotNull(csr.toPEM());
assertFalse(csr.toPEM().isEmpty());
assertNotNull(csr.toPEMString());
}
use of com.unboundid.asn1.ASN1BitString in project ldapsdk by pingidentity.
the class PKCS8PrivateKeyTestCase method testDecodedEllipticCurvePrivateKeyWithoutNamedCurveParameter.
/**
* Tests the behavior with a private key created with a decoded elliptic curve
* private key but without a named curve OID as the algorithm parameters.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testDecodedEllipticCurvePrivateKeyWithoutNamedCurveParameter() throws Exception {
final EllipticCurvePrivateKey ecPrivateKey = new EllipticCurvePrivateKey(1, new byte[32], NamedCurve.SECP256R1.getOID(), new ASN1BitString(new boolean[256]));
final PKCS8PrivateKey privateKey = new PKCS8PrivateKey(PKCS8PrivateKeyVersion.V1, PublicKeyAlgorithmIdentifier.EC.getOID(), new ASN1Null(), ecPrivateKey.encode(), ecPrivateKey, null, null);
assertNotNull(privateKey.toString());
assertNotNull(privateKey.toPEM());
assertFalse(privateKey.toPEM().isEmpty());
assertNotNull(privateKey.toPEMString());
assertNotNull(privateKey.getPKCS8PrivateKeyBytes());
}
use of com.unboundid.asn1.ASN1BitString in project ldapsdk by pingidentity.
the class InternalCertHelperTestCase method testCreateX509Certificate.
/**
* Provides test coverage for the {@code createX509Certificate} method.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testCreateX509Certificate() throws Exception {
final long notBefore = System.currentTimeMillis();
final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
final byte[] modulusBytes = new byte[256];
modulusBytes[0] = 0x40;
modulusBytes[255] = 0x01;
final BigInteger modulus = new BigInteger(modulusBytes);
final BigInteger exponent = BigInteger.valueOf(65537L);
final RSAPublicKey publicKey = new RSAPublicKey(modulus, exponent);
final X509Certificate c = InternalCertHelper.createX509Certificate(X509CertificateVersion.V1, BigInteger.valueOf(123456789L), SignatureAlgorithmIdentifier.SHA_256_WITH_RSA.getOID(), null, new ASN1BitString(new boolean[1024]), new DN("CN=Issuer,O=Example Corp,C=US"), notBefore, notAfter, new DN("CN=ldap.example.com,O=Example Corp,C=US"), PublicKeyAlgorithmIdentifier.RSA.getOID(), null, publicKey.encode(), publicKey, null, null);
assertNotNull(c.getVersion());
assertEquals(c.getVersion(), X509CertificateVersion.V1);
assertNotNull(c.getSerialNumber());
assertEquals(c.getSerialNumber(), BigInteger.valueOf(123456789L));
assertNotNull(c.getSignatureAlgorithmOID());
assertEquals(c.getSignatureAlgorithmOID(), SignatureAlgorithmIdentifier.SHA_256_WITH_RSA.getOID());
assertNotNull(c.getSignatureAlgorithmName());
assertEquals(c.getSignatureAlgorithmName(), "SHA-256 with RSA");
assertNotNull(c.getSignatureAlgorithmNameOrOID());
assertEquals(c.getSignatureAlgorithmNameOrOID(), "SHA-256 with RSA");
assertNull(c.getSignatureAlgorithmParameters());
assertNotNull(c.getIssuerDN());
assertEquals(c.getIssuerDN(), new DN("CN=Issuer,O=Example Corp,C=US"));
// NOTE: For some moronic reasons, certificates tend to use UTCTime instead
// of generalized time when encoding notBefore and notAfter values, despite
// the spec allowing either one, and despite UTCTime only supporting a
// two-digit year and no sub-second component. So we can't check for
// exact equivalence of the notBefore and notAfter values. Instead, just
// make sure that the values are within 2000 milliseconds of the expected
// value.
assertTrue(Math.abs(c.getNotBeforeTime() - notBefore) < 2000L);
assertNotNull(c.getNotBeforeDate());
assertEquals(c.getNotBeforeDate(), new Date(c.getNotBeforeTime()));
assertTrue(Math.abs(c.getNotAfterTime() - notAfter) < 2000L);
assertNotNull(c.getNotAfterDate());
assertEquals(c.getNotAfterDate(), new Date(c.getNotAfterTime()));
assertNotNull(c.getSubjectDN());
assertEquals(c.getSubjectDN(), new DN("CN=ldap.example.com,O=Example Corp,C=US"));
assertNotNull(c.getPublicKeyAlgorithmOID());
assertEquals(c.getPublicKeyAlgorithmOID(), PublicKeyAlgorithmIdentifier.RSA.getOID());
assertNotNull(c.getPublicKeyAlgorithmName());
assertEquals(c.getPublicKeyAlgorithmName(), "RSA");
assertNotNull(c.getPublicKeyAlgorithmNameOrOID());
assertEquals(c.getPublicKeyAlgorithmNameOrOID(), "RSA");
assertNull(c.getPublicKeyAlgorithmParameters());
assertNotNull(c.getEncodedPublicKey());
assertNotNull(c.getDecodedPublicKey());
assertTrue(c.getDecodedPublicKey() instanceof RSAPublicKey);
assertNull(c.getIssuerUniqueID());
assertNull(c.getSubjectUniqueID());
assertNotNull(c.getExtensions());
assertTrue(c.getExtensions().isEmpty());
assertNotNull(c.getSignatureValue());
assertNotNull(c.toString());
assertNotNull(c.toPEM());
assertFalse(c.toPEM().isEmpty());
assertNotNull(c.toPEMString());
assertNotNull(c.getX509CertificateBytes());
assertNotNull(c.getSHA1Fingerprint());
assertNotNull(c.getSHA256Fingerprint());
assertNotNull(c.toCertificate());
}
use of com.unboundid.asn1.ASN1BitString in project ldapsdk by pingidentity.
the class CRLDistributionPointRevocationReasonTestCase method testFullSet.
/**
* Tests the behavior when trying to decode a bit string with all bits set.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testFullSet() throws Exception {
final boolean[] correctNumberOfBits = new boolean[CRLDistributionPointRevocationReason.values().length];
Arrays.fill(correctNumberOfBits, true);
assertNotNull(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(correctNumberOfBits)));
assertFalse(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(correctNumberOfBits)).isEmpty());
assertEquals(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(correctNumberOfBits)), EnumSet.allOf(CRLDistributionPointRevocationReason.class));
final boolean[] moreBitsThanNecessary = new boolean[100];
Arrays.fill(moreBitsThanNecessary, true);
assertNotNull(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(moreBitsThanNecessary)));
assertFalse(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(moreBitsThanNecessary)).isEmpty());
assertEquals(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(moreBitsThanNecessary)), EnumSet.allOf(CRLDistributionPointRevocationReason.class));
}
Aggregations