Search in sources :

Example 86 with ASN1BitString

use of com.unboundid.asn1.ASN1BitString in project ldapsdk by pingidentity.

the class X509CertificateTestCase method testDecodeVersionNotInteger.

/**
 * Tests the behavior when trying to decode a certificate with a version that
 * cannot be parsed as an integer.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test(expectedExceptions = { CertException.class })
public void testDecodeVersionNotInteger() throws Exception {
    final long notBefore = System.currentTimeMillis();
    final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
    final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1UTCTime(notBefore), new ASN1UTCTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024]))), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
    new X509Certificate(valueSequence.encode());
}
Also used : ASN1Sequence(com.unboundid.asn1.ASN1Sequence) ASN1Element(com.unboundid.asn1.ASN1Element) ASN1UTCTime(com.unboundid.asn1.ASN1UTCTime) ASN1BigInteger(com.unboundid.asn1.ASN1BigInteger) DN(com.unboundid.ldap.sdk.DN) OID(com.unboundid.util.OID) ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier) ASN1BitString(com.unboundid.asn1.ASN1BitString) ASN1Null(com.unboundid.asn1.ASN1Null) Test(org.testng.annotations.Test)

Example 87 with ASN1BitString

use of com.unboundid.asn1.ASN1BitString in project ldapsdk by pingidentity.

the class PKCS10CertificateSigningRequestTestCase method testCSRWithECKeyMalformedNamedCurve.

/**
 * Tests a valid PKCS#10 certificate signing request with an EC public key
 * and a malformed named curve.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testCSRWithECKeyMalformedNamedCurve() throws Exception {
    final EllipticCurvePublicKey publicKey = new EllipticCurvePublicKey(BigInteger.valueOf(1234567890L), BigInteger.valueOf(9876543210L));
    final ArrayList<ObjectPair<OID, ASN1Set>> nonExtensionAttributes = new ArrayList<>(2);
    nonExtensionAttributes.add(new ObjectPair<>(new OID("1.2.3.4"), new ASN1Set()));
    nonExtensionAttributes.add(new ObjectPair<>(new OID("1.2.3.5"), new ASN1Set()));
    PKCS10CertificateSigningRequest csr = new PKCS10CertificateSigningRequest(PKCS10CertificateSigningRequestVersion.V1, SignatureAlgorithmIdentifier.SHA_256_WITH_ECDSA.getOID(), new ASN1Null(), new ASN1BitString(new boolean[2048]), new DN("CN=ldap.example.com,O=Example Corporation,C=US"), PublicKeyAlgorithmIdentifier.EC.getOID(), new ASN1OctetString(), publicKey.encode(), publicKey, nonExtensionAttributes, new SubjectKeyIdentifierExtension(false, new ASN1OctetString("keyIdentifier")), new SubjectAlternativeNameExtension(false, new GeneralNamesBuilder().addDNSName("ldap.example.com").build()));
    assertNotNull(csr.toString());
    assertNotNull(csr.toPEM());
    assertFalse(csr.toPEM().isEmpty());
    assertNotNull(csr.toPEMString());
}
Also used : ASN1OctetString(com.unboundid.asn1.ASN1OctetString) ArrayList(java.util.ArrayList) DN(com.unboundid.ldap.sdk.DN) OID(com.unboundid.util.OID) ASN1BitString(com.unboundid.asn1.ASN1BitString) ASN1Set(com.unboundid.asn1.ASN1Set) ObjectPair(com.unboundid.util.ObjectPair) ASN1Null(com.unboundid.asn1.ASN1Null) Test(org.testng.annotations.Test)

Example 88 with ASN1BitString

use of com.unboundid.asn1.ASN1BitString in project ldapsdk by pingidentity.

the class PKCS8PrivateKeyTestCase method testDecodedEllipticCurvePrivateKeyWithoutNamedCurveParameter.

/**
 * Tests the behavior with a private key created with a decoded elliptic curve
 * private key but without a named curve OID as the algorithm parameters.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testDecodedEllipticCurvePrivateKeyWithoutNamedCurveParameter() throws Exception {
    final EllipticCurvePrivateKey ecPrivateKey = new EllipticCurvePrivateKey(1, new byte[32], NamedCurve.SECP256R1.getOID(), new ASN1BitString(new boolean[256]));
    final PKCS8PrivateKey privateKey = new PKCS8PrivateKey(PKCS8PrivateKeyVersion.V1, PublicKeyAlgorithmIdentifier.EC.getOID(), new ASN1Null(), ecPrivateKey.encode(), ecPrivateKey, null, null);
    assertNotNull(privateKey.toString());
    assertNotNull(privateKey.toPEM());
    assertFalse(privateKey.toPEM().isEmpty());
    assertNotNull(privateKey.toPEMString());
    assertNotNull(privateKey.getPKCS8PrivateKeyBytes());
}
Also used : ASN1BitString(com.unboundid.asn1.ASN1BitString) ASN1Null(com.unboundid.asn1.ASN1Null) Test(org.testng.annotations.Test)

Example 89 with ASN1BitString

use of com.unboundid.asn1.ASN1BitString in project ldapsdk by pingidentity.

the class InternalCertHelperTestCase method testCreateX509Certificate.

/**
 * Provides test coverage for the {@code createX509Certificate} method.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testCreateX509Certificate() throws Exception {
    final long notBefore = System.currentTimeMillis();
    final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
    final byte[] modulusBytes = new byte[256];
    modulusBytes[0] = 0x40;
    modulusBytes[255] = 0x01;
    final BigInteger modulus = new BigInteger(modulusBytes);
    final BigInteger exponent = BigInteger.valueOf(65537L);
    final RSAPublicKey publicKey = new RSAPublicKey(modulus, exponent);
    final X509Certificate c = InternalCertHelper.createX509Certificate(X509CertificateVersion.V1, BigInteger.valueOf(123456789L), SignatureAlgorithmIdentifier.SHA_256_WITH_RSA.getOID(), null, new ASN1BitString(new boolean[1024]), new DN("CN=Issuer,O=Example Corp,C=US"), notBefore, notAfter, new DN("CN=ldap.example.com,O=Example Corp,C=US"), PublicKeyAlgorithmIdentifier.RSA.getOID(), null, publicKey.encode(), publicKey, null, null);
    assertNotNull(c.getVersion());
    assertEquals(c.getVersion(), X509CertificateVersion.V1);
    assertNotNull(c.getSerialNumber());
    assertEquals(c.getSerialNumber(), BigInteger.valueOf(123456789L));
    assertNotNull(c.getSignatureAlgorithmOID());
    assertEquals(c.getSignatureAlgorithmOID(), SignatureAlgorithmIdentifier.SHA_256_WITH_RSA.getOID());
    assertNotNull(c.getSignatureAlgorithmName());
    assertEquals(c.getSignatureAlgorithmName(), "SHA-256 with RSA");
    assertNotNull(c.getSignatureAlgorithmNameOrOID());
    assertEquals(c.getSignatureAlgorithmNameOrOID(), "SHA-256 with RSA");
    assertNull(c.getSignatureAlgorithmParameters());
    assertNotNull(c.getIssuerDN());
    assertEquals(c.getIssuerDN(), new DN("CN=Issuer,O=Example Corp,C=US"));
    // NOTE:  For some moronic reasons, certificates tend to use UTCTime instead
    // of generalized time when encoding notBefore and notAfter values, despite
    // the spec allowing either one, and despite UTCTime only supporting a
    // two-digit year and no sub-second component.  So we can't check for
    // exact equivalence  of the notBefore and notAfter values.  Instead, just
    // make sure that the values are within 2000 milliseconds of the expected
    // value.
    assertTrue(Math.abs(c.getNotBeforeTime() - notBefore) < 2000L);
    assertNotNull(c.getNotBeforeDate());
    assertEquals(c.getNotBeforeDate(), new Date(c.getNotBeforeTime()));
    assertTrue(Math.abs(c.getNotAfterTime() - notAfter) < 2000L);
    assertNotNull(c.getNotAfterDate());
    assertEquals(c.getNotAfterDate(), new Date(c.getNotAfterTime()));
    assertNotNull(c.getSubjectDN());
    assertEquals(c.getSubjectDN(), new DN("CN=ldap.example.com,O=Example Corp,C=US"));
    assertNotNull(c.getPublicKeyAlgorithmOID());
    assertEquals(c.getPublicKeyAlgorithmOID(), PublicKeyAlgorithmIdentifier.RSA.getOID());
    assertNotNull(c.getPublicKeyAlgorithmName());
    assertEquals(c.getPublicKeyAlgorithmName(), "RSA");
    assertNotNull(c.getPublicKeyAlgorithmNameOrOID());
    assertEquals(c.getPublicKeyAlgorithmNameOrOID(), "RSA");
    assertNull(c.getPublicKeyAlgorithmParameters());
    assertNotNull(c.getEncodedPublicKey());
    assertNotNull(c.getDecodedPublicKey());
    assertTrue(c.getDecodedPublicKey() instanceof RSAPublicKey);
    assertNull(c.getIssuerUniqueID());
    assertNull(c.getSubjectUniqueID());
    assertNotNull(c.getExtensions());
    assertTrue(c.getExtensions().isEmpty());
    assertNotNull(c.getSignatureValue());
    assertNotNull(c.toString());
    assertNotNull(c.toPEM());
    assertFalse(c.toPEM().isEmpty());
    assertNotNull(c.toPEMString());
    assertNotNull(c.getX509CertificateBytes());
    assertNotNull(c.getSHA1Fingerprint());
    assertNotNull(c.getSHA256Fingerprint());
    assertNotNull(c.toCertificate());
}
Also used : BigInteger(java.math.BigInteger) DN(com.unboundid.ldap.sdk.DN) ASN1BitString(com.unboundid.asn1.ASN1BitString) Date(java.util.Date) Test(org.testng.annotations.Test)

Example 90 with ASN1BitString

use of com.unboundid.asn1.ASN1BitString in project ldapsdk by pingidentity.

the class CRLDistributionPointRevocationReasonTestCase method testFullSet.

/**
 * Tests the behavior when trying to decode a bit string with all bits set.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testFullSet() throws Exception {
    final boolean[] correctNumberOfBits = new boolean[CRLDistributionPointRevocationReason.values().length];
    Arrays.fill(correctNumberOfBits, true);
    assertNotNull(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(correctNumberOfBits)));
    assertFalse(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(correctNumberOfBits)).isEmpty());
    assertEquals(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(correctNumberOfBits)), EnumSet.allOf(CRLDistributionPointRevocationReason.class));
    final boolean[] moreBitsThanNecessary = new boolean[100];
    Arrays.fill(moreBitsThanNecessary, true);
    assertNotNull(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(moreBitsThanNecessary)));
    assertFalse(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(moreBitsThanNecessary)).isEmpty());
    assertEquals(CRLDistributionPointRevocationReason.getReasonSet(new ASN1BitString(moreBitsThanNecessary)), EnumSet.allOf(CRLDistributionPointRevocationReason.class));
}
Also used : ASN1BitString(com.unboundid.asn1.ASN1BitString) Test(org.testng.annotations.Test)

Aggregations

ASN1BitString (com.unboundid.asn1.ASN1BitString)72 Test (org.testng.annotations.Test)62 DN (com.unboundid.ldap.sdk.DN)49 ASN1Null (com.unboundid.asn1.ASN1Null)36 OID (com.unboundid.util.OID)33 ASN1ObjectIdentifier (com.unboundid.asn1.ASN1ObjectIdentifier)26 ASN1OctetString (com.unboundid.asn1.ASN1OctetString)25 ASN1Sequence (com.unboundid.asn1.ASN1Sequence)24 ASN1Element (com.unboundid.asn1.ASN1Element)23 ASN1BigInteger (com.unboundid.asn1.ASN1BigInteger)22 ASN1Integer (com.unboundid.asn1.ASN1Integer)20 IOException (java.io.IOException)16 ASN1BitString (com.github.zhenwei.core.asn1.ASN1BitString)14 ASN1BitString (org.bouncycastle.asn1.ASN1BitString)11 BigInteger (java.math.BigInteger)10 ArrayList (java.util.ArrayList)10 ASN1GeneralizedTime (com.unboundid.asn1.ASN1GeneralizedTime)9 NotNull (com.unboundid.util.NotNull)9 Date (java.util.Date)8 KeyPair (java.security.KeyPair)7