Examples with ASN1BitString com.unboundid.asn1.ASN1BitString used on opensource projects

Example 96 with ASN1BitString

use of com.unboundid.asn1.ASN1BitString in project ldapsdk by pingidentity.

the class X509CertificateTestCase method testDecodeMalformedExtension.

/**
 * Tests the behavior when trying to decode a certificate with a malformed
 * subject unique ID.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test(expectedExceptions = { CertException.class })
public void testDecodeMalformedExtension() throws Exception {
    final long notBefore = System.currentTimeMillis();
    final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
    final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1GeneralizedTime(notBefore), new ASN1GeneralizedTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024])), new ASN1Element((byte) 0xA3)), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
    new X509Certificate(valueSequence.encode());
}

Example 97 with ASN1BitString

use of com.unboundid.asn1.ASN1BitString in project ldapsdk by pingidentity.

the class X509CertificateTestCase method testDecodeMalformedSignatureBitString.

/**
 * Tests the behavior when trying to decode a certificate with a malformed
 * signature bit string.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test(expectedExceptions = { CertException.class })
public void testDecodeMalformedSignatureBitString() throws Exception {
    final long notBefore = System.currentTimeMillis();
    final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
    final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1GeneralizedTime(notBefore), new ASN1GeneralizedTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024]))), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
    new X509Certificate(valueSequence.encode());
}

Example 98 with ASN1BitString

use of com.unboundid.asn1.ASN1BitString in project ldapsdk by pingidentity.

the class ManageCertificates method printPublicKey.

/**
 * Prints information about the provided public key.
 *
 * @param  encodedPublicKey  The encoded representation of the public key.
 *                           This must not be {@code null}.
 * @param  decodedPublicKey  The decoded representation of the public key, if
 *                           available.
 * @param  parameters        The public key algorithm parameters, if any.
 * @param  indent            The string to place at the beginning of each
 *                           line to indent that line.
 */
private void printPublicKey(@NotNull final ASN1BitString encodedPublicKey, @Nullable final DecodedPublicKey decodedPublicKey, @Nullable final ASN1Element parameters, @NotNull final String indent) {
    if (decodedPublicKey == null) {
        String pkString;
        try {
            pkString = toColonDelimitedHex(encodedPublicKey.getBytes());
        } catch (final Exception e) {
            Debug.debugException(e);
            pkString = encodedPublicKey.toString();
        }
        out(indent + INFO_MANAGE_CERTS_PRINT_CERT_LABEL_ENCODED_PK.get());
        for (final String line : StaticUtils.wrapLine(pkString, 78)) {
            out(indent + "     " + line);
        }
        return;
    }
    if (decodedPublicKey instanceof RSAPublicKey) {
        final RSAPublicKey rsaPublicKey = (RSAPublicKey) decodedPublicKey;
        final byte[] modulusBytes = rsaPublicKey.getModulus().toByteArray();
        int modulusSizeBits = modulusBytes.length * 8;
        if (((modulusBytes.length % 2) != 0) && (modulusBytes[0] == 0x00)) {
            modulusSizeBits -= 8;
        }
        out(indent + INFO_MANAGE_CERTS_PRINT_CERT_LABEL_RSA_MODULUS.get(modulusSizeBits));
        final String modulusHex = toColonDelimitedHex(modulusBytes);
        for (final String line : StaticUtils.wrapLine(modulusHex, 78)) {
            out(indent + "     " + line);
        }
        out(indent + INFO_MANAGE_CERTS_PRINT_CERT_LABEL_RSA_EXPONENT.get(toColonDelimitedHex(rsaPublicKey.getPublicExponent().toByteArray())));
    } else if (decodedPublicKey instanceof EllipticCurvePublicKey) {
        final EllipticCurvePublicKey ecPublicKey = (EllipticCurvePublicKey) decodedPublicKey;
        out(indent + INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EC_IS_COMPRESSED.get(String.valueOf(ecPublicKey.usesCompressedForm())));
        out(indent + INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EC_X.get(String.valueOf(ecPublicKey.getXCoordinate())));
        if (ecPublicKey.getYCoordinate() == null) {
            out(indent + INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EC_Y_IS_EVEN.get(String.valueOf(ecPublicKey.yCoordinateIsEven())));
        } else {
            out(indent + INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EC_Y.get(String.valueOf(ecPublicKey.getYCoordinate())));
        }
    }
}

Example 99 with ASN1BitString

use of com.unboundid.asn1.ASN1BitString in project ldapsdk by pingidentity.

the class PromptTrustManagerProcessorTestCase method testSubjectCertificateWithInvalidSignature.

/**
 * Tests the behavior with a two-certificate chain in which the subject
 * certificate has an invalid signature.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testSubjectCertificateWithInvalidSignature() throws Exception {
    // Create a bunch of variables with file paths and other values to use
    // during testing.
    final File tempDir = createTempDir();
    final String caCertificateAlias = "ca-cert";
    final String caKeyStorePath = new File(tempDir, caCertificateAlias + "-keystore.jks").getAbsolutePath();
    final String caCertificatePath = new File(tempDir, caCertificateAlias + ".cert").getAbsolutePath();
    final String serverCertificateAlias = "server-cert";
    final String serverKeyStorePath = new File(tempDir, serverCertificateAlias + "-keystore.jks").getAbsolutePath();
    final String serverCSRPath = new File(tempDir, serverCertificateAlias + ".csr").getAbsolutePath();
    final String serverCertificatePath = new File(tempDir, serverCertificateAlias + ".cert").getAbsolutePath();
    // Create a JKS keystore with just a CA certificate.
    manageCertificates("generate-self-signed-certificate", "--keystore", caKeyStorePath, "--keystore-password", "password", "--keystore-type", "JKS", "--alias", caCertificateAlias, "--subject-dn", "CN=Example Root CA,O=Example Corporation,C=US", "--days-valid", "7300", "--key-algorithm", "RSA", "--key-size-bits", "2048", "--signature-algorithm", "SHA256withRSA", "--subject-alternative-name-email-address", "ca@example.com", "--basic-constraints-is-ca", "true", "--key-usage", "key-cert-sign", "--display-keytool-command");
    manageCertificates("export-certificate", "--keystore", caKeyStorePath, "--keystore-password", "password", "--alias", caCertificateAlias, "--output-format", "PEM", "--output-file", caCertificatePath, "--display-keytool-command");
    // Create a JKS keystore with a server certificate that is signed by the CA.
    manageCertificates("generate-certificate-signing-request", "--output-file", serverCSRPath, "--keystore", serverKeyStorePath, "--keystore-password", "password", "--keystore-type", "JKS", "--alias", serverCertificateAlias, "--subject-dn", "CN=ldap.example.com,O=Example Corporation,C=US", "--key-algorithm", "RSA", "--key-size-bits", "2048", "--signature-algorithm", "SHA256withRSA", "--subject-alternative-name-dns", "ldap.example.com", "--subject-alternative-name-dns", "ldap", "--subject-alternative-name-dns", "ds.example.com", "--subject-alternative-name-dns", "ds", "--subject-alternative-name-dns", "localhost", "--subject-alternative-name-ip-address", "127.0.0.1", "--subject-alternative-name-ip-address", "::1", "--extended-key-usage", "server-auth", "--extended-key-usage", "client-auth", "--display-keytool-command");
    manageCertificates("sign-certificate-signing-request", "--request-input-file", serverCSRPath, "--certificate-output-file", serverCertificatePath, "--output-format", "PEM", "--keystore", caKeyStorePath, "--keystore-password", "password", "--signing-certificate-alias", caCertificateAlias, "--days-valid", "365", "--include-requested-extensions", "--no-prompt", "--display-keytool-command");
    manageCertificates("import-certificate", "--certificate-file", serverCertificatePath, "--certificate-file", caCertificatePath, "--keystore", serverKeyStorePath, "--keystore-password", "password", "--alias", serverCertificateAlias, "--no-prompt", "--display-keytool-command");
    // Load the keystore and get the certificate chain.
    final KeyStore keystore = CryptoHelper.getKeyStore("JKS");
    try (FileInputStream inputStream = new FileInputStream(serverKeyStorePath)) {
        keystore.load(inputStream, "password".toCharArray());
    }
    final Certificate[] javaChain = keystore.getCertificateChain(serverCertificateAlias);
    final X509Certificate[] ldapSDKChain = PromptTrustManager.convertChain(javaChain);
    final List<X509CertificateExtension> extensionList = ldapSDKChain[0].getExtensions();
    final X509CertificateExtension[] extensionArray = new X509CertificateExtension[extensionList.size()];
    extensionList.toArray(extensionArray);
    final boolean[] validSignatureBits = ldapSDKChain[0].getSignatureValue().getBits();
    final boolean[] invalidSignatureBits = new boolean[validSignatureBits.length];
    final ASN1BitString invalidSignatureValue = new ASN1BitString(invalidSignatureBits);
    ldapSDKChain[0] = InternalCertHelper.createX509Certificate(ldapSDKChain[0].getVersion(), ldapSDKChain[0].getSerialNumber(), ldapSDKChain[0].getSignatureAlgorithmOID(), ldapSDKChain[0].getSignatureAlgorithmParameters(), invalidSignatureValue, ldapSDKChain[0].getIssuerDN(), ldapSDKChain[0].getNotBeforeTime(), ldapSDKChain[0].getNotAfterTime(), ldapSDKChain[0].getSubjectDN(), ldapSDKChain[0].getPublicKeyAlgorithmOID(), ldapSDKChain[0].getPublicKeyAlgorithmParameters(), ldapSDKChain[0].getEncodedPublicKey(), ldapSDKChain[0].getDecodedPublicKey(), ldapSDKChain[0].getIssuerUniqueID(), ldapSDKChain[0].getSubjectUniqueID(), extensionArray);
    // Invoke the shouldPrompt method and examine the result.
    final ObjectPair<Boolean, List<String>> promptResult = PromptTrustManagerProcessor.shouldPrompt(PromptTrustManager.getCacheKey(javaChain[0]), ldapSDKChain, true, true, Collections.<String, Boolean>emptyMap(), Collections.singletonList("ldap.example.com"));
    assertNotNull(promptResult.getFirst());
    assertEquals(promptResult.getFirst(), Boolean.TRUE);
    assertNotNull(promptResult.getSecond());
    assertFalse(promptResult.getSecond().isEmpty());
    assertEquals(promptResult.getSecond().size(), 1);
}

Example 100 with ASN1BitString

use of com.unboundid.asn1.ASN1BitString in project ldapsdk by pingidentity.

the class PromptTrustManagerProcessorTestCase method testSelfSignedCertificateWithInvalidSignature.

/**
 * Tests the behavior with a self-signed certificate that has an invalid
 * signature.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testSelfSignedCertificateWithInvalidSignature() throws Exception {
    final ObjectPair<X509Certificate, KeyPair> p = X509Certificate.generateSelfSignedCertificate(SignatureAlgorithmIdentifier.SHA_256_WITH_RSA, PublicKeyAlgorithmIdentifier.RSA, 2048, new DN("CN=ldap.example.com,O=Example Corporation,C=US"), System.currentTimeMillis(), System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365L));
    final X509Certificate c = p.getFirst();
    final X509CertificateExtension[] extensions = new X509CertificateExtension[c.getExtensions().size()];
    c.getExtensions().toArray(extensions);
    final X509Certificate cert = InternalCertHelper.createX509Certificate(c.getVersion(), c.getSerialNumber(), c.getSignatureAlgorithmOID(), c.getSignatureAlgorithmParameters(), new ASN1BitString(ASN1BitString.getBitsForBytes(new byte[256])), c.getIssuerDN(), c.getNotBeforeTime(), c.getNotAfterTime(), c.getSubjectDN(), c.getPublicKeyAlgorithmOID(), null, c.getEncodedPublicKey(), c.getDecodedPublicKey(), c.getIssuerUniqueID(), c.getSubjectUniqueID(), extensions);
    // Invoke the shouldPrompt method and examine the result.
    final ObjectPair<Boolean, List<String>> promptResult = PromptTrustManagerProcessor.shouldPrompt(PromptTrustManager.getCacheKey(cert.toCertificate()), new X509Certificate[] { cert }, true, true, Collections.<String, Boolean>emptyMap(), null);
    assertNotNull(promptResult.getFirst());
    assertEquals(promptResult.getFirst(), Boolean.TRUE);
    assertNotNull(promptResult.getSecond());
    assertFalse(promptResult.getSecond().isEmpty());
    assertEquals(promptResult.getSecond().size(), 2);
}