Example 21 with ASN1Null
use of com.unboundid.asn1.ASN1Null in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testIsSelfSignedWithSameAuthorityAndSubjectKeyIdentifiers.
/**
* Tests the {@code isSelfSigned} method for a certificate that has both
* subject key identifier and authority key identifier extensions with the
* same value.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testIsSelfSignedWithSameAuthorityAndSubjectKeyIdentifiers() throws Exception {
final X509Certificate c = new X509Certificate(X509CertificateVersion.V3, BigInteger.valueOf(12345L), SignatureAlgorithmIdentifier.SHA_256_WITH_RSA.getOID(), new ASN1Null(), new ASN1BitString(true, false, true, false, true), new DN("CN=Test,O=Example Corporation,C=US"), System.currentTimeMillis(), System.currentTimeMillis() + (365L * 86_400_000L), new DN("CN=Test,O=Example Corporation,C=US"), PublicKeyAlgorithmIdentifier.RSA.getOID(), new ASN1Null(), new ASN1BitString(false, true, false, true, false), null, null, null, new SubjectKeyIdentifierExtension(false, new ASN1OctetString("keyIdentifier")), new AuthorityKeyIdentifierExtension(false, new ASN1OctetString("keyIdentifier"), null, null));
assertTrue(c.isSelfSigned());
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
DN(com.unboundid.ldap.sdk.DN)
ASN1BitString(com.unboundid.asn1.ASN1BitString)
ASN1Null(com.unboundid.asn1.ASN1Null)
Test(org.testng.annotations.Test)
Example 22 with ASN1Null
use of com.unboundid.asn1.ASN1Null in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testDecodeMalformedSubjectDN.
/**
* Tests the behavior when trying to decode a certificate with a malformed
* subject DN.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { CertException.class })
public void testDecodeMalformedSubjectDN() throws Exception {
final long notBefore = System.currentTimeMillis();
final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1GeneralizedTime(notBefore), new ASN1GeneralizedTime(notAfter)), new ASN1OctetString("malformed subject DN"), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024]))), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
new X509Certificate(valueSequence.encode());
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
ASN1BigInteger(com.unboundid.asn1.ASN1BigInteger)
DN(com.unboundid.ldap.sdk.DN)
ASN1GeneralizedTime(com.unboundid.asn1.ASN1GeneralizedTime)
ASN1Integer(com.unboundid.asn1.ASN1Integer)
OID(com.unboundid.util.OID)
ASN1BitString(com.unboundid.asn1.ASN1BitString)
ASN1Sequence(com.unboundid.asn1.ASN1Sequence)
ASN1Element(com.unboundid.asn1.ASN1Element)
ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier)
ASN1Null(com.unboundid.asn1.ASN1Null)
Test(org.testng.annotations.Test)
Example 23 with ASN1Null
use of com.unboundid.asn1.ASN1Null in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testDecodeValueSequenceInvalidNumberOfElements.
/**
* Tests the behavior when trying to decode a sequence that does not contain
* exactly three elements.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { CertException.class })
public void testDecodeValueSequenceInvalidNumberOfElements() throws Exception {
final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
new X509Certificate(valueSequence.encode());
}
Also used :
ASN1Sequence(com.unboundid.asn1.ASN1Sequence)
OID(com.unboundid.util.OID)
ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier)
ASN1BitString(com.unboundid.asn1.ASN1BitString)
ASN1Null(com.unboundid.asn1.ASN1Null)
Test(org.testng.annotations.Test)
Example 24 with ASN1Null
use of com.unboundid.asn1.ASN1Null in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testCertificateWithMalformedExtensions.
/**
* Tests a valid X.509 certificate with a bunch of malformed extensions.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testCertificateWithMalformedExtensions() throws Exception {
final long notBefore = System.currentTimeMillis();
final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
X509Certificate c = new X509Certificate(X509CertificateVersion.V1, BigInteger.valueOf(123456789L), new OID("1.2.3.4"), new ASN1Null(), new ASN1BitString(new boolean[1235]), new DN("CN=Issuer,O=Example Corp,C=US"), notBefore, notAfter, new DN("CN=ldap.example.com,O=Example Corp,C=US"), PublicKeyAlgorithmIdentifier.EC.getOID(), new ASN1Null(), new ASN1BitString(new boolean[123]), null, null, null, new X509CertificateExtension(AuthorityKeyIdentifierExtension.AUTHORITY_KEY_IDENTIFIER_OID, true, StaticUtils.NO_BYTES), new X509CertificateExtension(BasicConstraintsExtension.BASIC_CONSTRAINTS_OID, true, StaticUtils.NO_BYTES), new X509CertificateExtension(CRLDistributionPointsExtension.CRL_DISTRIBUTION_POINTS_OID, true, StaticUtils.NO_BYTES), new X509CertificateExtension(ExtendedKeyUsageExtension.EXTENDED_KEY_USAGE_OID, true, StaticUtils.NO_BYTES), new X509CertificateExtension(IssuerAlternativeNameExtension.ISSUER_ALTERNATIVE_NAME_OID, true, StaticUtils.NO_BYTES), new X509CertificateExtension(KeyUsageExtension.KEY_USAGE_OID, true, StaticUtils.NO_BYTES), new X509CertificateExtension(SubjectAlternativeNameExtension.SUBJECT_ALTERNATIVE_NAME_OID, true, StaticUtils.NO_BYTES), new X509CertificateExtension(SubjectKeyIdentifierExtension.SUBJECT_KEY_IDENTIFIER_OID, true, StaticUtils.NO_BYTES));
assertNotNull(c.getX509CertificateBytes());
c = new X509Certificate(c.encode().encode());
assertNotNull(c.getVersion());
assertEquals(c.getVersion(), X509CertificateVersion.V1);
assertNotNull(c.getSerialNumber());
assertEquals(c.getSerialNumber(), BigInteger.valueOf(123456789L));
assertNotNull(c.getSignatureAlgorithmOID());
assertEquals(c.getSignatureAlgorithmOID(), new OID("1.2.3.4"));
assertNull(c.getSignatureAlgorithmName());
assertNotNull(c.getSignatureAlgorithmNameOrOID());
assertEquals(c.getSignatureAlgorithmNameOrOID(), "1.2.3.4");
assertNotNull(c.getSignatureAlgorithmParameters());
assertNotNull(c.getIssuerDN());
assertEquals(c.getIssuerDN(), new DN("CN=Issuer,O=Example Corp,C=US"));
// NOTE: For some moronic reasons, certificates tend to use UTCTime instead
// of generalized time when encoding notBefore and notAfter values, despite
// the spec allowing either one, and despite UTCTime only supporting a
// two-digit year and no sub-second component. So we can't check for
// exact equivalence of the notBefore and notAfter values. Instead, just
// make sure that the values are within 2000 milliseconds of the expected
// value.
assertTrue(Math.abs(c.getNotBeforeTime() - notBefore) < 2000L);
assertNotNull(c.getNotBeforeDate());
assertEquals(c.getNotBeforeDate(), new Date(c.getNotBeforeTime()));
assertTrue(Math.abs(c.getNotAfterTime() - notAfter) < 2000L);
assertNotNull(c.getNotAfterDate());
assertEquals(c.getNotAfterDate(), new Date(c.getNotAfterTime()));
assertNotNull(c.getSubjectDN());
assertEquals(c.getSubjectDN(), new DN("CN=ldap.example.com,O=Example Corp,C=US"));
assertNotNull(c.getPublicKeyAlgorithmOID());
assertEquals(c.getPublicKeyAlgorithmOID(), PublicKeyAlgorithmIdentifier.EC.getOID());
assertNotNull(c.getPublicKeyAlgorithmName());
assertEquals(c.getPublicKeyAlgorithmName(), "EC");
assertNotNull(c.getPublicKeyAlgorithmNameOrOID());
assertEquals(c.getPublicKeyAlgorithmNameOrOID(), "EC");
assertNotNull(c.getPublicKeyAlgorithmParameters());
assertNotNull(c.getEncodedPublicKey());
assertNull(c.getDecodedPublicKey());
assertNull(c.getIssuerUniqueID());
assertNull(c.getSubjectUniqueID());
assertNotNull(c.getExtensions());
assertFalse(c.getExtensions().isEmpty());
assertEquals(c.getExtensions().size(), 8);
assertNotNull(c.getSignatureValue());
assertNotNull(c.toString());
assertNotNull(c.toPEM());
assertFalse(c.toPEM().isEmpty());
assertNotNull(c.toPEMString());
assertNotNull(c.getX509CertificateBytes());
assertNotNull(c.getSHA1Fingerprint());
assertNotNull(c.getSHA256Fingerprint());
}Example 25 with ASN1Null
use of com.unboundid.asn1.ASN1Null in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testDecodeSignatureAlgorithmMismatch.
/**
* Tests the behavior when trying to decode a certificate with a mismatch in
* the signature algorithm between the TBSCertificate and Certificate
* sequences.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { CertException.class })
public void testDecodeSignatureAlgorithmMismatch() throws Exception {
final long notBefore = System.currentTimeMillis();
final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1GeneralizedTime(notBefore), new ASN1GeneralizedTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024]))), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1OctetString());
new X509Certificate(valueSequence.encode());
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
ASN1BigInteger(com.unboundid.asn1.ASN1BigInteger)
DN(com.unboundid.ldap.sdk.DN)
ASN1GeneralizedTime(com.unboundid.asn1.ASN1GeneralizedTime)
ASN1Integer(com.unboundid.asn1.ASN1Integer)
OID(com.unboundid.util.OID)
ASN1BitString(com.unboundid.asn1.ASN1BitString)
ASN1Sequence(com.unboundid.asn1.ASN1Sequence)
ASN1Element(com.unboundid.asn1.ASN1Element)
ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier)
ASN1Null(com.unboundid.asn1.ASN1Null)
Test(org.testng.annotations.Test)
Aggregations
ASN1Null (com.unboundid.asn1.ASN1Null)69
Test (org.testng.annotations.Test)65
ASN1BitString (com.unboundid.asn1.ASN1BitString)36
ASN1OctetString (com.unboundid.asn1.ASN1OctetString)33
DN (com.unboundid.ldap.sdk.DN)33
OID (com.unboundid.util.OID)32
ASN1Sequence (com.unboundid.asn1.ASN1Sequence)28
ASN1ObjectIdentifier (com.unboundid.asn1.ASN1ObjectIdentifier)23
ASN1Integer (com.unboundid.asn1.ASN1Integer)21
ASN1Element (com.unboundid.asn1.ASN1Element)20
ASN1BigInteger (com.unboundid.asn1.ASN1BigInteger)15
ASN1GeneralizedTime (com.unboundid.asn1.ASN1GeneralizedTime)9
ASN1UTCTime (com.unboundid.asn1.ASN1UTCTime)6
ArrayList (java.util.ArrayList)6
ASN1Null (com.github.zhenwei.core.asn1.ASN1Null)5
Date (java.util.Date)5
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)3
ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)3
AlgorithmParameters (java.security.AlgorithmParameters)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
