Example 26 with ASN1Null
use of com.unboundid.asn1.ASN1Null in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testIsSelfSignedWithoutAuthorityKeyIdentifierDifferentDNs.
/**
* Tests the {@code isSelfSigned} method for a certificate that doesn't have
* an authority key identifier and for which the subject DN does not match the
* issuer DN.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testIsSelfSignedWithoutAuthorityKeyIdentifierDifferentDNs() throws Exception {
final X509Certificate c = new X509Certificate(X509CertificateVersion.V3, BigInteger.valueOf(12345L), SignatureAlgorithmIdentifier.SHA_256_WITH_RSA.getOID(), new ASN1Null(), new ASN1BitString(true, false, true, false, true), new DN("CN=Test,O=Example Corporation,C=US"), System.currentTimeMillis(), System.currentTimeMillis() + (365L * 86_400_000L), new DN("CN=Different Test,O=Example Corporation,C=US"), PublicKeyAlgorithmIdentifier.RSA.getOID(), new ASN1Null(), new ASN1BitString(false, true, false, true, false), null, null, null, new SubjectKeyIdentifierExtension(false, new ASN1OctetString("keyIdentifier")));
assertFalse(c.isSelfSigned());
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
DN(com.unboundid.ldap.sdk.DN)
ASN1BitString(com.unboundid.asn1.ASN1BitString)
ASN1Null(com.unboundid.asn1.ASN1Null)
Test(org.testng.annotations.Test)
Example 27 with ASN1Null
use of com.unboundid.asn1.ASN1Null in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testValidCertificateWithECKeyAllOptionalElements.
/**
* Tests a valid X.509 certificate with an elliptic curve public key and all
* optional elements, including all supported types of extensions (and an
* unsupported type of extension).
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testValidCertificateWithECKeyAllOptionalElements() throws Exception {
final long notBefore = System.currentTimeMillis();
final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
final EllipticCurvePublicKey publicKey = new EllipticCurvePublicKey(BigInteger.valueOf(1234567890L), BigInteger.valueOf(9876543210L));
final boolean[] issuerUniqueIDBits = { true, false, true, false, true };
final boolean[] subjectUniqueIDBits = { false, true, false, true, false };
X509Certificate c = new X509Certificate(X509CertificateVersion.V3, BigInteger.valueOf(987654321L), SignatureAlgorithmIdentifier.SHA_256_WITH_ECDSA.getOID(), new ASN1Null(), new ASN1BitString(new boolean[256]), new DN("CN=Issuer,O=Example Corp,C=US"), notBefore, notAfter, new DN("CN=ldap.example.com,O=Example Corp,C=US"), PublicKeyAlgorithmIdentifier.EC.getOID(), new ASN1ObjectIdentifier(NamedCurve.SECP256R1.getOID()), publicKey.encode(), publicKey, new ASN1BitString(issuerUniqueIDBits), new ASN1BitString(subjectUniqueIDBits), new X509CertificateExtension(new OID("1.2.3.4"), true, "foo".getBytes("UTF-8")), new AuthorityKeyIdentifierExtension(false, new ASN1OctetString("authority-key-identifier"), null, null), new BasicConstraintsExtension(false, false, null), new CRLDistributionPointsExtension(false, Collections.singletonList(new CRLDistributionPoint(new GeneralNamesBuilder().addDNSName("crl.example.com").build(), null, null))), new ExtendedKeyUsageExtension(false, Arrays.asList(ExtendedKeyUsageID.TLS_SERVER_AUTHENTICATION.getOID(), ExtendedKeyUsageID.TLS_CLIENT_AUTHENTICATION.getOID())), new IssuerAlternativeNameExtension(false, new GeneralNamesBuilder().addDNSName("issuer.example.com").build()), new KeyUsageExtension(false, true, true, true, true, true, true, true, true, true), new SubjectAlternativeNameExtension(false, new GeneralNamesBuilder().addDNSName("ldap.example.com").build()), new SubjectKeyIdentifierExtension(false, new ASN1OctetString("subject-key-identifier")));
assertNotNull(c.getX509CertificateBytes());
c = new X509Certificate(c.encode().encode());
assertNotNull(c.getVersion());
assertEquals(c.getVersion(), X509CertificateVersion.V3);
assertNotNull(c.getSerialNumber());
assertEquals(c.getSerialNumber(), BigInteger.valueOf(987654321L));
assertNotNull(c.getSignatureAlgorithmOID());
assertEquals(c.getSignatureAlgorithmOID(), SignatureAlgorithmIdentifier.SHA_256_WITH_ECDSA.getOID());
assertNotNull(c.getSignatureAlgorithmName());
assertEquals(c.getSignatureAlgorithmName(), "SHA-256 with ECDSA");
assertNotNull(c.getSignatureAlgorithmNameOrOID());
assertEquals(c.getSignatureAlgorithmNameOrOID(), "SHA-256 with ECDSA");
assertNotNull(c.getSignatureAlgorithmParameters());
assertNotNull(c.getIssuerDN());
assertEquals(c.getIssuerDN(), new DN("CN=Issuer,O=Example Corp,C=US"));
// NOTE: For some moronic reasons, certificates tend to use UTCTime instead
// of generalized time when encoding notBefore and notAfter values, despite
// the spec allowing either one, and despite UTCTime only supporting a
// two-digit year and no sub-second component. So we can't check for
// exact equivalence of the notBefore and notAfter values. Instead, just
// make sure that the values are within 2000 milliseconds of the expected
// value.
assertTrue(Math.abs(c.getNotBeforeTime() - notBefore) < 2000L);
assertNotNull(c.getNotBeforeDate());
assertEquals(c.getNotBeforeDate(), new Date(c.getNotBeforeTime()));
assertTrue(Math.abs(c.getNotAfterTime() - notAfter) < 2000L);
assertNotNull(c.getNotAfterDate());
assertEquals(c.getNotAfterDate(), new Date(c.getNotAfterTime()));
assertNotNull(c.getSubjectDN());
assertEquals(c.getSubjectDN(), new DN("CN=ldap.example.com,O=Example Corp,C=US"));
assertNotNull(c.getPublicKeyAlgorithmOID());
assertEquals(c.getPublicKeyAlgorithmOID(), PublicKeyAlgorithmIdentifier.EC.getOID());
assertNotNull(c.getPublicKeyAlgorithmName());
assertEquals(c.getPublicKeyAlgorithmName(), "EC");
assertNotNull(c.getPublicKeyAlgorithmNameOrOID());
assertEquals(c.getPublicKeyAlgorithmNameOrOID(), "EC");
assertNotNull(c.getPublicKeyAlgorithmParameters());
assertEquals(c.getPublicKeyAlgorithmParameters().decodeAsObjectIdentifier().getOID(), NamedCurve.SECP256R1.getOID());
assertNotNull(c.getEncodedPublicKey());
assertNotNull(c.getDecodedPublicKey());
assertTrue(c.getDecodedPublicKey() instanceof EllipticCurvePublicKey);
assertNotNull(c.getIssuerUniqueID());
assertTrue(Arrays.equals(c.getIssuerUniqueID().getBits(), issuerUniqueIDBits));
assertNotNull(c.getSubjectUniqueID());
assertTrue(Arrays.equals(c.getSubjectUniqueID().getBits(), subjectUniqueIDBits));
final List<X509CertificateExtension> extensions = c.getExtensions();
assertNotNull(extensions);
assertFalse(extensions.isEmpty());
assertEquals(extensions.size(), 9);
assertEquals(extensions.get(0).getOID(), new OID("1.2.3.4"));
assertTrue(extensions.get(1) instanceof AuthorityKeyIdentifierExtension);
assertTrue(extensions.get(2) instanceof BasicConstraintsExtension);
assertTrue(extensions.get(3) instanceof CRLDistributionPointsExtension);
assertTrue(extensions.get(4) instanceof ExtendedKeyUsageExtension);
assertTrue(extensions.get(5) instanceof IssuerAlternativeNameExtension);
assertTrue(extensions.get(6) instanceof KeyUsageExtension);
assertTrue(extensions.get(7) instanceof SubjectAlternativeNameExtension);
assertTrue(extensions.get(8) instanceof SubjectKeyIdentifierExtension);
assertNotNull(c.getSignatureValue());
assertNotNull(c.toString());
assertNotNull(c.toPEM());
assertFalse(c.toPEM().isEmpty());
assertNotNull(c.toPEMString());
assertNotNull(c.getX509CertificateBytes());
assertNotNull(c.getSHA1Fingerprint());
assertNotNull(c.getSHA256Fingerprint());
assertNotNull(c.toCertificate());
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
DN(com.unboundid.ldap.sdk.DN)
OID(com.unboundid.util.OID)
ASN1BitString(com.unboundid.asn1.ASN1BitString)
Date(java.util.Date)
ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier)
ASN1Null(com.unboundid.asn1.ASN1Null)
Test(org.testng.annotations.Test)
Example 28 with ASN1Null
use of com.unboundid.asn1.ASN1Null in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testIsSelfSignedWithoutAuthorityKeyIdentifierSameDN.
/**
* Tests the {@code isSelfSigned} method for a certificate that doesn't have
* an authority key identifier and for which the subject DN matches the
* issuer DN.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testIsSelfSignedWithoutAuthorityKeyIdentifierSameDN() throws Exception {
final X509Certificate c = new X509Certificate(X509CertificateVersion.V3, BigInteger.valueOf(12345L), SignatureAlgorithmIdentifier.SHA_256_WITH_RSA.getOID(), new ASN1Null(), new ASN1BitString(true, false, true, false, true), new DN("CN=Test,O=Example Corporation,C=US"), System.currentTimeMillis(), System.currentTimeMillis() + (365L * 86_400_000L), new DN("CN=Test,O=Example Corporation,C=US"), PublicKeyAlgorithmIdentifier.RSA.getOID(), new ASN1Null(), new ASN1BitString(false, true, false, true, false), null, null, null, new SubjectKeyIdentifierExtension(false, new ASN1OctetString("keyIdentifier")));
assertTrue(c.isSelfSigned());
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
DN(com.unboundid.ldap.sdk.DN)
ASN1BitString(com.unboundid.asn1.ASN1BitString)
ASN1Null(com.unboundid.asn1.ASN1Null)
Test(org.testng.annotations.Test)
Example 29 with ASN1Null
use of com.unboundid.asn1.ASN1Null in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testCertificateWithInvalidRSAPublicKey.
/**
* Tests a valid X.509 certificate that claims to have an RSA public key, but
* whose public key cannot actually be parsed as an RSA key. This won't
* cause an error, but will result in the public key not being available.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testCertificateWithInvalidRSAPublicKey() throws Exception {
final long notBefore = System.currentTimeMillis();
final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
X509Certificate c = new X509Certificate(X509CertificateVersion.V1, BigInteger.valueOf(123456789L), new OID("1.2.3.4"), new ASN1Null(), new ASN1BitString(new boolean[1235]), new DN("CN=Issuer,O=Example Corp,C=US"), notBefore, notAfter, new DN("CN=ldap.example.com,O=Example Corp,C=US"), PublicKeyAlgorithmIdentifier.RSA.getOID(), new ASN1Null(), new ASN1BitString(new boolean[123]), null, null, null);
assertNotNull(c.getX509CertificateBytes());
c = new X509Certificate(c.encode().encode());
assertNotNull(c.getVersion());
assertEquals(c.getVersion(), X509CertificateVersion.V1);
assertNotNull(c.getSerialNumber());
assertEquals(c.getSerialNumber(), BigInteger.valueOf(123456789L));
assertNotNull(c.getSignatureAlgorithmOID());
assertEquals(c.getSignatureAlgorithmOID(), new OID("1.2.3.4"));
assertNull(c.getSignatureAlgorithmName());
assertNotNull(c.getSignatureAlgorithmNameOrOID());
assertEquals(c.getSignatureAlgorithmNameOrOID(), "1.2.3.4");
assertNotNull(c.getSignatureAlgorithmParameters());
assertNotNull(c.getIssuerDN());
assertEquals(c.getIssuerDN(), new DN("CN=Issuer,O=Example Corp,C=US"));
// NOTE: For some moronic reasons, certificates tend to use UTCTime instead
// of generalized time when encoding notBefore and notAfter values, despite
// the spec allowing either one, and despite UTCTime only supporting a
// two-digit year and no sub-second component. So we can't check for
// exact equivalence of the notBefore and notAfter values. Instead, just
// make sure that the values are within 2000 milliseconds of the expected
// value.
assertTrue(Math.abs(c.getNotBeforeTime() - notBefore) < 2000L);
assertNotNull(c.getNotBeforeDate());
assertEquals(c.getNotBeforeDate(), new Date(c.getNotBeforeTime()));
assertTrue(Math.abs(c.getNotAfterTime() - notAfter) < 2000L);
assertNotNull(c.getNotAfterDate());
assertEquals(c.getNotAfterDate(), new Date(c.getNotAfterTime()));
assertNotNull(c.getSubjectDN());
assertEquals(c.getSubjectDN(), new DN("CN=ldap.example.com,O=Example Corp,C=US"));
assertNotNull(c.getPublicKeyAlgorithmOID());
assertEquals(c.getPublicKeyAlgorithmOID(), PublicKeyAlgorithmIdentifier.RSA.getOID());
assertNotNull(c.getPublicKeyAlgorithmName());
assertEquals(c.getPublicKeyAlgorithmName(), "RSA");
assertNotNull(c.getPublicKeyAlgorithmNameOrOID());
assertEquals(c.getPublicKeyAlgorithmNameOrOID(), "RSA");
assertNotNull(c.getPublicKeyAlgorithmParameters());
assertNotNull(c.getEncodedPublicKey());
assertNull(c.getDecodedPublicKey());
assertNull(c.getIssuerUniqueID());
assertNull(c.getSubjectUniqueID());
assertNotNull(c.getExtensions());
assertTrue(c.getExtensions().isEmpty());
assertNotNull(c.getSignatureValue());
assertNotNull(c.toString());
assertNotNull(c.toPEM());
assertFalse(c.toPEM().isEmpty());
assertNotNull(c.toPEMString());
assertNotNull(c.getX509CertificateBytes());
assertNotNull(c.getSHA1Fingerprint());
assertNotNull(c.getSHA256Fingerprint());
}Example 30 with ASN1Null
use of com.unboundid.asn1.ASN1Null in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testDecodeSignatureAlgorithmElementNotSequence.
/**
* Tests the behavior when trying to decode a certificate with a signature
* algorithm element that is not a valid sequence.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { CertException.class })
public void testDecodeSignatureAlgorithmElementNotSequence() throws Exception {
final long notBefore = System.currentTimeMillis();
final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1OctetString("not a valid sequence"), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1UTCTime(notBefore), new ASN1UTCTime(notAfter)), X509Certificate.encodeName(new DN("CN=ldap.example.com")), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024]))), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
new X509Certificate(valueSequence.encode());
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
ASN1UTCTime(com.unboundid.asn1.ASN1UTCTime)
ASN1BigInteger(com.unboundid.asn1.ASN1BigInteger)
DN(com.unboundid.ldap.sdk.DN)
ASN1Integer(com.unboundid.asn1.ASN1Integer)
OID(com.unboundid.util.OID)
ASN1BitString(com.unboundid.asn1.ASN1BitString)
ASN1Sequence(com.unboundid.asn1.ASN1Sequence)
ASN1Element(com.unboundid.asn1.ASN1Element)
ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier)
ASN1Null(com.unboundid.asn1.ASN1Null)
Test(org.testng.annotations.Test)
Aggregations
ASN1Null (com.unboundid.asn1.ASN1Null)69
Test (org.testng.annotations.Test)65
ASN1BitString (com.unboundid.asn1.ASN1BitString)36
ASN1OctetString (com.unboundid.asn1.ASN1OctetString)33
DN (com.unboundid.ldap.sdk.DN)33
OID (com.unboundid.util.OID)32
ASN1Sequence (com.unboundid.asn1.ASN1Sequence)28
ASN1ObjectIdentifier (com.unboundid.asn1.ASN1ObjectIdentifier)23
ASN1Integer (com.unboundid.asn1.ASN1Integer)21
ASN1Element (com.unboundid.asn1.ASN1Element)20
ASN1BigInteger (com.unboundid.asn1.ASN1BigInteger)15
ASN1GeneralizedTime (com.unboundid.asn1.ASN1GeneralizedTime)9
ASN1UTCTime (com.unboundid.asn1.ASN1UTCTime)6
ArrayList (java.util.ArrayList)6
ASN1Null (com.github.zhenwei.core.asn1.ASN1Null)5
Date (java.util.Date)5
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)3
ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)3
AlgorithmParameters (java.security.AlgorithmParameters)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
