Example 16 with ASN1ObjectIdentifier
use of com.unboundid.asn1.ASN1ObjectIdentifier in project ldapsdk by pingidentity.
the class PKCS10CertificateSigningRequestTestCase method testValidCSRWithAllOptionalElements.
/**
* Tests a valid PKCS#10 certificate signing request with an EC public key
* and all optional elements.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testValidCSRWithAllOptionalElements() throws Exception {
final EllipticCurvePublicKey publicKey = new EllipticCurvePublicKey(BigInteger.valueOf(1234567890L), BigInteger.valueOf(9876543210L));
final ArrayList<ObjectPair<OID, ASN1Set>> nonExtensionAttributes = new ArrayList<>(2);
nonExtensionAttributes.add(new ObjectPair<>(new OID("1.2.3.4"), new ASN1Set()));
nonExtensionAttributes.add(new ObjectPair<>(new OID("1.2.3.5"), new ASN1Set()));
PKCS10CertificateSigningRequest csr = new PKCS10CertificateSigningRequest(PKCS10CertificateSigningRequestVersion.V1, SignatureAlgorithmIdentifier.SHA_256_WITH_ECDSA.getOID(), new ASN1Null(), new ASN1BitString(new boolean[2048]), new DN("CN=ldap.example.com,O=Example Corporation,C=US"), PublicKeyAlgorithmIdentifier.EC.getOID(), new ASN1ObjectIdentifier(NamedCurve.SECP256R1.getOID()), publicKey.encode(), publicKey, nonExtensionAttributes, new SubjectKeyIdentifierExtension(false, new ASN1OctetString("keyIdentifier")), new SubjectAlternativeNameExtension(false, new GeneralNamesBuilder().addDNSName("ldap.example.com").build()));
assertNotNull(csr.toString());
assertNotNull(csr.toPEM());
assertFalse(csr.toPEM().isEmpty());
assertNotNull(csr.toPEMString());
csr = new PKCS10CertificateSigningRequest(csr.getPKCS10CertificateSigningRequestBytes());
assertNotNull(csr.getVersion());
assertEquals(csr.getVersion(), PKCS10CertificateSigningRequestVersion.V1);
assertNotNull(csr.getSignatureAlgorithmOID());
assertEquals(csr.getSignatureAlgorithmOID(), SignatureAlgorithmIdentifier.SHA_256_WITH_ECDSA.getOID());
assertNotNull(csr.getSignatureAlgorithmName());
assertEquals(csr.getSignatureAlgorithmName(), "SHA-256 with ECDSA");
assertNotNull(csr.getSignatureAlgorithmNameOrOID());
assertEquals(csr.getSignatureAlgorithmNameOrOID(), "SHA-256 with ECDSA");
assertNotNull(csr.getSignatureAlgorithmParameters());
assertNotNull(csr.getSubjectDN());
assertEquals(csr.getSubjectDN(), new DN("CN=ldap.example.com,O=Example Corporation,C=US"));
assertNotNull(csr.getPublicKeyAlgorithmOID());
assertEquals(csr.getPublicKeyAlgorithmOID(), PublicKeyAlgorithmIdentifier.EC.getOID());
assertNotNull(csr.getPublicKeyAlgorithmName());
assertEquals(csr.getPublicKeyAlgorithmName(), "EC");
assertNotNull(csr.getPublicKeyAlgorithmNameOrOID());
assertEquals(csr.getPublicKeyAlgorithmNameOrOID(), "EC");
assertNotNull(csr.getPublicKeyAlgorithmParameters());
assertNotNull(csr.getEncodedPublicKey());
assertNotNull(csr.getDecodedPublicKey());
assertTrue(csr.getDecodedPublicKey() instanceof EllipticCurvePublicKey);
assertNotNull(csr.getRequestAttributes());
assertFalse(csr.getRequestAttributes().isEmpty());
assertEquals(csr.getRequestAttributes().size(), 3);
assertNotNull(csr.getExtensions());
assertFalse(csr.getExtensions().isEmpty());
assertEquals(csr.getExtensions().size(), 2);
assertNotNull(csr.getSignatureValue());
assertNotNull(csr.toString());
assertNotNull(csr.toPEM());
assertFalse(csr.toPEM().isEmpty());
assertNotNull(csr.toPEMString());
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
ArrayList(java.util.ArrayList)
DN(com.unboundid.ldap.sdk.DN)
OID(com.unboundid.util.OID)
ASN1BitString(com.unboundid.asn1.ASN1BitString)
ASN1Set(com.unboundid.asn1.ASN1Set)
ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier)
ObjectPair(com.unboundid.util.ObjectPair)
ASN1Null(com.unboundid.asn1.ASN1Null)
Test(org.testng.annotations.Test)
Example 17 with ASN1ObjectIdentifier
use of com.unboundid.asn1.ASN1ObjectIdentifier in project ldapsdk by pingidentity.
the class PKCS8PrivateKeyTestCase method testAllElementsEC.
/**
* Tests a private key with a minimal set of elements that uses the elliptic
* curve algorithm.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testAllElementsEC() throws Exception {
final EllipticCurvePrivateKey ecPrivateKey = new EllipticCurvePrivateKey(1, new byte[32], NamedCurve.SECP256R1.getOID(), new ASN1BitString(new boolean[256]));
PKCS8PrivateKey privateKey = new PKCS8PrivateKey(PKCS8PrivateKeyVersion.V2, PublicKeyAlgorithmIdentifier.EC.getOID(), new ASN1ObjectIdentifier(NamedCurve.SECP256R1.getOID()), ecPrivateKey.encode(), ecPrivateKey, new ASN1OctetString("attributes"), new ASN1BitString(new boolean[256]));
assertNotNull(privateKey.getPKCS8PrivateKeyBytes());
privateKey = new PKCS8PrivateKey(privateKey.encode().encode());
assertNotNull(privateKey.getVersion());
assertEquals(privateKey.getVersion(), PKCS8PrivateKeyVersion.V2);
assertNotNull(privateKey.getPrivateKeyAlgorithmOID());
assertEquals(privateKey.getPrivateKeyAlgorithmOID(), PublicKeyAlgorithmIdentifier.EC.getOID());
assertNotNull(privateKey.getPrivateKeyAlgorithmName());
assertEquals(privateKey.getPrivateKeyAlgorithmName(), "EC");
assertNotNull(privateKey.getPrivateKeyAlgorithmNameOrOID());
assertEquals(privateKey.getPrivateKeyAlgorithmNameOrOID(), "EC");
assertNotNull(privateKey.getPrivateKeyAlgorithmParameters());
assertEquals(privateKey.getPrivateKeyAlgorithmParameters().decodeAsObjectIdentifier().getOID(), NamedCurve.SECP256R1.getOID());
assertNotNull(privateKey.getEncodedPrivateKey());
assertEquals(privateKey.getEncodedPrivateKey().getValue(), ecPrivateKey.encode().getValue());
assertNotNull(privateKey.getDecodedPrivateKey());
assertTrue(privateKey.getDecodedPrivateKey() instanceof EllipticCurvePrivateKey);
final EllipticCurvePrivateKey decodedPrivateKey = (EllipticCurvePrivateKey) privateKey.getDecodedPrivateKey();
assertEquals(decodedPrivateKey.getVersion(), 1);
assertEquals(decodedPrivateKey.getPrivateKeyBytes(), new byte[32]);
assertEquals(decodedPrivateKey.getNamedCurveOID(), NamedCurve.SECP256R1.getOID());
assertEquals(decodedPrivateKey.getPublicKey().getBytes(), new ASN1BitString(new boolean[256]).getBytes());
assertNotNull(privateKey.getAttributesElement());
assertEquals(privateKey.getAttributesElement().getValue(), new ASN1OctetString("attributes").getValue());
assertNotNull(privateKey.getPublicKey());
assertEquals(privateKey.getPublicKey().getBytes(), new ASN1BitString(new boolean[256]).getBytes());
assertNotNull(privateKey.toString());
assertNotNull(privateKey.toPEM());
assertFalse(privateKey.toPEM().isEmpty());
assertNotNull(privateKey.toPEMString());
assertNotNull(privateKey.getPKCS8PrivateKeyBytes());
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
ASN1BitString(com.unboundid.asn1.ASN1BitString)
ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier)
Test(org.testng.annotations.Test)
Example 18 with ASN1ObjectIdentifier
use of com.unboundid.asn1.ASN1ObjectIdentifier in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testDecodeMalformedName.
/**
* Tests the behavior when trying to decode a DN that includes a malformed RDN
* element, as well as an attribute type OID that is not defined in the
* schema.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { CertException.class })
public void testDecodeMalformedName() throws Exception {
final ASN1Sequence dnSequence = new ASN1Sequence(new ASN1Set(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4.5.6.7.8")), new ASN1UTF8String("value"))), new ASN1OctetString("not a valid set"));
X509Certificate.decodeName(dnSequence);
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
ASN1Sequence(com.unboundid.asn1.ASN1Sequence)
ASN1Set(com.unboundid.asn1.ASN1Set)
ASN1UTF8String(com.unboundid.asn1.ASN1UTF8String)
OID(com.unboundid.util.OID)
ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier)
Test(org.testng.annotations.Test)
Example 19 with ASN1ObjectIdentifier
use of com.unboundid.asn1.ASN1ObjectIdentifier in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testDecodeMalformedSubjectDN.
/**
* Tests the behavior when trying to decode a certificate with a malformed
* subject DN.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { CertException.class })
public void testDecodeMalformedSubjectDN() throws Exception {
final long notBefore = System.currentTimeMillis();
final long notAfter = notBefore + (365L * 24L * 60L * 60L * 1000L);
final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1Element((byte) 0xA0, new ASN1Integer(2).encode()), new ASN1BigInteger(12435L), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), X509Certificate.encodeName(new DN("CN=issuer")), new ASN1Sequence(new ASN1GeneralizedTime(notBefore), new ASN1GeneralizedTime(notAfter)), new ASN1OctetString("malformed subject DN"), new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.5")), new ASN1Null()), new ASN1BitString(new boolean[1024]))), new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
new X509Certificate(valueSequence.encode());
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
ASN1BigInteger(com.unboundid.asn1.ASN1BigInteger)
DN(com.unboundid.ldap.sdk.DN)
ASN1GeneralizedTime(com.unboundid.asn1.ASN1GeneralizedTime)
ASN1Integer(com.unboundid.asn1.ASN1Integer)
OID(com.unboundid.util.OID)
ASN1BitString(com.unboundid.asn1.ASN1BitString)
ASN1Sequence(com.unboundid.asn1.ASN1Sequence)
ASN1Element(com.unboundid.asn1.ASN1Element)
ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier)
ASN1Null(com.unboundid.asn1.ASN1Null)
Test(org.testng.annotations.Test)
Example 20 with ASN1ObjectIdentifier
use of com.unboundid.asn1.ASN1ObjectIdentifier in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testDecodeValueSequenceInvalidNumberOfElements.
/**
* Tests the behavior when trying to decode a sequence that does not contain
* exactly three elements.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { CertException.class })
public void testDecodeValueSequenceInvalidNumberOfElements() throws Exception {
final ASN1Sequence valueSequence = new ASN1Sequence(new ASN1Sequence(new ASN1ObjectIdentifier(new OID("1.2.3.4")), new ASN1Null()), new ASN1BitString(new boolean[1024]));
new X509Certificate(valueSequence.encode());
}
Also used :
ASN1Sequence(com.unboundid.asn1.ASN1Sequence)
OID(com.unboundid.util.OID)
ASN1ObjectIdentifier(com.unboundid.asn1.ASN1ObjectIdentifier)
ASN1BitString(com.unboundid.asn1.ASN1BitString)
ASN1Null(com.unboundid.asn1.ASN1Null)
Test(org.testng.annotations.Test)
Aggregations
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)545
IOException (java.io.IOException)155
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)126
ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)87
DEROctetString (org.bouncycastle.asn1.DEROctetString)87
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)71
AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)71
ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)70
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)69
Enumeration (java.util.Enumeration)65
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)64
BigInteger (java.math.BigInteger)60
DERSequence (org.bouncycastle.asn1.DERSequence)60
ArrayList (java.util.ArrayList)55
HashSet (java.util.HashSet)52
DERIA5String (org.bouncycastle.asn1.DERIA5String)52
X500Name (org.bouncycastle.asn1.x500.X500Name)52
X509Certificate (java.security.cert.X509Certificate)49
Extension (org.bouncycastle.asn1.x509.Extension)46
ASN1String (org.bouncycastle.asn1.ASN1String)43
