use of com.unboundid.util.OID in project ldapsdk by pingidentity.
the class X509CertificateTestCase method testVerifySignatureInvalidSignatureAlgorithm.
/**
* Tests the behavior of the {@code verifySignature} method with a signature
* algorithm OID that isn't a valid OID.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { CertException.class })
public void testVerifySignatureInvalidSignatureAlgorithm() throws Exception {
final ObjectPair<X509Certificate, KeyPair> p = X509Certificate.generateSelfSignedCertificate(SignatureAlgorithmIdentifier.SHA_256_WITH_RSA, PublicKeyAlgorithmIdentifier.RSA, 2048, new DN("CN=ldap.example.com,O=Example Corporation,C=US"), System.currentTimeMillis(), System.currentTimeMillis() + TimeUnit.DAYS.toMillis(365L), new SubjectAlternativeNameExtension(false, new GeneralNamesBuilder().addDNSName("ldap.example.com").build()));
final X509Certificate c = p.getFirst();
final X509CertificateExtension[] extensions = new X509CertificateExtension[c.getExtensions().size()];
c.getExtensions().toArray(extensions);
final X509Certificate cert = new X509Certificate(c.getVersion(), c.getSerialNumber(), new OID("1234.5678"), c.getSignatureAlgorithmParameters(), new ASN1BitString(true, false, true, false, true), c.getIssuerDN(), c.getNotBeforeTime(), c.getNotAfterTime(), c.getSubjectDN(), c.getPublicKeyAlgorithmOID(), null, c.getEncodedPublicKey(), c.getDecodedPublicKey(), c.getIssuerUniqueID(), c.getSubjectUniqueID(), extensions);
cert.verifySignature(null);
}
use of com.unboundid.util.OID in project ldapsdk by pingidentity.
the class PKCS10CertificateSigningRequestTestCase method testCSRWithUnrecognizedOIDs.
/**
* Tests a certificate signing request with an unrecognized set of OIDs.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testCSRWithUnrecognizedOIDs() throws Exception {
PKCS10CertificateSigningRequest csr = new PKCS10CertificateSigningRequest(PKCS10CertificateSigningRequestVersion.V1, new OID("1.2.3.4"), null, new ASN1BitString(true, false, true, false, true), new DN("CN=ldap.example.com,O=Example Corporation,C=US"), new OID("1.2.3.5"), null, new ASN1BitString(false, true, false, true, false), null, null);
assertNotNull(csr.toString());
assertNotNull(csr.toPEM());
assertFalse(csr.toPEM().isEmpty());
assertNotNull(csr.toPEMString());
csr = new PKCS10CertificateSigningRequest(csr.getPKCS10CertificateSigningRequestBytes());
assertNotNull(csr.getVersion());
assertEquals(csr.getVersion(), PKCS10CertificateSigningRequestVersion.V1);
assertNotNull(csr.getSignatureAlgorithmOID());
assertEquals(csr.getSignatureAlgorithmOID(), new OID("1.2.3.4"));
assertNull(csr.getSignatureAlgorithmName());
assertNotNull(csr.getSignatureAlgorithmNameOrOID());
assertEquals(csr.getSignatureAlgorithmNameOrOID(), "1.2.3.4");
assertNull(csr.getSignatureAlgorithmParameters());
assertNotNull(csr.getSubjectDN());
assertEquals(csr.getSubjectDN(), new DN("CN=ldap.example.com,O=Example Corporation,C=US"));
assertNotNull(csr.getPublicKeyAlgorithmOID());
assertEquals(csr.getPublicKeyAlgorithmOID(), new OID("1.2.3.5"));
assertNull(csr.getPublicKeyAlgorithmName());
assertNotNull(csr.getPublicKeyAlgorithmNameOrOID());
assertEquals(csr.getPublicKeyAlgorithmNameOrOID(), "1.2.3.5");
assertNull(csr.getPublicKeyAlgorithmParameters());
assertNotNull(csr.getEncodedPublicKey());
assertNull(csr.getDecodedPublicKey());
assertNotNull(csr.getRequestAttributes());
assertTrue(csr.getRequestAttributes().isEmpty());
assertNotNull(csr.getExtensions());
assertTrue(csr.getExtensions().isEmpty());
assertNotNull(csr.getSignatureValue());
assertNotNull(csr.toString());
assertNotNull(csr.toPEM());
assertFalse(csr.toPEM().isEmpty());
assertNotNull(csr.toPEMString());
}
use of com.unboundid.util.OID in project ldapsdk by pingidentity.
the class PKCS10CertificateSigningRequestTestCase method testValidCSRWithAllOptionalElements.
/**
* Tests a valid PKCS#10 certificate signing request with an EC public key
* and all optional elements.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testValidCSRWithAllOptionalElements() throws Exception {
final EllipticCurvePublicKey publicKey = new EllipticCurvePublicKey(BigInteger.valueOf(1234567890L), BigInteger.valueOf(9876543210L));
final ArrayList<ObjectPair<OID, ASN1Set>> nonExtensionAttributes = new ArrayList<>(2);
nonExtensionAttributes.add(new ObjectPair<>(new OID("1.2.3.4"), new ASN1Set()));
nonExtensionAttributes.add(new ObjectPair<>(new OID("1.2.3.5"), new ASN1Set()));
PKCS10CertificateSigningRequest csr = new PKCS10CertificateSigningRequest(PKCS10CertificateSigningRequestVersion.V1, SignatureAlgorithmIdentifier.SHA_256_WITH_ECDSA.getOID(), new ASN1Null(), new ASN1BitString(new boolean[2048]), new DN("CN=ldap.example.com,O=Example Corporation,C=US"), PublicKeyAlgorithmIdentifier.EC.getOID(), new ASN1ObjectIdentifier(NamedCurve.SECP256R1.getOID()), publicKey.encode(), publicKey, nonExtensionAttributes, new SubjectKeyIdentifierExtension(false, new ASN1OctetString("keyIdentifier")), new SubjectAlternativeNameExtension(false, new GeneralNamesBuilder().addDNSName("ldap.example.com").build()));
assertNotNull(csr.toString());
assertNotNull(csr.toPEM());
assertFalse(csr.toPEM().isEmpty());
assertNotNull(csr.toPEMString());
csr = new PKCS10CertificateSigningRequest(csr.getPKCS10CertificateSigningRequestBytes());
assertNotNull(csr.getVersion());
assertEquals(csr.getVersion(), PKCS10CertificateSigningRequestVersion.V1);
assertNotNull(csr.getSignatureAlgorithmOID());
assertEquals(csr.getSignatureAlgorithmOID(), SignatureAlgorithmIdentifier.SHA_256_WITH_ECDSA.getOID());
assertNotNull(csr.getSignatureAlgorithmName());
assertEquals(csr.getSignatureAlgorithmName(), "SHA-256 with ECDSA");
assertNotNull(csr.getSignatureAlgorithmNameOrOID());
assertEquals(csr.getSignatureAlgorithmNameOrOID(), "SHA-256 with ECDSA");
assertNotNull(csr.getSignatureAlgorithmParameters());
assertNotNull(csr.getSubjectDN());
assertEquals(csr.getSubjectDN(), new DN("CN=ldap.example.com,O=Example Corporation,C=US"));
assertNotNull(csr.getPublicKeyAlgorithmOID());
assertEquals(csr.getPublicKeyAlgorithmOID(), PublicKeyAlgorithmIdentifier.EC.getOID());
assertNotNull(csr.getPublicKeyAlgorithmName());
assertEquals(csr.getPublicKeyAlgorithmName(), "EC");
assertNotNull(csr.getPublicKeyAlgorithmNameOrOID());
assertEquals(csr.getPublicKeyAlgorithmNameOrOID(), "EC");
assertNotNull(csr.getPublicKeyAlgorithmParameters());
assertNotNull(csr.getEncodedPublicKey());
assertNotNull(csr.getDecodedPublicKey());
assertTrue(csr.getDecodedPublicKey() instanceof EllipticCurvePublicKey);
assertNotNull(csr.getRequestAttributes());
assertFalse(csr.getRequestAttributes().isEmpty());
assertEquals(csr.getRequestAttributes().size(), 3);
assertNotNull(csr.getExtensions());
assertFalse(csr.getExtensions().isEmpty());
assertEquals(csr.getExtensions().size(), 2);
assertNotNull(csr.getSignatureValue());
assertNotNull(csr.toString());
assertNotNull(csr.toPEM());
assertFalse(csr.toPEM().isEmpty());
assertNotNull(csr.toPEMString());
}
use of com.unboundid.util.OID in project ldapsdk by pingidentity.
the class PKCS10CertificateSigningRequestTestCase method testVerifySignatureUnknownSignatureAlgorithm.
/**
* Tests the behavior of the {@code verifySignature} method with an unknown
* signature algorithm.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { CertException.class })
public void testVerifySignatureUnknownSignatureAlgorithm() throws Exception {
final KeyPairGenerator keyPairGenerator = CryptoHelper.getKeyPairGenerator("RSA");
keyPairGenerator.initialize(2048);
final KeyPair keyPair = keyPairGenerator.generateKeyPair();
PKCS10CertificateSigningRequest csr = PKCS10CertificateSigningRequest.generateCertificateSigningRequest(SignatureAlgorithmIdentifier.SHA_256_WITH_RSA, keyPair, new DN("CN=ldap.example.com,O=Example Corporation,C=US"), new SubjectAlternativeNameExtension(false, new GeneralNamesBuilder().addDNSName("ldap.example.com").build()));
final X509CertificateExtension[] extensions = new X509CertificateExtension[csr.getExtensions().size()];
csr.getExtensions().toArray(extensions);
csr = new PKCS10CertificateSigningRequest(csr.getVersion(), new OID("1.2.3.4"), csr.getSignatureAlgorithmParameters(), csr.getSignatureValue(), csr.getSubjectDN(), csr.getPublicKeyAlgorithmOID(), csr.getPublicKeyAlgorithmParameters(), csr.getEncodedPublicKey(), csr.getDecodedPublicKey(), null, extensions);
csr.verifySignature();
}
use of com.unboundid.util.OID in project ldapsdk by pingidentity.
the class BasicConstraintsExtensionTestCase method testDecodeMalformedExtension.
/**
* Tests the behavior when trying to decode a generic extension that cannot be
* decoded as a basic constraints extension.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = { CertException.class })
public void testDecodeMalformedExtension() throws Exception {
final X509CertificateExtension e = new X509CertificateExtension(new OID("2.5.29.19"), false, "malformed value".getBytes("UTF-8"));
new BasicConstraintsExtension(e);
}
Aggregations