diff options
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/jce/provider/test/CertTest.java')
| -rw-r--r-- | bcprov/src/main/java/org/bouncycastle/jce/provider/test/CertTest.java | 1357 |
1 files changed, 43 insertions, 1314 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/CertTest.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/CertTest.java index 7977f1c1..1ad59fa6 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/test/CertTest.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/test/CertTest.java @@ -1,85 +1,39 @@ package org.bouncycastle.jce.provider.test; import java.io.ByteArrayInputStream; -import java.io.IOException; import java.io.InputStream; import java.io.UnsupportedEncodingException; import java.math.BigInteger; import java.security.KeyFactory; import java.security.KeyPair; -import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; -import java.security.PrivateKey; import java.security.PublicKey; -import java.security.SecureRandom; import java.security.Security; -import java.security.Signature; import java.security.cert.CRL; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; -import java.security.cert.CertificateParsingException; import java.security.cert.X509CRL; -import java.security.cert.X509CRLEntry; import java.security.cert.X509Certificate; import java.security.spec.InvalidKeySpecException; import java.security.spec.RSAPrivateCrtKeySpec; import java.security.spec.RSAPublicKeySpec; import java.util.Collection; -import java.util.Date; -import java.util.Hashtable; import java.util.Iterator; -import java.util.List; -import java.util.Set; -import java.util.Vector; -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.DEREnumerated; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; import org.bouncycastle.asn1.cms.ContentInfo; import org.bouncycastle.asn1.cms.SignedData; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier; -import org.bouncycastle.asn1.x509.CRLReason; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.GeneralNames; -import org.bouncycastle.asn1.x509.KeyPurposeId; -import org.bouncycastle.asn1.x509.X509CertificateStructure; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.jce.X509KeyUsage; -import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.jce.interfaces.ECPointEncoder; import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.spec.ECParameterSpec; -import org.bouncycastle.jce.spec.ECPrivateKeySpec; -import org.bouncycastle.jce.spec.ECPublicKeySpec; -import org.bouncycastle.jce.spec.GOST3410ParameterSpec; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.util.Integers; import org.bouncycastle.util.encoders.Base64; -import org.bouncycastle.util.encoders.Hex; import org.bouncycastle.util.io.Streams; import org.bouncycastle.util.test.SimpleTest; -import org.bouncycastle.x509.X509V1CertificateGenerator; -import org.bouncycastle.x509.X509V2CRLGenerator; -import org.bouncycastle.x509.X509V3CertificateGenerator; -import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure; -import org.bouncycastle.x509.extension.X509ExtensionUtil; +import org.bouncycastle.util.test.TestFailedException; public class CertTest extends SimpleTest @@ -1255,7 +1209,8 @@ public class CertTest public void checkSelfSignedCertificate( int id, - byte[] bytes) + byte[] bytes, + String sigAlgName) { ByteArrayInputStream bIn; String dump = ""; @@ -1271,588 +1226,23 @@ public class CertTest PublicKey k = cert.getPublicKey(); cert.verify(k); - // System.out.println(cert); - } - catch (Exception e) - { - fail(dump + System.getProperty("line.separator") + getName() + ": "+ id + " failed - exception " + e.toString(), e); - } - - } - - /** - * we generate a self signed certificate for the sake of testing - RSA - */ - public void checkCreation1() - throws Exception - { - // - // a sample key pair. - // - RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec( - new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), - new BigInteger("11", 16)); - - RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec( - new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), - new BigInteger("11", 16), - new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16), - new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16), - new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16), - new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16), - new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16), - new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16)); - - // - // set up the keys - // - PrivateKey privKey; - PublicKey pubKey; - - KeyFactory fact = KeyFactory.getInstance("RSA", "BC"); - - privKey = fact.generatePrivate(privKeySpec); - pubKey = fact.generatePublic(pubKeySpec); - - // - // distinguished name table. - // - Vector ord = new Vector(); - Vector values = new Vector(); - - ord.addElement(X509Principal.C); - ord.addElement(X509Principal.O); - ord.addElement(X509Principal.L); - ord.addElement(X509Principal.ST); - ord.addElement(X509Principal.E); - - values.addElement("AU"); - values.addElement("The Legion of the Bouncy Castle"); - values.addElement("Melbourne"); - values.addElement("Victoria"); - values.addElement("feedback-crypto@bouncycastle.org"); - - // - // extensions - // - - // - // create the certificate - version 3 - without extensions - // - X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); - - certGen.setSerialNumber(BigInteger.valueOf(1)); - certGen.setIssuerDN(new X509Principal(ord, values)); - certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000)); - certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); - certGen.setSubjectDN(new X509Principal(ord, values)); - certGen.setPublicKey(pubKey); - certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); - - X509Certificate cert = certGen.generate(privKey); - - cert.checkValidity(new Date()); - - cert.verify(pubKey); - - Set dummySet = cert.getNonCriticalExtensionOIDs(); - if (dummySet != null) - { - fail("non-critical oid set should be null"); - } - dummySet = cert.getCriticalExtensionOIDs(); - if (dummySet != null) - { - fail("critical oid set should be null"); - } - - // - // create the certificate - version 3 - with extensions - // - certGen = new X509V3CertificateGenerator(); - - certGen.setSerialNumber(BigInteger.valueOf(1)); - certGen.setIssuerDN(new X509Principal(ord, values)); - certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000)); - certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); - certGen.setSubjectDN(new X509Principal(ord, values)); - certGen.setPublicKey(pubKey); - certGen.setSignatureAlgorithm("MD5WithRSAEncryption"); - certGen.addExtension("2.5.29.15", true, - new X509KeyUsage(X509KeyUsage.encipherOnly)); - certGen.addExtension("2.5.29.37", true, - new DERSequence(KeyPurposeId.anyExtendedKeyUsage)); - certGen.addExtension("2.5.29.17", true, - new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test"))); - - cert = certGen.generate(privKey); - - cert.checkValidity(new Date()); - - cert.verify(pubKey); - - ByteArrayInputStream sbIn = new ByteArrayInputStream(cert.getEncoded()); - ASN1InputStream sdIn = new ASN1InputStream(sbIn); - ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded()); - CertificateFactory certFact = CertificateFactory.getInstance("X.509", "BC"); - - cert = (X509Certificate)certFact.generateCertificate(bIn); - - if (!cert.getKeyUsage()[7]) - { - fail("error generating cert - key usage wrong."); - } - - List l = cert.getExtendedKeyUsage(); - if (!l.get(0).equals(KeyPurposeId.anyExtendedKeyUsage.getId())) - { - fail("failed extended key usage test"); - } - - Collection c = cert.getSubjectAlternativeNames(); - Iterator it = c.iterator(); - while (it.hasNext()) - { - List gn = (List)it.next(); - if (!gn.get(1).equals("test@test.test")) + if (sigAlgName != null && !sigAlgName.equals(((X509Certificate)cert).getSigAlgName())) { - fail("failed subject alternative names test"); + fail("sigAlgName not matched on certificate: " + sigAlgName); } - } - - // System.out.println(cert); - - // - // create the certificate - version 1 - // - X509V1CertificateGenerator certGen1 = new X509V1CertificateGenerator(); - - certGen1.setSerialNumber(BigInteger.valueOf(1)); - certGen1.setIssuerDN(new X509Principal(ord, values)); - certGen1.setNotBefore(new Date(System.currentTimeMillis() - 50000)); - certGen1.setNotAfter(new Date(System.currentTimeMillis() + 50000)); - certGen1.setSubjectDN(new X509Principal(ord, values)); - certGen1.setPublicKey(pubKey); - certGen1.setSignatureAlgorithm("MD5WithRSAEncryption"); - - cert = certGen1.generate(privKey); - - cert.checkValidity(new Date()); - - cert.verify(pubKey); - - bIn = new ByteArrayInputStream(cert.getEncoded()); - certFact = CertificateFactory.getInstance("X.509", "BC"); - - cert = (X509Certificate)certFact.generateCertificate(bIn); - - // System.out.println(cert); - if (!cert.getIssuerDN().equals(cert.getSubjectDN())) - { - fail("name comparison fails"); - } - } - - /** - * we generate a self signed certificate for the sake of testing - DSA - */ - public void checkCreation2() - { - // - // set up the keys - // - PrivateKey privKey; - PublicKey pubKey; - - try - { - KeyPairGenerator g = KeyPairGenerator.getInstance("DSA", "SUN"); - - g.initialize(512, new SecureRandom()); - - KeyPair p = g.generateKeyPair(); - - privKey = p.getPrivate(); - pubKey = p.getPublic(); - } - catch (Exception e) - { - fail("error setting up keys - " + e.toString()); - return; - } - - // - // distinguished name table. - // - Vector ord = new Vector(); - Vector values = new Vector(); - - ord.addElement(X509Principal.C); - ord.addElement(X509Principal.O); - ord.addElement(X509Principal.L); - ord.addElement(X509Principal.ST); - ord.addElement(X509Principal.E); - - values.addElement("AU"); - values.addElement("The Legion of the Bouncy Castle"); - values.addElement("Melbourne"); - values.addElement("Victoria"); - values.addElement("feedback-crypto@bouncycastle.org"); - - // - // extensions - // - - // - // create the certificate - version 3 - // - X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); - - certGen.setSerialNumber(BigInteger.valueOf(1)); - certGen.setIssuerDN(new X509Principal(ord, values)); - certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000)); - certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); - certGen.setSubjectDN(new X509Principal(ord, values)); - certGen.setPublicKey(pubKey); - certGen.setSignatureAlgorithm("SHA1withDSA"); - - try - { - X509Certificate cert = certGen.generate(privKey); - - cert.checkValidity(new Date()); - - cert.verify(pubKey); - - ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded()); - CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC"); - - cert = (X509Certificate)fact.generateCertificate(bIn); // System.out.println(cert); } - catch (Exception e) - { - fail("error setting generating cert - " + e.toString()); - } - - // - // create the certificate - version 1 - // - X509V1CertificateGenerator certGen1 = new X509V1CertificateGenerator(); - - certGen1.setSerialNumber(BigInteger.valueOf(1)); - certGen1.setIssuerDN(new X509Principal(ord, values)); - certGen1.setNotBefore(new Date(System.currentTimeMillis() - 50000)); - certGen1.setNotAfter(new Date(System.currentTimeMillis() + 50000)); - certGen1.setSubjectDN(new X509Principal(ord, values)); - certGen1.setPublicKey(pubKey); - certGen1.setSignatureAlgorithm("SHA1withDSA"); - - try - { - X509Certificate cert = certGen1.generate(privKey); - - cert.checkValidity(new Date()); - - cert.verify(pubKey); - - ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded()); - CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC"); - - cert = (X509Certificate)fact.generateCertificate(bIn); - - //System.out.println(cert); - } - catch (Exception e) - { - fail("error setting generating cert - " + e.toString()); - } - - // - // exception test - // - try - { - certGen.setPublicKey(dudPublicKey); - - fail("key without encoding not detected in v1"); - } - catch (IllegalArgumentException e) - { - // expected - } - } - - /** - * we generate a self signed certificate for the sake of testing - ECDSA - */ - public void checkCreation3() - { - ECCurve curve = new ECCurve.Fp( - new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q - new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a - new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b - - ECParameterSpec spec = new ECParameterSpec( - curve, - curve.decodePoint(Hex.decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G - new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n - - - ECPrivateKeySpec privKeySpec = new ECPrivateKeySpec( - new BigInteger("876300101507107567501066130761671078357010671067781776716671676178726717"), // d - spec); - - ECPublicKeySpec pubKeySpec = new ECPublicKeySpec( - curve.decodePoint(Hex.decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q - spec); - - // - // set up the keys - // - PrivateKey privKey; - PublicKey pubKey; - - try - { - KeyFactory fact = KeyFactory.getInstance("ECDSA", "BC"); - - privKey = fact.generatePrivate(privKeySpec); - pubKey = fact.generatePublic(pubKeySpec); - } - catch (Exception e) - { - fail("error setting up keys - " + e.toString()); - return; - } - - // - // distinguished name table. - // - Hashtable attrs = new Hashtable(); - Vector order = new Vector(); - - attrs.put(X509Principal.C, "AU"); - attrs.put(X509Principal.O, "The Legion of the Bouncy Castle"); - attrs.put(X509Principal.L, "Melbourne"); - attrs.put(X509Principal.ST, "Victoria"); - attrs.put(X509Principal.E, "feedback-crypto@bouncycastle.org"); - - order.addElement(X509Principal.C); - order.addElement(X509Principal.O); - order.addElement(X509Principal.L); - order.addElement(X509Principal.ST); - order.addElement(X509Principal.E); - - - // - // toString test - // - X509Principal p = new X509Principal(order, attrs); - String s = p.toString(); - - if (!s.equals("C=AU,O=The Legion of the Bouncy Castle,L=Melbourne,ST=Victoria,E=feedback-crypto@bouncycastle.org")) + catch (TestFailedException e) { - fail("ordered X509Principal test failed - s = " + s + "."); - } - -// p = new X509Principal(attrs); -// s = p.toString(); -// -// // -// // we need two of these as the hash code for strings changed... -// // -// if (!s.equals("O=The Legion of the Bouncy Castle,E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU") && !s.equals("ST=Victoria,L=Melbourne,C=AU,E=feedback-crypto@bouncycastle.org,O=The Legion of the Bouncy Castle")) -// { -// fail("unordered X509Principal test failed."); -// } - - // - // create the certificate - version 3 - // - X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); - - certGen.setSerialNumber(BigInteger.valueOf(1)); - certGen.setIssuerDN(new X509Principal(order, attrs)); - certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000)); - certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); - certGen.setSubjectDN(new X509Principal(order, attrs)); - certGen.setPublicKey(pubKey); - certGen.setSignatureAlgorithm("SHA1withECDSA"); - - try - { - X509Certificate cert = certGen.generate(privKey); - - cert.checkValidity(new Date()); - - cert.verify(pubKey); - - ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded()); - CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC"); - - cert = (X509Certificate)fact.generateCertificate(bIn); - - // - // try with point compression turned off - // - ((ECPointEncoder)pubKey).setPointFormat("UNCOMPRESSED"); - - certGen.setPublicKey(pubKey); - - cert = certGen.generate(privKey, "BC"); - - cert.checkValidity(new Date()); - - cert.verify(pubKey); - - bIn = new ByteArrayInputStream(cert.getEncoded()); - fact = CertificateFactory.getInstance("X.509", "BC"); - - cert = (X509Certificate)fact.generateCertificate(bIn); - // System.out.println(cert); + throw e; } catch (Exception e) { - fail("error setting generating cert - " + e.toString()); - } - - X509Principal pr = new X509Principal("O=\"The Bouncy Castle, The Legion of\",E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU"); - - if (!pr.toString().equals("O=The Bouncy Castle\\, The Legion of,E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU")) - { - fail("string based X509Principal test failed."); - } - - pr = new X509Principal("O=The Bouncy Castle\\, The Legion of,E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU"); - - if (!pr.toString().equals("O=The Bouncy Castle\\, The Legion of,E=feedback-crypto@bouncycastle.org,ST=Victoria,L=Melbourne,C=AU")) - { - fail("string based X509Principal test failed."); + fail(dump + System.getProperty("line.separator") + getName() + ": "+ id + " failed - exception " + e.toString(), e); } } - - /** - * we generate a self signed certificate for the sake of testing - SHA224withECDSA - */ - private void createECCert(String algorithm, DERObjectIdentifier algOid) - throws Exception - { - ECCurve.Fp curve = new ECCurve.Fp( - new BigInteger("6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057151"), // q (or p) - new BigInteger("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", 16), // a - new BigInteger("0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", 16)); // b - - ECParameterSpec spec = new ECParameterSpec( - curve, - curve.decodePoint(Hex.decode("0200C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66")), // G - new BigInteger("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", 16)); // n - - ECPrivateKeySpec privKeySpec = new ECPrivateKeySpec( - new BigInteger("5769183828869504557786041598510887460263120754767955773309066354712783118202294874205844512909370791582896372147797293913785865682804434049019366394746072023"), // d - spec); - - ECPublicKeySpec pubKeySpec = new ECPublicKeySpec( - curve.decodePoint(Hex.decode("02006BFDD2C9278B63C92D6624F151C9D7A822CC75BD983B17D25D74C26740380022D3D8FAF304781E416175EADF4ED6E2B47142D2454A7AC7801DD803CF44A4D1F0AC")), // Q - spec); - - // - // set up the keys - // - PrivateKey privKey; - PublicKey pubKey; - - KeyFactory fact = KeyFactory.getInstance("ECDSA", "BC"); - - privKey = fact.generatePrivate(privKeySpec); - pubKey = fact.generatePublic(pubKeySpec); - - - // - // distinguished name table. - // - Hashtable attrs = new Hashtable(); - Vector order = new Vector(); - - attrs.put(X509Principal.C, "AU"); - attrs.put(X509Principal.O, "The Legion of the Bouncy Castle"); - attrs.put(X509Principal.L, "Melbourne"); - attrs.put(X509Principal.ST, "Victoria"); - attrs.put(X509Principal.E, "feedback-crypto@bouncycastle.org"); - - order.addElement(X509Principal.C); - order.addElement(X509Principal.O); - order.addElement(X509Principal.L); - order.addElement(X509Principal.ST); - order.addElement(X509Principal.E); - - // - // create the certificate - version 3 - // - X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); - - certGen.setSerialNumber(BigInteger.valueOf(1)); - certGen.setIssuerDN(new X509Principal(order, attrs)); - certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000)); - certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); - certGen.setSubjectDN(new X509Principal(order, attrs)); - certGen.setPublicKey(pubKey); - certGen.setSignatureAlgorithm(algorithm); - - - X509Certificate cert = certGen.generate(privKey, "BC"); - - cert.checkValidity(new Date()); - - cert.verify(pubKey); - - ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded()); - CertificateFactory certFact = CertificateFactory.getInstance("X.509", "BC"); - - cert = (X509Certificate)certFact.generateCertificate(bIn); - - // - // try with point compression turned off - // - ((ECPointEncoder)pubKey).setPointFormat("UNCOMPRESSED"); - - certGen.setPublicKey(pubKey); - - cert = certGen.generate(privKey, "BC"); - - cert.checkValidity(new Date()); - - cert.verify(pubKey); - - bIn = new ByteArrayInputStream(cert.getEncoded()); - certFact = CertificateFactory.getInstance("X.509", "BC"); - - cert = (X509Certificate)certFact.generateCertificate(bIn); - - if (!cert.getSigAlgOID().equals(algOid.toString())) - { - fail("ECDSA oid incorrect."); - } - - if (cert.getSigAlgParams() != null) - { - fail("sig parameters present"); - } - - Signature sig = Signature.getInstance(algorithm, "BC"); - - sig.initVerify(pubKey); - - sig.update(cert.getTBSCertificate()); - - if (!sig.verify(cert.getSignature())) - { - fail("EC certificate signature not mapped correctly."); - } - // System.out.println(cert); - } private void checkCRL( int id, @@ -1878,527 +1268,6 @@ public class CertTest } - public void checkCRLCreation1() - throws Exception - { - KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC"); - X509V2CRLGenerator crlGen = new X509V2CRLGenerator(); - Date now = new Date(); - KeyPair pair = kpGen.generateKeyPair(); - - crlGen.setIssuerDN(new X500Principal("CN=Test CA")); - - crlGen.setThisUpdate(now); - crlGen.setNextUpdate(new Date(now.getTime() + 100000)); - crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); - - crlGen.addCRLEntry(BigInteger.ONE, now, CRLReason.privilegeWithdrawn); - - crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic())); - - X509CRL crl = crlGen.generate(pair.getPrivate(), "BC"); - - if (!crl.getIssuerX500Principal().equals(new X500Principal("CN=Test CA"))) - { - fail("failed CRL issuer test"); - } - - byte[] authExt = crl.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId()); - - if (authExt == null) - { - fail("failed to find CRL extension"); - } - - AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt); - - X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE); - - if (entry == null) - { - fail("failed to find CRL entry"); - } - - if (!entry.getSerialNumber().equals(BigInteger.ONE)) - { - fail("CRL cert serial number does not match"); - } - - if (!entry.hasExtensions()) - { - fail("CRL entry extension not found"); - } - - byte[] ext = entry.getExtensionValue(X509Extensions.ReasonCode.getId()); - - if (ext != null) - { - DEREnumerated reasonCode = (DEREnumerated)X509ExtensionUtil.fromExtensionValue(ext); - - if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn) - { - fail("CRL entry reasonCode wrong"); - } - } - else - { - fail("CRL entry reasonCode not found"); - } - } - - public void checkCRLCreation2() - throws Exception - { - KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC"); - X509V2CRLGenerator crlGen = new X509V2CRLGenerator(); - Date now = new Date(); - KeyPair pair = kpGen.generateKeyPair(); - - crlGen.setIssuerDN(new X500Principal("CN=Test CA")); - - crlGen.setThisUpdate(now); - crlGen.setNextUpdate(new Date(now.getTime() + 100000)); - crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); - - Vector extOids = new Vector(); - Vector extValues = new Vector(); - - CRLReason crlReason = CRLReason.lookup(CRLReason.privilegeWithdrawn); - - try - { - extOids.addElement(X509Extensions.ReasonCode); - extValues.addElement(new X509Extension(false, new DEROctetString(crlReason.getEncoded()))); - } - catch (IOException e) - { - throw new IllegalArgumentException("error encoding reason: " + e); - } - - X509Extensions entryExtensions = new X509Extensions(extOids, extValues); - - crlGen.addCRLEntry(BigInteger.ONE, now, entryExtensions); - - crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic())); - - X509CRL crl = crlGen.generate(pair.getPrivate(), "BC"); - - if (!crl.getIssuerX500Principal().equals(new X500Principal("CN=Test CA"))) - { - fail("failed CRL issuer test"); - } - - byte[] authExt = crl.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId()); - - if (authExt == null) - { - fail("failed to find CRL extension"); - } - - AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt); - - X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE); - - if (entry == null) - { - fail("failed to find CRL entry"); - } - - if (!entry.getSerialNumber().equals(BigInteger.ONE)) - { - fail("CRL cert serial number does not match"); - } - - if (!entry.hasExtensions()) - { - fail("CRL entry extension not found"); - } - - byte[] ext = entry.getExtensionValue(X509Extensions.ReasonCode.getId()); - - if (ext != null) - { - DEREnumerated reasonCode = (DEREnumerated)X509ExtensionUtil.fromExtensionValue(ext); - - if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn) - { - fail("CRL entry reasonCode wrong"); - } - } - else - { - fail("CRL entry reasonCode not found"); - } - } - - public void checkCRLCreation3() - throws Exception - { - KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC"); - X509V2CRLGenerator crlGen = new X509V2CRLGenerator(); - Date now = new Date(); - KeyPair pair = kpGen.generateKeyPair(); - - crlGen.setIssuerDN(new X500Principal("CN=Test CA")); - - crlGen.setThisUpdate(now); - crlGen.setNextUpdate(new Date(now.getTime() + 100000)); - crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); - - Vector extOids = new Vector(); - Vector extValues = new Vector(); - - CRLReason crlReason = CRLReason.lookup(CRLReason.privilegeWithdrawn); - - try - { - extOids.addElement(X509Extensions.ReasonCode); - extValues.addElement(new X509Extension(false, new DEROctetString(crlReason.getEncoded()))); - } - catch (IOException e) - { - throw new IllegalArgumentException("error encoding reason: " + e); - } - - X509Extensions entryExtensions = new X509Extensions(extOids, extValues); - - crlGen.addCRLEntry(BigInteger.ONE, now, entryExtensions); - - crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic())); - - X509CRL crl = crlGen.generate(pair.getPrivate(), "BC"); - - if (!crl.getIssuerX500Principal().equals(new X500Principal("CN=Test CA"))) - { - fail("failed CRL issuer test"); - } - - byte[] authExt = crl.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId()); - - if (authExt == null) - { - fail("failed to find CRL extension"); - } - - AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt); - - X509CRLEntry entry = crl.getRevokedCertificate(BigInteger.ONE); - - if (entry == null) - { - fail("failed to find CRL entry"); - } - - if (!entry.getSerialNumber().equals(BigInteger.ONE)) - { - fail("CRL cert serial number does not match"); - } - - if (!entry.hasExtensions()) - { - fail("CRL entry extension not found"); - } - - byte[] ext = entry.getExtensionValue(X509Extensions.ReasonCode.getId()); - - if (ext != null) - { - DEREnumerated reasonCode = (DEREnumerated)X509ExtensionUtil.fromExtensionValue(ext); - - if (reasonCode.getValue().intValue() != CRLReason.privilegeWithdrawn) - { - fail("CRL entry reasonCode wrong"); - } - } - else - { - fail("CRL entry reasonCode not found"); - } - - // - // check loading of existing CRL - // - crlGen = new X509V2CRLGenerator(); - now = new Date(); - - crlGen.setIssuerDN(new X500Principal("CN=Test CA")); - - crlGen.setThisUpdate(now); - crlGen.setNextUpdate(new Date(now.getTime() + 100000)); - crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); - - crlGen.addCRL(crl); - - crlGen.addCRLEntry(BigInteger.valueOf(2), now, entryExtensions); - - crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.getPublic())); - - X509CRL newCrl = crlGen.generate(pair.getPrivate(), "BC"); - - int count = 0; - boolean oneFound = false; - boolean twoFound = false; - - Iterator it = newCrl.getRevokedCertificates().iterator(); - while (it.hasNext()) - { - X509CRLEntry crlEnt = (X509CRLEntry)it.next(); - - if (crlEnt.getSerialNumber().intValue() == 1) - { - oneFound = true; - } - else if (crlEnt.getSerialNumber().intValue() == 2) - { - twoFound = true; - } - - count++; - } - - if (count != 2) - { - fail("wrong number of CRLs found"); - } - - if (!oneFound || !twoFound) - { - fail("wrong CRLs found in copied list"); - } - - // - // check factory read back - // - CertificateFactory cFact = CertificateFactory.getInstance("X.509", "BC"); - - X509CRL readCrl = (X509CRL)cFact.generateCRL(new ByteArrayInputStream(newCrl.getEncoded())); - - if (readCrl == null) - { - fail("crl not returned!"); - } - - Collection col = cFact.generateCRLs(new ByteArrayInputStream(newCrl.getEncoded())); - - if (col.size() != 1) - { - fail("wrong number of CRLs found in collection"); - } - } - - /** - * we generate a self signed certificate for the sake of testing - GOST3410 - */ - public void checkCreation4() - throws Exception - { - // - // set up the keys - // - PrivateKey privKey; - PublicKey pubKey; - - KeyPairGenerator g = KeyPairGenerator.getInstance("GOST3410", "BC"); - GOST3410ParameterSpec gost3410P = new GOST3410ParameterSpec("GostR3410-94-CryptoPro-A"); - - g.initialize(gost3410P, new SecureRandom()); - - KeyPair p = g.generateKeyPair(); - - privKey = p.getPrivate(); - pubKey = p.getPublic(); - - // - // distinguished name table. - // - Hashtable attrs = new Hashtable(); - Vector order = new Vector(); - - attrs.put(X509Principal.C, "AU"); - attrs.put(X509Principal.O, "The Legion of the Bouncy Castle"); - attrs.put(X509Principal.L, "Melbourne"); - attrs.put(X509Principal.ST, "Victoria"); - attrs.put(X509Principal.E, "feedback-crypto@bouncycastle.org"); - - order.addElement(X509Principal.C); - order.addElement(X509Principal.O); - order.addElement(X509Principal.L); - order.addElement(X509Principal.ST); - order.addElement(X509Principal.E); - - // - // extensions - // - - // - // create the certificate - version 3 - // - X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); - - certGen.setSerialNumber(BigInteger.valueOf(1)); - certGen.setIssuerDN(new X509Principal(order, attrs)); - certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000)); - certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); - certGen.setSubjectDN(new X509Principal(order, attrs)); - certGen.setPublicKey(pubKey); - certGen.setSignatureAlgorithm("GOST3411withGOST3410"); - - X509Certificate cert = certGen.generate(privKey, "BC"); - - cert.checkValidity(new Date()); - - // - // check verifies in general - // - cert.verify(pubKey); - - // - // check verifies with contained key - // - cert.verify(cert.getPublicKey()); - - ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded()); - CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC"); - - cert = (X509Certificate)fact.generateCertificate(bIn); - - //System.out.println(cert); - - //check getEncoded() - byte[] bytesch = cert.getEncoded(); - } - - public void checkCreation5() - throws Exception - { - // - // a sample key pair. - // - RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec( - new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), - new BigInteger("11", 16)); - - RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec( - new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), - new BigInteger("11", 16), - new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16), - new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16), - new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16), - new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16), - new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16), - new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16)); - - // - // set up the keys - // - SecureRandom rand = new SecureRandom(); - PrivateKey privKey; - PublicKey pubKey; - - KeyFactory fact = KeyFactory.getInstance("RSA", "BC"); - - privKey = fact.generatePrivate(privKeySpec); - pubKey = fact.generatePublic(pubKeySpec); - - // - // distinguished name table. - // - Vector ord = new Vector(); - Vector values = new Vector(); - - ord.addElement(X509Principal.C); - ord.addElement(X509Principal.O); - ord.addElement(X509Principal.L); - ord.addElement(X509Principal.ST); - ord.addElement(X509Principal.E); - - values.addElement("AU"); - values.addElement("The Legion of the Bouncy Castle"); - values.addElement("Melbourne"); - values.addElement("Victoria"); - values.addElement("feedback-crypto@bouncycastle.org"); - - // - // create base certificate - version 3 - // - X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); - - certGen.setSerialNumber(BigInteger.valueOf(1)); - certGen.setIssuerDN(new X509Principal(ord, values)); - certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000)); - certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); - certGen.setSubjectDN(new X509Principal(ord, values)); - certGen.setPublicKey(pubKey); - certGen.setSignatureAlgorithm("MD5WithRSAEncryption"); - certGen.addExtension("2.5.29.15", true, - new X509KeyUsage(X509KeyUsage.encipherOnly)); - certGen.addExtension("2.5.29.37", true, - new DERSequence(KeyPurposeId.anyExtendedKeyUsage)); - certGen.addExtension("2.5.29.17", true, - new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test"))); - - X509Certificate baseCert = certGen.generate(privKey, "BC"); - - // - // copy certificate - // - certGen = new X509V3CertificateGenerator(); - - certGen.setSerialNumber(BigInteger.valueOf(1)); - certGen.setIssuerDN(new X509Principal(ord, values)); - certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000)); - certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); - certGen.setSubjectDN(new X509Principal(ord, values)); - certGen.setPublicKey(pubKey); - certGen.setSignatureAlgorithm("MD5WithRSAEncryption"); - - certGen.copyAndAddExtension(new DERObjectIdentifier("2.5.29.15"), true, baseCert); - certGen.copyAndAddExtension("2.5.29.37", false, baseCert); - - X509Certificate cert = certGen.generate(privKey, "BC"); - - cert.checkValidity(new Date()); - - cert.verify(pubKey); - - if (!areEqual(baseCert.getExtensionValue("2.5.29.15"), cert.getExtensionValue("2.5.29.15"))) - { - fail("2.5.29.15 differs"); - } - - if (!areEqual(baseCert.getExtensionValue("2.5.29.37"), cert.getExtensionValue("2.5.29.37"))) - { - fail("2.5.29.37 differs"); - } - - // - // exception test - // - try - { - certGen.copyAndAddExtension("2.5.99.99", true, baseCert); - - fail("exception not thrown on dud extension copy"); - } - catch (CertificateParsingException e) - { - // expected - } - - try - { - certGen.setPublicKey(dudPublicKey); - - certGen.generate(privKey, "BC"); - - fail("key without encoding not detected in v3"); - } - catch (IllegalArgumentException e) - { - // expected - } - } - private void testForgedSignature() throws Exception { @@ -2473,7 +1342,7 @@ public class CertTest ASN1EncodableVector certs = new ASN1EncodableVector(); certs.add(new ASN1InputStream(CertPathTest.rootCertBin).readObject()); - certs.add(new DERTaggedObject(false, 2, new ASN1InputStream(AttrCertTest.attrCert).readObject())); + certs.add(new DERTaggedObject(false, 2, new ASN1InputStream(AttrCertData.attrCert).readObject())); ASN1EncodableVector crls = new ASN1EncodableVector(); @@ -2494,6 +1363,12 @@ public class CertTest { fail("PKCS7 crl not read"); } + + if (!"SHA256WITHRSA".equals(crl.getSigAlgName())) + { + fail("signature ID not matched in CRL: " + crl.getSigAlgName()); + } + Collection col = cf.generateCertificates(new ByteArrayInputStream(info.getEncoded())); if (col.size() != 1 || !col.contains(cert)) { @@ -2557,90 +1432,6 @@ public class CertTest } } - private void createPSSCert(String algorithm) - throws Exception - { - KeyPair pair = generateLongFixedKeys(); - - PrivateKey privKey = pair.getPrivate(); - PublicKey pubKey = pair.getPublic(); - - // - // distinguished name table. - // - Vector ord = new Vector(); - Vector values = new Vector(); - - ord.addElement(X509Principal.C); - ord.addElement(X509Principal.O); - ord.addElement(X509Principal.L); - ord.addElement(X509Principal.ST); - ord.addElement(X509Principal.E); - - values.addElement("AU"); - values.addElement("The Legion of the Bouncy Castle"); - values.addElement("Melbourne"); - values.addElement("Victoria"); - values.addElement("feedback-crypto@bouncycastle.org"); - - // - // create base certificate - version 3 - // - X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); - - certGen.setSerialNumber(BigInteger.valueOf(1)); - certGen.setIssuerDN(new X509Principal(ord, values)); - certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000)); - certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); - certGen.setSubjectDN(new X509Principal(ord, values)); - certGen.setPublicKey(pubKey); - certGen.setSignatureAlgorithm(algorithm); - certGen.addExtension("2.5.29.15", true, - new X509KeyUsage(X509KeyUsage.encipherOnly)); - certGen.addExtension("2.5.29.37", true, - new DERSequence(KeyPurposeId.anyExtendedKeyUsage)); - certGen.addExtension(Extension.subjectAlternativeName.getId(), true, - new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test"))); - certGen.addExtension(Extension.issuerAlternativeName, false, - new GeneralNames(new GeneralName(GeneralName.directoryName, new X500Name("O=Test, OU=Testing, C=AU")))); - - X509Certificate baseCert = certGen.generate(privKey, "BC"); - - Collection names = baseCert.getSubjectAlternativeNames(); - - if (names.size() != 1) - { - fail("subject alt names size incorrect"); - } - - List name = (List)names.iterator().next(); - if(!name.get(0).equals(Integers.valueOf(GeneralName.rfc822Name))) - { - fail("subject alt name type incorrect"); - } - - names = baseCert.getIssuerAlternativeNames(); - - if (names.size() != 1) - { - fail("issuer alt names size incorrect"); - } - - name = (List)names.iterator().next(); - if(!name.get(0).equals(Integers.valueOf(GeneralName.directoryName))) - { - fail("issuer alt name type incorrect"); - } - - // check IETF output (reverse of default BC) - if (!name.get(1).equals("c=AU,ou=Testing,o=Test")) - { - fail("issuer alt name dir string incorrect"); - } - - baseCert.verify(pubKey); - } - private KeyPair generateLongFixedKeys() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { @@ -2677,55 +1468,6 @@ public class CertTest x509.verify(x509.getPublicKey(), "BC"); } - private void testNullDerNullCert() - throws Exception - { - KeyPair pair = generateLongFixedKeys(); - PublicKey pubKey = pair.getPublic(); - PrivateKey privKey = pair.getPrivate(); - - X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); - - certGen.setSerialNumber(BigInteger.valueOf(1)); - certGen.setIssuerDN(new X509Principal("CN=Test")); - certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000)); - certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); - certGen.setSubjectDN(new X509Principal("CN=Test")); - certGen.setPublicKey(pubKey); - certGen.setSignatureAlgorithm("MD5WithRSAEncryption"); - X509Certificate cert = certGen.generate(privKey, "BC"); - - X509CertificateStructure struct = X509CertificateStructure.getInstance(ASN1Primitive.fromByteArray(cert.getEncoded())); - - ASN1Encodable tbsCertificate = struct.getTBSCertificate(); - AlgorithmIdentifier sig = struct.getSignatureAlgorithm(); - - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(tbsCertificate); - v.add(new AlgorithmIdentifier(sig.getObjectId())); - v.add(struct.getSignature()); - - // verify - ByteArrayInputStream bIn; - String dump = ""; - - try - { - bIn = new ByteArrayInputStream(new DERSequence(v).getEncoded()); - - CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC"); - - cert = (X509Certificate)fact.generateCertificate(bIn); - - cert.verify(cert.getPublicKey()); - } - catch (Exception e) - { - fail(dump + System.getProperty("line.separator") + getName() + ": testNullDerNull failed - exception " + e.toString(), e); - } - } - private void checkComparison(byte[] encCert) throws NoSuchProviderException, CertificateException { @@ -2740,10 +1482,11 @@ public class CertTest fail("BC/Sun equals test failed"); } - if (bcCert.hashCode() != sunCert.hashCode()) - { - fail("BC/Sun hashCode test failed"); - } + // Yes, they actually changed hashCode() on a certificate in JDK 1.8... +// if (bcCert.hashCode() != sunCert.hashCode()) +// { +// fail("BC/Sun hashCode test failed"); +// } } private void testV1CRL() @@ -2762,7 +1505,6 @@ public class CertTest jceCRL.verify(jceIssuer.getPublicKey()); - // verify CRL with BC provider CertificateFactory bcFac = CertificateFactory.getInstance("X.509", "BC"); @@ -2774,6 +1516,16 @@ public class CertTest jceCRL.verify(bcIssuer.getPublicKey()); bcCRL.verify(bcIssuer.getPublicKey()); + + if (!"SHA1WITHRSA".equals(bcCRL.getSigAlgName())) + { + fail("signature ID not matched in CRL"); + } + + if (!"SHA1WITHRSA".equals(bcIssuer.getSigAlgName())) + { + fail("signature ID not matched in certificate"); + } } private void testCertPathEncAvailableTest() @@ -2818,24 +1570,24 @@ public class CertTest checkComparison(cert1); checkKeyUsage(8, keyUsage); - checkSelfSignedCertificate(9, uncompressedPtEC); + checkSelfSignedCertificate(9, uncompressedPtEC, "ECDSA"); checkNameCertificate(10, nameCert); - checkSelfSignedCertificate(11, probSelfSignedCert); - checkSelfSignedCertificate(12, gostCA1); - checkSelfSignedCertificate(13, gostCA2); - checkSelfSignedCertificate(14, gost341094base); - checkSelfSignedCertificate(15, gost34102001base); - checkSelfSignedCertificate(16, gost341094A); - checkSelfSignedCertificate(17, gost341094B); - checkSelfSignedCertificate(18, gost34102001A); + checkSelfSignedCertificate(11, probSelfSignedCert, "SHA1WITHRSA"); + checkSelfSignedCertificate(12, gostCA1, "GOST3410"); + checkSelfSignedCertificate(13, gostCA2, "GOST3411WITHECGOST3410"); + checkSelfSignedCertificate(14, gost341094base, "GOST3410"); + checkSelfSignedCertificate(15, gost34102001base, "GOST3411WITHECGOST3410"); + checkSelfSignedCertificate(16, gost341094A, "GOST3410"); + checkSelfSignedCertificate(17, gost341094B, "GOST3410"); + checkSelfSignedCertificate(18, gost34102001A, "GOST3411WITHECGOST3410"); try { - checkSelfSignedCertificate(19, uaczo1); - checkSelfSignedCertificate(20, uaczo2); - checkSelfSignedCertificate(21, uaczo3); - checkSelfSignedCertificate(22, uaczo4); + checkSelfSignedCertificate(19, uaczo1, "GOST3411WITHDSTU4145LE"); + checkSelfSignedCertificate(20, uaczo2, "GOST3411WITHDSTU4145LE"); + checkSelfSignedCertificate(21, uaczo3, "GOST3411WITHDSTU4145LE"); + checkSelfSignedCertificate(22, uaczo4, "GOST3411WITHDSTU4145LE"); } catch (Exception e) { @@ -2847,35 +1599,12 @@ public class CertTest checkCRL(1, crl1); - checkCreation1(); - checkCreation2(); - checkCreation3(); - checkCreation4(); - checkCreation5(); - - createECCert("SHA1withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1); - createECCert("SHA224withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224); - createECCert("SHA256withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256); - createECCert("SHA384withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384); - createECCert("SHA512withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512); - - createPSSCert("SHA1withRSAandMGF1"); - createPSSCert("SHA224withRSAandMGF1"); - createPSSCert("SHA256withRSAandMGF1"); - createPSSCert("SHA384withRSAandMGF1"); - - checkCRLCreation1(); - checkCRLCreation2(); - checkCRLCreation3(); - pemTest(); pkcs7Test(); rfc4491Test(); testForgedSignature(); - testNullDerNullCert(); - checkCertificate(18, emptyDNCert); testCertPathEncAvailableTest(); |