List of usage examples for org.bouncycastle.asn1 ASN1InputStream ASN1InputStream
public ASN1InputStream(byte[] input)
From source file:org.cesecore.certificates.ca.X509CATest.java
License:Open Source License
/** * Tests the extension CRL Distribution Point on CRLs * //from w w w .jav a2 s . c om */ @Test public void testCRLDistPointOnCRL() throws Exception { final CryptoToken cryptoToken = getNewCryptoToken(); final X509CA ca = createTestCA(cryptoToken, CADN); final String cdpURL = "http://www.ejbca.org/foo/bar.crl"; X509CAInfo cainfo = (X509CAInfo) ca.getCAInfo(); cainfo.setUseCrlDistributionPointOnCrl(true); cainfo.setDefaultCRLDistPoint(cdpURL); ca.updateCA(cryptoToken, cainfo); Collection<RevokedCertInfo> revcerts = new ArrayList<RevokedCertInfo>(); X509CRLHolder crl = ca.generateCRL(cryptoToken, revcerts, 1); assertNotNull(crl); X509CRL xcrl = CertTools.getCRLfromByteArray(crl.getEncoded()); byte[] cdpDER = xcrl.getExtensionValue(Extension.issuingDistributionPoint.getId()); assertNotNull("CRL has no distribution points", cdpDER); ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(cdpDER)); ASN1OctetString octs = (ASN1OctetString) aIn.readObject(); aIn = new ASN1InputStream(new ByteArrayInputStream(octs.getOctets())); IssuingDistributionPoint cdp = IssuingDistributionPoint.getInstance((ASN1Sequence) aIn.readObject()); DistributionPointName distpoint = cdp.getDistributionPoint(); assertEquals("CRL distribution point is different", cdpURL, ((DERIA5String) ((GeneralNames) distpoint.getName()).getNames()[0].getName()).getString()); cainfo.setUseCrlDistributionPointOnCrl(false); cainfo.setDefaultCRLDistPoint(null); ca.updateCA(cryptoToken, cainfo); crl = ca.generateCRL(cryptoToken, revcerts, 1); assertNotNull(crl); xcrl = CertTools.getCRLfromByteArray(crl.getEncoded()); assertNull("CRL has distribution points", xcrl.getExtensionValue(Extension.cRLDistributionPoints.getId())); }
From source file:org.cesecore.certificates.ca.X509CATest.java
License:Open Source License
/** * Tests the extension Freshest CRL DP.//w w w. jav a2 s . c o m * * @throws Exception * in case of error. */ @Test public void testCRLFreshestCRL() throws Exception { final CryptoToken cryptoToken = getNewCryptoToken(); final X509CA ca = createTestCA(cryptoToken, CADN); final String cdpURL = "http://www.ejbca.org/foo/bar.crl"; final String freshestCdpURL = "http://www.ejbca.org/foo/delta.crl"; X509CAInfo cainfo = (X509CAInfo) ca.getCAInfo(); cainfo.setUseCrlDistributionPointOnCrl(true); cainfo.setDefaultCRLDistPoint(cdpURL); cainfo.setCADefinedFreshestCRL(freshestCdpURL); ca.updateCA(cryptoToken, cainfo); Collection<RevokedCertInfo> revcerts = new ArrayList<RevokedCertInfo>(); X509CRLHolder crl = ca.generateCRL(cryptoToken, revcerts, 1); assertNotNull(crl); X509CRL xcrl = CertTools.getCRLfromByteArray(crl.getEncoded()); byte[] cFreshestDpDER = xcrl.getExtensionValue(Extension.freshestCRL.getId()); assertNotNull("CRL has no Freshest Distribution Point", cFreshestDpDER); ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(cFreshestDpDER)); ASN1OctetString octs = (ASN1OctetString) aIn.readObject(); aIn = new ASN1InputStream(new ByteArrayInputStream(octs.getOctets())); CRLDistPoint cdp = CRLDistPoint.getInstance((ASN1Sequence) aIn.readObject()); DistributionPoint[] distpoints = cdp.getDistributionPoints(); assertEquals("More CRL Freshest distributions points than expected", 1, distpoints.length); assertEquals("Freshest CRL distribution point is different", freshestCdpURL, ((DERIA5String) ((GeneralNames) distpoints[0].getDistributionPoint().getName()).getNames()[0] .getName()).getString()); cainfo.setUseCrlDistributionPointOnCrl(false); cainfo.setDefaultCRLDistPoint(null); cainfo.setCADefinedFreshestCRL(null); ca.updateCA(cryptoToken, cainfo); crl = ca.generateCRL(cryptoToken, revcerts, 1); assertNotNull(crl); xcrl = CertTools.getCRLfromByteArray(crl.getEncoded()); assertNull("CRL has freshest crl extension", xcrl.getExtensionValue(Extension.freshestCRL.getId())); }
From source file:org.cesecore.certificates.ca.X509CATest.java
License:Open Source License
/** * Test that the CA can issue certificates with custom certificate extensions. *//*from ww w . j a va 2 s . co m*/ @Test public void testCustomCertificateExtension() throws Exception { final CryptoToken cryptoToken = getNewCryptoToken(); X509CA testCa = createTestCA(cryptoToken, "CN=foo"); Collection<RevokedCertInfo> revcerts = new ArrayList<RevokedCertInfo>(); X509CRLHolder testCrl = testCa.generateCRL(cryptoToken, revcerts, 0); assertNotNull(testCrl); X509CRL xcrl = CertTools.getCRLfromByteArray(testCrl.getEncoded()); Collection<String> result = CertTools.getAuthorityInformationAccess(xcrl); assertEquals("A list was returned without any values present.", 0, result.size()); // Issue a certificate with two different basic certificate extensions EndEntityInformation user = new EndEntityInformation("username", "CN=User", 666, "rfc822Name=user@user.com", "user@user.com", new EndEntityType(EndEntityTypes.ENDUSER), 0, 0, EndEntityConstants.TOKEN_USERGEN, 0, null); CertificateProfile cp = new CertificateProfile(CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER); // Configure some custom basic certificate extension // one with a good IA5String encoding Properties prop = new Properties(); prop.put("id1.oid", "2.16.840.1.113730.1.13"); prop.put("id1.classpath", "org.cesecore.certificates.certificate.certextensions.BasicCertificateExtension"); prop.put("id1.displayname", "NetscapeComment"); prop.put("id1.used", "true"); prop.put("id1.translatable", "false"); prop.put("id1.critical", "false"); prop.put("id1.property.encoding", "DERIA5STRING"); prop.put("id1.property.dynamin", "false"); prop.put("id1.property.value", "Hello World"); // one RAW with proper DER encoding prop.put("id2.oid", "1.2.3.4"); prop.put("id2.classpath", "org.cesecore.certificates.certificate.certextensions.BasicCertificateExtension"); prop.put("id2.displayname", "RawProper"); prop.put("id2.used", "true"); prop.put("id2.translatable", "false"); prop.put("id2.critical", "false"); prop.put("id2.property.encoding", "RAW"); prop.put("id2.property.dynamin", "false"); prop.put("id2.property.value", "301a300c060a2b060104018237140202300a06082b06010505070302"); // one RAW with no DER encoding (actually invalid according to RFC5280) prop.put("id3.oid", "1.2.3.5"); prop.put("id3.classpath", "org.cesecore.certificates.certificate.certextensions.BasicCertificateExtension"); prop.put("id3.displayname", "RawNoDer"); prop.put("id3.used", "true"); prop.put("id3.translatable", "false"); prop.put("id3.critical", "false"); prop.put("id3.property.encoding", "RAW"); prop.put("id3.property.dynamin", "false"); prop.put("id3.property.value", "aabbccddeeff00"); // Load the Custom extensions Field certificateExtensionFactoryInstance = CertificateExtensionFactory.class.getDeclaredField("instance"); certificateExtensionFactoryInstance.setAccessible(true); Method parseConfiguration = CertificateExtensionFactory.class.getDeclaredMethod("parseConfiguration", Properties.class); parseConfiguration.setAccessible(true); CertificateExtensionFactory instance = (CertificateExtensionFactory) parseConfiguration.invoke(null, prop); certificateExtensionFactoryInstance.set(null, instance); CertificateExtensionFactory fact = CertificateExtensionFactory.getInstance(); assertEquals(fact.getCertificateExtensions(1).getOID(), "2.16.840.1.113730.1.13"); assertEquals(fact.getCertificateExtensions(2).getOID(), "1.2.3.4"); assertEquals(fact.getCertificateExtensions(3).getOID(), "1.2.3.5"); // Configure to use the custom extensions in the certificate profile List<Integer> list = new ArrayList<Integer>(); list.add(1); list.add(2); list.add(3); cp.setUsedCertificateExtensions(list); final KeyPair keypair = KeyTools.genKeys("512", "RSA"); X509Certificate cert = (X509Certificate) testCa.generateCertificate(cryptoToken, user, keypair.getPublic(), 0, null, 10L, cp, "00000"); assertNotNull("A certificate should have been issued", cert); byte[] ext1 = cert.getExtensionValue("2.16.840.1.113730.1.13"); // The Extension value is an Octet String, containing my value ASN1InputStream is = new ASN1InputStream(ext1); ASN1OctetString oct = (ASN1OctetString) (is.readObject()); is.close(); ASN1InputStream is2 = new ASN1InputStream(oct.getOctets()); DERIA5String str = (DERIA5String) is2.readObject(); is2.close(); assertEquals("Hello World", str.getString()); byte[] ext2 = cert.getExtensionValue("1.2.3.4"); is = new ASN1InputStream(ext2); oct = (ASN1OctetString) (is.readObject()); is.close(); is2 = new ASN1InputStream(oct.getOctets()); ASN1Sequence seq = (ASN1Sequence) is2.readObject(); System.out.println(ASN1Dump.dumpAsString(seq)); is2.close(); ASN1Encodable enc = seq.getObjectAt(0); ASN1Sequence seq2 = ASN1Sequence.getInstance(enc); ASN1Encodable enc2 = seq2.getObjectAt(0); ASN1ObjectIdentifier id = ASN1ObjectIdentifier.getInstance(enc2); assertEquals("1.3.6.1.4.1.311.20.2.2", id.getId()); enc = seq.getObjectAt(1); seq2 = ASN1Sequence.getInstance(enc); enc2 = seq2.getObjectAt(0); id = ASN1ObjectIdentifier.getInstance(enc2); assertEquals("1.3.6.1.5.5.7.3.2", id.getId()); byte[] ext3 = cert.getExtensionValue("1.2.3.5"); is = new ASN1InputStream(ext3); oct = (ASN1OctetString) (is.readObject()); is.close(); // This value can not be parsed as ASN.1 byte[] bytes = oct.getOctets(); assertEquals("aabbccddeeff00", Hex.toHexString(bytes)); }
From source file:org.cesecore.certificates.certificate.AvailableCustomCertExtensionsConfigTest.java
License:Open Source License
private ASN1Encodable getObject(byte[] valueEncoded) throws IOException { ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(valueEncoded)); try {/*w w w .j a va 2 s . c o m*/ return in.readObject(); } finally { in.close(); } }
From source file:org.cesecore.certificates.certificate.certextensions.BasicCertificateExtension.java
License:Open Source License
/** * Tries to read the hex-string as an DERObject. If it contains more than one ASN1Encodable object, return a DERSequence of the objects. *//* ww w . j a va 2 s . c o m*/ private ASN1Encodable parseHexEncodedDERObject(String value) throws CertificateExtensionException { ASN1Encodable retval = null; if (value.matches("^\\p{XDigit}*")) { byte[] bytes = Hex.decode(value); try { ASN1InputStream ais = new ASN1InputStream(bytes); ASN1Encodable firstObject = ais.readObject(); if (ais.available() > 0) { ASN1EncodableVector ev = new ASN1EncodableVector(); ev.add(firstObject); while (ais.available() > 0) { ev.add(ais.readObject()); } retval = new DERSequence(ev); } else { retval = firstObject; } ais.close(); } catch (Exception e) { throw new CertificateExtensionException(intres.getLocalizedMessage("certext.basic.illegalvalue", value, Integer.valueOf(getId()), getOID())); } } else { throw new CertificateExtensionException(intres.getLocalizedMessage("certext.basic.illegalvalue", value, Integer.valueOf(getId()), getOID())); } return retval; }
From source file:org.cesecore.certificates.certificate.certextensions.BasicCertificateExtensionTest.java
License:Open Source License
/** * Test with dynamic=true and no static value specified. * * There should be an exception if no value was specified in ExtendedInformation. * But it should succeed if an value was specified in ExtendedInformation. *//*from w ww .j a v a 2s . com*/ @Test public void test13DynamicTrueNoStatic() throws Exception { Properties props = new Properties(); props.put("id1.property.encoding", "DERPRINTABLESTRING"); props.put("id1.property.dynamic", "true"); BasicCertificateExtension baseExt = new BasicCertificateExtension(); baseExt.init(1, "1.2.3", false, props); EndEntityInformation userData = new EndEntityInformation(); userData.setExtendedinformation(new ExtendedInformation()); // Fail without value specified try { baseExt.getValueEncoded(userData, null, null, null, null, null); fail("Should have failed as no value was specified in EI."); } catch (CertificateExtensionException ex) { assertEquals(intres.getLocalizedMessage("certext.basic.incorrectvalue", 1, "1.2.3"), ex.getMessage()); } // Success with value specified userData.getExtendedinformation().setExtensionData("1.2.3", "The value 123"); ASN1InputStream in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null, null))); try { ASN1Encodable value1 = in.readObject(); assertTrue(value1.getClass().toString(), value1 instanceof DERPrintableString); assertEquals("The value 123", ((DERPrintableString) value1).getString()); } finally { in.close(); } }
From source file:org.cesecore.certificates.certificate.certextensions.BasicCertificateExtensionTest.java
License:Open Source License
/** * Test with dynamic=true and and a static value specified. * * The static value should be used if no value was specified in ExtendedInformation. * The value from ExtendedInformation should be used if present. *///ww w .j a va 2 s. c o m @Test public void test14DynamicTrueStatic() throws Exception { Properties props = new Properties(); props.put("id1.property.encoding", "DERPRINTABLESTRING"); props.put("id1.property.dynamic", "true"); props.put("id1.property.value", "The static value 123"); BasicCertificateExtension baseExt = new BasicCertificateExtension(); baseExt.init(1, "1.2.3", false, props); EndEntityInformation userData = new EndEntityInformation(); userData.setExtendedinformation(new ExtendedInformation()); // Without value in userdata, the static value is used ASN1InputStream in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null, null))); ASN1Encodable value1 = in.readObject(); assertTrue(value1.getClass().toString(), value1 instanceof DERPrintableString); assertEquals("The static value 123", ((DERPrintableString) value1).getString()); // With value in userdata, that value is used userData.getExtendedinformation().setExtensionData("1.2.3", "A dynamic value 123"); in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null, null))); value1 = in.readObject(); assertTrue(value1.getClass().toString(), value1 instanceof DERPrintableString); assertEquals("A dynamic value 123", ((DERPrintableString) value1).getString()); }
From source file:org.cesecore.certificates.certificate.certextensions.BasicCertificateExtensionTest.java
License:Open Source License
/** * Test with dynamic=true and and a static value specified where nvalues are used. * * The static values should be used if no value was specified in ExtendedInformation. * The values from ExtendedInformation should be used if present. *//* w ww . ja v a2s . c o m*/ @SuppressWarnings("unchecked") @Test public void test15DynamicTrueStaticNvalues() throws Exception { Properties props = new Properties(); props.put("id1.property.encoding", "DERPRINTABLESTRING"); props.put("id1.property.dynamic", "true"); props.put("id1.property.nvalues", "3"); props.put("id1.property.value1", "The static value 1"); props.put("id1.property.value2", "The static value 2"); props.put("id1.property.value3", "The static value 3"); BasicCertificateExtension baseExt = new BasicCertificateExtension(); baseExt.init(1, "1.2.3", false, props); EndEntityInformation userData = new EndEntityInformation(); userData.setExtendedinformation(new ExtendedInformation()); // Without value in userdata, the static values is used ASN1InputStream in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null, null))); ASN1Encodable value = in.readObject(); assertTrue(value.getClass().toString(), value instanceof DLSequence); DLSequence seq = (DLSequence) value; assertEquals(3, seq.size()); Enumeration<ASN1Encodable> e = seq.getObjects(); int i = 1; while (e.hasMoreElements()) { ASN1Encodable v = e.nextElement(); assertTrue(v.getClass().toString(), v instanceof DERPrintableString); String str = ((DERPrintableString) v).getString(); assertEquals(str, "The static value " + i++); } // With values in userdata, that values is used userData.getExtendedinformation().setExtensionData("1.2.3.value1", "A dynamic value 1"); userData.getExtendedinformation().setExtensionData("1.2.3.value2", "A dynamic value 2"); userData.getExtendedinformation().setExtensionData("1.2.3.value3", "A dynamic value 3"); in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null, null))); value = in.readObject(); assertTrue(value.getClass().toString(), value instanceof DLSequence); seq = (DLSequence) value; assertEquals(3, seq.size()); e = seq.getObjects(); i = 1; while (e.hasMoreElements()) { ASN1Encodable v = (ASN1Encodable) e.nextElement(); assertTrue(v.getClass().toString(), v instanceof DERPrintableString); String str = ((DERPrintableString) v).getString(); assertEquals(str, "A dynamic value " + i++); } }
From source file:org.cesecore.certificates.certificate.certextensions.BasicCertificateExtensionTest.java
License:Open Source License
/** * Test that without dynamic specified it defaults to dynamic=false. * * The static value should be used regardless of there was a value in * ExtendedInformation or not.//from w w w.j a va 2s.com */ @Test public void test16DynamicDefaultsToFalse() throws Exception { Properties props = new Properties(); props.put("id1.property.encoding", "DERPRINTABLESTRING"); props.put("id1.property.value", "The static value"); BasicCertificateExtension baseExt = new BasicCertificateExtension(); baseExt.init(1, "1.2.3", false, props); EndEntityInformation userData = new EndEntityInformation(); userData.setExtendedinformation(new ExtendedInformation()); // Ok without value specified ASN1InputStream in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null, null))); ASN1Encodable value1 = in.readObject(); assertTrue(value1.getClass().toString(), value1 instanceof DERPrintableString); assertEquals("The static value", ((DERPrintableString) value1).getString()); // Ignoring dynamic value specified userData.getExtendedinformation().setExtensionData("1.2.3", "The value 123"); in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null, null))); value1 = in.readObject(); assertTrue(value1.getClass().toString(), value1 instanceof DERPrintableString); assertEquals("The static value", ((DERPrintableString) value1).getString()); }
From source file:org.cesecore.certificates.certificate.certextensions.BasicCertificateExtensionTest.java
License:Open Source License
/** * Same as test16DynamicDefaultsToFalse but with dynamic explicitly set to * false.// w w w . j a v a2s .c o m */ @Test public void test17DynamicFalse() throws Exception { Properties props = new Properties(); props.put("id1.property.encoding", "DERPRINTABLESTRING"); props.put("id1.property.value", "The static value"); props.put("id1.property.dynamic", "false"); BasicCertificateExtension baseExt = new BasicCertificateExtension(); baseExt.init(1, "1.2.3", false, props); EndEntityInformation userData = new EndEntityInformation(); userData.setExtendedinformation(new ExtendedInformation()); // Ok without value specified ASN1InputStream in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null, null))); ASN1Encodable value = in.readObject(); assertTrue(value.getClass().toString(), value instanceof DERPrintableString); assertEquals("The static value", ((DERPrintableString) value).getString()); // Ignoring dynamic value specified userData.getExtendedinformation().setExtensionData("1.2.3", "The value 123"); in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null, null))); value = in.readObject(); assertTrue(value.getClass().toString(), value instanceof DERPrintableString); assertEquals("The static value", ((DERPrintableString) value).getString()); }