List of usage examples for org.bouncycastle.asn1 ASN1InputStream ASN1InputStream
public ASN1InputStream(byte[] input)
From source file:org.ejbca.core.model.ca.certextensions.BasicCertificateExtensionTest.java
License:Open Source License
/** * Test with dynamic=true and no static value specified. * * There should be an exception if no value was specified in ExtendedInformation. * But it should succeed if an value was specified in ExtendedInformation. *///from ww w .j a va 2 s. co m public void test13DynamicTrueNoStatic() throws Exception { Properties props = new Properties(); props.put("id1.property.encoding", "DERPRINTABLESTRING"); props.put("id1.property.dynamic", "true"); BasicCertificateExtension baseExt = new BasicCertificateExtension(); baseExt.init(1, "1.2.3", false, props); UserDataVO userData = new UserDataVO(); userData.setExtendedinformation(new ExtendedInformation()); // Fail without value specified try { baseExt.getValueEncoded(userData, null, null, null, null); fail("Should have failed as no value was specified in EI."); } catch (CertificateExtentionConfigurationException ex) { assertEquals(intres.getLocalizedMessage("certext.basic.incorrectvalue", 1, "1.2.3"), ex.getMessage()); } // Success with value specified userData.getExtendedinformation().setExtensionData("1.2.3", "The value 123"); ASN1InputStream in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null))); DEREncodable value1 = in.readObject(); assertTrue(value1.getClass().toString(), value1 instanceof DERPrintableString); assertEquals("The value 123", ((DERPrintableString) value1).getString()); }
From source file:org.ejbca.core.model.ca.certextensions.BasicCertificateExtensionTest.java
License:Open Source License
/** * Test with dynamic=true and and a static value specified. * * The static value should be used if no value was specified in ExtendedInformation. * The value from ExtendedInformation should be used if present. *//*from www. j a v a 2s. co m*/ public void test14DynamicTrueStatic() throws Exception { Properties props = new Properties(); props.put("id1.property.encoding", "DERPRINTABLESTRING"); props.put("id1.property.dynamic", "true"); props.put("id1.property.value", "The static value 123"); BasicCertificateExtension baseExt = new BasicCertificateExtension(); baseExt.init(1, "1.2.3", false, props); UserDataVO userData = new UserDataVO(); userData.setExtendedinformation(new ExtendedInformation()); // Without value in userdata, the static value is used ASN1InputStream in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null))); DEREncodable value1 = in.readObject(); assertTrue(value1.getClass().toString(), value1 instanceof DERPrintableString); assertEquals("The static value 123", ((DERPrintableString) value1).getString()); // With value in userdata, that value is used userData.getExtendedinformation().setExtensionData("1.2.3", "A dynamic value 123"); in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null))); value1 = in.readObject(); assertTrue(value1.getClass().toString(), value1 instanceof DERPrintableString); assertEquals("A dynamic value 123", ((DERPrintableString) value1).getString()); }
From source file:org.ejbca.core.model.ca.certextensions.BasicCertificateExtensionTest.java
License:Open Source License
/** * Test with dynamic=true and and a static value specified where nvalues are used. * * The static values should be used if no value was specified in ExtendedInformation. * The values from ExtendedInformation should be used if present. *///w ww . jav a 2s . c om public void test15DynamicTrueStaticNvalues() throws Exception { Properties props = new Properties(); props.put("id1.property.encoding", "DERPRINTABLESTRING"); props.put("id1.property.dynamic", "true"); props.put("id1.property.nvalues", "3"); props.put("id1.property.value1", "The static value 1"); props.put("id1.property.value2", "The static value 2"); props.put("id1.property.value3", "The static value 3"); BasicCertificateExtension baseExt = new BasicCertificateExtension(); baseExt.init(1, "1.2.3", false, props); UserDataVO userData = new UserDataVO(); userData.setExtendedinformation(new ExtendedInformation()); // Without value in userdata, the static values is used ASN1InputStream in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null))); DEREncodable value = in.readObject(); assertTrue(value.getClass().toString(), value instanceof DERSequence); DERSequence seq = (DERSequence) value; assertEquals(3, seq.size()); Enumeration e = seq.getObjects(); int i = 1; while (e.hasMoreElements()) { DEREncodable v = (DEREncodable) e.nextElement(); assertTrue(v.getClass().toString(), v instanceof DERPrintableString); String str = ((DERPrintableString) v).getString(); assertEquals(str, "The static value " + i++); } // With values in userdata, that values is used userData.getExtendedinformation().setExtensionData("1.2.3.value1", "A dynamic value 1"); userData.getExtendedinformation().setExtensionData("1.2.3.value2", "A dynamic value 2"); userData.getExtendedinformation().setExtensionData("1.2.3.value3", "A dynamic value 3"); in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null))); value = in.readObject(); assertTrue(value.getClass().toString(), value instanceof DERSequence); seq = (DERSequence) value; assertEquals(3, seq.size()); e = seq.getObjects(); i = 1; while (e.hasMoreElements()) { DEREncodable v = (DEREncodable) e.nextElement(); assertTrue(v.getClass().toString(), v instanceof DERPrintableString); String str = ((DERPrintableString) v).getString(); assertEquals(str, "A dynamic value " + i++); } }
From source file:org.ejbca.core.model.ca.certextensions.BasicCertificateExtensionTest.java
License:Open Source License
/** * Test that without dynamic specified it defaults to dynamic=false. * * The static value should be used regardless of there was a value in * ExtendedInformation or not./*from ww w .ja va2s . c o m*/ */ public void test16DynamicDefaultsToFalse() throws Exception { Properties props = new Properties(); props.put("id1.property.encoding", "DERPRINTABLESTRING"); props.put("id1.property.value", "The static value"); BasicCertificateExtension baseExt = new BasicCertificateExtension(); baseExt.init(1, "1.2.3", false, props); UserDataVO userData = new UserDataVO(); userData.setExtendedinformation(new ExtendedInformation()); // Ok without value specified ASN1InputStream in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null))); DEREncodable value1 = in.readObject(); assertTrue(value1.getClass().toString(), value1 instanceof DERPrintableString); assertEquals("The static value", ((DERPrintableString) value1).getString()); // Ignoring dynamic value specified userData.getExtendedinformation().setExtensionData("1.2.3", "The value 123"); in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null))); value1 = in.readObject(); assertTrue(value1.getClass().toString(), value1 instanceof DERPrintableString); assertEquals("The static value", ((DERPrintableString) value1).getString()); }
From source file:org.ejbca.core.model.ca.certextensions.BasicCertificateExtensionTest.java
License:Open Source License
/** * Same as test16DynamicDefaultsToFalse but with dynamic explicitly set to * false.//from w w w.j av a 2s . c o m */ public void test17DynamicFalse() throws Exception { Properties props = new Properties(); props.put("id1.property.encoding", "DERPRINTABLESTRING"); props.put("id1.property.value", "The static value"); props.put("id1.property.dynamic", "false"); BasicCertificateExtension baseExt = new BasicCertificateExtension(); baseExt.init(1, "1.2.3", false, props); UserDataVO userData = new UserDataVO(); userData.setExtendedinformation(new ExtendedInformation()); // Ok without value specified ASN1InputStream in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null))); DEREncodable value = in.readObject(); assertTrue(value.getClass().toString(), value instanceof DERPrintableString); assertEquals("The static value", ((DERPrintableString) value).getString()); // Ignoring dynamic value specified userData.getExtendedinformation().setExtensionData("1.2.3", "The value 123"); in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null))); value = in.readObject(); assertTrue(value.getClass().toString(), value instanceof DERPrintableString); assertEquals("The static value", ((DERPrintableString) value).getString()); }
From source file:org.ejbca.core.model.ca.certextensions.BasicCertificateExtensionTest.java
License:Open Source License
/** * Test with dynamic=true and value specified with key 1.2.3.value=. *///from ww w. ja v a 2 s . c o m public void test18DynamicValueValue() throws Exception { Properties props = new Properties(); props.put("id1.property.encoding", "DERPRINTABLESTRING"); props.put("id1.property.dynamic", "true"); BasicCertificateExtension baseExt = new BasicCertificateExtension(); baseExt.init(1, "1.2.3", false, props); UserDataVO userData = new UserDataVO(); userData.setExtendedinformation(new ExtendedInformation()); // Success with value specified userData.getExtendedinformation().setExtensionData("1.2.3.value", "The value 456"); ASN1InputStream in = new ASN1InputStream( new ByteArrayInputStream(baseExt.getValueEncoded(userData, null, null, null, null))); DEREncodable value1 = in.readObject(); assertTrue(value1.getClass().toString(), value1 instanceof DERPrintableString); assertEquals("The value 456", ((DERPrintableString) value1).getString()); }
From source file:org.ejbca.core.model.ca.certextensions.BasicCertificateExtensionTest.java
License:Open Source License
private DEREncodable getObject(byte[] valueEncoded) throws IOException { ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(valueEncoded)); return in.readObject(); }
From source file:org.ejbca.core.model.ca.certextensions.standard.AuthorityKeyIdentifier.java
License:Open Source License
@Override public DEREncodable getValue(final UserDataVO subject, final CA ca, final CertificateProfile certProfile, final PublicKey userPublicKey, final PublicKey caPublicKey) throws CertificateExtentionConfigurationException, CertificateExtensionException { org.bouncycastle.asn1.x509.AuthorityKeyIdentifier ret = null; // Default value is that we calculate it from scratch! // (If this is a root CA we must calculate the AuthorityKeyIdentifier from scratch) // (If the CA signing this cert does not have a SubjectKeyIdentifier we must calculate the AuthorityKeyIdentifier from scratch) try {// ww w.ja v a2 s . c o m final byte[] keybytes = caPublicKey.getEncoded(); final SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo( (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(keybytes)).readObject()); ret = new org.bouncycastle.asn1.x509.AuthorityKeyIdentifier(apki); // If we have a CA-certificate (i.e. this is not a Root CA), we must take the authority key identifier from // the CA-certificates SubjectKeyIdentifier if it exists. If we don't do that we will get the wrong identifier if the // CA does not follow RFC3280 (guess if MS-CA follows RFC3280?) final X509Certificate cacert = (X509Certificate) ca.getCACertificate(); final boolean isRootCA = (certProfile.getType() == CertificateProfile.TYPE_ROOTCA); if ((cacert != null) && (!isRootCA)) { byte[] akibytes; akibytes = CertTools.getSubjectKeyId(cacert); if (akibytes != null) { // TODO: The code below is snipped from AuthorityKeyIdentifier.java in BC 1.36, because there is no method there // to set only a pre-computed key identifier // This should be replaced when such a method is added to BC final ASN1OctetString keyidentifier = new DEROctetString(akibytes); final ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DERTaggedObject(false, 0, keyidentifier)); final ASN1Sequence seq = new DERSequence(v); ret = new org.bouncycastle.asn1.x509.AuthorityKeyIdentifier(seq); log.debug("Using AuthorityKeyIdentifier from CA-certificates SubjectKeyIdentifier."); } } } catch (IOException e) { throw new CertificateExtensionException("IOException parsing CA public key: " + e.getMessage(), e); } if (ret == null) { log.error("AuthorityKeyIdentifier is used, but no key identifier can be created!"); } return ret; }
From source file:org.ejbca.core.model.ca.certextensions.standard.SubjectKeyIdentifier.java
License:Open Source License
@Override public DEREncodable getValue(final UserDataVO subject, final CA ca, final CertificateProfile certProfile, final PublicKey userPublicKey, final PublicKey caPublicKey) throws CertificateExtentionConfigurationException, CertificateExtensionException { SubjectPublicKeyInfo spki;/*from w ww . ja va 2s .c o m*/ try { spki = new SubjectPublicKeyInfo( (ASN1Sequence) new ASN1InputStream(new ByteArrayInputStream(userPublicKey.getEncoded())) .readObject()); } catch (IOException e) { throw new CertificateExtensionException("IOException parsing user public key: " + e.getMessage(), e); } return new org.bouncycastle.asn1.x509.SubjectKeyIdentifier(spki); }
From source file:org.ejbca.core.protocol.cmp.AuthenticationModulesTest.java
License:Open Source License
@Test public void test07EERevReqWithUnknownCA() throws NoSuchAlgorithmException, EjbcaException, IOException, Exception { this.cmpConfiguration.setAuthenticationModule(ALIAS, CmpConfiguration.AUTHMODULE_ENDENTITY_CERTIFICATE); this.cmpConfiguration.setAuthenticationParameters(ALIAS, "TestCA"); this.cmpConfiguration.setRAMode(ALIAS, true); this.globalConfigurationSession.saveConfiguration(ADMIN, this.cmpConfiguration); Collection<Certificate> certs = this.certificateStoreSession .findCertificatesBySubjectAndIssuer(USER_DN.toString(), issuerDN); log.debug("Found " + certs.size() + " certificates for userDN \"" + USER_DN + "\""); Certificate cert = null, tmp = null; Iterator<Certificate> itr = certs.iterator(); while (itr.hasNext()) { tmp = itr.next();/*from ww w. ja va2s .c o m*/ if (!this.certificateStoreSession.isRevoked(issuerDN, CertTools.getSerialNumber(tmp))) { cert = tmp; break; } } final String userName = "cmprevuser1"; if (cert == null) { createUser(userName, "CN=" + userName + ",C=SE", "foo123", true, this.caid, SecConst.EMPTY_ENDENTITYPROFILE, CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER); KeyPair admkeys = KeyTools.genKeys("1024", "RSA"); cert = this.signSession.createCertificate(ADMIN, "cmprevuser1", "foo123", new PublicKeyWrapper(admkeys.getPublic())); } try { assertNotNull("No certificate to revoke.", cert); AlgorithmIdentifier pAlg = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption); PKIMessage msg = genRevReq("CN=cmprevuser1,C=SE", USER_DN, CertTools.getSerialNumber(cert), cert, this.nonce, this.transid, false, pAlg, null); assertNotNull("Generating CrmfRequest failed.", msg); String adminName = "cmpTestAdmin"; KeyPair admkeys = KeyTools.genKeys("1024", "RSA"); AuthenticationToken adminToken = createAdminToken(admkeys, adminName, "CN=" + adminName + ",C=SE", this.caid, SecConst.EMPTY_ENDENTITYPROFILE, CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER); Certificate admCert = getCertFromCredentials(adminToken); CMPCertificate[] extraCert = getCMPCert(admCert); msg = CmpMessageHelper.buildCertBasedPKIProtection(msg, extraCert, admkeys.getPrivate(), pAlg.getAlgorithm().getId(), "BC"); assertNotNull(msg); final ByteArrayOutputStream bao = new ByteArrayOutputStream(); final DEROutputStream out = new DEROutputStream(bao); out.writeObject(msg); final byte[] ba = bao.toByteArray(); // Send request and receive response final byte[] resp = sendCmpHttp(ba, 200, ALIAS); checkCmpResponseGeneral(resp, "CN=cmprevuser1,C=SE", USER_DN, this.cacert, msg.getHeader().getSenderNonce().getOctets(), msg.getHeader().getTransactionID().getOctets(), false, null, PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); int revStatus = checkRevokeStatus(issuerDN, CertTools.getSerialNumber(cert)); assertEquals("Revocation request succeeded", RevokedCertInfo.NOT_REVOKED, revStatus); ASN1InputStream asn1InputStream = new ASN1InputStream(new ByteArrayInputStream(resp)); try { PKIMessage respObject = PKIMessage.getInstance(asn1InputStream.readObject()); assertNotNull(respObject); PKIBody body = respObject.getBody(); assertEquals(23, body.getType()); ErrorMsgContent err = (ErrorMsgContent) body.getContent(); String errMsg = err.getPKIStatusInfo().getStatusString().getStringAt(0).getString(); String expectedErrMsg = "CA with DN 'C=SE,CN=cmprevuser1' is unknown"; assertEquals(expectedErrMsg, errMsg); removeAuthenticationToken(adminToken, admCert, adminName); } finally { asn1InputStream.close(); } } finally { this.endEntityManagementSession.deleteUser(ADMIN, userName); } }