List of usage examples for org.bouncycastle.asn1.cmp PKIMessage getBody
public PKIBody getBody()
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
/** * Test the basic certification request message * * @throws OperatorCreationException/*from w w w .j a v a 2s . c o m*/ * @throws CertificateEncodingException * @throws IOException * @throws CRMFException * @throws CMPException * @throws CMSException */ @Test public void testCertification() throws OperatorCreationException, CertificateEncodingException, IOException, CRMFException, CMPException, CMSException, ParseException, PKICMPMessageException, NoSuchProviderException, NoSuchAlgorithmException, NoSuchFieldException, IllegalAccessException { String distinguishedName = pki.getTestUser1Cert().getSubjectX500Principal().getName(); KeyPair keyPair = new KeyPair(pki.getTestUser1Cert().getPublicKey(), pki.getTestUser1CertPrivateKey()); PKICMPMessages pkiMessages = new PKICMPMessages(); pkiMessages.setPkiKeyStore(pkiKeyStoreRA); byte[] result = pkiMessages.createCertificateMessageWithLocalKey(distinguishedName, keyPair); ASN1InputStream asn1InputStream = new ASN1InputStream(result); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); PKIMessage pkiMessage = PKIMessage.getInstance(asn1Primitive); // Header verification Assert.assertEquals(pkiMessage.getHeader().getPvno().getValue(), BigInteger.valueOf(2)); Assert.assertEquals(pkiKeyStoreRA.getRecipientCertificate().getSubjectDN().getName(), pkiMessage.getHeader().getRecipient().getName().toString()); Assert.assertEquals(pkiKeyStoreRA.getSenderCertificate().getSubjectDN().getName(), pkiMessage.getHeader().getSender().getName().toString()); Assert.assertNotNull(pkiMessage.getHeader().getSenderNonce()); Assert.assertNotNull(pkiMessage.getHeader().getTransactionID()); Assert.assertNotNull(pkiMessage.getHeader().getMessageTime().getDate()); // check the body // Check the tests in Bouncycastle for decoding cert request Assert.assertEquals(PKIBody.TYPE_CERT_REQ, pkiMessage.getBody().getType()); CertReqMsg[] certReqMsgs = CertReqMessages.getInstance(pkiMessage.getBody().getContent()) .toCertReqMsgArray(); Assert.assertEquals(BigInteger.ZERO.toString(), certReqMsgs[0].getCertReq().getCertReqId().toString()); Assert.assertEquals(distinguishedName, certReqMsgs[0].getCertReq().getCertTemplate().getSubject().toString()); Assert.assertArrayEquals(keyPair.getPublic().getEncoded(), certReqMsgs[0].getCertReq().getCertTemplate().getPublicKey().getEncoded()); AttributeTypeAndValue[] attributeTypeAndValue = certReqMsgs[0].getCertReq().getControls() .toAttributeTypeAndValueArray(); Assert.assertEquals(CRMFObjectIdentifiers.id_regCtrl_pkiArchiveOptions, attributeTypeAndValue[0].getType()); // Check the signature GeneralPKIMessage generalPKIMessage = new GeneralPKIMessage(result); Assert.assertTrue(generalPKIMessage.hasProtection()); ProtectedPKIMessage pkiMsg = new ProtectedPKIMessage(generalPKIMessage); ContentVerifierProvider verifierProvider = new JcaContentVerifierProviderBuilder() .setProvider(pkiKeyStoreRA.getProvider()) .build(pkiKeyStoreRA.getSenderCertificate().getPublicKey()); Assert.assertTrue(pkiMsg.verify(verifierProvider)); }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
/** * Test the basic certification request message * * @throws OperatorCreationException/*from w w w .j av a2 s .c o m*/ * @throws CertificateEncodingException * @throws IOException * @throws CRMFException * @throws CMPException * @throws CMSException */ @Test public void testInitialization() throws OperatorCreationException, CertificateEncodingException, IOException, CRMFException, CMPException, CMSException, ParseException, PKICMPMessageException, NoSuchProviderException, NoSuchAlgorithmException, NoSuchFieldException, IllegalAccessException { String distinguishedName = pki.getTestUser1Cert().getSubjectX500Principal().getName(); KeyPair keyPair = new KeyPair(pki.getTestUser1Cert().getPublicKey(), pki.getTestUser1CertPrivateKey()); PKICMPMessages pkiMessages = new PKICMPMessages(); pkiMessages.setPkiKeyStore(pkiKeyStoreRA); byte[] result = pkiMessages.createInitializationMessage(distinguishedName, keyPair); ASN1InputStream asn1InputStream = new ASN1InputStream(result); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); PKIMessage pkiMessage = PKIMessage.getInstance(asn1Primitive); // check the body // Check the tests in Bouncycastle for decoding cert request Assert.assertEquals(PKIBody.TYPE_INIT_REQ, pkiMessage.getBody().getType()); }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
/** * Check the extensions in the certification request * * @throws OperatorCreationException//from w ww .ja v a2s.c o m * @throws PKICMPMessageException * @throws CertificateEncodingException * @throws IOException * @throws CRMFException * @throws CMPException * @throws CMSException */ @Test public void testCertificationWithExtensions() throws OperatorCreationException, PKICMPMessageException, CertificateEncodingException, IOException, CRMFException, CMPException, CMSException, NoSuchFieldException, IllegalAccessException { String distinguishedName = pki.getTestUser1Cert().getSubjectX500Principal().getName(); KeyPair keyPair = new KeyPair(pki.getTestUser1Cert().getPublicKey(), pki.getTestUser1CertPrivateKey()); List<Extension> extensionList = new ArrayList<Extension>(); // KeyUsage extensionList.add(new Extension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.nonRepudiation).getEncoded())); // Extended keyUsage List<KeyPurposeId> keyPurposeIds = new ArrayList<KeyPurposeId>(); keyPurposeIds.add(KeyPurposeId.getInstance(KeyPurposeId.id_kp_clientAuth)); keyPurposeIds.add(KeyPurposeId.getInstance(KeyPurposeId.id_kp_emailProtection)); extensionList.add(new Extension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(keyPurposeIds.toArray(new KeyPurposeId[keyPurposeIds.size()])).getEncoded())); // Subject alternative names List<GeneralName> generalNames = new ArrayList<GeneralName>(); generalNames.add(new GeneralName(GeneralName.dNSName, "www1.cryptable.org")); generalNames.add(new GeneralName(GeneralName.dNSName, "www2.cryptable.org")); GeneralNames subjectAlternativeName = new GeneralNames( generalNames.toArray(new GeneralName[generalNames.size()])); extensionList.add( new Extension(X509Extension.subjectAlternativeName, false, subjectAlternativeName.getEncoded())); PKICMPMessages pkiMessages = new PKICMPMessages(); pkiMessages.setPkiKeyStore(pkiKeyStoreRA); pkiMessages.setExtensions(extensionList.toArray(new Extension[extensionList.size()])); byte[] result = pkiMessages.createCertificateMessageWithLocalKey(distinguishedName, keyPair); ASN1InputStream asn1InputStream = new ASN1InputStream(result); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); PKIMessage pkiMessage = PKIMessage.getInstance(asn1Primitive); CertReqMsg[] certReqMsgs = CertReqMessages.getInstance(pkiMessage.getBody().getContent()) .toCertReqMsgArray(); // KeyUsage KeyUsage verifyKeyUsage = KeyUsage.getInstance(certReqMsgs[0].getCertReq().getCertTemplate().getExtensions() .getExtensionParsedValue(Extension.keyUsage)); Assert.assertEquals(KeyUsage.digitalSignature | KeyUsage.nonRepudiation, verifyKeyUsage.getBytes()[0] & 0xFF); // Extended KeyUsage ExtendedKeyUsage verifyExtendedKeyUsage = ExtendedKeyUsage .fromExtensions(certReqMsgs[0].getCertReq().getCertTemplate().getExtensions()); Assert.assertTrue(verifyExtendedKeyUsage.hasKeyPurposeId(KeyPurposeId.id_kp_clientAuth)); Assert.assertTrue(verifyExtendedKeyUsage.hasKeyPurposeId(KeyPurposeId.id_kp_emailProtection)); // Subject Alternative Name GeneralNames verifyGeneralNames = GeneralNames.fromExtensions( certReqMsgs[0].getCertReq().getCertTemplate().getExtensions(), Extension.subjectAlternativeName); Assert.assertTrue(generalNames.contains(verifyGeneralNames.getNames()[0])); Assert.assertTrue(generalNames.contains(verifyGeneralNames.getNames()[1])); }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
/** * Check the extensions in the certification request * * @throws OperatorCreationException//from w w w .j a v a 2s . c om * @throws PKICMPMessageException * @throws CertificateEncodingException * @throws IOException * @throws CRMFException * @throws CMPException * @throws CMSException */ @Test public void testCertificationWithValidity() throws OperatorCreationException, PKICMPMessageException, CertificateEncodingException, IOException, CRMFException, CMPException, CMSException, NoSuchFieldException, IllegalAccessException { String distinguishedName = pki.getTestUser1Cert().getSubjectX500Principal().getName(); KeyPair keyPair = new KeyPair(pki.getTestUser1Cert().getPublicKey(), pki.getTestUser1CertPrivateKey()); Date notBefore = new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30); Date notAfter = new Date(System.currentTimeMillis() + 1000L * 60 * 60 * 24 * 30); PKICMPMessages pkiMessages = new PKICMPMessages(); pkiMessages.setPkiKeyStore(pkiKeyStoreRA); pkiMessages.setValidity(notBefore, notAfter); byte[] result = pkiMessages.createCertificateMessageWithLocalKey(distinguishedName, keyPair); ASN1InputStream asn1InputStream = new ASN1InputStream(result); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); PKIMessage pkiMessage = PKIMessage.getInstance(asn1Primitive); CertReqMsg[] certReqMsgs = CertReqMessages.getInstance(pkiMessage.getBody().getContent()) .toCertReqMsgArray(); Assert.assertEquals(notBefore.toString(), certReqMsgs[0].getCertReq().getCertTemplate().getValidity().getNotBefore().getDate().toString()); Assert.assertEquals(notAfter.toString(), certReqMsgs[0].getCertReq().getCertTemplate().getValidity().getNotAfter().getDate().toString()); }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
/** * Check the private key archive control in the certification request * * @throws OperatorCreationException//from w ww.j av a 2 s . c om * @throws PKICMPMessageException * @throws CertificateEncodingException * @throws IOException * @throws CRMFException * @throws CMPException * @throws CMSException */ @Test public void testCertificationWithPrivateKeyControl() throws OperatorCreationException, PKICMPMessageException, CertificateException, IOException, CRMFException, CMPException, CMSException, InvalidKeySpecException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchFieldException, IllegalAccessException, CRLException { String distinguishedName = pki.getTestUser1Cert().getSubjectX500Principal().getName(); KeyPair keyPair = new KeyPair(pki.getTestUser1Cert().getPublicKey(), pki.getTestUser1CertPrivateKey()); PKICMPMessages pkiMessages = new PKICMPMessages(); pkiMessages.setPkiKeyStore(pkiKeyStoreRA); byte[] result = pkiMessages.createCertificateMessageWithLocalKey(distinguishedName, keyPair); ASN1InputStream asn1InputStream = new ASN1InputStream(result); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); PKIMessage pkiMessage = PKIMessage.getInstance(asn1Primitive); CertReqMsg[] certReqMsgs = CertReqMessages.getInstance(pkiMessage.getBody().getContent()) .toCertReqMsgArray(); AttributeTypeAndValue[] attributeTypeAndValues = certReqMsgs[0].getCertReq().getControls() .toAttributeTypeAndValueArray(); GeneratePKI genPKI = new GeneratePKI(); genPKI.createPKI(); boolean bFound = false; for (AttributeTypeAndValue attributeTypeAndValue : attributeTypeAndValues) { if (attributeTypeAndValue.getType().equals(CRMFObjectIdentifiers.id_regCtrl_pkiArchiveOptions)) { PKIArchiveControl pkiArchiveControl = new PKIArchiveControl( PKIArchiveOptions.getInstance(attributeTypeAndValue.getValue())); // Decrypt data CMSEnvelopedDataParser cmsEnvelopedDataParser = new CMSEnvelopedDataParser( pkiArchiveControl.getEnvelopedData().getEncoded()); RecipientInformationStore recipients = cmsEnvelopedDataParser.getRecipientInfos(); Collection c = recipients.getRecipients(); Iterator it = c.iterator(); if (it.hasNext()) { RecipientInformation recipient = (RecipientInformation) it.next(); byte[] recdata = recipient .getContent(new JceKeyTransEnvelopedRecipient(genPKI.getSubCACertPrivateKey()) .setProvider(pkiKeyStoreRA.getProvider())); ASN1InputStream tstAsn1InputStream = new ASN1InputStream(recdata); ASN1Primitive tstAsn1Primitive = tstAsn1InputStream.readObject(); EncKeyWithID encKeyWithID = EncKeyWithID.getInstance(tstAsn1Primitive); Assert.assertArrayEquals(keyPair.getPrivate().getEncoded(), encKeyWithID.getPrivateKey().getEncoded()); Assert.assertTrue(encKeyWithID.hasIdentifier()); GeneralName identifier = GeneralName.getInstance(encKeyWithID.getIdentifier()); Assert.assertEquals(genPKI.getTestUser1Cert().getSubjectDN().getName(), identifier.getName().toString()); bFound = true; } } } Assert.assertTrue(bFound); }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
/** * Test a certification request without sending the private key * * @throws OperatorCreationException/*from www . j av a 2s .c o m*/ * @throws PKICMPMessageException * @throws CertificateException * @throws IOException * @throws CRMFException * @throws CMPException * @throws CMSException * @throws InvalidKeySpecException * @throws NoSuchAlgorithmException * @throws NoSuchProviderException */ @Test public void testCertificationWithWithoutPrivateKey() throws OperatorCreationException, PKICMPMessageException, CertificateException, IOException, CRMFException, CMPException, CMSException, InvalidKeySpecException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchFieldException, IllegalAccessException { String distinguishedName = pki.getTestUser1Cert().getSubjectX500Principal().getName(); KeyPair keyPair = new KeyPair(pki.getTestUser1Cert().getPublicKey(), null); PKICMPMessages pkiMessages = new PKICMPMessages(); pkiMessages.setPkiKeyStore(pkiKeyStoreRA); byte[] result = pkiMessages.createCertificateMessageWithLocalKey(distinguishedName, keyPair); ASN1InputStream asn1InputStream = new ASN1InputStream(result); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); PKIMessage pkiMessage = PKIMessage.getInstance(asn1Primitive); boolean bFound = false; CertReqMsg[] certReqMsgs = CertReqMessages.getInstance(pkiMessage.getBody().getContent()) .toCertReqMsgArray(); Controls controls = certReqMsgs[0].getCertReq().getControls(); Assert.assertNull(controls); }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
/** * Test the certificate message generation prepared for remote key generation * * @throws OperatorCreationException/*from w w w. ja va 2 s.c o m*/ * @throws PKICMPMessageException * @throws CertificateEncodingException * @throws IOException * @throws CRMFException * @throws CMPException * @throws CMSException */ @Test public void testCertificationWithRemoteKeyGeneration() throws OperatorCreationException, PKICMPMessageException, CertificateEncodingException, IOException, CRMFException, CMPException, CMSException, NoSuchFieldException, IllegalAccessException { String distinguishedName = pki.getTestUser1Cert().getSubjectX500Principal().getName(); PKICMPMessages pkiMessages = new PKICMPMessages(); pkiMessages.setPkiKeyStore(pkiKeyStoreRA); byte[] result = pkiMessages.createCertificateMessageWithRemoteKey(distinguishedName); ASN1InputStream asn1InputStream = new ASN1InputStream(result); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); PKIMessage pkiMessage = PKIMessage.getInstance(asn1Primitive); CertReqMsg[] certReqMsgs = CertReqMessages.getInstance(pkiMessage.getBody().getContent()) .toCertReqMsgArray(); Assert.assertNull(certReqMsgs[0].getCertReq().getCertTemplate().getPublicKey()); }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
/** * Test the confirmation message from the certification authority * * @throws IOException/*from ww w. j a v a2 s. c om*/ * @throws CertificateEncodingException * @throws OperatorCreationException * @throws CMPException */ @Test public void testCertificateConfirm() throws IOException, CertificateEncodingException, OperatorCreationException, CMPException, PKICMPMessageException { PKICMPMessages pkiMessages = new PKICMPMessages(); pkiMessages.setPkiKeyStore(pkiKeyStoreRA); byte[] result = pkiMessages.createConfirmationMessage(pki.getTestUser1Cert(), BigInteger.ONE); ASN1InputStream asn1InputStream = new ASN1InputStream(result); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); PKIMessage pkiMessage = PKIMessage.getInstance(asn1Primitive); // Check the body CertConfirmContent certConfirmContent = CertConfirmContent.getInstance(pkiMessage.getBody().getContent()); CertStatus[] certStatuses = certConfirmContent.toCertStatusArray(); Assert.assertEquals(BigInteger.ONE, certStatuses[0].getCertReqId().getValue()); Assert.assertNotNull(certStatuses[0].getCertHash().getOctets()); }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
/** * Test the confirmation message from the certification authority * * @throws IOException/*from w ww . ja va 2 s .c om*/ * @throws CertificateEncodingException * @throws OperatorCreationException * @throws CMPException */ @Test public void testKeyUpdateWithLocalKeyChangeKey() throws IOException, CertificateEncodingException, OperatorCreationException, CMPException, PKICMPMessageException, CRMFException, IllegalAccessException, CMSException, NoSuchFieldException { PKICMPMessages pkiMessages = new PKICMPMessages(); pkiMessages.setPkiKeyStore(pkiKeyStoreRA); KeyPair keyPair = new KeyPair(pki.getTestUser2Cert().getPublicKey(), pki.getTestUser2CertPrivateKey()); byte[] result = pkiMessages.createKeyUpdateMessageWithLocalKey(pki.getTestUser1Cert(), keyPair); ASN1InputStream asn1InputStream = new ASN1InputStream(result); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); PKIMessage pkiMessage = PKIMessage.getInstance(asn1Primitive); // Check the Body Assert.assertEquals(PKIBody.TYPE_KEY_UPDATE_REQ, pkiMessage.getBody().getType()); CertReqMsg[] certReqMsgs = CertReqMessages.getInstance(pkiMessage.getBody().getContent()) .toCertReqMsgArray(); Assert.assertEquals(BigInteger.ZERO.toString(), certReqMsgs[0].getCertReq().getCertReqId().toString()); Assert.assertEquals(pki.getTestUser1Cert().getSubjectDN().getName().toString(), certReqMsgs[0].getCertReq().getCertTemplate().getSubject().toString()); Assert.assertEquals(pki.getTestUser1Cert().getSerialNumber(), certReqMsgs[0].getCertReq().getCertTemplate().getSerialNumber().getValue()); Assert.assertEquals(pki.getTestUser1Cert().getIssuerDN().getName().toString(), certReqMsgs[0].getCertReq().getCertTemplate().getIssuer().toString()); // KeyPair check Assert.assertArrayEquals(pki.getTestUser2Cert().getPublicKey().getEncoded(), certReqMsgs[0].getCertReq().getCertTemplate().getPublicKey().getEncoded()); AttributeTypeAndValue[] attributeTypeAndValue = certReqMsgs[0].getCertReq().getControls() .toAttributeTypeAndValueArray(); Assert.assertEquals(CRMFObjectIdentifiers.id_regCtrl_pkiArchiveOptions, attributeTypeAndValue[0].getType()); // Validity Assert.assertEquals(pki.getTestUser1Cert().getNotBefore().toString(), certReqMsgs[0].getCertReq().getCertTemplate().getValidity().getNotBefore().getDate().toString()); Assert.assertEquals(pki.getTestUser1Cert().getNotAfter().toString(), certReqMsgs[0].getCertReq().getCertTemplate().getValidity().getNotAfter().getDate().toString()); // Extensions check Assert.assertNull(certReqMsgs[0].getCertReq().getCertTemplate().getExtensions()); }
From source file:org.cryptable.pki.communication.PKICMPMessagesTest.java
License:Open Source License
/** * Test the confirmation message from the certification authority * * @throws IOException//from www . j a v a2 s . c om * @throws CertificateEncodingException * @throws OperatorCreationException * @throws CMPException */ @Test public void testKeyUpdateWithLocalKeyChangeValidity() throws IOException, CertificateEncodingException, OperatorCreationException, CMPException, PKICMPMessageException, CRMFException, IllegalAccessException, CMSException, NoSuchFieldException { PKICMPMessages pkiMessages = new PKICMPMessages(); pkiMessages.setPkiKeyStore(pkiKeyStoreRA); KeyPair keyPair = new KeyPair(pki.getTestUser2Cert().getPublicKey(), pki.getTestUser2CertPrivateKey()); Date notBefore = new Date(System.currentTimeMillis() - 500L * 60 * 60 * 24 * 30); Date notAfter = new Date(System.currentTimeMillis() + 500L * 60 * 60 * 24 * 30); pkiMessages.setValidity(notBefore, notAfter); byte[] result = pkiMessages.createKeyUpdateMessageWithLocalKey(pki.getTestUser1Cert(), keyPair); ASN1InputStream asn1InputStream = new ASN1InputStream(result); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); PKIMessage pkiMessage = PKIMessage.getInstance(asn1Primitive); // Check the Body Assert.assertEquals(PKIBody.TYPE_KEY_UPDATE_REQ, pkiMessage.getBody().getType()); CertReqMsg[] certReqMsgs = CertReqMessages.getInstance(pkiMessage.getBody().getContent()) .toCertReqMsgArray(); // Validity Assert.assertEquals(notBefore.toString(), certReqMsgs[0].getCertReq().getCertTemplate().getValidity().getNotBefore().getDate().toString()); Assert.assertEquals(notAfter.toString(), certReqMsgs[0].getCertReq().getCertTemplate().getValidity().getNotAfter().getDate().toString()); }