List of usage examples for org.bouncycastle.jce PKCS10CertificationRequest PKCS10CertificationRequest
public PKCS10CertificationRequest(ASN1Sequence sequence)
From source file:org.signserver.module.xmlsigner.AnySignerTest.java
License:Open Source License
@Test public void test01GenerateKey() throws Exception { final char[] authCode = "foo123".toCharArray(); final String newKeyAlias = "newkey0001"; final String actualNewAlias = workerSession.generateSignerKey(WORKERID, "RSA", "2048", newKeyAlias, authCode);//from w w w.j ava 2 s . c o m assertEquals("alias", newKeyAlias, actualNewAlias); final Collection<KeyTestResult> results = workerSession.testKey(WORKERID, newKeyAlias, authCode); final KeyTestResult result = results.iterator().next(); assertEquals("alias in result", newKeyAlias, result.getAlias()); assertTrue("test result", result.isSuccess()); final KeyStore keyStore = KeyStore.getInstance("PKCS12"); keyStore.load(new FileInputStream(keystoreFile), authCode); final PublicKey pubKey = keyStore.getCertificate(newKeyAlias).getPublicKey(); final byte[] pubKeyBytes = pubKey.getEncoded(); final String expectedKeyHash = createKeyHash(pubKeyBytes); final String actualKeyHash = result.getPublicKeyHash(); assertEquals("key hash", expectedKeyHash, actualKeyHash); // Set new key as NEXTCERTSIGNKEY workerSession.setWorkerProperty(WORKERID, "NEXTCERTSIGNKEY", newKeyAlias); workerSession.reloadConfiguration(WORKERID); // Generate CSR final PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=test01GenerateKey,C=SE", null); Base64SignerCertReqData data = (Base64SignerCertReqData) workerSession.getCertificateRequest(WORKERID, certReqInfo, false, false); byte[] reqBytes = data.getBase64CertReq(); final PKCS10CertificationRequest req = new PKCS10CertificationRequest(Base64.decode(reqBytes)); final PublicKey actualPubKey = req.getPublicKey(); assertEquals("key in request", pubKey, actualPubKey); // Test that the DN is in the correct order String actualDN = req.getCertificationRequestInfo().getSubject().toString(); assertTrue("dn: " + actualDN, actualDN.startsWith("CN=test01GenerateKey") && actualDN.endsWith("C=SE")); }
From source file:org.signserver.module.xmlsigner.AnySignerTest.java
License:Open Source License
/** * Test key generation of a ECDSA curve. * @throws Exception in case of error/*w w w. j a va 2 s. c o m*/ */ @Test public void test02GenerateKeyECDSA() throws Exception { final char[] authCode = "foo123".toCharArray(); final String newKeyAlias = "newkey0002"; final String actualNewAlias = workerSession.generateSignerKey(WORKERID, "ECDSA", "secp256r1", newKeyAlias, authCode); assertEquals("alias", newKeyAlias, actualNewAlias); final Collection<KeyTestResult> results = workerSession.testKey(WORKERID, newKeyAlias, authCode); final KeyTestResult result = results.iterator().next(); assertEquals("alias in result", newKeyAlias, result.getAlias()); assertTrue("test result", result.isSuccess()); final KeyStore keyStore = KeyStore.getInstance("PKCS12"); keyStore.load(new FileInputStream(keystoreFile), authCode); final PublicKey pubKey = keyStore.getCertificate(newKeyAlias).getPublicKey(); final byte[] pubKeyBytes = pubKey.getEncoded(); final String expectedKeyHash = createKeyHash(pubKeyBytes); final String actualKeyHash = result.getPublicKeyHash(); assertEquals("keyAlg", "EC", pubKey.getAlgorithm()); assertEquals("key hash", expectedKeyHash, actualKeyHash); // Set new key as NEXTCERTSIGNKEY workerSession.setWorkerProperty(WORKERID, "NEXTCERTSIGNKEY", newKeyAlias); workerSession.reloadConfiguration(WORKERID); // Generate CSR final PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithECDSA", "CN=test02GenerateKey", null); Base64SignerCertReqData data = (Base64SignerCertReqData) workerSession.getCertificateRequest(WORKERID, certReqInfo, false, false); byte[] reqBytes = data.getBase64CertReq(); final PKCS10CertificationRequest req = new PKCS10CertificationRequest(Base64.decode(reqBytes)); final PublicKey actualPubKey = req.getPublicKey(); assertEquals("key in request", pubKey, actualPubKey); }
From source file:org.signserver.module.xmlsigner.AnySignerTest.java
License:Open Source License
@Test public void test03GenerateRequestNamedCurve() throws Exception { final boolean explicitEcc = false; // Generate CSR final PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithECDSA", "CN=test02GenerateKey", null); Base64SignerCertReqData data = (Base64SignerCertReqData) workerSession.getCertificateRequest(WORKERID, certReqInfo, explicitEcc, false); byte[] reqBytes = data.getBase64CertReq(); final PKCS10CertificationRequest req = new PKCS10CertificationRequest(Base64.decode(reqBytes)); final PublicKey actualPubKey = req.getPublicKey(); final PublicKey afterConvert = ECKeyUtil.publicToExplicitParameters(actualPubKey, "BC"); // The following assertion assumes that publicToExplicitParameters // returns a new/different PublicKey instance if it was not already // converted and if it already was explicit the same instance was // returned/*w w w .j a v a 2 s . co m*/ // Not the same object assertNotSame("Not converted to explicit", actualPubKey.hashCode(), afterConvert.hashCode()); }
From source file:org.signserver.module.xmlsigner.AnySignerTest.java
License:Open Source License
@Test public void test04GenerateRequestExplicitParams() throws Exception { final boolean explicitEcc = true; // Generate CSR final PKCS10CertReqInfo certReqInfo = new PKCS10CertReqInfo("SHA1WithECDSA", "CN=test02GenerateKey", null); Base64SignerCertReqData data = (Base64SignerCertReqData) workerSession.getCertificateRequest(WORKERID, certReqInfo, explicitEcc, false); byte[] reqBytes = data.getBase64CertReq(); final PKCS10CertificationRequest req = new PKCS10CertificationRequest(Base64.decode(reqBytes)); final PublicKey actualPubKey = req.getPublicKey(); final PublicKey afterConvert = ECKeyUtil.publicToExplicitParameters(actualPubKey, "BC"); // The following assertion assumes that publicToExplicitParameters // returns a new/different PublicKey instance if it was not already // converted and if it already was explicit the same instance was // returned/*from w ww. j a va 2 s .c om*/ // The same object assertTrue("Not converted to explicit", actualPubKey.hashCode() == afterConvert.hashCode()); }
From source file:org.signserver.server.cryptotokens.SoftCryptoTokenTest.java
License:Open Source License
@Test public void test01BasicTests() throws Exception { StaticWorkerStatus stat = (StaticWorkerStatus) workerSession.getStatus(88); assertTrue(stat.getTokenStatus() == WorkerStatus.STATUS_OFFLINE); PKCS10CertReqInfo crInfo = new PKCS10CertReqInfo("SHA1WithRSA", "CN=TEST1", null); ICertReqData reqData = workerSession.getCertificateRequest(88, crInfo, false); assertNotNull(reqData);/*from ww w . j a v a 2 s.com*/ assertTrue(reqData instanceof Base64SignerCertReqData); PKCS10CertificationRequest pkcs10 = new PKCS10CertificationRequest( Base64.decode(((Base64SignerCertReqData) reqData).getBase64CertReq())); assertTrue(pkcs10.getPublicKey() != null); KeyPair dummyCAKeys = KeyTools.genKeys("2048", "RSA"); X509Certificate cert = CertTools.genSelfCert(pkcs10.getCertificationRequestInfo().getSubject().toString(), 10, null, dummyCAKeys.getPrivate(), pkcs10.getPublicKey(), "SHA1WithRSA", false); workerSession.uploadSignerCertificate(88, cert.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(88); stat = (StaticWorkerStatus) workerSession.getStatus(88); assertTrue(stat.getActiveSignerConfig().getProperty("KEYDATA") != null); assertTrue(stat.getTokenStatus() == WorkerStatus.STATUS_ACTIVE); int reqid = 12; ArrayList<byte[]> signrequests = new ArrayList<byte[]>(); byte[] signreq1 = "Hello World".getBytes(); byte[] signreq2 = "Hello World2".getBytes(); signrequests.add(signreq1); signrequests.add(signreq2); MRTDSignResponse res = (MRTDSignResponse) workerSession.process(88, new MRTDSignRequest(reqid, signrequests), new RequestContext()); assertTrue(res != null); assertTrue(reqid == res.getRequestID()); Certificate signercert = res.getSignerCertificate(); assertNotNull(signercert); Cipher c = Cipher.getInstance("RSA", "BC"); c.init(Cipher.DECRYPT_MODE, signercert); byte[] signres1 = c.doFinal((byte[]) ((ArrayList<?>) res.getProcessedData()).get(0)); if (!arrayEquals(signreq1, signres1)) { assertTrue("First MRTD doesn't match with request", false); } byte[] signres2 = c.doFinal((byte[]) ((ArrayList<?>) res.getProcessedData()).get(1)); if (!arrayEquals(signreq2, signres2)) { assertTrue("Second MRTD doesn't match with request", false); } assertTrue(signercert.getPublicKey().equals(pkcs10.getPublicKey())); reqData = workerSession.getCertificateRequest(88, crInfo, false); assertNotNull(reqData); assertTrue(reqData instanceof Base64SignerCertReqData); PKCS10CertificationRequest pkcs10_2 = new PKCS10CertificationRequest( Base64.decode(((Base64SignerCertReqData) reqData).getBase64CertReq())); assertTrue(pkcs10_2.getPublicKey() != null); assertFalse(pkcs10_2.getPublicKey().equals(pkcs10.getPublicKey())); workerSession.deactivateSigner(88); stat = (StaticWorkerStatus) workerSession.getStatus(88); assertTrue(stat.getTokenStatus() == WorkerStatus.STATUS_OFFLINE); try { res = (MRTDSignResponse) workerSession.process(88, new MRTDSignRequest(reqid, signrequests), new RequestContext()); assertTrue(false); } catch (CryptoTokenOfflineException e) { } workerSession.activateSigner(88, "anypwd"); stat = (StaticWorkerStatus) workerSession.getStatus(88); assertTrue(stat.getTokenStatus() == WorkerStatus.STATUS_ACTIVE); res = (MRTDSignResponse) workerSession.process(88, new MRTDSignRequest(reqid, signrequests), new RequestContext()); }