List of usage examples for org.bouncycastle.util Arrays areEqual
public static boolean areEqual(short[] a, short[] b)
From source file:co.runrightfast.core.security.cert.impl.CertificateServiceImplTest.java
License:Apache License
@Test public void testGenerateX509CertificateV3_intermediateCACertificate() throws NoSuchAlgorithmException, NoSuchProviderException, CertificateExpiredException, CertificateNotYetValidException, CertificateException, InvalidKeyException, SignatureException, CertificateEncodingException, IOException { final DistinguishedName subject = subject(); final X500Principal subjectPrincipal = subject.toX500Principal(); final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA.name(), BOUNCY_CASTLE); final KeyPair certKeyPair = keyPairGenerator.generateKeyPair(); final CaCert caCert = caCert(); final JcaX509ExtensionUtils extUtils = jcaX509ExtensionUtils(); final ImmutableList<X509CertExtension> x509CertExtensions = ImmutableList.<X509CertExtension>builder() .add(X509CertExtension.builder().oid(Extension.authorityKeyIdentifier) .value(extUtils.createAuthorityKeyIdentifier(caCert.getCert())).critical(false).build()) .add(X509CertExtension.builder().oid(Extension.keyUsage) .value(new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)) .critical(true).build()) .build();// w ww. j a v a 2s. c om final X509V3CertRequest request = new X509V3CertRequest(caCert.cert.getIssuerX500Principal(), BigInteger.ONE, Instant.now(), Instant.ofEpochMilli(System.currentTimeMillis() + (10 * 1000)), subjectPrincipal, certKeyPair.getPublic(), x509CertExtensions, new BasicConstraints(0)); log.info(String.format("request : %s", request)); final X509Certificate cert = certificateService.generateX509CertificateV3(request, caCert.getPrivateKey()); log.info(String.format("result.getSigAlgName() = %s, result.getVersion() = %s ", cert.getSigAlgName(), cert.getVersion())); assertThat(cert.getVersion(), is(3)); cert.checkValidity(); assertThat(Arrays.areEqual(subjectPrincipal.getEncoded(), cert.getSubjectX500Principal().getEncoded()), is(true)); assertThat(Arrays.areEqual(caCert.getCert().getSubjectX500Principal().getEncoded(), cert.getIssuerX500Principal().getEncoded()), is(true)); cert.verify(caCert.getCert().getPublicKey()); assertThat(cert.getBasicConstraints(), is(0)); checkAuthorityKeyIdentifierExtenstion(cert, caCert); checkSubjectKeyIdentifierExtenstion(cert); }
From source file:co.runrightfast.core.security.cert.impl.CertificateServiceImplTest.java
License:Apache License
@Test public void testGenerateX509CertificateV3_CAIssuedX509V3CertRequest_endCert() throws NoSuchAlgorithmException, NoSuchProviderException, CertificateExpiredException, CertificateNotYetValidException, CertificateException, InvalidKeyException, SignatureException, CertificateEncodingException, IOException { final DistinguishedName subject = subject(); final X500Principal subjectPrincipal = subject.toX500Principal(); final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA.name(), BOUNCY_CASTLE); final KeyPair certKeyPair = keyPairGenerator.generateKeyPair(); final CaCert caCert = caCert(); final JcaX509ExtensionUtils extUtils = jcaX509ExtensionUtils(); final ImmutableList<X509CertExtension> x509CertExtensions = ImmutableList.<X509CertExtension>builder() .add(X509CertExtension.builder().oid(Extension.keyUsage) .value(new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)) .critical(true).build()) .build();//w w w . j av a 2 s . c o m final CAIssuedX509V3CertRequest request = new CAIssuedX509V3CertRequest(caCert.cert, BigInteger.ONE, Instant.now(), Instant.ofEpochMilli(System.currentTimeMillis() + (10 * 1000)), subjectPrincipal, certKeyPair.getPublic(), x509CertExtensions); log.info(String.format("request : %s", request)); final X509Certificate cert = certificateService.generateX509CertificateV3(request, caCert.getPrivateKey()); log.info(String.format("result.getSigAlgName() = %s, result.getVersion() = %s ", cert.getSigAlgName(), cert.getVersion())); assertThat(cert.getVersion(), is(3)); cert.checkValidity(); assertThat(Arrays.areEqual(subjectPrincipal.getEncoded(), cert.getSubjectX500Principal().getEncoded()), is(true)); assertThat(Arrays.areEqual(caCert.getCert().getSubjectX500Principal().getEncoded(), cert.getIssuerX500Principal().getEncoded()), is(true)); cert.verify(caCert.getCert().getPublicKey()); assertThat(cert.getBasicConstraints(), is(-1)); checkAuthorityKeyIdentifierExtenstion(cert, caCert); checkSubjectKeyIdentifierExtenstion(cert); }
From source file:co.runrightfast.core.security.cert.impl.CertificateServiceImplTest.java
License:Apache License
@Test public void testGenerateX509CertificateV3_CAIssuedX509V3CertRequest_IntermediateCert() throws NoSuchAlgorithmException, NoSuchProviderException, CertificateExpiredException, CertificateNotYetValidException, CertificateException, InvalidKeyException, SignatureException, CertificateEncodingException, IOException { final DistinguishedName subject = subject(); final X500Principal subjectPrincipal = subject.toX500Principal(); final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA.name(), BOUNCY_CASTLE); final KeyPair certKeyPair = keyPairGenerator.generateKeyPair(); final CaCert caCert = caCert(); final ImmutableList<X509CertExtension> x509CertExtensions = ImmutableList.<X509CertExtension>builder() .add(keyUsage(new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign))) .build();/*ww w . ja v a2 s . com*/ final CAIssuedX509V3CertRequest request = new CAIssuedX509V3CertRequest(caCert.cert, BigInteger.ONE, Instant.now(), Instant.ofEpochMilli(System.currentTimeMillis() + (10 * 1000)), subjectPrincipal, certKeyPair.getPublic(), x509CertExtensions, new BasicConstraints(0)); log.info(String.format("request : %s", request)); final X509Certificate cert = certificateService.generateX509CertificateV3(request, caCert.getPrivateKey()); log.info(String.format("result.getSigAlgName() = %s, result.getVersion() = %s ", cert.getSigAlgName(), cert.getVersion())); assertThat(cert.getVersion(), is(3)); cert.checkValidity(); assertThat(Arrays.areEqual(subjectPrincipal.getEncoded(), cert.getSubjectX500Principal().getEncoded()), is(true)); assertThat(Arrays.areEqual(caCert.getCert().getSubjectX500Principal().getEncoded(), cert.getIssuerX500Principal().getEncoded()), is(true)); cert.verify(caCert.getCert().getPublicKey()); assertThat(cert.getBasicConstraints(), is(0)); checkAuthorityKeyIdentifierExtenstion(cert, caCert); checkSubjectKeyIdentifierExtenstion(cert); }
From source file:co.runrightfast.core.security.cert.impl.CertificateServiceImplTest.java
License:Apache License
@Test(expected = IllegalArgumentException.class) public void testGenerateX509CertificateV3_CAIssuedX509V3CertRequest_withBasicConstraintsExtensionNotAllowed() throws NoSuchAlgorithmException, NoSuchProviderException, CertificateExpiredException, CertificateNotYetValidException, CertificateException, InvalidKeyException, SignatureException { final DistinguishedName subject = subject(); final X500Principal subjectPrincipal = subject.toX500Principal(); final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA.name(), BOUNCY_CASTLE); final KeyPair certKeyPair = keyPairGenerator.generateKeyPair(); final CaCert caCert = caCert(); final JcaX509ExtensionUtils extUtils = jcaX509ExtensionUtils(); final ImmutableList<X509CertExtension> x509CertExtensions = ImmutableList.<X509CertExtension>builder() .add(X509CertExtension.builder().oid(Extension.keyUsage) .value(new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)) .critical(true).build()) .add(X509CertExtension.builder().oid(Extension.basicConstraints).value(new BasicConstraints(0)) .critical(true).build()) .build();//from w ww . j a v a2s . co m final CAIssuedX509V3CertRequest request = new CAIssuedX509V3CertRequest(caCert.cert, BigInteger.ONE, Instant.now(), Instant.ofEpochMilli(System.currentTimeMillis() + (10 * 1000)), subjectPrincipal, certKeyPair.getPublic(), x509CertExtensions); log.info(String.format("request : %s", request)); final X509Certificate cert = certificateService.generateX509CertificateV3(request, caCert.getPrivateKey()); log.info(String.format("result.getSigAlgName() = %s, result.getVersion() = %s ", cert.getSigAlgName(), cert.getVersion())); assertThat(cert.getVersion(), is(3)); cert.checkValidity(); assertThat(Arrays.areEqual(subjectPrincipal.getEncoded(), cert.getSubjectX500Principal().getEncoded()), is(true)); assertThat(Arrays.areEqual(caCert.getCert().getSubjectX500Principal().getEncoded(), cert.getIssuerX500Principal().getEncoded()), is(true)); cert.verify(caCert.getCert().getPublicKey()); }
From source file:co.runrightfast.core.security.cert.impl.CertificateServiceImplTest.java
License:Apache License
/** * creates an end entity certificate which might be used to verify one of the subject's signatures or to encrypt data to be sent to the entity represented * by the certificate's subject/*from w ww . j a v a2 s. c o m*/ * * @throws NoSuchAlgorithmException * @throws NoSuchProviderException * @throws CertificateExpiredException * @throws CertificateNotYetValidException * @throws CertificateException * @throws InvalidKeyException * @throws SignatureException */ @Test public void testGenerateX509CertificateV3_endEntityCertificate() throws NoSuchAlgorithmException, NoSuchProviderException, CertificateExpiredException, CertificateNotYetValidException, CertificateException, InvalidKeyException, SignatureException, IOException { final DistinguishedName subject = subject(); final X500Principal subjectPrincipal = subject.toX500Principal(); final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA.name(), BOUNCY_CASTLE); final KeyPair certKeyPair = keyPairGenerator.generateKeyPair(); final CaCert caCert = caCert(); final JcaX509ExtensionUtils extUtils = jcaX509ExtensionUtils(); final ImmutableList<X509CertExtension> x509CertExtensions = ImmutableList.<X509CertExtension>builder() .add(X509CertExtension.builder().oid(Extension.authorityKeyIdentifier) .value(extUtils.createAuthorityKeyIdentifier(caCert.getCert())).critical(false).build()) .add(X509CertExtension.builder().oid(Extension.keyUsage) .value(new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)).critical(true) .build()) .build(); final X509V3CertRequest request = new X509V3CertRequest(caCert.cert.getIssuerX500Principal(), BigInteger.ONE, Instant.now(), Instant.ofEpochMilli(System.currentTimeMillis() + (10 * 1000)), subjectPrincipal, certKeyPair.getPublic(), x509CertExtensions); log.info(String.format("request : %s", request)); final X509Certificate cert = certificateService.generateX509CertificateV3(request, caCert.getPrivateKey()); log.info(String.format("result.getSigAlgName() = %s, result.getVersion() = %s ", cert.getSigAlgName(), cert.getVersion())); assertThat(cert.getVersion(), is(3)); cert.checkValidity(); assertThat(Arrays.areEqual(subjectPrincipal.getEncoded(), cert.getSubjectX500Principal().getEncoded()), is(true)); assertThat(Arrays.areEqual(caCert.getCert().getSubjectX500Principal().getEncoded(), cert.getIssuerX500Principal().getEncoded()), is(true)); cert.verify(caCert.getCert().getPublicKey()); assertThat(cert.getBasicConstraints(), is(-1)); checkAuthorityKeyIdentifierExtenstion(cert, caCert); checkSubjectKeyIdentifierExtenstion(cert); }
From source file:co.runrightfast.core.security.cert.impl.CertificateServiceImplTest.java
License:Apache License
private void checkAuthorityKeyIdentifierExtenstion(final X509Certificate cert, final CaCert caCert) throws CertificateEncodingException, IOException { final JcaX509ExtensionUtils extUtils = jcaX509ExtensionUtils(); final byte[] extValue = cert.getExtensionValue(OID.AUTHORITY_KEY_IDENIFIER.oid.getId()); assertThat(extValue, is(notNullValue())); final byte[] expectedExtValue = X509CertExtension.builder().oid(Extension.authorityKeyIdentifier) .value(extUtils.createAuthorityKeyIdentifier(caCert.getCert())).critical(false).build() .toExtension().getExtnValue().getEncoded(DER.name()); assertThat(Arrays.areEqual(extValue, expectedExtValue), is(true)); final X509CertificateHolder certHolder = new JcaX509CertificateHolder(cert); final Extension ext = certHolder.getExtensions().getExtension(OID.AUTHORITY_KEY_IDENIFIER.oid); assertThat(ext, is(notNullValue())); assertThat(Arrays.areEqual(ext.getExtnValue().getEncoded(DER.name()), expectedExtValue), is(true)); }
From source file:co.runrightfast.core.security.cert.impl.CertificateServiceImplTest.java
License:Apache License
private void checkSubjectKeyIdentifierExtenstion(final X509Certificate cert) throws CertificateEncodingException, IOException { final JcaX509ExtensionUtils extUtils = jcaX509ExtensionUtils(); final byte[] extValue = cert.getExtensionValue(OID.SUBJECT_KEY_IDENIFIER.oid.getId()); assertThat(extValue, is(notNullValue())); final byte[] expectedExtValue = X509CertExtension.builder().oid(Extension.subjectKeyIdentifier) .value(extUtils.createSubjectKeyIdentifier(cert.getPublicKey())).critical(false).build() .toExtension().getExtnValue().getEncoded(DER.name()); assertThat(Arrays.areEqual(extValue, expectedExtValue), is(true)); final X509CertificateHolder certHolder = new JcaX509CertificateHolder(cert); final Extension ext = certHolder.getExtensions().getExtension(OID.SUBJECT_KEY_IDENIFIER.oid); assertThat(ext, is(notNullValue())); assertThat(Arrays.areEqual(ext.getExtnValue().getEncoded(DER.name()), expectedExtValue), is(true)); }
From source file:co.runrightfast.core.security.cert.impl.CertificateServiceImplTest.java
License:Apache License
@Test(expected = IllegalArgumentException.class) public void testGenerateX509CertificateV3_endEntityCertificate_withBasicConstraintsNotAllowed() throws NoSuchAlgorithmException, NoSuchProviderException, CertificateExpiredException, CertificateNotYetValidException, CertificateException, InvalidKeyException, SignatureException { final DistinguishedName subject = subject(); final X500Principal subjectPrincipal = subject.toX500Principal(); final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA.name(), BOUNCY_CASTLE); final KeyPair certKeyPair = keyPairGenerator.generateKeyPair(); final CaCert caCert = caCert(); final JcaX509ExtensionUtils extUtils = jcaX509ExtensionUtils(); final ImmutableList<X509CertExtension> x509CertExtensions = ImmutableList.<X509CertExtension>builder() .add(X509CertExtension.builder().oid(Extension.authorityKeyIdentifier) .value(extUtils.createAuthorityKeyIdentifier(caCert.getCert())).critical(false).build()) .add(X509CertExtension.builder().oid(Extension.keyUsage) .value(new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)).critical(true) .build())//from w w w. j av a 2 s . co m .add(X509CertExtension.builder().oid(Extension.basicConstraints).value(new BasicConstraints(false)) .critical(true).build()) .build(); final X509V3CertRequest request = new X509V3CertRequest(caCert.cert.getIssuerX500Principal(), BigInteger.ONE, Instant.now(), Instant.ofEpochMilli(System.currentTimeMillis() + (10 * 1000)), subjectPrincipal, certKeyPair.getPublic(), x509CertExtensions); log.info(String.format("request : %s", request)); final X509Certificate cert = certificateService.generateX509CertificateV3(request, caCert.getPrivateKey()); log.info(String.format("result.getSigAlgName() = %s, result.getVersion() = %s ", cert.getSigAlgName(), cert.getVersion())); assertThat(cert.getVersion(), is(3)); cert.checkValidity(); assertThat(Arrays.areEqual(subjectPrincipal.getEncoded(), cert.getSubjectX500Principal().getEncoded()), is(true)); assertThat(Arrays.areEqual(caCert.getCert().getSubjectX500Principal().getEncoded(), cert.getIssuerX500Principal().getEncoded()), is(true)); cert.verify(caCert.getCert().getPublicKey()); }
From source file:com.all.dht.database.TestOversizedValueInfo.java
License:Apache License
@Test public void shouldConvertToAndFromJson() throws Exception { String primaryKey = KUID.createRandomID().toHexString(); long createdOn = new Date().getTime(); String oversizedValue = "Some oversized value, e.g., a user snapshot"; byte[] sha1 = Digest.getSha1(oversizedValue.getBytes()); OversizedValueInfo expected = new OversizedValueInfo(primaryKey, sha1, createdOn); String json = JsonConverter.toJson(expected); OversizedValueInfo actual = JsonConverter.toBean(json, OversizedValueInfo.class); assertNotNull(actual);// w w w. ja v a2 s.co m assertEquals(expected.getPrimaryKey(), actual.getPrimaryKey()); assertTrue(Arrays.areEqual(expected.getSha1(), actual.getSha1())); assertEquals(expected.getStoredOn(), actual.getStoredOn()); }
From source file:com.all.dht.DhtManager.java
License:Apache License
private void putOversizedByRemoteNodeRequest(AllMessage<String> request) { log.info("Processing PUT_DHT_OVERSIZED_VALUE_REQUEST_TYPE for key : " + request.getProperty(DHT_PRIMARY_KEY)); try {//from w w w . j ava 2 s. c o m String primaryKey = request.getProperty(DHT_PRIMARY_KEY); byte[] oversizedValue = request.getBody().getBytes(); byte[] sha1 = Digest.getSha1(oversizedValue); OversizedValueInfo valueInfo = getDirectValue(KUID.createWithHexString(primaryKey), OversizedValueInfo.class); if (Arrays.areEqual(valueInfo.getSha1(), sha1)) { dhtFileUtils.storeOnFileSystem(primaryKey, oversizedValue); } else { log.error("The oversized value in the request does not match with the info stored in its key."); } } catch (Exception e) { log.error(e, e); } }