Java tutorial
/** * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. * */ package org.apache.kerby.pkix; import org.bouncycastle.cms.CMSSignedData; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.junit.Before; import org.junit.Test; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.File; import java.io.FileInputStream; import java.security.KeyStore; import java.security.PrivateKey; import java.security.Security; import java.security.cert.X509Certificate; import java.security.interfaces.RSAPrivateCrtKey; /** * Tests the use of {@link CMSSignedData}. * * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> * @version $Rev$, $Date$ */ public class SignedDataEngineTest extends org.junit.Assert { /** * The log for this class. */ private static final Logger LOG = LoggerFactory.getLogger(SignedDataEngineTest.class); private static final String ID_DATA = "1.2.840.113549.1.7.1"; /** * Certificate used to verify the signature. */ private X509Certificate certificate; /** * Private key used to sign the data. */ private PrivateKey privateKey; @Before public void setUp() throws Exception { if (Security.getProvider("BC") == null) { Security.addProvider(new BouncyCastleProvider()); } //getCaFromFile( "/tmp/testCa.p12", "password", "Test CA" ); getCaFromFactory(); } /** * Tests that signed data signature validation works. * * @throws Exception */ @Test public void testSignedData() throws Exception { byte[] data = "Hello".getBytes(); byte[] signedDataBytes = SignedDataEngine.getSignedData(privateKey, certificate, data, ID_DATA); CMSSignedData signedData = new CMSSignedData(signedDataBytes); assertTrue(SignedDataEngine.validateSignedData(signedData)); } void getCaFromFactory() throws Exception { X509Certificate[] clientChain = CertificateChainFactory.getClientChain(); certificate = clientChain[0]; privateKey = CertificateChainFactory.getClientPrivateKey(); } void getCaFromFile(String caFile, String caPassword, String caAlias) throws Exception { // Open the keystore. KeyStore caKs = KeyStore.getInstance("PKCS12"); caKs.load(new FileInputStream(new File(caFile)), caPassword.toCharArray()); // Load the private key from the keystore. privateKey = (RSAPrivateCrtKey) caKs.getKey(caAlias, caPassword.toCharArray()); if (privateKey == null) { throw new IllegalStateException("Got null key from keystore!"); } // Load the certificate from the keystore. certificate = (X509Certificate) caKs.getCertificate(caAlias); if (certificate == null) { throw new IllegalStateException("Got null cert from keystore!"); } LOG.debug("Successfully loaded CA key and certificate. CA DN is '{}'.", certificate.getSubjectDN().getName()); // Verify. certificate.verify(certificate.getPublicKey()); LOG.debug("Successfully verified CA certificate with its own public key."); } }