Java tutorial
/************************************************************************* * * * EJBCA: The OpenSource Certificate Authority * * * * This software is free software; you can redistribute it and/or * * modify it under the terms of the GNU Lesser General Public * * License as published by the Free Software Foundation; either * * version 2.1 of the License, or any later version. * * * * See terms of license at gnu.org. * * * *************************************************************************/ package org.ejbca.util; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.math.BigInteger; import java.net.URL; import java.security.KeyPair; import java.security.PublicKey; import java.security.cert.Certificate; import java.security.cert.CertificateParsingException; import java.security.cert.X509Certificate; import java.security.interfaces.DSAPublicKey; import java.security.interfaces.RSAPublicKey; import java.util.ArrayList; import java.util.Collection; import java.util.Enumeration; import java.util.Iterator; import java.util.List; import junit.framework.TestCase; import org.apache.log4j.Logger; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1Set; import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.DERIA5String; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.pkcs.CertificationRequestInfo; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralNames; import org.bouncycastle.asn1.x509.X509DefaultEntryConverter; import org.bouncycastle.asn1.x509.X509Extension; import org.bouncycastle.asn1.x509.X509Extensions; import org.bouncycastle.asn1.x509.X509Name; import org.bouncycastle.asn1.x509.qualified.ETSIQCObjectIdentifiers; import org.bouncycastle.asn1.x509.qualified.RFC3739QCObjectIdentifiers; import org.bouncycastle.jce.PKCS10CertificationRequest; import org.bouncycastle.jce.X509KeyUsage; import org.bouncycastle.util.encoders.Hex; import org.ejbca.core.model.AlgorithmConstants; import org.ejbca.cvc.CVCAuthenticatedRequest; import org.ejbca.cvc.CVCObject; import org.ejbca.cvc.CVCertificate; import org.ejbca.cvc.CardVerifiableCertificate; import org.ejbca.cvc.CertificateParser; import org.ejbca.util.cert.QCStatementExtension; import org.ejbca.util.cert.SubjectDirAttrExtension; import org.ejbca.util.keystore.KeyTools; import com.novell.ldap.LDAPDN; /** * Tests the CertTools class . * * @version $Id: CertToolsTest.java 11319 2011-02-07 10:57:09Z jeklund $ */ public class CertToolsTest extends TestCase { private static Logger log = Logger.getLogger(CertToolsTest.class); private static byte[] testcert = Base64 .decode(("MIIDATCCAmqgAwIBAgIIczEoghAwc3EwDQYJKoZIhvcNAQEFBQAwLzEPMA0GA1UE" + "AxMGVGVzdENBMQ8wDQYDVQQKEwZBbmFUb20xCzAJBgNVBAYTAlNFMB4XDTAzMDky" + "NDA2NDgwNFoXDTA1MDkyMzA2NTgwNFowMzEQMA4GA1UEAxMHcDEydGVzdDESMBAG" + "A1UEChMJUHJpbWVUZXN0MQswCQYDVQQGEwJTRTCBnTANBgkqhkiG9w0BAQEFAAOB" + "iwAwgYcCgYEAnPAtfpU63/0h6InBmesN8FYS47hMvq/sliSBOMU0VqzlNNXuhD8a" + "3FypGfnPXvjJP5YX9ORu1xAfTNao2sSHLtrkNJQBv6jCRIMYbjjo84UFab2qhhaJ" + "wqJgkQNKu2LHy5gFUztxD8JIuFPoayp1n9JL/gqFDv6k81UnDGmHeFcCARGjggEi" + "MIIBHjAPBgNVHRMBAf8EBTADAQEAMA8GA1UdDwEB/wQFAwMHoAAwOwYDVR0lBDQw" + "MgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUHAwUGCCsGAQUF" + "BwMHMB0GA1UdDgQWBBTnT1aQ9I0Ud4OEfNJkSOgJSrsIoDAfBgNVHSMEGDAWgBRj" + "e/R2qFQkjqV0pXdEpvReD1eSUTAiBgNVHREEGzAZoBcGCisGAQQBgjcUAgOgCQwH" + "Zm9vQGZvbzASBgNVHSAECzAJMAcGBSkBAQEBMEUGA1UdHwQ+MDwwOqA4oDaGNGh0" + "dHA6Ly8xMjcuMC4wLjE6ODA4MC9lamJjYS93ZWJkaXN0L2NlcnRkaXN0P2NtZD1j" + "cmwwDQYJKoZIhvcNAQEFBQADgYEAU4CCcLoSUDGXJAOO9hGhvxQiwjGD2rVKCLR4" + "emox1mlQ5rgO9sSel6jHkwceaq4A55+qXAjQVsuy76UJnc8ncYX8f98uSYKcjxo/" + "ifn1eHMbL8dGLd5bc2GNBZkmhFIEoDvbfn9jo7phlS8iyvF2YhC4eso8Xb+T7+BZ" + "QUOBOvc=").getBytes()); private static byte[] guidcert = Base64 .decode(("MIIC+zCCAmSgAwIBAgIIBW0F4eGmH0YwDQYJKoZIhvcNAQEFBQAwMTERMA8GA1UE" + "AxMIQWRtaW5DQTExDzANBgNVBAoTBkFuYVRvbTELMAkGA1UEBhMCU0UwHhcNMDQw" + "OTE2MTc1NzQ1WhcNMDYwOTE2MTgwNzQ1WjAyMRQwEgYKCZImiZPyLGQBARMEZ3Vp" + "ZDENMAsGA1UEAxMER3VpZDELMAkGA1UEBhMCU0UwgZ8wDQYJKoZIhvcNAQEBBQAD" + "gY0AMIGJAoGBANdjsBcLJKUN4hzJU1p3cqaXhPgEjGul62/3xv+Gow+7oOYePcK8" + "bM5VO4zdQVWEhuGOZFaZ70YbXhei4F9kvqlN7xuG47g7DNZ0/fnRzvGY0BHmIR4Y" + "/U87oMEDa2Giy0WTjsmT14uzy4luFgqb2ZA3USGcyJ9hoT6j1WDyOxitAgMBAAGj" + "ggEZMIIBFTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFoDA7BgNVHSUENDAy" + "BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEFBQcDBQYIKwYBBQUH" + "AwcwHQYDVR0OBBYEFJlDddj88zI7tz3SPfdig0gw5IWvMB8GA1UdIwQYMBaAFI1k" + "9WhE1WXpeezZx/kM0qsoZyqVMHgGA1UdEQRxMG+BDGd1aWRAZm9vLmNvbYIMZ3Vp" + "ZC5mb28uY29thhRodHRwOi8vZ3VpZC5mb28uY29tL4cECgwNDqAcBgorBgEEAYI3" + "FAIDoA4MDGd1aWRAZm9vLmNvbaAXBgkrBgEEAYI3GQGgCgQIEjRWeJCrze8wDQYJ" + "KoZIhvcNAQEFBQADgYEAq39n6CZJgJnW0CH+QkcuU5F4RQveNPGiJzIJxUeOQ1yQ" + "gSkt3hvNwG4kLBmmwe9YLdS83dgNImMWL/DgID/47aENlBNai14CvtMceokik4IN" + "sacc7x/Vp3xezHLuBMcf3E3VSo4FwqcUYFmu7Obke3ebmB08nC6gnQHkzjNsmQw=").getBytes()); private static byte[] altNameCert = Base64 .decode(("MIIDDzCCAfegAwIBAgIIPiL0klmu1uIwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UE" + "AxMIQWRtaW5DQTExFTATBgNVBAoTDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0Uw" + "HhcNMDUwODAyMTAxOTQ5WhcNMDcwODAyMTAyOTQ5WjAsMQwwCgYDVQQDEwNmb28x" + "DzANBgNVBAoTBkFuYVRvbTELMAkGA1UEBhMCU0UwXDANBgkqhkiG9w0BAQEFAANL" + "ADBIAkEAmMVWkkEMLbDNoB/NG3kJ22eC18syXqaHWRWc4DldFeCMGeLzfB2NklNv" + "hmr2kgIJcK+wyFpMkYm46dSMOrvovQIDAQABo4HxMIHuMAwGA1UdEwEB/wQCMAAw" + "DgYDVR0PAQH/BAQDAgWgMDsGA1UdJQQ0MDIGCCsGAQUFBwMBBggrBgEFBQcDAgYI" + "KwYBBQUHAwQGCCsGAQUFBwMFBggrBgEFBQcDBzAdBgNVHQ4EFgQUIV/Fck/+UVnw" + "tJigtZIF5OuuhlIwHwYDVR0jBBgwFoAUB/2KRYNOZxRDkJ5oChjNeXgwtCcwUQYD" + "VR0RBEowSIEKdG9tYXNAYS5zZYIId3d3LmEuc2WGEGh0dHA6Ly93d3cuYS5zZS+H" + "BAoBAQGgGAYKKwYBBAGCNxQCA6AKDAhmb29AYS5zZTANBgkqhkiG9w0BAQUFAAOC" + "AQEAfAGJM0/s+Yi1Ewmvt9Z/9w8X/T/02bF8P8MJG2H2eiIMCs/tkNhnlFGYYGhD" + "Km8ynveQZbdYvKFioOr/D19gMis/HNy9UDfOMrJdeGWiwxUHvKKbtcSlOPH3Hm0t" + "LSKomWdKfjTksfj69Tf01S0oNonprvwGxIdsa1uA9BC/MjkkPt1qEWkt/FWCfq9u" + "8Xyj2tZEJKjLgAW6qJ3ye81pEVKHgMmapWTQU2uI1qyEPYxoT9WkQtSObGI1wCqO" + "YmKglnd5BIUBPO9LOryyHlSRTID5z0UgDlrTAaNYuN8QOYF+DZEQxm4bSXTDooGX" + "rHjSjn/7Urb31CXWAxq0Zhk3fg==").getBytes()); private static byte[] altNameCertWithDirectoryName = Base64.decode( ("MIIFkjCCBPugAwIBAgIIBzGqGNsLMqwwDQYJKoZIhvcNAQEFBQAwWTEYMBYGA1UEAwwPU1VCX0NBX1dJTkRPV1MzMQ8wDQYDVQQLEwZQS0lHVkExHzAdBgNVBAoTFkdlbmVyYWxpdGF0IFZhbGVuY2lhbmExCzAJBgNVBAYTAkVTMB4XDTA2MDQyMTA5NDQ0OVoXDTA4MDQyMDA5NTQ0OVowcTEbMBkGCgmSJomT8ixkAQETC3Rlc3REaXJOYW1lMRQwEgYDVQQDEwt0ZXN0RGlyTmFtZTEOMAwGA1UECxMFbG9nb24xHzAdBgNVBAoTFkdlbmVyYWxpdGF0IFZhbGVuY2lhbmExCzAJBgNVBAYTAkVTMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDLxMhz40RxCm21HoCBNa9x1UyPmhVkPdtt2V7dixgjOYz+ffKeebjn/jSd4nfXgd7fxpzezB8t673F2OtC3ENl1zek5Msj2KoinVu8vvZ78KMRq/H1rDFguhjSL0o19Cpob0qQFB/ukPZMNoKBNnMVnR1C4juB1eJVXWmHyJxIwIDAQABo4IDSTCCA0UwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBaAwMwYDVR0lBCwwKgYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEFBQcDBwYKKwYBBAGCNxQCAjAdBgNVHQ4EFgQUZz4hrh3dr6VWvEbAPe8pg7szNi4wHwYDVR0jBBgwFoAUTuOaap9UBpQ8dqwOufYoOQucfUowXAYDVR0RBFUwU6QhMB8xHTAbBgNVBAMMFHRlc3REaXJOYW1lfGRpcnxuYW1loC4GCisGAQQBgjcUAgOgIAwedGVzdERpck5hbWVAamFtYWRvci5wa2kuZ3ZhLmVzMIIBtgYDVR0gBIIBrTCCAakwggGlBgsrBgEEAb9VAwoBADCCAZQwggFeBggrBgEFBQcCAjCCAVAeggFMAEMAZQByAHQAaQBmAGkAYwBhAGQAbwAgAHIAZQBjAG8AbgBvAGMAaQBkAG8AIABkAGUAIABFAG4AdABpAGQAYQBkACAAZQB4AHAAZQBkAGkAZABvACAAcABvAHIAIABsAGEAIABBAHUAdABvAHIAaQBkAGEAZAAgAGQAZQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABkAGUAIABsAGEAIABDAG8AbQB1AG4AaQB0AGEAdAAgAFYAYQBsAGUAbgBjAGkAYQBuAGEAIAAoAFAAbAAuACAATQBhAG4AaQBzAGUAcwAgADEALgAgAEMASQBGACAAUwA0ADYAMQAxADAAMAAxAEEAKQAuACAAQwBQAFMAIAB5ACAAQwBQACAAZQBuACAAaAB0AHQAcAA6AC8ALwB3AHcAdwAuAGEAYwBjAHYALgBlAHMwMAYIKwYBBQUHAgEWJGh0dHA6Ly93d3cuYWNjdi5lcy9sZWdpc2xhY2lvbl9jLmh0bTBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vemFyYXRob3MuamFtYWRvci5ndmEuZXMvU1VCX0NBX1dJTkRPV1MzLmNybDBTBggrBgEFBQcBAQRHMEUwQwYIKwYBBQUHMAGGN2h0dHA6Ly91bGlrLnBraS5ndmEuZXM6ODA4MC9lamJjYS9wdWJsaWN3ZWIvc3RhdHVzL29jc3AwDQYJKoZIhvcNAQEFBQADgYEASofgaj06BOE847RTEgVba52lmPWADgeWxKHZAk1t9LdNzuFJ8B/SC3gi0rsAA/lQGSd4WzPbkmJKkVZ6Q9ybpqg4AJRaIZBkoQw1KNXPYAcgt5XLeIhUACdKIPhfPQr+vQtaC1wi5xV8EBCLpLmpzN9bpZdze/724UB4Y94KhII=") .getBytes()); /** The reference certificate from RFC3739 */ private static byte[] qcRefCert = Base64 .decode(("MIIDEDCCAnmgAwIBAgIESZYC0jANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJE" + "RTE5MDcGA1UECgwwR01EIC0gRm9yc2NodW5nc3plbnRydW0gSW5mb3JtYXRpb25z" + "dGVjaG5payBHbWJIMB4XDTA0MDIwMTEwMDAwMFoXDTA4MDIwMTEwMDAwMFowZTEL" + "MAkGA1UEBhMCREUxNzA1BgNVBAoMLkdNRCBGb3JzY2h1bmdzemVudHJ1bSBJbmZv" + "cm1hdGlvbnN0ZWNobmlrIEdtYkgxHTAMBgNVBCoMBVBldHJhMA0GA1UEBAwGQmFy" + "emluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDc50zVodVa6wHPXswg88P8" + "p4fPy1caIaqKIK1d/wFRMN5yTl7T+VOS57sWxKcdDzGzqZJqjwjqAP3DqPK7AW3s" + "o7lBG6JZmiqMtlXG3+olv+3cc7WU+qDv5ZXGEqauW4x/DKGc7E/nq2BUZ2hLsjh9" + "Xy9+vbw+8KYE9rQEARdpJQIDAQABo4HpMIHmMGQGA1UdCQRdMFswEAYIKwYBBQUH" + "CQQxBBMCREUwDwYIKwYBBQUHCQMxAxMBRjAdBggrBgEFBQcJATERGA8xOTcxMTAx" + "NDEyMDAwMFowFwYIKwYBBQUHCQIxCwwJRGFybXN0YWR0MA4GA1UdDwEB/wQEAwIG" + "QDASBgNVHSAECzAJMAcGBSskCAEBMB8GA1UdIwQYMBaAFAABAgMEBQYHCAkKCwwN" + "Dg/+3LqYMDkGCCsGAQUFBwEDBC0wKzApBggrBgEFBQcLAjAdMBuBGW11bmljaXBh" + "bGl0eUBkYXJtc3RhZHQuZGUwDQYJKoZIhvcNAQEFBQADgYEAj4yAu7LYa3X04h+C" + "7+DyD2xViJCm5zEYg1m5x4znHJIMZsYAU/vJJIJQkPKVsIgm6vP/H1kXyAu0g2Ep" + "z+VWPnhZK1uw+ay1KRXw8rw2mR8hQ2Ug6QZHYdky2HH3H/69rWSPp888G8CW8RLU" + "uIKzn+GhapCuGoC4qWdlGLWqfpc=").getBytes()); private static byte[] qcPrimeCert = Base64 .decode(("MIIDMDCCAhigAwIBAgIIUDIxBvlO2qcwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UE" + "AxMIQWRtaW5DQTExFTATBgNVBAoTDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0Uw" + "HhcNMDYwMTIyMDgxNTU0WhcNMDgwMTIyMDgyNTU0WjAOMQwwCgYDVQQDEwNxYzIw" + "gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKkuPOqOEWCJH9xb11sS++vfKb/z" + "gHf2clwyf2vSFWTSDzQHOa2j5rwZ/F23X/mZl96fFAIfTBmr5dCwt0xAXZvTcKfO" + "RAcKl7ZBXvsAYvwl1KIUpA8NqEbgjwA+OaTdND2vpAhII7PoU4CkoNajy44EuL3Y" + "xP6KNWTMiks9KP5vAgMBAAGjgewwgekwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8E" + "BAMCBPAwJwYDVR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEFBQcDBzAd" + "BgNVHQ4EFgQUZsj/dUVp1FmOJpYZ2j5fYKIdXYowHwYDVR0jBBgwFoAUs8UBsa9O" + "S1c8/I07DHYFJp0po0AwYAYIKwYBBQUHAQMEVDBSMCMGCCsGAQUFBwsBMBcGAykB" + "AjAQgQ5xY0BwcmltZWtleS5zZTAIBgYEAI5GAQEwFwYGBACORgECMA0TA1NFSwID" + "AMNQAgEAMAgGBgQAjkYBBDANBgkqhkiG9w0BAQUFAAOCAQEAjmL27XY5Wt0/axsI" + "PbtcfrJ6xEm5PlYabM+T3I6lksov6Rz1+/n/L1S5poGPG8iOdJCExcnR0HbNkeB+" + "2oPltqSaxyoSfGugVn/Oufz2BfFd7OCWe14dPsA181oC7/nq+mzhBpQ7App9JirA" + "aeJQrcRDNK7vVOmg2LZ2oSYno/TuRTFq0GxsEVjEdzAxpAxY7N8ff6gY7IHd7+hc" + "4GiFY+NnNp9Dvf6mOYTXLxsOc+093S7uK2ohhq99aYCkzJmrngtrImtKi0y/LMjq" + "oviMCQmzMLY2Ifcw+CsOyQZx7nxwafZ7BAzm6vIvSeiIe3VlskRGzYDM66NJJNNo" + "C2HsPA==").getBytes()); private static byte[] aiaCert = Base64 .decode(("MIIDYDCCAkigAwIBAgIIFlJveCmyW4owDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UE" + "AwwIQWRtaW5DQTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0Uw" + "HhcNMDgxMDIwMDkxOTM0WhcNMDkxMDIwMDkxOTM0WjA9MQwwCgYDVQQDDANhaWEx" + "DDAKBgNVBAoMA0ZvbzESMBAGA1UEBwwJU3RvY2tob2xtMQswCQYDVQQGEwJTRTCB" + "nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlYyB3bj/Tmf1FGoPWXCJneWYd9Th" + "gPi4ET5pL0JNGwOsuH6cPngIIN33fn2JiiBnBkNm7AKHx8Qt9BH4VPJRs/GdsVGO" + "ECmpGmtY6WMYmxMC99KNiXSrRQjPGZeemMj6T1KyxhKljZr8Q92tmc9YA1VFMeqA" + "zNzjEGBDj/h2gBcCAwEAAaOB7TCB6jB5BggrBgEFBQcBAQRtMGswKgYIKwYBBQUH" + "MAKGHmh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9jYUlzc3VlcjA9BggrBgEFBQcwAYYx" + "aHR0cDovL2xvY2FsaG9zdDo4MDgwL2VqYmNhL3B1YmxpY3dlYi9zdGF0dXMvb2Nz" + "cDAdBgNVHQ4EFgQUF4YFO3HJordNZlJ/7T1L1KfqgTMwDAYDVR0TAQH/BAIwADAf" + "BgNVHSMEGDAWgBSSeB41+0/rZ+2/qiX7X4bvrVKjWDAPBgkrBgEFBQcwAQUEAgUA" + "MA4GA1UdDwEB/wQEAwIGwDANBgkqhkiG9w0BAQUFAAOCAQEAU1BHlD6TpSnmblU4" + "jhECKZfU7P5JBvZMkUQH54U+lubhM4yeymaF1NJylOusLKxZzEd6+iLXkvVCBKPT" + "3aVWUI5DO4D0RW9Lia6QFiRuI8d7a39f1663ODuwpjiccuehrmF3e+P7uCyjqhhT" + "g3uXQh2dXcv3DbvU2lfSVXRnuOz+K0ZUMAW96nsCeT41viM6w4x18zZeb+Px8RL9" + "swtcYdObNK0qmjZ4X+DcbdGRRrh8kr9GPLHYqtVLRM6z6hH3n54WJzojeIebKCsY" + "MoHGmOJkaIcFRXfneXrId1/k7b1QdOagGjvLkgw3pi/7k6vOJn+DrudNMFmsNpVY" + "fkrayw==").getBytes()); private static byte[] subjDirAttrCert = Base64 .decode(("MIIGmTCCBYGgAwIBAgIQGMYCpWmOBXXOL2ODrM8FHzANBgkqhkiG9w0BAQUFADBx" + "MQswCQYDVQQGEwJUUjEoMCYGA1UEChMfRWxla3Ryb25payBCaWxnaSBHdXZlbmxp" + "Z2kgQS5TLjE4MDYGA1UEAxMvZS1HdXZlbiBFbGVrdHJvbmlrIFNlcnRpZmlrYSBI" + "aXptZXQgU2FnbGF5aWNpc2kwHhcNMDYwMzI4MDAwMDAwWhcNMDcwMzI4MjM1OTU5" + "WjCCAR0xCzAJBgNVBAYTAlRSMSgwJgYDVQQKDB9FbGVrdHJvbmlrIEJpbGdpIEd1" + "dmVubGlnaSBBLlMuMQ8wDQYDVQQLDAZHS05FU0kxFDASBgNVBAUTCzIyOTI0NTQ1" + "MDkyMRswGQYDVQQLDBJEb2d1bSBZZXJpIC0gQlVSU0ExIjAgBgNVBAsMGURvZ3Vt" + "IFRhcmloaSAtIDAxLjA4LjE5NzcxPjA8BgNVBAsMNU1hZGRpIFPEsW7EsXIgLSA1" + "MC4wMDAgWVRMLTIuMTYuNzkyLjEuNjEuMC4xLjUwNzAuMS4yMRcwFQYDVQQDDA5Z" + "QVPEsE4gQkVDRU7EsDEjMCEGCSqGSIb3DQEJARYUeWFzaW5AdHVya2VrdWwuYXYu" + "dHIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKaJXVLvXC7qyjiqTAlM582X" + "GPdQJxUfRxgTm6jlBZKtEhbWN5hbH4ASJTzmXWryGricejdKM+JBJECFdelyWPHs" + "UkEL/U0uft3KLIdYo72oTibaL3j4vkEhjyubikSdl9CywkY6WS8nV9JNc66QOYxE" + "5ZdE5CR19ScIYcOh7YpxAgMBAAGjggMBMIIC/TAJBgNVHRMEAjAAMAsGA1UdDwQE" + "AwIGwDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLmUtZ3V2ZW4uY29tL0Vs" + "ZWt0cm9uaWtCaWxnaUd1dmVubGlnaUFTR0tORVNJL0xhdGVzdENSTC5jcmwwHwYD" + "VR0jBBgwFoAUyT6jfNNisqvczhIzwmTXZTTyfrowggEcBgNVHSAEggETMIIBDzCB" + "/wYJYIYYAwABAQECMIHxMDYGCCsGAQUFBwIBFipodHRwczovL3d3dy5lLWd1dmVu" + "LmNvbS9lLWltemEvYmlsZ2lkZXBvc3UwgbYGCCsGAQUFBwICMIGpGoGmQnUgc2Vy" + "dGlmaWthLCA1MDcwIHNhef1s/SBFbGVrdHJvbmlrIN1temEgS2FudW51bmEgZ/Zy" + "ZSBuaXRlbGlrbGkgZWxla3Ryb25payBzZXJ0aWZpa2Fk/XIuIE9JRDogMi4xNi43" + "OTIuMS42MS4wLjEuNTA3MC4xLjEgLSBPSUQ6IDAuNC4wLjE0NTYuMS4yIC0gT0lE" + "OiAwLjQuMC4xODYyLjEuMTALBglghhgDAAEBBQQwgaEGCCsGAQUFBwEDBIGUMIGR" + "MHYGCCsGAQUFBwsBMGoGC2CGGAE9AAGnTgEBMFuGWUJ1IFNlcnRpZmlrYSA1MDcw" + "IHNhef1s/SBFbGVrdHJvbmlrIN1temEgS2FudW51bmEgZ/ZyZSBuaXRlbGlrbGkg" + "ZWxla3Ryb25payBzZXJ0aWZpa2Fk/XIuMBcGBgQAjkYBAjANEwNZVEwCAwDDUAIB" + "ADB2BggrBgEFBQcBAQRqMGgwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmUtZ3V2" + "ZW4uY29tMCIGCCsGAQUFBzAChhZodHRwOi8vd3d3LmUtZ3V2ZW4uY29tMB0GAytv" + "DoYWaHR0cDovL3d3dy5lLWd1dmVuLmNvbTAbBgNVHQkEFDASMBAGCCsGAQUFBwkE" + "MQQTAlRSMBEGCWCGSAGG+EIBAQQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEA3yVY" + "rURakBcrfv1hJjhDg7+ylCjXf9q6yP2E03kG4t606TLIyqWoqGkrndMtanp+a440" + "rLPIe456XfRJBilj99H0NjzKACAVfLMTL8h/JBGLDYJJYA1S8PzBnMLHA8dhfBJ7" + "StYEPM9BKW/WuBfOOdBNrRZtYKCHwGK2JANfM/JlfzOyG4A+XDQcgjiNoosjes1P" + "qUHsaccIy0MM7FLMVV0HJNNQ84N9CuKIrBSSWopOudkajVqNtI3+FCcy+yXiH6LX" + "fmpHZ346zprcafcjQmAiKfzPSljruvGDIVI3WN7S7WOMrx6MDq54626cZzQl9GFT" + "D1gNo3fjOFhK33DY1Q==") .getBytes()); private static byte[] subjDirAttrCert2 = Base64 .decode(("MIIEsjCCA5qgAwIBAgIIFsYK/Jx7XEEwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UE" + "AxMIQWRtaW5DQTExFTATBgNVBAoTDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0Uw" + "HhcNMDYwNTMwMDcxNjU2WhcNMDgwNTI5MDcyNjU2WjA5MRkwFwYDVQQDExBUb21h" + "cyBHdXN0YXZzc29uMQ8wDQYDVQQKEwZGb29PcmcxCzAJBgNVBAYTAlNFMIGfMA0G" + "CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvhUYzNVW6iG5TpYi2Dr9VX37g05jcGEyP" + "Lix05oxs3FnzPUf6ykxGy4nUYO12PfC6u9Gh+zelFfg6nKNQqYI48D4ufJc928Nx" + "dZQZi41UmnFT5UXn3JcG4DQe0wZp+BKCch/UbtRjuE6iNxH24R//8W4wXc1R++FG" + "5V6CQzHxXwIDAQABo4ICQjCCAj4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMC" + "BPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQ54I1p" + "TGNwAeQEdnmcjNT+XMMjsjAfBgNVHSMEGDAWgBRzBo+b/XQZqq0DU6J10x17GoKS" + "sDBMBgNVHSAERTBDMEEGAykBATA6MB4GCCsGAQUFBwICMBIeEABGAPYA9gBCAGEA" + "cgDkAOQwGAYIKwYBBQUHAgEWDGh0dHA6LzExMS5zZTBuBgNVHR8EZzBlMGOgYaBf" + "hl1odHRwOi8vbG9jYWxob3N0OjgwODAvZWpiY2EvcHVibGljd2ViL3dlYmRpc3Qv" + "Y2VydGRpc3Q/Y21kPWNybCZpc3N1ZXI9Q049VGVzdENBLE89QW5hVG9tLEM9U0Uw" + "TQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzABhjFodHRwOi8vbG9jYWxob3N0Ojgw" + "ODAvZWpiY2EvcHVibGljd2ViL3N0YXR1cy9vY3NwMDoGCCsGAQUFBwEDBC4wLDAg" + "BggrBgEFBQcLAjAUMBKBEHJhQGNvbW1maWRlcy5jb20wCAYGBACORgEBMHYGA1Ud" + "CQRvMG0wEAYIKwYBBQUHCQUxBBMCU0UwEAYIKwYBBQUHCQQxBBMCU0UwDwYIKwYB" + "BQUHCQMxAxMBTTAXBggrBgEFBQcJAjELEwlTdG9ja2hvbG0wHQYIKwYBBQUHCQEx" + "ERgPMTk3MTA0MjUxMjAwMDBaMA0GCSqGSIb3DQEBBQUAA4IBAQA+vgNnGjw29xEs" + "cnJi7wInUBvtTzQ4+SVSBPTzNA/ZEk+CJVsr/2xbPl+SShZ0SHObj9un1kwKst4n" + "zcNqsnBorrluM92Z5gYwDN3mRGF0szbYEshr/KezMhY2MdXkE+i3nEx6awdemuCG" + "g+LAfL4ODLAzAJJI4MfF+fz0IK7Zeobo1aVGS6Ii9sEnDdQOsLbdfHBNccrT353d" + "NAwxPGnfunGBQ+Los6vjDApy/szMT32NFJDe4WTmkDxqYJQqQjhdrHTxpFEr0VQB" + "s7KRRCYjga/Z52XytwwDBLFM9CPZJfyKxZTV9I9i6e0xSn2xEW8NRplY1HOKa/2B" + "VzvWW9G5").getBytes()); private static byte[] krb5principalcert = Base64 .decode(("MIIDIzCCAgugAwIBAgIIdSCEXyq32cIwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UE" + "AwwIQWRtaW5DQTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0Uw" + "HhcNMDgxMDIzMTEyMzAzWhcNMTgwODE2MTQ1MzA2WjAqMQ0wCwYDVQQDDARrcmIx" + "MQwwCgYDVQQKDANGb28xCzAJBgNVBAYTAlNFMIGfMA0GCSqGSIb3DQEBAQUAA4GN" + "ADCBiQKBgQCYkX8BcUXezxG8eKsQT0+lxjUZLeg7EQk0hdiKGsKxhS6BmLpeBOGs" + "HwZgn70zhJj9XLtCQ/o8RJatL/lFtHpVX+RnRdckKDOooLUguxSiO5TK7HlQpsFG" + "8AB7m/jCkIGarh5x6LSL5t1VAMyPh9DFBMXPuC5xAb5SGa6LRXoZ/QIDAQABo4HD" + "MIHAMB0GA1UdDgQWBBTUIo6ZQUrVKoI5GPifVn3KbUGAljAMBgNVHRMBAf8EAjAA" + "MB8GA1UdIwQYMBaAFJJ4HjX7T+tn7b+qJftfhu+tUqNYMA4GA1UdDwEB/wQEAwIF" + "oDAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMDcGA1Ud" + "EQQwMC6gLAYGKwYBBQICoCIwIKAHGwVQLkNPTaEVMBOgAwIBAKEMMAobA2ZvbxsD" + "YmFyMA0GCSqGSIb3DQEBBQUAA4IBAQBgQpzPpCUDY6P0XePJSFJ2MGBhgMOVB4SL" + "iHP9biEmqcqELWQcUL5Ylf+/JYxg1kBnk2ZtALgt0adi0ZiZPbM2F5Oq9ZxxB2nY" + "Alat0RwZIY8wAR0DRNXiEs4TMu5LqzvD1U6+vaHYraePBLExo2oxG9TI7gQjj2X+" + "KSxEzOf3+npWo/G7ooDvKpN+w3J//kF4vdM3SQtHQaBkIuCU05Jy16AhvIkLQzq5" + "+a1UI5lIKun3C6NWCSZrE5fFuoax7D+Ofw1Bdxkhvk7DUlHVPdmxb/0hpx8aO64D" + "J626d8c1b25g9hSYslbo2geP2ohV40WW/R1ZjwX6Pd/ip5KuSSzv").getBytes()); private static byte[] p10ReqWithAltNames = Base64 .decode(("MIICtDCCAZwCAQAwNDELMAkGA1UEBhMCU0UxDDAKBgNVBAoTA1JQUzEXMBUGA1UE" + "AxMOMTAuMjUyLjI1NS4yMzcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB" + "AQC45+Dh1dO/qaZR2TLnWB44wmYXvBuZ5sGXotlLvuRR09DGlSyPrTG/OVg4xVZa" + "AzNMpWCyk1OAl4qJkmzrnQa/Tq6Hv6Y8QrZNSAJooL+kHmFSD9h8tyM9nBkpb90l" + "o+qbXeFmB3II0KJjGXiXZVSKwUsjYRSzf9hfVz4U7ZwwmH9vMFNwuOIsAR9O5CTr" + "8ofsshze9bxJpKY6/iyaEhQDoNl9jyxsZ1NuyNme3w1yoeGP5OXYcSVVY9cW4ze8" + "o5ZE4jTy1Q8U41OHiG3TevMvJ7l+/Ps+xyu3Qi68Lajeimemf118M0eqAY26Xiw2" + "wS8CCbj6UmUjcem3XOZhSfkZAgMBAAGgOzA5BgkqhkiG9w0BCQ4xLDAqMCgGA1Ud" + "EQQhMB+CF29ydDMta3J1Lm5ldC5wb2xpc2VuLnNlhwQK/P/tMA0GCSqGSIb3DQEB" + "BQUAA4IBAQCzAPsZdMqhPwCGpnq/Eywm5KQ4zYLuP8dQVdgvo4Wca2w4QxxjPlVI" + "X/yyXLhA1CpiKq4PtkpTBpJiByowj8g/7Q/pLY/EQcfYOrut7CMx1FzmwghZ2lUn" + "DDhFw2hD7TcmoAZpr4neXYR4HbaFpBc39nlqDa4XGi8J7d9AU4iaQE53LC3WzIq1" + "/3ZCXboQAoeLMoPCDvzAiXKDBApMMzrBwhgdsiOe5k1e6jlpURsbuhiKs+0FxtMp" + "snKPO0WbwXFyFTSWoKRH5rHrpD6lybn7c0uPkaQzrLoIRMld4osqeaImfZuJztZy" + "C0elzlLYWFbX6zHEqvsUAZy/8Khgyw5Q").getBytes()); private static byte[] p10ReqWithAltNames2 = Base64 .decode(("MIIBMzCB3gIBADAzMREwDwYDVQQDDAhzY2VwdGVzdDERMA8GA1UECgwIUHJpbWVL" + "ZXkxCzAJBgNVBAYTAlNFMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAIMasNAoxA9N" + "6UknbjigXz5tJWWydLoVSQFUxcJM8cR4Kfb2bRLh3RDqCVyJQ0XITFUnmIJFU9Z8" + "1W+nw1Gx8b0CAwEAAaBGMBUGCSqGSIb3DQEJBzEIDAZmb28xMjMwLQYJKoZIhvcN" + "AQkOMSAwHjAcBgNVHREEFTATggtmb28uYmFyLmNvbYcECgAAATANBgkqhkiG9w0B" + "AQUFAANBADUO2tpAkxaeB/2zY9wsfcwE5hGvcuA0oJwXlcMq1wm32MJFV1G9JJQI" + "Exz4OC1eT1LH/6i5SU8Op3VOKVLpTTo=").getBytes()); private static byte[] cvccert = Base64 .decode(("fyGCAWF/ToHZXykBAEIKU0VSUFMxMDExMH9JgZUGCgQAfwAHAgICAQGBgYEAk4Aq" + "LqYXchIouF9yBv/2hFnf5N65hdpvQPUdfH1k2qnHAlOL5DYYlKCBh8YFCC2RZD+K" + "nJ99cHxh8oxh28U23Z/MqTOKv5tR8JIUUm3G3Hjj2erVVTEJ49MqLzsyVGfw4yCu" + "YRdwBYFWJu2t6PcS5KPnpNtbNdBzrDJAqxPAsO2CAwEAAV8gClNFUlBTMTAxMTB/" + "TA4GCQQAfwAHAwECAVMBw18lBgAIAAUABV8kBgEAAAUABV83gYB88jfXZ3njYpuD" + "4fpS6BV53y9+iz3KAQM/74LPMI49elGtcAVyMn1EMn/bU4MeMARfv3Njd2Go4ZhM" + "j5xuY2Pvktz3Dq4ogjkgqAJqqIvG+M9KXh9XAv2m2wjmsueKbXUJ8TpJR87k4o97" + "buZXbuStDOb5FibhxyVgWIxuCn8quQ==").getBytes()); private static byte[] cvcreqrenew = Base64 .decode(("Z4IBtn8hggFmf06CASZfKQEAQg5TRUlTQlBPT0wwMDAwNn9Jgf0GCgQAfwAHAgIC" + "AgKBHNfBNKomQ2aGKhgwJXXR14ewnwdXl9qJ9X7IwP+CHGil5iypzmwcKZgDpsFT" + "C1FOGCrYsAQqWcrSn0ODHCWA9jzP5EE4hwcTsakjaeM+ITXSZtuzcjhsQAuEOQQN" + "kCmtLH5c9DQII7KofcaMnkzjF0webv3uEsB9WKpW93LAcm8kxrieTs2sJDVLnpnK" + "o/bTdhQCzYUc18E0qiZDZoYqGDAlddD7mNEWvEtt3ryjpaeTn4Y5BBQte2aU3YOQ" + "Ykf73/UluNQOpMlnHt9PXplomqhuAZ0QxwXb6TCG3rZJhVwe0wx0R1mqz3U+fJnU" + "hwEBXyAOU0VJU0JQT09MMDAwMDZfNzgErOAjPCoQ+WN8K6pzztZp+Mt6YGNkJzkk" + "WdLnvfPGZkEF0oUjcw+NjexaNCLOA0mCfu4oQwsjrUIOU0VJU0JQT09MMDAwMDVf" + "NzhSmH1c7YJhbLTRzwuSozUd9hlBHKEIfFqSUE9/FrbWXEtR+rHRYKAGu/nw8PAH" + "oM+HPMzMVVLDVg==") .getBytes()); private static byte[] cvcreq = Base64.decode(("fyGCAWZ/ToIBJl8pAQBCDlNFSVNCUE9PTDAwMDA1f0mB/QYKBAB/AAcCAgICAoEc" + "18E0qiZDZoYqGDAlddHXh7CfB1eX2on1fsjA/4IcaKXmLKnObBwpmAOmwVMLUU4Y" + "KtiwBCpZytKfQ4McJYD2PM/kQTiHBxOxqSNp4z4hNdJm27NyOGxAC4Q5BA2QKa0s" + "flz0NAgjsqh9xoyeTOMXTB5u/e4SwH1Yqlb3csBybyTGuJ5OzawkNUuemcqj9tN2" + "FALNhRzXwTSqJkNmhioYMCV10PuY0Ra8S23evKOlp5OfhjkEOwPDLflRVBj2iayW" + "VzpO2BICGO+PqFeuce1EZM4o1EIfLzoackPowabEMANfNltZvt5bWyzkZleHAQFf" + "IA5TRUlTQlBPT0wwMDAwNV83OEnwL+XYDhXqK/0fBuZ6lZV0HncoZyn3oo8MmaUL" + "2mNzpezLAoZMux0l5aYperrSDsuHw0zrf0yo").getBytes()); private static byte[] cvccertchainroot = Base64 .decode(("fyGCAmx/ToIBYl8pAQBCDlNFSFNNQ1ZDQTAwMDAxf0mCARUGCgQAfwAHAgICAQKB" + "ggEAyGju6NHTACB+pl2x27/VJVKuGBTgf98j3gQOyW5vDzXI7PkiwR1/ObPjFiuW" + "iBRH0WsPzHX7A3jysZr7IohLjy4oQMdP5z282/ZT4mBwlVu5pAEcHt2eHbpILwIJ" + "Hbv6130T+RoG/3bI/eHk9HWi3/ipVnwRX1CsylczFfdyPTMyGOJmmElT0GQgV8Rt" + "b5Us/Hz66qiUX67eRBrahJfwiVwawYzmZ5Rn9u/vXHQYeUh+lLja+H+kXof9ARuw" + "p5S09DO2VZWbbR2BZHk0IaNgo54Xoih+5c/nIA/2+j9Afdf+wuqmxqib5aPOMHO3" + "WOVmVMF84Xo2V+duIZ4b7KkRXYIDAQABXyAOU0VIU01DVkNBMDAwMDF/TA4GCQQA" + "fwAHAwECAVMBw18lBgAIAAUCBl8kBgEAAAUCBl83ggEAMiiqI+HF8DyhPfH8dTeU" + "4/0/DNnjZ2/Qy1a5GATWU04da+L2iWI8QclN64cw0l/zroBGyeq+flDKzVWnqril" + "HX/PD3/xoCEhZSfZ/1AQZBP39/t1lYZLJ36VeFwrsmvN8rq6RnNtR2CrDYDFkFRq" + "A6v9dNYMbnEDN7m8wD/DWM2fZr+loqznT1/egx+SBqUY+KnU6ntxQyw7gzL1DV9Z" + "OlyxjDaWY8i2Q/tcdDxdZYBBMgFhxivXV5ou2YiBZKKIlP2ots6P8TlSVwdyaHTI" + "8z8Hpvx1QcB2maOVn6IFAyq/X71p9Zb626YLhjaFO6v80SYnlefVu5Uir5n/HzpW" + "kg==").getBytes()); private static byte[] cvccertchainsub = Base64 .decode(("fyGCAeV/ToHcXykBAEIOU0VIU01DVkNBMDAwMDF/SYGUBgoEAH8ABwICAgECgYGA" + "rdRouw7ksS6M5kw28YkWAD350vbDlnPCmqsKPfKiNvDxowviWDUTn9Ai3xpTIzGO" + "cl40DqxYPA2X4XO52+r5ZUazsVyyx6F6XwznHdjUpDff4QFyG74Vjq7DDrCCKOzH" + "b0H6rNJFC5YEKI4wpEPou+3bq2jhLWkzU35EfydJHXWCAwEAAV8gClNFUlBTRFZF" + "WDJ/TA4GCQQAfwAHAwECAVMBgl8lBgAIAAYABV8kBgEAAAUCBl83ggEAbawFepay" + "gX+VrBOsGzbQCpG2mR1NrJbaNdBJcouWYTNzlDP/hRssU9/lTzHulRPupkarepAI" + "GMIDMOo3lNImlYlU8ZlaV6mbKRgWZVjtZmVgq+wLARS4dXNlHRJvS2AustfseGVr" + "kqJ0+UYo8x8UL13fB7VCSVqADnOnbemtvE1cIdFcIAqP1JLh91ACJ4lpoaAn10+g" + "5coIGGa01BYEDtiA++SFnRl7kYFykAZrs3eXq+zuPmOo9hr4JxLZuiN5DnIrZdLA" + "DWq7GeCFr6wCMg2jPuK9Kqvl06tqylVy4ravVHv58WvAxWFgyuezdRbyV7YAfVF3" + "tlcVDXa3R+mfYg==") .getBytes()); private static byte[] x509certchainsubsub = Base64 .decode(("MIICAzCCAWygAwIBAgIINrHHHchdmfMwDQYJKoZIhvcNAQEFBQAwEDEOMAwGA1UE" + "AwwFU3ViQ0EwHhcNMTAwNjA1MTIwNzMxWhcNMzAwNjA1MTIwNjUyWjATMREwDwYD" + "VQQDDAhTdWJTdWJDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAiySbgP2A" + "QuZXWZk9C1pOrpVhzWNDAFc4ttVGgh5TS1/wA6Y6nf2ci8gfxkQx1rhR784QUap4" + "id6mwGV/af3WFj34YsTXdozsO/SFi7vvOGA/jU6ZUuQPYpmsSDQ3ZNLcx/MkgkrP" + "WDlFhD7b079oVva5zZsF8w91KlX+KG9usXECAwEAAaNjMGEwHQYDVR0OBBYEFJ9y" + "tRy1CFwUavq8OP25jRybKyElMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU" + "2GDNoIpTVxc9y953THJoWkS5wjAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB" + "BQUAA4GBAE0vHf3iyJ0EqOyN+LUfBkCBTPHl6sEV1bwdgkdVwj9cBbmSEDCOlmYA" + "K0bvAY/1qbgEjkn+Sc32PP/3dmHX5EUKliAodguAu8vK/Rp7kefdUQHnJHwRUMF5" + "9YJDdGtDZx+WLBihYhnTzGVzuP6Qaff3aNyY69O+rwSDm06Au8Zc").getBytes()); private static byte[] x509certchainsub = Base64 .decode(("MIICATCCAWqgAwIBAgIIRzc+cItydm0wDQYJKoZIhvcNAQEFBQAwETEPMA0GA1UE" + "AwwGUm9vdENBMB4XDTEwMDYwNTEyMDcxMVoXDTMwMDYwNTEyMDY1MlowEDEOMAwG" + "A1UEAwwFU3ViQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMl3EN+V1M39" + "OVrmHp7PncZ16AkffAtgLk+gIgk+cHZYIGPPN1V/AtCmzteYRrPwGM9Vs2nJ4OZ7" + "F8cJ1MDpyjRdjKC6sVlhkdNq+s1Q/yNtG0AxvlH2KyIZkHU02UNnJGARMaRpZipe" + "VonnAD8D+FkhTt8BM2T7/Grck5QYgJUhAgMBAAGjYzBhMB0GA1UdDgQWBBTYYM2g" + "ilNXFz3L3ndMcmhaRLnCMDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFCua" + "Xc8f/BC8CeBLOVaC5N0Zb4BqMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUF" + "AAOBgQBM2lvlZmEJdFXsfoHSt2h4XN6q8Z+sIHDXyuyanNCoQx+9lM2liY+tXAUq" + "Sj1fZAzqjdptIgvG5APnFrnWHeEYjYpYsROs//xF6CUKo8iJEIyRpmx9pSmwA8Rb" + "U0RmY/62tBLr758ZzRGKKoX7znxsXZ5/bouT6g+IxmNuM2EiyA==").getBytes()); private static byte[] x509certchainroot = Base64 .decode(("MIICAjCCAWugAwIBAgIIPXgH6TfNMlYwDQYJKoZIhvcNAQEFBQAwETEPMA0GA1UE" + "AwwGUm9vdENBMB4XDTEwMDYwNTEyMDY1MloXDTMwMDYwNTEyMDY1MlowETEPMA0G" + "A1UEAwwGUm9vdENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCK+F3eOoGI" + "Kwa1g68vD6aZlkTCMbbEyoa9Wr4baapdCHvO8YHwVC9UDh8snDtEQT9yZKLlU4nM" + "n05O7yL8FfvgB2j3xN6In1fLq8JizrYVpL49C3ewTwaKMTFjde3BtWDZ4ufJdFuZ" + "+LSw98dM2zhQWme7LnrJQou85LbNt2v6XQIDAQABo2MwYTAdBgNVHQ4EFgQUK5pd" + "zx/8ELwJ4Es5VoLk3RlvgGowDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBQr" + "ml3PH/wQvAngSzlWguTdGW+AajAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEF" + "BQADgYEAYB5munksWVndUxStBZmsg5uwryu8bf/esxYLlxkO8rG/UnJ9DNw4tJsh" + "YxwGeslPeG9+y8O8MsXKSjdNw3I3avMpj+QqzmqD/MVlHX6+CSyUbhFGPR2TRQCp" + "m+VsfwOl8/INVAySpBf3Uk2rUYhvdUqhCOcE67d0tYdJAqiIDvc=").getBytes()); private static byte[] pemcert = ("-----BEGIN CERTIFICATE-----\n" + "MIIDUzCCAjugAwIBAgIIMK64QB5XErowDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UE\n" + "AwwIQWRtaW5DQTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0Uw\n" + "HhcNMTAwMTI5MTI0NDIwWhcNMjAwMTI3MTI0NDIwWjA3MREwDwYDVQQDDAhBZG1p\n" + "bkNBMTEVMBMGA1UECgwMRUpCQ0EgU2FtcGxlMQswCQYDVQQGEwJTRTCCASIwDQYJ\n" + "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJQNal//KwRHhBg7BLsuclOpH7xyb1AP\n" + "Mc5RsEQANOtCBoRlgEDh7tQUfRnPxvmHM+HH9osEV2c+9L23K2l8EVjZRlo2vltJ\n" + "duzbBGIo7swdCWGvFxE6W0lkv/YsGVmmt/dL2lO4V4YTuu5CX3PU2LrBR6mxtEsM\n" + "mM/YgHo/QWN4/YDWfnXkNpDDjRxLzdsSqvcoLrZavqrMS1Avv2utY6ECyl6PTBG+\n" + "qPpozenPRi2QKbiKOpeCgT+2Y4JbMqm+d7go0KKu6wxKE16R/tX9OwT4ObJaKJ/W\n" + "j0mm5deJHNDEvgWi2beTVcc16LVZUiyKmZXlYLEdV+CH0NrRc4ck6WsCAwEAAaNj\n" + "MGEwHQYDVR0OBBYEFLGsC1OtcOyAklW2b3eN678a6wsZMA8GA1UdEwEB/wQFMAMB\n" + "Af8wHwYDVR0jBBgwFoAUsawLU61w7ICSVbZvd43rvxrrCxkwDgYDVR0PAQH/BAQD\n" + "AgGGMA0GCSqGSIb3DQEBBQUAA4IBAQBHCJ3ZQEtpfYBHnrwKuNzMykH+yKIkO2mj\n" + "c/65e8r7tMjV/9YEb2pAYaix7WAdJ46KcE2ldKl+MHJx8Ev1ZbLPbLYcwPkP+8Ll\n" + "pCrhc6riSTaUBZrIA2uuXPPREKj+e8CnnMdCfLy4x6uIMDVAa4mb0akEmLvqFR2X\n" + "J4Z8eEhwf6EPRniie6GKcBOWSP0podlWkn8SCLzd+eJZ9H0YMTN7nfLfUdENznuO\n" + "5DKfkfT4rOyAGFs+KVwigq1kbSNZJC4Kjo7diMBtWRiXSXTQKE+JgrQbFCdVYQos\n" + "VvSwSiSMW5Rs5ZCtRXMmXz2HdxpbTayCAYPBh6XKfvq4x06gxfll\n" + "-----END CERTIFICATE-----").getBytes(); /** Cert with CDP with URI */ /* * Cert with CDP with URI. * <pre> * Certificate: Data: Version: 3 (0x2) Serial Number: 52:32:6f:be:9d:3c:4d:d7 Signature Algorithm: sha1WithRSAEncryption Issuer: CN=DemoSubCA11, O=Demo Organization 10, C=SE Validity Not Before: Apr 3 22:17:41 2010 GMT Not After : Apr 2 22:17:41 2012 GMT Subject: CN=pdfsigner12-2testcrl-with-subca Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:de:99:da:80:ad:03:21:3c:18:cc:41:1f:ad:4a: fc:2d:69:21:3d:34:52:7c:a4:9c:33:df:a8:36:5a: ee:bd:74:f6:0b:b1:93:79:3c:e7:66:a1:72:d4:1f: 08:b6:43:a3:0a:1a:94:8c:64:e4:10:71:32:be:4b: 00:08:a3:25:11:85:2a:d3:af:fa:dc:d4:ac:7a:48: e8:d3:63:d0:06:4a:cf:ce:84:0e:a5:88:6e:1f:44: c1:9f:ad:89:1e:8b:d0:17:53:20:40:b5:e9:b3:7d: 16:74:e0:22:a7:43:44:99:6a:ba:5c:26:ed:f8:c7: 8c:a5:14:a2:40:83:d6:52:75 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 8F:23:26:05:9D:03:57:4F:66:08:F5:E3:34:D3:AA:70:76:9C:99:B2 X509v3 Basic Constraints: critical CA:FALSE X509v3 Authority Key Identifier: keyid:90:FD:A7:F6:EC:98:47:56:4C:10:96:C2:AD:85:2F:50:EB:26:E9:34 X509v3 CRL Distribution Points: URI:http://vmserver1:8080/ejbca/publicweb/webdist/certdist?cmd=crl&issuer=CN=DemoSubCA11,O=Demo%20Organization%2010,C=SE X509v3 Key Usage: critical Digital Signature Signature Algorithm: sha1WithRSAEncryption 6e:f0:b9:26:b8:7d:eb:b2:ab:ec:e7:1b:a5:97:5c:5b:88:fe: 8a:ec:bb:3d:7a:f5:00:4c:72:38:36:19:53:d4:47:21:30:4c: 62:7c:02:69:00:8c:ac:57:3c:f2:bf:38:57:13:0b:4b:7e:92: 74:56:4c:1b:9c:04:9d:08:e8:8e:20:4d:bc:ec:bc:13:c7:55: 80:da:1a:01:9f:9f:be:96:11:d4:7c:64:f2:37:91:01:9f:c0: 91:af:b6:8a:62:80:71:75:e6:34:f5:57:85:79:d8:7d:e3:71: 71:fa:7c:ca:c8:03:13:d5:0c:12:f5:f6:27:29:36:99:e4:ec: 8b:b1 * </pre> */ private static final String CERT_WITH_URI = "-----BEGIN CERTIFICATE-----\n" + "MIIC0zCCAjygAwIBAgIIUjJvvp08TdcwDQYJKoZIhvcNAQEFBQAwQjEUMBIGA1UE" + "AwwLRGVtb1N1YkNBMTExHTAbBgNVBAoMFERlbW8gT3JnYW5pemF0aW9uIDEwMQsw" + "CQYDVQQGEwJTRTAeFw0xMDA0MDMyMjE3NDFaFw0xMjA0MDIyMjE3NDFaMCoxKDAm" + "BgNVBAMMH3BkZnNpZ25lcjEyLTJ0ZXN0Y3JsLXdpdGgtc3ViY2EwgZ8wDQYJKoZI" + "hvcNAQEBBQADgY0AMIGJAoGBAN6Z2oCtAyE8GMxBH61K/C1pIT00UnyknDPfqDZa" + "7r109guxk3k852ahctQfCLZDowoalIxk5BBxMr5LAAijJRGFKtOv+tzUrHpI6NNj" + "0AZKz86EDqWIbh9EwZ+tiR6L0BdTIEC16bN9FnTgIqdDRJlqulwm7fjHjKUUokCD" + "1lJ1AgMBAAGjgekwgeYwHQYDVR0OBBYEFI8jJgWdA1dPZgj14zTTqnB2nJmyMAwG" + "A1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUkP2n9uyYR1ZMEJbCrYUvUOsm6TQwgYUG" + "A1UdHwR+MHwweqB4oHaGdGh0dHA6Ly92bXNlcnZlcjE6ODA4MC9lamJjYS9wdWJs" + "aWN3ZWIvd2ViZGlzdC9jZXJ0ZGlzdD9jbWQ9Y3JsJmlzc3Vlcj1DTj1EZW1vU3Vi" + "Q0ExMSxPPURlbW8lMjBPcmdhbml6YXRpb24lMjAxMCxDPVNFMA4GA1UdDwEB/wQE" + "AwIHgDANBgkqhkiG9w0BAQUFAAOBgQBu8LkmuH3rsqvs5xull1xbiP6K7Ls9evUA" + "THI4NhlT1EchMExifAJpAIysVzzyvzhXEwtLfpJ0VkwbnASdCOiOIE287LwTx1WA" + "2hoBn5++lhHUfGTyN5EBn8CRr7aKYoBxdeY09VeFedh943Fx+nzKyAMT1QwS9fYn" + "KTaZ5OyLsQ==" + "\n-----END CERTIFICATE-----"; /** Cert with CDP without URI. */ /* * Cert with CDP without URI. * <pre> * Certificate: Data: Version: 3 (0x2) Serial Number: 1042070824 (0x3e1cbd28) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Adobe Systems Incorporated, OU=Adobe Trust Services, CN=Adobe Root CA Validity Not Before: Jan 8 23:37:23 2003 GMT Not After : Jan 9 00:07:23 2023 GMT Subject: C=US, O=Adobe Systems Incorporated, OU=Adobe Trust Services, CN=Adobe Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:cc:4f:54:84:f7:a7:a2:e7:33:53:7f:3f:9c:12: 88:6b:2c:99:47:67:7e:0f:1e:b9:ad:14:88:f9:c3: 10:d8:1d:f0:f0:d5:9f:69:0a:2f:59:35:b0:cc:6c: a9:4c:9c:15:a0:9f:ce:20:bf:a0:cf:54:e2:e0:20: 66:45:3f:39:86:38:7e:9c:c4:8e:07:22:c6:24:f6: 01:12:b0:35:df:55:ea:69:90:b0:db:85:37:1e:e2: 4e:07:b2:42:a1:6a:13:69:a0:66:ea:80:91:11:59: 2a:9b:08:79:5a:20:44:2d:c9:bd:73:38:8b:3c:2f: e0:43:1b:5d:b3:0b:f0:af:35:1a:29:fe:ef:a6:92: dd:81:4c:9d:3d:59:8e:ad:31:3c:40:7e:9b:91:36: 06:fc:e2:5c:8d:d1:8d:26:d5:5c:45:cf:af:65:3f: b1:aa:d2:62:96:f4:a8:38:ea:ba:60:42:f4:f4:1c: 4a:35:15:ce:f8:4e:22:56:0f:95:18:c5:f8:96:9f: 9f:fb:b0:b7:78:25:e9:80:6b:bd:d6:0a:f0:c6:74: 94:9d:f3:0f:50:db:9a:77:ce:4b:70:83:23:8d:a0: ca:78:20:44:5c:3c:54:64:f1:ea:a2:30:19:9f:ea: 4c:06:4d:06:78:4b:5e:92:df:22:d2:c9:67:b3:7a: d2:01 Exponent: 65537 (0x10001) X509v3 extensions: Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA X509v3 CRL Distribution Points: DirName:/C=US/O=Adobe Systems Incorporated/OU=Adobe Trust Services/CN=Adobe Root CA/CN=CRL1 X509v3 Private Key Usage Period: Not Before: Jan 8 23:37:23 2003 GMT, Not After: Jan 9 00:07:23 2023 GMT X509v3 Key Usage: Certificate Sign, CRL Sign X509v3 Authority Key Identifier: keyid:82:B7:38:4A:93:AA:9B:10:EF:80:BB:D9:54:E2:F1:0F:FB:80:9C:DE X509v3 Subject Key Identifier: 82:B7:38:4A:93:AA:9B:10:EF:80:BB:D9:54:E2:F1:0F:FB:80:9C:DE X509v3 Basic Constraints: CA:TRUE 1.2.840.113533.7.65.0: 0...V6.0:4.0.... Signature Algorithm: sha1WithRSAEncryption 32:da:9f:43:75:c1:fa:6f:c9:6f:db:ab:1d:36:37:3e:bc:61: 19:36:b7:02:3c:1d:23:59:98:6c:9e:ee:4d:85:e7:54:c8:20: 1f:a7:d4:bb:e2:bf:00:77:7d:24:6b:70:2f:5c:c1:3a:76:49: b5:d3:e0:23:84:2a:71:6a:22:f3:c1:27:29:98:15:f6:35:90: e4:04:4c:c3:8d:bc:9f:61:1c:e7:fd:24:8c:d1:44:43:8c:16: ba:9b:4d:a5:d4:35:2f:bc:11:ce:bd:f7:51:37:8d:9f:90:e4: 14:f1:18:3f:be:e9:59:12:35:f9:33:92:f3:9e:e0:d5:6b:9a: 71:9b:99:4b:c8:71:c3:e1:b1:61:09:c4:e5:fa:91:f0:42:3a: 37:7d:34:f9:72:e8:cd:aa:62:1c:21:e9:d5:f4:82:10:e3:7b: 05:b6:2d:68:56:0b:7e:7e:92:2c:6f:4d:72:82:0c:ed:56:74: b2:9d:b9:ab:2d:2b:1d:10:5f:db:27:75:70:8f:fd:1d:d7:e2: 02:a0:79:e5:1c:e5:ff:af:64:40:51:2d:9e:9b:47:db:42:a5: 7c:1f:c2:a6:48:b0:d7:be:92:69:4d:a4:f6:29:57:c5:78:11: 18:dc:87:51:ca:13:b2:62:9d:4f:2b:32:bd:31:a5:c1:fa:52: ab:05:88:c8 </pre> */ private static final String CERT_WITHOUT_URI = "-----BEGIN CERTIFICATE-----\n" + "MIIEoTCCA4mgAwIBAgIEPhy9KDANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJV" + "UzEjMCEGA1UEChMaQWRvYmUgU3lzdGVtcyBJbmNvcnBvcmF0ZWQxHTAbBgNVBAsT" + "FEFkb2JlIFRydXN0IFNlcnZpY2VzMRYwFAYDVQQDEw1BZG9iZSBSb290IENBMB4X" + "DTAzMDEwODIzMzcyM1oXDTIzMDEwOTAwMDcyM1owaTELMAkGA1UEBhMCVVMxIzAh" + "BgNVBAoTGkFkb2JlIFN5c3RlbXMgSW5jb3Jwb3JhdGVkMR0wGwYDVQQLExRBZG9i" + "ZSBUcnVzdCBTZXJ2aWNlczEWMBQGA1UEAxMNQWRvYmUgUm9vdCBDQTCCASIwDQYJ" + "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxPVIT3p6LnM1N/P5wSiGssmUdnfg8e" + "ua0UiPnDENgd8PDVn2kKL1k1sMxsqUycFaCfziC/oM9U4uAgZkU/OYY4fpzEjgci" + "xiT2ARKwNd9V6mmQsNuFNx7iTgeyQqFqE2mgZuqAkRFZKpsIeVogRC3JvXM4izwv" + "4EMbXbML8K81Gin+76aS3YFMnT1Zjq0xPEB+m5E2BvziXI3RjSbVXEXPr2U/sarS" + "Ypb0qDjqumBC9PQcSjUVzvhOIlYPlRjF+Jafn/uwt3gl6YBrvdYK8MZ0lJ3zD1Db" + "mnfOS3CDI42gynggRFw8VGTx6qIwGZ/qTAZNBnhLXpLfItLJZ7N60gECAwEAAaOC" + "AU8wggFLMBEGCWCGSAGG+EIBAQQEAwIABzCBjgYDVR0fBIGGMIGDMIGAoH6gfKR6" + "MHgxCzAJBgNVBAYTAlVTMSMwIQYDVQQKExpBZG9iZSBTeXN0ZW1zIEluY29ycG9y" + "YXRlZDEdMBsGA1UECxMUQWRvYmUgVHJ1c3QgU2VydmljZXMxFjAUBgNVBAMTDUFk" + "b2JlIFJvb3QgQ0ExDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMjAwMzAxMDgy" + "MzM3MjNagQ8yMDIzMDEwOTAwMDcyM1owCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaA" + "FIK3OEqTqpsQ74C72VTi8Q/7gJzeMB0GA1UdDgQWBBSCtzhKk6qbEO+Au9lU4vEP" + "+4Cc3jAMBgNVHRMEBTADAQH/MB0GCSqGSIb2fQdBAAQQMA4bCFY2LjA6NC4wAwIE" + "kDANBgkqhkiG9w0BAQUFAAOCAQEAMtqfQ3XB+m/Jb9urHTY3PrxhGTa3AjwdI1mY" + "bJ7uTYXnVMggH6fUu+K/AHd9JGtwL1zBOnZJtdPgI4QqcWoi88EnKZgV9jWQ5ARM" + "w428n2Ec5/0kjNFEQ4wWuptNpdQ1L7wRzr33UTeNn5DkFPEYP77pWRI1+TOS857g" + "1WuacZuZS8hxw+GxYQnE5fqR8EI6N300+XLozapiHCHp1fSCEON7BbYtaFYLfn6S" + "LG9NcoIM7VZ0sp25qy0rHRBf2yd1cI/9HdfiAqB55Rzl/69kQFEtnptH20KlfB/C" + "pkiw176SaU2k9ilXxXgRGNyHUcoTsmKdTysyvTGlwfpSqwWIyA==" + "\n-----END CERTIFICATE-----"; /** * Creates a new TestCertTools object. * * @param name * DOCUMENT ME! */ public CertToolsTest(String name) { super(name); } public void setUp() throws Exception { log.trace(">setUp()"); CryptoProviderTools.installBCProvider(); log.trace("<setUp()"); } public void tearDown() throws Exception { } /** * DOCUMENT ME! * * @throws Exception * DOCUMENT ME! */ public void test01GetPartFromDN() throws Exception { log.trace(">test01GetPartFromDN()"); // We try to examine the general case and some special cases, which we // want to be able to handle String dn0 = "C=SE, O=AnaTom, CN=foo"; assertEquals(CertTools.getPartFromDN(dn0, "CN"), "foo"); assertEquals(CertTools.getPartFromDN(dn0, "O"), "AnaTom"); assertEquals(CertTools.getPartFromDN(dn0, "C"), "SE"); assertEquals(CertTools.getPartFromDN(dn0, "cn"), "foo"); assertEquals(CertTools.getPartFromDN(dn0, "o"), "AnaTom"); assertEquals(CertTools.getPartFromDN(dn0, "c"), "SE"); String dn1 = "c=SE, o=AnaTom, cn=foo"; assertEquals(CertTools.getPartFromDN(dn1, "CN"), "foo"); assertEquals(CertTools.getPartFromDN(dn1, "O"), "AnaTom"); assertEquals(CertTools.getPartFromDN(dn1, "C"), "SE"); assertEquals(CertTools.getPartFromDN(dn1, "cn"), "foo"); assertEquals(CertTools.getPartFromDN(dn1, "o"), "AnaTom"); assertEquals(CertTools.getPartFromDN(dn1, "c"), "SE"); String dn2 = "C=SE, O=AnaTom, CN=cn"; assertEquals(CertTools.getPartFromDN(dn2, "CN"), "cn"); String dn3 = "C=SE, O=AnaTom, CN=CN"; assertEquals(CertTools.getPartFromDN(dn3, "CN"), "CN"); String dn4 = "C=CN, O=AnaTom, CN=foo"; assertEquals(CertTools.getPartFromDN(dn4, "CN"), "foo"); String dn5 = "C=cn, O=AnaTom, CN=foo"; assertEquals(CertTools.getPartFromDN(dn5, "CN"), "foo"); String dn6 = "CN=foo, O=PrimeKey, C=SE"; assertEquals(CertTools.getPartFromDN(dn6, "CN"), "foo"); assertEquals(CertTools.getPartFromDN(dn6, "O"), "PrimeKey"); assertEquals(CertTools.getPartFromDN(dn6, "C"), "SE"); String dn7 = "CN=foo, O=PrimeKey, C=cn"; assertEquals(CertTools.getPartFromDN(dn7, "CN"), "foo"); assertEquals(CertTools.getPartFromDN(dn7, "C"), "cn"); String dn8 = "CN=foo, O=PrimeKey, C=CN"; assertEquals(CertTools.getPartFromDN(dn8, "CN"), "foo"); assertEquals(CertTools.getPartFromDN(dn8, "C"), "CN"); String dn9 = "CN=foo, O=CN, C=CN"; assertEquals(CertTools.getPartFromDN(dn9, "CN"), "foo"); assertEquals(CertTools.getPartFromDN(dn9, "O"), "CN"); String dn10 = "CN=foo, CN=bar,O=CN, C=CN"; assertEquals(CertTools.getPartFromDN(dn10, "CN"), "foo"); assertEquals(CertTools.getPartFromDN(dn10, "O"), "CN"); String dn11 = "CN=foo,CN=bar, O=CN, C=CN"; assertEquals(CertTools.getPartFromDN(dn11, "CN"), "foo"); assertEquals(CertTools.getPartFromDN(dn11, "O"), "CN"); String dn12 = "CN=\"foo, OU=bar\", O=baz\\\\\\, quux,C=C"; assertEquals(CertTools.getPartFromDN(dn12, "CN"), "foo, OU=bar"); assertEquals(CertTools.getPartFromDN(dn12, "O"), "baz\\, quux"); assertNull(CertTools.getPartFromDN(dn12, "OU")); String dn13 = "C=SE, O=PrimeKey, EmailAddress=foo@primekey.se"; ArrayList<String> emails = CertTools.getEmailFromDN(dn13); assertEquals((String) emails.get(0), "foo@primekey.se"); String dn14 = "C=SE, E=foo@primekey.se, O=PrimeKey"; emails = CertTools.getEmailFromDN(dn14); assertEquals((String) emails.get(0), "foo@primekey.se"); String dn15 = "C=SE, E=foo@primekey.se, O=PrimeKey, EmailAddress=bar@primekey.se"; emails = CertTools.getEmailFromDN(dn15); assertEquals((String) emails.get(0), "bar@primekey.se"); log.trace("<test01GetPartFromDN()"); } /** * DOCUMENT ME! * * @throws Exception * DOCUMENT ME! */ public void test02StringToBCDNString() throws Exception { log.trace(">test02StringToBCDNString()"); // We try to examine the general case and som special cases, which we // want to be able to handle String dn1 = "C=SE, O=AnaTom, CN=foo"; assertEquals(CertTools.stringToBCDNString(dn1), "CN=foo,O=AnaTom,C=SE"); String dn2 = "C=SE, O=AnaTom, CN=cn"; assertEquals(CertTools.stringToBCDNString(dn2), "CN=cn,O=AnaTom,C=SE"); String dn3 = "CN=foo, O=PrimeKey, C=SE"; assertEquals(CertTools.stringToBCDNString(dn3), "CN=foo,O=PrimeKey,C=SE"); String dn4 = "cn=foo, o=PrimeKey, c=SE"; assertEquals(CertTools.stringToBCDNString(dn4), "CN=foo,O=PrimeKey,C=SE"); String dn5 = "cn=foo,o=PrimeKey,c=SE"; assertEquals(CertTools.stringToBCDNString(dn5), "CN=foo,O=PrimeKey,C=SE"); String dn6 = "C=SE, O=AnaTom, CN=CN"; assertEquals(CertTools.stringToBCDNString(dn6), "CN=CN,O=AnaTom,C=SE"); String dn7 = "C=CN, O=AnaTom, CN=foo"; assertEquals(CertTools.stringToBCDNString(dn7), "CN=foo,O=AnaTom,C=CN"); String dn8 = "C=cn, O=AnaTom, CN=foo"; assertEquals(CertTools.stringToBCDNString(dn8), "CN=foo,O=AnaTom,C=cn"); String dn9 = "CN=foo, O=PrimeKey, C=CN"; assertEquals(CertTools.stringToBCDNString(dn9), "CN=foo,O=PrimeKey,C=CN"); String dn10 = "CN=foo, O=PrimeKey, C=cn"; assertEquals(CertTools.stringToBCDNString(dn10), "CN=foo,O=PrimeKey,C=cn"); String dn11 = "CN=foo, O=CN, C=CN"; assertEquals(CertTools.stringToBCDNString(dn11), "CN=foo,O=CN,C=CN"); String dn12 = "O=PrimeKey,C=SE,CN=CN"; assertEquals(CertTools.stringToBCDNString(dn12), "CN=CN,O=PrimeKey,C=SE"); String dn13 = "O=PrimeKey,C=SE,CN=CN, OU=FooOU"; assertEquals(CertTools.stringToBCDNString(dn13), "CN=CN,OU=FooOU,O=PrimeKey,C=SE"); String dn14 = "O=PrimeKey,C=CN,CN=CN, OU=FooOU"; assertEquals(CertTools.stringToBCDNString(dn14), "CN=CN,OU=FooOU,O=PrimeKey,C=CN"); String dn15 = "O=PrimeKey,C=CN,CN=cn, OU=FooOU"; assertEquals(CertTools.stringToBCDNString(dn15), "CN=cn,OU=FooOU,O=PrimeKey,C=CN"); String dn16 = "CN=foo, CN=bar,O=CN, C=CN"; assertEquals(CertTools.stringToBCDNString(dn16), "CN=foo,CN=bar,O=CN,C=CN"); String dn17 = "CN=foo,CN=bar, O=CN, O=C, C=CN"; assertEquals(CertTools.stringToBCDNString(dn17), "CN=foo,CN=bar,O=CN,O=C,C=CN"); String dn18 = "cn=jean,cn=EJBCA,dc=home,dc=jean"; assertEquals(CertTools.stringToBCDNString(dn18), "CN=jean,CN=EJBCA,DC=home,DC=jean"); String dn19 = "cn=bar, cn=foo,o=oo, O=EJBCA,DC=DC2, dc=dc1, C=SE"; assertEquals(CertTools.stringToBCDNString(dn19), "CN=bar,CN=foo,O=oo,O=EJBCA,DC=DC2,DC=dc1,C=SE"); String dn20 = " CN=\"foo, OU=bar\", O=baz\\\\\\, quux,C=SE "; // BC always escapes with backslash, it doesn't use quotes. assertEquals(CertTools.stringToBCDNString(dn20), "CN=foo\\, OU\\=bar,O=baz\\\\\\, quux,C=SE"); String dn21 = "C=SE,O=Foo\\, Inc, OU=Foo\\, Dep, CN=Foo\\'"; String bcdn21 = CertTools.stringToBCDNString(dn21); assertEquals(bcdn21, "CN=Foo\',OU=Foo\\, Dep,O=Foo\\, Inc,C=SE"); // it is allowed to escape , assertEquals(StringTools.strip(bcdn21), "CN=Foo',OU=Foo\\, Dep,O=Foo\\, Inc,C=SE"); String dn22 = "C=SE,O=Foo\\, Inc, OU=Foo, Dep, CN=Foo'"; String bcdn22 = CertTools.stringToBCDNString(dn22); assertEquals(bcdn22, "CN=Foo',OU=Foo,O=Foo\\, Inc,C=SE"); assertEquals(StringTools.strip(bcdn22), "CN=Foo',OU=Foo,O=Foo\\, Inc,C=SE"); String dn23 = "C=SE,O=Foo, OU=FooOU, CN=Foo, DN=qualf"; String bcdn23 = CertTools.stringToBCDNString(dn23); assertEquals(bcdn23, "DN=qualf,CN=Foo,OU=FooOU,O=Foo,C=SE"); assertEquals(StringTools.strip(bcdn23), "DN=qualf,CN=Foo,OU=FooOU,O=Foo,C=SE"); String dn24 = "telephonenumber=08555-666,businesscategory=Surf boards,postaladdress=Stockholm,postalcode=11122,CN=foo,CN=bar, O=CN, O=C, C=CN"; assertEquals(CertTools.stringToBCDNString(dn24), "TelephoneNumber=08555-666,PostalAddress=Stockholm,BusinessCategory=Surf boards,PostalCode=11122,CN=foo,CN=bar,O=CN,O=C,C=CN"); // This isn't a legal SubjectDN. Since BC does not seem to support multivalues, we assume that the user meant \+. String dn25 = "CN=user+name, C=CN"; assertEquals(CertTools.stringToBCDNString(dn25), "CN=user\\+name,C=CN"); String dn26 = "CN=user\\+name, C=CN"; assertEquals(CertTools.stringToBCDNString(dn26), "CN=user\\+name,C=CN"); log.trace("<test02StringToBCDNString()"); } /** * DOCUMENT ME! * * @throws Exception * DOCUMENT ME! */ public void test03AltNames() throws Exception { log.trace(">test03AltNames()"); // We try to examine the general case and som special cases, which we // want to be able to handle String alt1 = "rfc822Name=ejbca@primekey.se, dNSName=www.primekey.se, uri=http://www.primekey.se/ejbca"; assertEquals(CertTools.getPartFromDN(alt1, CertTools.EMAIL), "ejbca@primekey.se"); assertNull(CertTools.getPartFromDN(alt1, CertTools.EMAIL1)); assertNull(CertTools.getPartFromDN(alt1, CertTools.EMAIL2)); assertEquals(CertTools.getPartFromDN(alt1, CertTools.DNS), "www.primekey.se"); assertNull(CertTools.getPartFromDN(alt1, CertTools.URI)); assertEquals(CertTools.getPartFromDN(alt1, CertTools.URI1), "http://www.primekey.se/ejbca"); String alt2 = "email=ejbca@primekey.se, dNSName=www.primekey.se, uniformResourceIdentifier=http://www.primekey.se/ejbca"; assertEquals(CertTools.getPartFromDN(alt2, CertTools.EMAIL1), "ejbca@primekey.se"); assertEquals(CertTools.getPartFromDN(alt2, CertTools.URI), "http://www.primekey.se/ejbca"); String alt3 = "EmailAddress=ejbca@primekey.se, dNSName=www.primekey.se, uniformResourceIdentifier=http://www.primekey.se/ejbca"; assertEquals(CertTools.getPartFromDN(alt3, CertTools.EMAIL2), "ejbca@primekey.se"); Certificate cert = CertTools.getCertfromByteArray(guidcert); String upn = CertTools.getUPNAltName(cert); assertEquals(upn, "guid@foo.com"); String guid = CertTools.getGuidAltName(cert); assertEquals(guid, "1234567890abcdef"); String customAlt = "rfc822Name=foo@bar.com"; ArrayList<String> oids = CertTools.getCustomOids(customAlt); assertEquals(0, oids.size()); customAlt = "rfc822Name=foo@bar.com, 1.1.1.1.2=foobar, 1.2.2.2.2=barfoo"; oids = CertTools.getCustomOids(customAlt); assertEquals(2, oids.size()); String oid1 = (String) oids.get(0); assertEquals("1.1.1.1.2", oid1); String oid2 = (String) oids.get(1); assertEquals("1.2.2.2.2", oid2); String val1 = CertTools.getPartFromDN(customAlt, oid1); assertEquals("foobar", val1); String val2 = CertTools.getPartFromDN(customAlt, oid2); assertEquals("barfoo", val2); customAlt = "rfc822Name=foo@bar.com, 1.1.1.1.2=foobar, 1.1.1.1.2=barfoo"; oids = CertTools.getCustomOids(customAlt); assertEquals(1, oids.size()); oid1 = (String) oids.get(0); assertEquals("1.1.1.1.2", oid1); List<String> list = CertTools.getPartsFromDN(customAlt, oid1); assertEquals(2, list.size()); val1 = (String) list.get(0); assertEquals("foobar", val1); val2 = (String) list.get(1); assertEquals("barfoo", val2); log.trace("<test03AltNames()"); } /** * DOCUMENT ME! * * @throws Exception * DOCUMENT ME! */ public void test04DNComponents() throws Exception { log.trace(">test04DNComponents()"); // We try to examine the general case and som special cases, which we // want to be able to handle String dn1 = "CN=CommonName, O=Org, OU=OrgUnit, SerialNumber=SerialNumber, SurName=SurName, GivenName=GivenName, Initials=Initials, C=SE"; String bcdn1 = CertTools.stringToBCDNString(dn1); log.debug("dn1: " + dn1); log.debug("bcdn1: " + bcdn1); assertEquals(bcdn1, "CN=CommonName,SN=SerialNumber,GIVENNAME=GivenName,INITIALS=Initials,SURNAME=SurName,OU=OrgUnit,O=Org,C=SE"); dn1 = "CN=CommonName, O=Org, OU=OrgUnit, SerialNumber=SerialNumber, SurName=SurName, GivenName=GivenName, Initials=Initials, C=SE, 1.1.1.1=1111Oid, 2.2.2.2=2222Oid"; bcdn1 = CertTools.stringToBCDNString(dn1); log.debug("dn1: " + dn1); log.debug("bcdn1: " + bcdn1); assertEquals(bcdn1, "CN=CommonName,SN=SerialNumber,GIVENNAME=GivenName,INITIALS=Initials,SURNAME=SurName,OU=OrgUnit,O=Org,C=SE,2.2.2.2=2222Oid,1.1.1.1=1111Oid"); dn1 = "CN=CommonName, 3.3.3.3=3333Oid,O=Org, OU=OrgUnit, SerialNumber=SerialNumber, SurName=SurName, GivenName=GivenName, Initials=Initials, C=SE, 1.1.1.1=1111Oid, 2.2.2.2=2222Oid"; bcdn1 = CertTools.stringToBCDNString(dn1); log.debug("dn1: " + dn1); log.debug("bcdn1: " + bcdn1); // 3.3.3.3 is not a valid OID so it should be silently dropped assertEquals(bcdn1, "CN=CommonName,SN=SerialNumber,GIVENNAME=GivenName,INITIALS=Initials,SURNAME=SurName,OU=OrgUnit,O=Org,C=SE,2.2.2.2=2222Oid,1.1.1.1=1111Oid"); dn1 = "CN=CommonName, 2.3.3.3=3333Oid,O=Org, K=KKK, OU=OrgUnit, SerialNumber=SerialNumber, SurName=SurName, GivenName=GivenName, Initials=Initials, C=SE, 1.1.1.1=1111Oid, 2.2.2.2=2222Oid"; bcdn1 = CertTools.stringToBCDNString(dn1); log.debug("dn1: " + dn1); log.debug("bcdn1: " + bcdn1); assertEquals(bcdn1, "CN=CommonName,SN=SerialNumber,GIVENNAME=GivenName,INITIALS=Initials,SURNAME=SurName,OU=OrgUnit,O=Org,C=SE,2.2.2.2=2222Oid,1.1.1.1=1111Oid,2.3.3.3=3333Oid"); log.trace("<test04DNComponents()"); } /** * Tests string coding/decoding international (swedish characters) * * @throws Exception * if error... */ public void test05IntlChars() throws Exception { log.trace(">test05IntlChars()"); // We try to examine the general case and som special cases, which we // want to be able to handle String dn1 = "CN=Tomas?????????, O=?????????-Org, OU=??????-Unit, C=SE"; String bcdn1 = CertTools.stringToBCDNString(dn1); log.debug("dn1: " + dn1); log.debug("bcdn1: " + bcdn1); assertEquals("CN=Tomas?????????,OU=??????-Unit,O=?????????-Org,C=SE", bcdn1); log.trace("<test05IntlChars()"); } /** * Tests some of the other methods of CertTools * * @throws Exception * if error... */ public void test06CertOps() throws Exception { log.trace(">test06CertOps()"); Certificate cert = CertTools.getCertfromByteArray(testcert); Certificate gcert = CertTools.getCertfromByteArray(guidcert); assertEquals("Wrong issuerDN", CertTools.getIssuerDN(cert), CertTools.stringToBCDNString("CN=TestCA,O=AnaTom,C=SE")); assertEquals("Wrong subjectDN", CertTools.getSubjectDN(cert), CertTools.stringToBCDNString("CN=p12test,O=PrimeTest,C=SE")); assertEquals("Wrong subject key id", new String(Hex.encode(CertTools.getSubjectKeyId(cert))), "E74F5690F48D147783847CD26448E8094ABB08A0".toLowerCase()); assertEquals("Wrong authority key id", new String(Hex.encode(CertTools.getAuthorityKeyId(cert))), "637BF476A854248EA574A57744A6F45E0F579251".toLowerCase()); assertEquals("Wrong upn alt name", "foo@foo", CertTools.getUPNAltName(cert)); assertEquals("Wrong guid alt name", "1234567890abcdef", CertTools.getGuidAltName(gcert)); assertEquals("Wrong certificate policy", "1.1.1.1.1.1", CertTools.getCertificatePolicyId(cert, 0)); assertNull("Not null policy", CertTools.getCertificatePolicyId(cert, 1)); // log.debug(cert); // FileOutputStream fos = new FileOutputStream("foo.cert"); // fos.write(cert.getEncoded()); // fos.close(); log.trace("<test06CertOps()"); } /** * Tests the handling of DC components * * @throws Exception * if error... */ public void test07TestDC() throws Exception { log.trace(">test07TestDC()"); // We try to examine the that we handle modern dc components for ldap // correctly String dn1 = "dc=bigcorp,dc=com,dc=se,ou=users,cn=Mike Jackson"; String bcdn1 = CertTools.stringToBCDNString(dn1); log.debug("dn1: " + dn1); log.debug("bcdn1: " + bcdn1); // assertEquals("CN=Mike Jackson,OU=users,DC=se,DC=bigcorp,DC=com", // bcdn1); String dn2 = "cn=Mike Jackson,ou=users,dc=se,dc=bigcorp,dc=com"; String bcdn2 = CertTools.stringToBCDNString(dn2); log.debug("dn2: " + dn2); log.debug("bcdn2: " + bcdn2); assertEquals("CN=Mike Jackson,OU=users,DC=se,DC=bigcorp,DC=com", bcdn2); log.trace("<test07TestDC()"); } /** * Tests the handling of unstructuredName/Address * * @throws Exception * if error... */ public void test08TestUnstructured() throws Exception { log.trace(">test08TestUnstructured()"); // We try to examine the that we handle modern dc components for ldap // correctly String dn1 = "C=SE,O=PrimeKey,unstructuredName=10.1.1.2,unstructuredAddress=foo.bar.se,cn=test"; String bcdn1 = CertTools.stringToBCDNString(dn1); log.debug("dn1: " + dn1); log.debug("bcdn1: " + bcdn1); assertEquals("unstructuredAddress=foo.bar.se,unstructuredName=10.1.1.2,CN=test,O=PrimeKey,C=SE", bcdn1); log.trace("<test08TestUnstructured()"); } /** * Tests the reversing of a DN * * @throws Exception * if error... */ public void test09TestReverseDN() throws Exception { log.trace(">test09TestReverse()"); // We try to examine the that we handle modern dc components for ldap // correctly String dn1 = "dc=com,dc=bigcorp,dc=se,ou=orgunit,ou=users,cn=Tomas G"; String dn2 = "cn=Tomas G,ou=users,ou=orgunit,dc=se,dc=bigcorp,dc=com"; assertTrue(CertTools.isDNReversed(dn1)); assertTrue(!CertTools.isDNReversed(dn2)); assertTrue(CertTools.isDNReversed("C=SE,CN=Foo")); assertTrue(!CertTools.isDNReversed("CN=Foo,O=FooO")); String revdn1 = CertTools.reverseDN(dn1); log.debug("dn1: " + dn1); log.debug("revdn1: " + revdn1); assertEquals(dn2, revdn1); String dn3 = "cn=toto,cn=titi,dc=domain,dc=tld"; String revdn3 = CertTools.reverseDN(dn3); assertEquals("dc=tld,dc=domain,cn=titi,cn=toto", revdn3); X509Name dn4 = CertTools.stringToBcX509Name(dn3, new X509DefaultEntryConverter(), true); assertEquals("CN=toto,CN=titi,DC=domain,DC=tld", dn4.toString()); X509Name dn5 = CertTools.stringToBcX509Name(dn3, new X509DefaultEntryConverter(), false); assertEquals("DC=tld,DC=domain,CN=titi,CN=toto", dn5.toString()); assertEquals("CN=toto,CN=titi,DC=domain,DC=tld", CertTools.stringToBCDNString(dn3)); String dn6 = "dc=tld,dc=domain,cn=titi,cn=toto"; String revdn6 = CertTools.reverseDN(dn6); assertEquals("cn=toto,cn=titi,dc=domain,dc=tld", revdn6); assertEquals("CN=toto,CN=titi,DC=domain,DC=tld", CertTools.stringToBCDNString(dn3)); X509Name dn7 = CertTools.stringToBcX509Name(dn6, new X509DefaultEntryConverter(), true); assertEquals("CN=toto,CN=titi,DC=domain,DC=tld", dn7.toString()); X509Name revdn7 = CertTools.stringToBcX509Name(dn6, new X509DefaultEntryConverter(), false); assertEquals("DC=tld,DC=domain,CN=titi,CN=toto", revdn7.toString()); // Test the test strings from ECA-1699, to prove that we fixed this issue String dn8 = "dc=org,dc=foo,o=FOO,cn=FOO Root CA"; String dn9 = "cn=FOO Root CA,o=FOO,dc=foo,dc=org"; String revdn8 = CertTools.reverseDN(dn8); assertEquals("cn=FOO Root CA,o=FOO,dc=foo,dc=org", revdn8); String revdn9 = CertTools.reverseDN(dn9); assertEquals("dc=org,dc=foo,o=FOO,cn=FOO Root CA", revdn9); X509Name xdn8ldap = CertTools.stringToBcX509Name(dn8, new X509DefaultEntryConverter(), true); X509Name xdn8x500 = CertTools.stringToBcX509Name(dn8, new X509DefaultEntryConverter(), false); assertEquals("CN=FOO Root CA,O=FOO,DC=foo,DC=org", xdn8ldap.toString()); assertEquals("DC=org,DC=foo,O=FOO,CN=FOO Root CA", xdn8x500.toString()); X509Name xdn9ldap = CertTools.stringToBcX509Name(dn9, new X509DefaultEntryConverter(), true); X509Name xdn9x500 = CertTools.stringToBcX509Name(dn9, new X509DefaultEntryConverter(), false); assertEquals("CN=FOO Root CA,O=FOO,DC=foo,DC=org", xdn9ldap.toString()); assertEquals("DC=org,DC=foo,O=FOO,CN=FOO Root CA", xdn9x500.toString()); assertEquals("CN=FOO Root CA,O=FOO,DC=foo,DC=org", CertTools.stringToBCDNString(dn8)); assertEquals("CN=FOO Root CA,O=FOO,DC=foo,DC=org", CertTools.stringToBCDNString(dn9)); // Test reversing DNs with multiple OU String dn10 = "CN=something,OU=A,OU=B,O=someO,C=SE"; X509Name x509dn10 = CertTools.stringToBcX509Name(dn10, new X509DefaultEntryConverter(), true); assertEquals("CN=something,OU=A,OU=B,O=someO,C=SE", x509dn10.toString()); assertEquals("CN=something,OU=A,OU=B,O=someO,C=SE", CertTools.stringToBCDNString(dn10)); // When we order forwards (LdapOrder) from the beginning, and request !LdapOrder, everything should be reversed X509Name ldapdn11 = CertTools.stringToBcX509Name(dn10, new X509DefaultEntryConverter(), false); assertEquals("C=SE,O=someO,OU=B,OU=A,CN=something", ldapdn11.toString()); // When we order backwards (X.509, !LdapOrder) from the beginning, we should not reorder anything String dn11 = "C=SE,O=someO,OU=B,OU=A,CN=something"; X509Name x509dn11 = CertTools.stringToBcX509Name(dn11, new X509DefaultEntryConverter(), false); assertEquals("C=SE,O=someO,OU=B,OU=A,CN=something", x509dn11.toString()); assertEquals("CN=something,OU=A,OU=B,O=someO,C=SE", CertTools.stringToBCDNString(dn11)); log.trace("<test09TestReverse()"); } /** * Tests the handling of DC components * * @throws Exception if error... */ public void test10TestMultipleReversed() throws Exception { log.trace(">test10TestMultipleReversed()"); // We try to examine the that we handle modern dc components for ldap // correctly String dn1 = "dc=com,dc=bigcorp,dc=se,ou=orgunit,ou=users,cn=Tomas G"; String bcdn1 = CertTools.stringToBCDNString(dn1); log.debug("dn1: " + dn1); log.debug("bcdn1: " + bcdn1); assertEquals("CN=Tomas G,OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com", bcdn1); String dn19 = "C=SE, dc=dc1,DC=DC2,O=EJBCA, O=oo, cn=foo, cn=bar"; assertEquals("CN=bar,CN=foo,O=oo,O=EJBCA,DC=DC2,DC=dc1,C=SE", CertTools.stringToBCDNString(dn19)); String dn20 = " C=SE,CN=\"foo, OU=bar\", O=baz\\\\\\, quux "; // BC always escapes with backslash, it doesn't use quotes. assertEquals("CN=foo\\, OU\\=bar,O=baz\\\\\\, quux,C=SE", CertTools.stringToBCDNString(dn20)); String dn21 = "C=SE,O=Foo\\, Inc, OU=Foo\\, Dep, CN=Foo\\'"; String bcdn21 = CertTools.stringToBCDNString(dn21); assertEquals("CN=Foo\',OU=Foo\\, Dep,O=Foo\\, Inc,C=SE", bcdn21); assertEquals("CN=Foo',OU=Foo\\, Dep,O=Foo\\, Inc,C=SE", StringTools.strip(bcdn21)); log.trace("<test10TestMultipleReversed()"); } /** * Tests the insertCNPostfix function * * @throws Exception * if error... */ public void test11TestInsertCNPostfix() throws Exception { log.trace(">test11TestInsertCNPostfix()"); // Test the regular case with one CN beging replaced with " (VPN)" // postfix String dn1 = "CN=Tomas G,OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com"; String cnpostfix1 = " (VPN)"; String newdn1 = CertTools.insertCNPostfix(dn1, cnpostfix1); assertEquals("CN=Tomas G (VPN),OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com", newdn1); // Test case when CN doesn't exist String dn2 = "OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com"; String newdn2 = CertTools.insertCNPostfix(dn2, cnpostfix1); assertEquals("OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com", newdn2); // Test case with two CNs in DN only first one should be replaced. String dn3 = "CN=Tomas G,CN=Bagare,OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com"; String newdn3 = CertTools.insertCNPostfix(dn3, cnpostfix1); assertEquals("CN=Tomas G (VPN),CN=Bagare,OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com", newdn3); // Test case with two CNs in reversed DN String dn4 = "dc=com,dc=bigcorp,dc=se,ou=orgunit,ou=users,cn=Tomas G,CN=Bagare"; String newdn4 = CertTools.insertCNPostfix(dn4, cnpostfix1); assertEquals("dc=com,dc=bigcorp,dc=se,ou=orgunit,ou=users,cn=Tomas G (VPN),CN=Bagare", newdn4); // Test case with two CNs in reversed DN String dn5 = "UID=tomas,CN=tomas,OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com"; String cnpostfix5 = " (VPN)"; String newdn5 = CertTools.insertCNPostfix(dn5, cnpostfix5); assertEquals("UID=tomas,CN=tomas (VPN),OU=users,OU=orgunit,DC=se,DC=bigcorp,DC=com", newdn5); log.trace("<test11TestInsertCNPostfix()"); } /** */ public void test12GetPartsFromDN() throws Exception { log.trace(">test01GetPartFromDN()"); // We try to examine the general case and som special cases, which we // want to be able to handle String dn0 = "C=SE, O=AnaTom, CN=foo"; assertEquals(CertTools.getPartsFromDN(dn0, "CN").size(), 1); assertTrue(CertTools.getPartsFromDN(dn0, "CN").contains("foo")); assertEquals(CertTools.getPartsFromDN(dn0, "O").size(), 1); assertTrue(CertTools.getPartsFromDN(dn0, "O").contains("AnaTom")); assertEquals(CertTools.getPartsFromDN(dn0, "C").size(), 1); assertTrue(CertTools.getPartsFromDN(dn0, "C").contains("SE")); assertEquals(CertTools.getPartsFromDN(dn0, "cn").size(), 1); assertTrue(CertTools.getPartsFromDN(dn0, "cn").contains("foo")); assertEquals(CertTools.getPartsFromDN(dn0, "o").size(), 1); assertTrue(CertTools.getPartsFromDN(dn0, "o").contains("AnaTom")); assertEquals(CertTools.getPartsFromDN(dn0, "c").size(), 1); assertTrue(CertTools.getPartsFromDN(dn0, "c").contains("SE")); String dn1 = "uri=http://www.a.se, C=SE, O=AnaTom, CN=foo"; assertEquals(CertTools.getPartsFromDN(dn1, "CN").size(), 1); assertTrue(CertTools.getPartsFromDN(dn1, "CN").contains("foo")); assertEquals(CertTools.getPartsFromDN(dn1, CertTools.URI).size(), 0); assertEquals(CertTools.getPartsFromDN(dn1, CertTools.URI1).size(), 1); assertTrue(CertTools.getPartsFromDN(dn1, CertTools.URI1).contains("http://www.a.se")); String dn2 = "uri=http://www.a.se, uri=http://www.b.se, C=SE, O=AnaTom, CN=foo"; assertEquals(CertTools.getPartsFromDN(dn2, "CN").size(), 1); assertTrue(CertTools.getPartsFromDN(dn2, "CN").contains("foo")); assertEquals(CertTools.getPartsFromDN(dn2, CertTools.URI1).size(), 2); assertTrue(CertTools.getPartsFromDN(dn2, CertTools.URI1).contains("http://www.a.se")); assertTrue(CertTools.getPartsFromDN(dn2, CertTools.URI1).contains("http://www.b.se")); log.trace("<test12GetPartsFromDN()"); } public void test13GetSubjectAltNameString() throws Exception { log.trace(">test13GetSubjectAltNameString()"); String altNames = CertTools.getSubjectAlternativeName(CertTools.getCertfromByteArray(altNameCert)); log.debug(altNames); String name = CertTools.getPartFromDN(altNames, CertTools.UPN); assertEquals("foo@a.se", name); assertEquals("foo@a.se", CertTools.getUPNAltName(CertTools.getCertfromByteArray(altNameCert))); name = CertTools.getPartFromDN(altNames, CertTools.URI); assertEquals("http://www.a.se/", name); name = CertTools.getPartFromDN(altNames, CertTools.EMAIL); assertEquals("tomas@a.se", name); name = CertTools.getEMailAddress(CertTools.getCertfromByteArray(altNameCert)); assertEquals("tomas@a.se", name); name = CertTools.getEMailAddress(CertTools.getCertfromByteArray(testcert)); assertNull(name); name = CertTools.getEMailAddress(null); assertNull(name); name = CertTools.getPartFromDN(altNames, CertTools.DNS); assertEquals("www.a.se", name); name = CertTools.getPartFromDN(altNames, CertTools.IPADDR); assertEquals("10.1.1.1", name); log.trace("<test13GetSubjectAltNameString()"); } public void test14QCStatement() throws Exception { Certificate cert = CertTools.getCertfromByteArray(qcRefCert); // log.debug(cert); assertEquals("rfc822name=municipality@darmstadt.de", QCStatementExtension.getQcStatementAuthorities(cert)); Collection<String> ids = QCStatementExtension.getQcStatementIds(cert); assertTrue(ids.contains(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v2.getId())); Certificate cert2 = CertTools.getCertfromByteArray(qcPrimeCert); assertEquals("rfc822name=qc@primekey.se", QCStatementExtension.getQcStatementAuthorities(cert2)); ids = QCStatementExtension.getQcStatementIds(cert2); assertTrue(ids.contains(RFC3739QCObjectIdentifiers.id_qcs_pkixQCSyntax_v1.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcCompliance.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_QcSSCD.getId())); assertTrue(ids.contains(ETSIQCObjectIdentifiers.id_etsi_qcs_LimiteValue.getId())); String limit = QCStatementExtension.getQcStatementValueLimit(cert2); assertEquals("50000 SEK", limit); } public void test15AiaOcspUri() throws Exception { Certificate cert = CertTools.getCertfromByteArray(aiaCert); //log.debug(cert); assertEquals("http://localhost:8080/ejbca/publicweb/status/ocsp", CertTools.getAuthorityInformationAccessOcspUrl(cert)); } public void test16GetSubjectAltNameStringWithDirectoryName() throws Exception { log.trace(">test16GetSubjectAltNameStringWithDirectoryName()"); Certificate cer = CertTools.getCertfromByteArray(altNameCertWithDirectoryName); String altNames = CertTools.getSubjectAlternativeName(cer); log.debug(altNames); String name = CertTools.getPartFromDN(altNames, CertTools.UPN); assertEquals("testDirName@jamador.pki.gva.es", name); assertEquals("testDirName@jamador.pki.gva.es", CertTools.getUPNAltName(cer)); name = CertTools.getPartFromDN(altNames, CertTools.DIRECTORYNAME); assertEquals("CN=testDirName|dir|name", name); assertEquals(name.substring("CN=".length()), new X509Name("CN=testDirName|dir|name").getValues().get(0)); String altName = "rfc822name=foo@bar.se, uri=http://foo.bar.se, directoryName=" + LDAPDN.escapeRDN("CN=testDirName, O=Foo, OU=Bar, C=SE") + ", dnsName=foo.bar.se"; GeneralNames san = CertTools.getGeneralNamesFromAltName(altName); GeneralName[] gns = san.getNames(); boolean found = false; for (int i = 0; i < gns.length; i++) { int tag = gns[i].getTagNo(); if (tag == 4) { found = true; DEREncodable enc = gns[i].getName(); X509Name dir = (X509Name) enc; String str = dir.toString(); log.debug("DirectoryName: " + str); assertEquals("CN=testDirName,O=Foo,OU=Bar,C=SE", str); } } assertTrue(found); altName = "rfc822name=foo@bar.se, rfc822name=foo@bar.com, uri=http://foo.bar.se, directoryName=" + LDAPDN.escapeRDN("CN=testDirName, O=Foo, OU=Bar, C=SE") + ", dnsName=foo.bar.se, dnsName=foo.bar.com"; san = CertTools.getGeneralNamesFromAltName(altName); gns = san.getNames(); int dnscount = 0; int rfc822count = 0; for (int i = 0; i < gns.length; i++) { int tag = gns[i].getTagNo(); if (tag == 2) { dnscount++; DEREncodable enc = gns[i].getName(); DERIA5String dir = (DERIA5String) enc; String str = dir.getString(); log.info("DnsName: " + str); } if (tag == 1) { rfc822count++; DEREncodable enc = gns[i].getName(); DERIA5String dir = (DERIA5String) enc; String str = dir.getString(); log.info("Rfc822Name: " + str); } } assertEquals(2, dnscount); assertEquals(2, rfc822count); log.trace("<test16GetSubjectAltNameStringWithDirectoryName()"); } public void test17SubjectDirectoryAttributes() throws Exception { log.trace(">test17SubjectDirectoryAttributes()"); Certificate cer = CertTools.getCertfromByteArray(subjDirAttrCert); String ret = SubjectDirAttrExtension.getSubjectDirectoryAttributes(cer); assertEquals("countryOfCitizenship=TR", ret); cer = CertTools.getCertfromByteArray(subjDirAttrCert2); ret = SubjectDirAttrExtension.getSubjectDirectoryAttributes(cer); assertEquals( "countryOfResidence=SE, countryOfCitizenship=SE, gender=M, placeOfBirth=Stockholm, dateOfBirth=19710425", ret); log.trace("<test17SubjectDirectoryAttributes()"); } public void test18DNSpaceTrimming() throws Exception { log.trace(">test18DNSpaceTrimming()"); String dn1 = "CN=CommonName, O= Org,C=SE"; String bcdn1 = CertTools.stringToBCDNString(dn1); log.debug("dn1: " + dn1); log.debug("bcdn1: " + bcdn1); assertEquals("CN=CommonName,O=Org,C=SE", bcdn1); dn1 = "CN=CommonName, O =Org,C=SE"; bcdn1 = CertTools.stringToBCDNString(dn1); log.debug("dn1: " + dn1); log.debug("bcdn1: " + bcdn1); assertEquals("CN=CommonName,O=Org,C=SE", bcdn1); dn1 = "CN=CommonName, O = Org,C=SE"; bcdn1 = CertTools.stringToBCDNString(dn1); log.debug("dn1: " + dn1); log.debug("bcdn1: " + bcdn1); assertEquals("CN=CommonName,O=Org,C=SE", bcdn1); log.trace("<test18DNSpaceTrimming()"); } @SuppressWarnings("unchecked") public void test19getAltNameStringFromExtension() throws Exception { PKCS10CertificationRequest p10 = new PKCS10CertificationRequest(p10ReqWithAltNames); CertificationRequestInfo info = p10.getCertificationRequestInfo(); ASN1Set set = info.getAttributes(); // The set of attributes contains a sequence of with type oid // PKCSObjectIdentifiers.pkcs_9_at_extensionRequest Enumeration<Object> en = set.getObjects(); boolean found = false; while (en.hasMoreElements()) { ASN1Sequence seq = ASN1Sequence.getInstance(en.nextElement()); DERObjectIdentifier oid = (DERObjectIdentifier) seq.getObjectAt(0); if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { // The object at position 1 is a SET of x509extensions DERSet s = (DERSet) seq.getObjectAt(1); X509Extensions exts = X509Extensions.getInstance(s.getObjectAt(0)); X509Extension ext = exts.getExtension(X509Extensions.SubjectAlternativeName); if (ext != null) { found = true; String altNames = CertTools.getAltNameStringFromExtension(ext); assertEquals("dNSName=ort3-kru.net.polisen.se, iPAddress=10.252.255.237", altNames); } } } assertTrue(found); p10 = new PKCS10CertificationRequest(p10ReqWithAltNames2); info = p10.getCertificationRequestInfo(); set = info.getAttributes(); // The set of attributes contains a sequence of with type oid // PKCSObjectIdentifiers.pkcs_9_at_extensionRequest en = set.getObjects(); found = false; while (en.hasMoreElements()) { ASN1Sequence seq = ASN1Sequence.getInstance(en.nextElement()); DERObjectIdentifier oid = (DERObjectIdentifier) seq.getObjectAt(0); if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) { // The object at position 1 is a SET of x509extensions DERSet s = (DERSet) seq.getObjectAt(1); X509Extensions exts = X509Extensions.getInstance(s.getObjectAt(0)); X509Extension ext = exts.getExtension(X509Extensions.SubjectAlternativeName); if (ext != null) { found = true; String altNames = CertTools.getAltNameStringFromExtension(ext); assertEquals("dNSName=foo.bar.com, iPAddress=10.0.0.1", altNames); } } } assertTrue(found); } public void test20cvcCert() throws Exception { Certificate cert = CertTools.getCertfromByteArray(cvccert); assertNotNull(cert); PublicKey pk = cert.getPublicKey(); assertNotNull(pk); assertEquals("RSA", pk.getAlgorithm()); if (pk instanceof RSAPublicKey) { BigInteger modulus = ((RSAPublicKey) pk).getModulus(); int len = modulus.bitLength(); assertEquals(1024, len); } else { assertTrue(false); } String subjectdn = CertTools.getSubjectDN(cert); assertEquals("CN=RPS,C=SE", subjectdn); String issuerdn = CertTools.getIssuerDN(cert); assertEquals("CN=RPS,C=SE", issuerdn); assertEquals("10110", CertTools.getSerialNumberAsString(cert)); CardVerifiableCertificate cvcert = (CardVerifiableCertificate) cert; assertEquals("CVCA", cvcert.getCVCertificate().getCertificateBody().getAuthorizationTemplate() .getAuthorizationField().getRole().name()); // Serialization, CVC provider is installed by CertTools.installBCProvider ByteArrayOutputStream baos = new ByteArrayOutputStream(); ObjectOutputStream oos = new ObjectOutputStream(baos); oos.writeObject(cert); oos.close(); baos.close(); ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray()); ObjectInputStream ois = new ObjectInputStream(bais); Object o = ois.readObject(); Certificate ocert = (Certificate) o; assertEquals("CVC", ocert.getType()); // Test CVC certificate request encoding CVCObject parsedObject = CertificateParser.parseCVCObject(cvcreq); CVCertificate req = (CVCertificate) parsedObject; PublicKey pubKey = req.getCertificateBody().getPublicKey(); assertNotNull(pubKey); assertEquals("CVC", pubKey.getFormat()); BigInteger modulus = ((RSAPublicKey) pk).getModulus(); int len = modulus.bitLength(); assertEquals(1024, len); // Test verification of an authenticated request parsedObject = CertificateParser.parseCVCObject(cvcreqrenew); CVCAuthenticatedRequest authreq = (CVCAuthenticatedRequest) parsedObject; try { authreq.verify(pubKey); } catch (Exception e) { assertTrue(false); } // Test verification of an authenticated request that fails parsedObject = CertificateParser.parseCVCObject(cvcreqrenew); authreq = (CVCAuthenticatedRequest) parsedObject; req = authreq.getRequest(); try { authreq.verify(req.getCertificateBody().getPublicKey()); assertTrue(false); } catch (Exception e) { } } public void test21GenSelfCert() throws Exception { KeyPair kp = KeyTools.genKeys("1024", "RSA"); Certificate cert = CertTools.genSelfCertForPurpose("CN=foo1", 10, null, kp.getPrivate(), kp.getPublic(), AlgorithmConstants.SIGALG_SHA256_WITH_RSA_AND_MGF1, true, X509KeyUsage.keyCertSign); assertNotNull(cert); PublicKey pk = cert.getPublicKey(); assertNotNull(pk); assertEquals("RSA", pk.getAlgorithm()); if (pk instanceof RSAPublicKey) { BigInteger modulus = ((RSAPublicKey) pk).getModulus(); int len = modulus.bitLength(); assertEquals(1024, len); } else { assertTrue(false); } String subjectdn = CertTools.getSubjectDN(cert); assertEquals("CN=foo1", subjectdn); String issuerdn = CertTools.getIssuerDN(cert); assertEquals("CN=foo1", issuerdn); } public void test22CreateCertChain() throws Exception { // Test creating a certificate chain for CVC CAs Certificate cvccertroot = CertTools.getCertfromByteArray(cvccertchainroot); Certificate cvccertsub = CertTools.getCertfromByteArray(cvccertchainsub); ArrayList<Certificate> certlist = new ArrayList<Certificate>(); certlist.add(cvccertsub); certlist.add(cvccertroot); Collection<Certificate> col = CertTools.createCertChain(certlist); assertEquals(2, col.size()); Iterator<Certificate> iter = col.iterator(); Certificate certsub = (Certificate) iter.next(); assertEquals("CN=RPS,C=SE", CertTools.getSubjectDN(certsub)); Certificate certroot = (Certificate) iter.next(); assertEquals("CN=HSMCVCA,C=SE", CertTools.getSubjectDN(certroot)); // Test creating a certificate chain for X509CAs Certificate x509certsubsub = CertTools.getCertfromByteArray(x509certchainsubsub); System.out.println(x509certsubsub.toString()); Certificate x509certsub = CertTools.getCertfromByteArray(x509certchainsub); System.out.println(x509certsub.toString()); Certificate x509certroot = CertTools.getCertfromByteArray(x509certchainroot); System.out.println(x509certroot.toString()); certlist = new ArrayList<Certificate>(); certlist.add(x509certsub); certlist.add(x509certroot); certlist.add(x509certsubsub); col = CertTools.createCertChain(certlist); assertEquals(3, col.size()); iter = col.iterator(); Certificate certsubsub = (Certificate) iter.next(); assertEquals("CN=SubSubCA", CertTools.getSubjectDN(certsubsub)); certsub = (Certificate) iter.next(); assertEquals("CN=SubCA", CertTools.getSubjectDN(certsub)); certroot = (Certificate) iter.next(); assertEquals("CN=RootCA", CertTools.getSubjectDN(certroot)); } public void test23GenSelfCertDSA() throws Exception { KeyPair kp = KeyTools.genKeys("1024", "DSA"); Certificate cert = CertTools.genSelfCertForPurpose("CN=foo1", 10, null, kp.getPrivate(), kp.getPublic(), AlgorithmConstants.SIGALG_SHA1_WITH_DSA, true, X509KeyUsage.keyCertSign); assertNotNull(cert); PublicKey pk = cert.getPublicKey(); assertNotNull(pk); assertEquals("DSA", pk.getAlgorithm()); assertTrue(pk instanceof DSAPublicKey); String subjectdn = CertTools.getSubjectDN(cert); assertEquals("CN=foo1", subjectdn); String issuerdn = CertTools.getIssuerDN(cert); assertEquals("CN=foo1", issuerdn); } public void test24GetCrlDistributionPoint() throws Exception { log.trace(">test24GetCrlDistributionPoint()"); Collection<Certificate> certs; URL url; // Test with normal cert try { certs = CertTools.getCertsFromPEM(new ByteArrayInputStream(CERT_WITH_URI.getBytes())); url = CertTools.getCrlDistributionPoint(certs.iterator().next()); assertNotNull(url); } catch (CertificateParsingException ex) { fail("Exception: " + ex.getMessage()); } // Test with cert that contains CDP without URI try { certs = CertTools.getCertsFromPEM(new ByteArrayInputStream(CERT_WITHOUT_URI.getBytes())); url = CertTools.getCrlDistributionPoint(certs.iterator().next()); assertNull(url); } catch (CertificateParsingException ex) { fail("Exception: " + ex.getMessage()); } log.trace("<test24GetCrlDistributionPoint()"); } public void testKrb5PrincipalName() throws Exception { String altName = "krb5principal=foo/bar@P.SE, upn=upn@u.com"; GeneralNames gn = CertTools.getGeneralNamesFromAltName(altName); GeneralName[] names = gn.getNames(); String ret = CertTools.getGeneralNameString(0, names[1].getName()); assertEquals("krb5principal=foo/bar@P.SE", ret); altName = "krb5principal=foo@P.SE"; gn = CertTools.getGeneralNamesFromAltName(altName); names = gn.getNames(); ret = CertTools.getGeneralNameString(0, names[0].getName()); assertEquals("krb5principal=foo@P.SE", ret); altName = "krb5principal=foo/A.SE@P.SE"; gn = CertTools.getGeneralNamesFromAltName(altName); names = gn.getNames(); ret = CertTools.getGeneralNameString(0, names[0].getName()); assertEquals("krb5principal=foo/A.SE@P.SE", ret); Certificate krbcert = CertTools.getCertfromByteArray(krb5principalcert); String s = CertTools.getSubjectAlternativeName(krbcert); assertEquals("krb5principal=foo/bar@P.COM", s); } public void testPseudonymAndName() throws Exception { String dn1 = "c=SE,O=Prime,OU=Tech,TelephoneNumber=555-666,Name=Kalle,PostalAddress=footown,PostalCode=11122,Pseudonym=Shredder,cn=Tomas Gustavsson"; String bcdn1 = CertTools.stringToBCDNString(dn1); assertEquals( "Pseudonym=Shredder,TelephoneNumber=555-666,PostalAddress=footown,PostalCode=11122,CN=Tomas Gustavsson,Name=Kalle,OU=Tech,O=Prime,C=SE", bcdn1); } public void testEscapedCharacters() throws Exception { String dn = CertTools.stringToBCDNString("O=\\<fff\\>\\\",CN=oid,SN=12345,NAME=name,C=se"); assertEquals("CN=oid,Name=name,SN=12345,O=\\<fff\\>\\\",C=se", dn); } public void testSerialNumberFromString() throws Exception { // Test numerical format BigInteger serno = CertTools.getSerialNumberFromString("00001"); assertEquals(1, serno.intValue()); // Test SE001 format serno = CertTools.getSerialNumberFromString("SE021"); assertEquals(21, serno.intValue()); // Test numeric and hexadecimal string, will get the numerical part in the middle serno = CertTools.getSerialNumberFromString("F53AA"); assertEquals(53, serno.intValue()); // Test pure letters serno = CertTools.getSerialNumberFromString("FXBAA"); assertEquals(26748514, serno.intValue()); // Test a strange format... serno = CertTools.getSerialNumberFromString("SE02K"); assertEquals(2, serno.intValue()); // Test a real biginteger serno = CertTools.getSerialNumberFromString("7331288210307371"); assertEquals(271610737, serno.intValue()); // Test a real certificate Certificate cert = CertTools.getCertfromByteArray(testcert); serno = CertTools.getSerialNumber(cert); assertEquals(271610737, serno.intValue()); } public void testReadPEMCertificate() throws Exception { X509Certificate cert = (X509Certificate) CertTools.getCertfromByteArray(pemcert); assertNotNull(cert); assertEquals("CN=AdminCA1,O=EJBCA Sample,C=SE", cert.getSubjectDN().toString()); } }