1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
|
18 |
|
|
19 |
|
|
20 |
|
package org.xwiki.crypto.pkix.internal; |
21 |
|
|
22 |
|
import java.util.EnumSet; |
23 |
|
|
24 |
|
import org.junit.Before; |
25 |
|
import org.junit.Rule; |
26 |
|
import org.junit.Test; |
27 |
|
import org.xwiki.crypto.AbstractPKIXTest; |
28 |
|
import org.xwiki.crypto.BinaryStringEncoder; |
29 |
|
import org.xwiki.crypto.internal.asymmetric.keyfactory.BcDSAKeyFactory; |
30 |
|
import org.xwiki.crypto.internal.asymmetric.keyfactory.BcRSAKeyFactory; |
31 |
|
import org.xwiki.crypto.internal.digest.factory.BcSHA1DigestFactory; |
32 |
|
import org.xwiki.crypto.internal.encoder.Base64BinaryStringEncoder; |
33 |
|
import org.xwiki.crypto.pkix.CertificateFactory; |
34 |
|
import org.xwiki.crypto.pkix.params.CertifiedPublicKey; |
35 |
|
import org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey; |
36 |
|
import org.xwiki.crypto.pkix.params.x509certificate.extension.ExtendedKeyUsages; |
37 |
|
import org.xwiki.crypto.pkix.params.x509certificate.extension.KeyUsage; |
38 |
|
import org.xwiki.crypto.pkix.params.x509certificate.extension.X509Extensions; |
39 |
|
import org.xwiki.crypto.signer.internal.factory.BcDSAwithSHA1SignerFactory; |
40 |
|
import org.xwiki.crypto.signer.internal.factory.BcSHA1withRsaSignerFactory; |
41 |
|
import org.xwiki.crypto.signer.internal.factory.DefaultSignerFactory; |
42 |
|
import org.xwiki.test.annotation.ComponentList; |
43 |
|
import org.xwiki.test.mockito.MockitoComponentMockingRule; |
44 |
|
|
45 |
|
import static org.hamcrest.Matchers.notNullValue; |
46 |
|
import static org.hamcrest.core.IsEqual.equalTo; |
47 |
|
import static org.hamcrest.core.IsInstanceOf.instanceOf; |
48 |
|
import static org.junit.Assert.assertFalse; |
49 |
|
import static org.junit.Assert.assertThat; |
50 |
|
import static org.junit.Assert.assertTrue; |
51 |
|
|
52 |
|
@ComponentList({Base64BinaryStringEncoder.class, BcRSAKeyFactory.class, BcDSAKeyFactory.class, |
53 |
|
BcSHA1DigestFactory.class, BcSHA1withRsaSignerFactory.class, |
54 |
|
DefaultSignerFactory.class, BcDSAwithSHA1SignerFactory.class}) |
|
|
| 100% |
Uncovered Elements: 0 (68) |
Complexity: 8 |
Complexity Density: 0.14 |
|
55 |
|
public class BcX509CertificateFactoryTest extends AbstractPKIXTest |
56 |
|
{ |
57 |
|
@Rule |
58 |
|
public final MockitoComponentMockingRule<CertificateFactory> mocker = |
59 |
|
new MockitoComponentMockingRule<CertificateFactory>(BcX509CertificateFactory.class); |
60 |
|
|
61 |
|
private CertificateFactory factory; |
62 |
|
private static byte[] v1CaCert; |
63 |
|
private static byte[] v1Cert; |
64 |
|
private static byte[] v3CaCert; |
65 |
|
private static byte[] v3InterCaCert; |
66 |
|
private static byte[] v3Cert; |
67 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (9) |
Complexity: 2 |
Complexity Density: 0.29 |
|
68 |
5 |
public void setupTest(MockitoComponentMockingRule<CertificateFactory> mocker) throws Exception... |
69 |
|
{ |
70 |
|
|
71 |
5 |
if (v1CaCert == null) { |
72 |
1 |
BinaryStringEncoder base64encoder = mocker.getInstance(BinaryStringEncoder.class, "Base64"); |
73 |
1 |
v1CaCert = base64encoder.decode(V1_CA_CERT); |
74 |
1 |
v1Cert = base64encoder.decode(V1_CERT); |
75 |
1 |
v3CaCert = base64encoder.decode(V3_CA_CERT); |
76 |
1 |
v3InterCaCert = base64encoder.decode(V3_ITERCA_CERT); |
77 |
1 |
v3Cert = base64encoder.decode(V3_CERT); |
78 |
|
} |
79 |
|
} |
80 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (2) |
Complexity: 1 |
Complexity Density: 0.5 |
|
81 |
5 |
@Before... |
82 |
|
public void configure() throws Exception |
83 |
|
{ |
84 |
5 |
factory = mocker.getComponentUnderTest(); |
85 |
5 |
setupTest(mocker); |
86 |
|
} |
87 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (6) |
Complexity: 1 |
Complexity Density: 0.17 |
1PASS
|
|
88 |
1 |
@Test... |
89 |
|
public void testV1CaCert() throws Exception |
90 |
|
{ |
91 |
1 |
CertifiedPublicKey certificate = factory.decode(v1CaCert); |
92 |
|
|
93 |
1 |
assertTrue("CA should verify itself.", certificate.isSignedBy(certificate.getPublicKeyParameters())); |
94 |
|
|
95 |
1 |
assertThat(certificate, instanceOf(X509CertifiedPublicKey.class)); |
96 |
1 |
X509CertifiedPublicKey cert = (X509CertifiedPublicKey) certificate; |
97 |
1 |
assertThat(cert.getVersionNumber(), equalTo(1)); |
98 |
1 |
assertThat(cert.isRootCA(), equalTo(true)); |
99 |
|
} |
100 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (6) |
Complexity: 1 |
Complexity Density: 0.17 |
1PASS
|
|
101 |
1 |
@Test... |
102 |
|
public void testV1Cert() throws Exception |
103 |
|
{ |
104 |
1 |
CertifiedPublicKey caCert = factory.decode(v1CaCert); |
105 |
1 |
CertifiedPublicKey certificate = factory.decode(v1Cert); |
106 |
|
|
107 |
1 |
assertTrue("End certificate should be verified by CA.", certificate.isSignedBy(caCert.getPublicKeyParameters())); |
108 |
|
|
109 |
1 |
assertThat(certificate, instanceOf(X509CertifiedPublicKey.class)); |
110 |
1 |
X509CertifiedPublicKey cert = (X509CertifiedPublicKey) certificate; |
111 |
1 |
assertThat(cert.getVersionNumber(), equalTo(1)); |
112 |
|
} |
113 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (12) |
Complexity: 1 |
Complexity Density: 0.08 |
1PASS
|
|
114 |
1 |
@Test... |
115 |
|
public void testV3CaCert() throws Exception |
116 |
|
{ |
117 |
1 |
CertifiedPublicKey certificate = factory.decode(v3CaCert); |
118 |
|
|
119 |
1 |
assertTrue("CA should verify itself.", certificate.isSignedBy(certificate.getPublicKeyParameters())); |
120 |
|
|
121 |
1 |
assertThat(certificate, instanceOf(X509CertifiedPublicKey.class)); |
122 |
1 |
X509CertifiedPublicKey cert = (X509CertifiedPublicKey) certificate; |
123 |
1 |
assertThat(cert.getVersionNumber(), equalTo(3)); |
124 |
|
|
125 |
1 |
assertTrue("Basic constraints should be critical.", cert.getExtensions().isCritical(X509Extensions.BASIC_CONSTRAINTS_OID)); |
126 |
1 |
assertTrue("Basic constraints should be set to CA.", cert.getExtensions().hasCertificateAuthorityBasicConstraints()); |
127 |
1 |
assertTrue("KeyUsage extension should be critical.", cert.getExtensions().isCritical(KeyUsage.OID)); |
128 |
1 |
assertThat(cert.getExtensions().getKeyUsage(), equalTo(EnumSet.of(KeyUsage.keyCertSign, |
129 |
|
KeyUsage.cRLSign))); |
130 |
1 |
assertThat(cert.getAuthorityKeyIdentifier(), notNullValue()); |
131 |
1 |
assertThat(cert.getAuthorityKeyIdentifier(), |
132 |
|
equalTo(cert.getSubjectKeyIdentifier())); |
133 |
1 |
assertThat(cert.isRootCA(), equalTo(true)); |
134 |
|
} |
135 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (13) |
Complexity: 1 |
Complexity Density: 0.08 |
1PASS
|
|
136 |
1 |
@Test... |
137 |
|
public void testV3InterCACert() throws Exception |
138 |
|
{ |
139 |
1 |
CertifiedPublicKey caCert = factory.decode(v3CaCert); |
140 |
1 |
CertifiedPublicKey interCaCert = factory.decode(v3InterCaCert); |
141 |
|
|
142 |
1 |
assertTrue("Intermediate CA certificate should be verified by CA.", |
143 |
|
interCaCert.isSignedBy(caCert.getPublicKeyParameters())); |
144 |
|
|
145 |
1 |
assertThat(interCaCert, instanceOf(X509CertifiedPublicKey.class)); |
146 |
1 |
X509CertifiedPublicKey cert = (X509CertifiedPublicKey) interCaCert; |
147 |
1 |
assertThat(cert.getVersionNumber(), equalTo(3)); |
148 |
|
|
149 |
1 |
assertTrue("Basic constraints should be critical.", |
150 |
|
cert.getExtensions().isCritical(X509Extensions.BASIC_CONSTRAINTS_OID)); |
151 |
1 |
assertTrue("Basic constraints should be set to CA.", |
152 |
|
cert.getExtensions().hasCertificateAuthorityBasicConstraints()); |
153 |
1 |
assertThat(cert.getExtensions().getBasicConstraintsPathLen(), equalTo(0)); |
154 |
1 |
assertTrue("KeyUsage extension should be critical.", cert.getExtensions().isCritical(KeyUsage.OID)); |
155 |
1 |
assertThat(cert.getExtensions().getKeyUsage(), equalTo(EnumSet.of(KeyUsage.keyCertSign, |
156 |
|
KeyUsage.cRLSign))); |
157 |
|
|
158 |
1 |
assertThat(cert.getAuthorityKeyIdentifier(), |
159 |
|
equalTo(((X509CertifiedPublicKey) caCert).getSubjectKeyIdentifier())); |
160 |
1 |
assertThat(cert.isRootCA(), equalTo(false)); |
161 |
|
} |
162 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (13) |
Complexity: 1 |
Complexity Density: 0.08 |
1PASS
|
|
163 |
1 |
@Test... |
164 |
|
public void testV3Cert() throws Exception |
165 |
|
{ |
166 |
1 |
CertifiedPublicKey interCaCert = factory.decode(v3InterCaCert); |
167 |
1 |
CertifiedPublicKey certificate = factory.decode(v3Cert); |
168 |
|
|
169 |
1 |
assertTrue("End certificate should be verified by CA.", |
170 |
|
certificate.isSignedBy(interCaCert.getPublicKeyParameters())); |
171 |
|
|
172 |
1 |
assertThat(certificate, instanceOf(X509CertifiedPublicKey.class)); |
173 |
1 |
X509CertifiedPublicKey cert = (X509CertifiedPublicKey) certificate; |
174 |
1 |
assertThat(cert.getVersionNumber(), equalTo(3)); |
175 |
|
|
176 |
1 |
assertTrue("KeyUsage extension should be critical.", cert.getExtensions().isCritical(KeyUsage.OID)); |
177 |
1 |
assertThat(cert.getExtensions().getKeyUsage(), equalTo(EnumSet.of(KeyUsage.digitalSignature, |
178 |
|
KeyUsage.dataEncipherment))); |
179 |
1 |
assertFalse("ExtendedKeyUsage extension should be non critical.", |
180 |
|
cert.getExtensions().isCritical(ExtendedKeyUsages.OID)); |
181 |
1 |
assertThat(cert.getExtensions().getExtendedKeyUsage().getAll().toArray(new String[0]), equalTo( |
182 |
|
new String[]{ExtendedKeyUsages.EMAIL_PROTECTION})); |
183 |
1 |
assertTrue("Email data protection extended usage should be set.", |
184 |
|
cert.getExtensions().getExtendedKeyUsage().hasUsage(ExtendedKeyUsages.EMAIL_PROTECTION)); |
185 |
|
|
186 |
1 |
assertThat(cert.getAuthorityKeyIdentifier(), |
187 |
|
equalTo(((X509CertifiedPublicKey) interCaCert).getSubjectKeyIdentifier())); |
188 |
1 |
assertThat(cert.isRootCA(), equalTo(false)); |
189 |
|
} |
190 |
|
|
191 |
|
} |