1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
|
18 |
|
|
19 |
|
|
20 |
|
package org.xwiki.crypto.pkix.internal; |
21 |
|
|
22 |
|
import java.net.InetAddress; |
23 |
|
import java.net.URI; |
24 |
|
import java.net.URL; |
25 |
|
import java.util.Date; |
26 |
|
import java.util.EnumSet; |
27 |
|
import java.util.List; |
28 |
|
|
29 |
|
import javax.mail.internet.InternetAddress; |
30 |
|
|
31 |
|
import org.bouncycastle.util.IPAddress; |
32 |
|
import org.hamcrest.Matchers; |
33 |
|
import org.junit.Before; |
34 |
|
import org.junit.Rule; |
35 |
|
import org.junit.Test; |
36 |
|
import org.xwiki.crypto.AbstractPKIXTest; |
37 |
|
import org.xwiki.crypto.AsymmetricKeyFactory; |
38 |
|
import org.xwiki.crypto.BinaryStringEncoder; |
39 |
|
import org.xwiki.crypto.internal.DefaultSecureRandomProvider; |
40 |
|
import org.xwiki.crypto.internal.asymmetric.keyfactory.BcDSAKeyFactory; |
41 |
|
import org.xwiki.crypto.internal.asymmetric.keyfactory.BcRSAKeyFactory; |
42 |
|
import org.xwiki.crypto.internal.digest.factory.BcSHA1DigestFactory; |
43 |
|
import org.xwiki.crypto.internal.encoder.Base64BinaryStringEncoder; |
44 |
|
import org.xwiki.crypto.params.cipher.asymmetric.PrivateKeyParameters; |
45 |
|
import org.xwiki.crypto.params.cipher.asymmetric.PublicKeyParameters; |
46 |
|
import org.xwiki.crypto.pkix.CertificateGenerator; |
47 |
|
import org.xwiki.crypto.pkix.CertificateGeneratorFactory; |
48 |
|
import org.xwiki.crypto.pkix.CertifyingSigner; |
49 |
|
import org.xwiki.crypto.pkix.X509ExtensionBuilder; |
50 |
|
import org.xwiki.crypto.pkix.internal.extension.DefaultX509ExtensionBuilder; |
51 |
|
import org.xwiki.crypto.pkix.params.CertifiedKeyPair; |
52 |
|
import org.xwiki.crypto.pkix.params.CertifiedPublicKey; |
53 |
|
import org.xwiki.crypto.pkix.params.PrincipalIndentifier; |
54 |
|
import org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName; |
55 |
|
import org.xwiki.crypto.pkix.params.x509certificate.X509CertificateGenerationParameters; |
56 |
|
import org.xwiki.crypto.pkix.params.x509certificate.X509CertificateParameters; |
57 |
|
import org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey; |
58 |
|
import org.xwiki.crypto.pkix.params.x509certificate.extension.ExtendedKeyUsages; |
59 |
|
import org.xwiki.crypto.pkix.params.x509certificate.extension.KeyUsage; |
60 |
|
import org.xwiki.crypto.pkix.params.x509certificate.extension.X509DirectoryName; |
61 |
|
import org.xwiki.crypto.pkix.params.x509certificate.extension.X509DnsName; |
62 |
|
import org.xwiki.crypto.pkix.params.x509certificate.extension.X509Extensions; |
63 |
|
import org.xwiki.crypto.pkix.params.x509certificate.extension.X509GeneralName; |
64 |
|
import org.xwiki.crypto.pkix.params.x509certificate.extension.X509IpAddress; |
65 |
|
import org.xwiki.crypto.pkix.params.x509certificate.extension.X509Rfc822Name; |
66 |
|
import org.xwiki.crypto.pkix.params.x509certificate.extension.X509StringGeneralName; |
67 |
|
import org.xwiki.crypto.pkix.params.x509certificate.extension.X509URI; |
68 |
|
import org.xwiki.crypto.signer.SignerFactory; |
69 |
|
import org.xwiki.crypto.signer.internal.factory.BcDSAwithSHA1SignerFactory; |
70 |
|
import org.xwiki.crypto.signer.internal.factory.BcSHA1withRsaSignerFactory; |
71 |
|
import org.xwiki.crypto.signer.internal.factory.DefaultSignerFactory; |
72 |
|
import org.xwiki.test.annotation.ComponentList; |
73 |
|
import org.xwiki.test.mockito.MockitoComponentMockingRule; |
74 |
|
|
75 |
|
import static org.hamcrest.Matchers.greaterThan; |
76 |
|
import static org.hamcrest.Matchers.lessThan; |
77 |
|
import static org.hamcrest.Matchers.notNullValue; |
78 |
|
import static org.hamcrest.core.AnyOf.anyOf; |
79 |
|
import static org.hamcrest.core.IsEqual.equalTo; |
80 |
|
import static org.hamcrest.core.IsInstanceOf.instanceOf; |
81 |
|
import static org.junit.Assert.assertFalse; |
82 |
|
import static org.junit.Assert.assertThat; |
83 |
|
import static org.junit.Assert.assertTrue; |
84 |
|
import static org.junit.Assert.fail; |
85 |
|
|
86 |
|
@ComponentList({Base64BinaryStringEncoder.class, DefaultSecureRandomProvider.class, BcRSAKeyFactory.class, |
87 |
|
BcDSAKeyFactory.class, BcSHA1DigestFactory.class, BcSHA1withRsaSignerFactory.class, DefaultSignerFactory.class, |
88 |
|
BcX509CertificateFactory.class, BcDSAwithSHA1SignerFactory.class}) |
|
|
| 98.6% |
Uncovered Elements: 2 (144) |
Complexity: 16 |
Complexity Density: 0.13 |
|
89 |
|
public class BcX509CertificateGeneratorFactoryTest extends AbstractPKIXTest |
90 |
|
{ |
91 |
|
@Rule |
92 |
|
public final MockitoComponentMockingRule<CertificateGeneratorFactory> mocker = |
93 |
|
new MockitoComponentMockingRule<CertificateGeneratorFactory>(BcX509CertificateGeneratorFactory.class); |
94 |
|
|
95 |
|
@Rule |
96 |
|
public final MockitoComponentMockingRule<X509ExtensionBuilder> builderMocker = |
97 |
|
new MockitoComponentMockingRule<X509ExtensionBuilder>(DefaultX509ExtensionBuilder.class); |
98 |
|
|
99 |
|
private CertificateGeneratorFactory factory; |
100 |
|
private SignerFactory signerFactory; |
101 |
|
private static PrivateKeyParameters rsaPrivateKey; |
102 |
|
private static PublicKeyParameters rsaPublicKey; |
103 |
|
private static PrivateKeyParameters interCaDsaPrivateKey; |
104 |
|
private static PublicKeyParameters interCaDsaPublicKey; |
105 |
|
@SuppressWarnings("unused") |
106 |
|
private static PrivateKeyParameters dsaPrivateKey; |
107 |
|
private static PublicKeyParameters dsaPublicKey; |
108 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (12) |
Complexity: 2 |
Complexity Density: 0.2 |
|
109 |
6 |
public void setupTest(MockitoComponentMockingRule<CertificateGeneratorFactory> mocker) throws Exception... |
110 |
|
{ |
111 |
|
|
112 |
6 |
if (rsaPrivateKey == null) { |
113 |
1 |
BinaryStringEncoder base64encoder = mocker.getInstance(BinaryStringEncoder.class, "Base64"); |
114 |
1 |
AsymmetricKeyFactory keyFactory = mocker.getInstance(AsymmetricKeyFactory.class, "RSA"); |
115 |
1 |
rsaPrivateKey = keyFactory.fromPKCS8(base64encoder.decode(RSA_PRIVATE_KEY)); |
116 |
1 |
rsaPublicKey = keyFactory.fromX509(base64encoder.decode(RSA_PUBLIC_KEY)); |
117 |
1 |
keyFactory = mocker.getInstance(AsymmetricKeyFactory.class, "DSA"); |
118 |
1 |
interCaDsaPrivateKey = keyFactory.fromPKCS8(base64encoder.decode(INTERCA_DSA_PRIVATE_KEY)); |
119 |
1 |
interCaDsaPublicKey = keyFactory.fromX509(base64encoder.decode(INTERCA_DSA_PUBLIC_KEY)); |
120 |
1 |
dsaPrivateKey = keyFactory.fromPKCS8(base64encoder.decode(DSA_PRIVATE_KEY)); |
121 |
1 |
dsaPublicKey = keyFactory.fromX509(base64encoder.decode(DSA_PUBLIC_KEY)); |
122 |
|
} |
123 |
|
} |
124 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (3) |
Complexity: 1 |
Complexity Density: 0.33 |
|
125 |
6 |
@Before... |
126 |
|
public void configure() throws Exception |
127 |
|
{ |
128 |
6 |
factory = mocker.getComponentUnderTest(); |
129 |
6 |
signerFactory = mocker.getInstance(SignerFactory.class, "SHA1withRSAEncryption"); |
130 |
6 |
setupTest(mocker); |
131 |
|
} |
132 |
|
|
133 |
|
|
134 |
|
|
135 |
|
|
136 |
|
|
137 |
|
|
138 |
|
|
139 |
|
|
140 |
|
|
141 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (17) |
Complexity: 1 |
Complexity Density: 0.06 |
|
142 |
3 |
private X509CertifiedPublicKey checkSelfSigned(CertifiedPublicKey certificate, int version) throws Exception {... |
143 |
3 |
assertThat(certificate.getIssuer(), equalTo((PrincipalIndentifier) new DistinguishedName("CN=Test"))); |
144 |
3 |
assertThat(certificate.getSubject(), equalTo((PrincipalIndentifier) new DistinguishedName("CN=Test"))); |
145 |
3 |
assertThat(certificate.getIssuer(), equalTo(certificate.getSubject())); |
146 |
3 |
assertTrue("Signature should match used private key.", certificate.isSignedBy(rsaPublicKey)); |
147 |
3 |
assertTrue("Signature should match subject public key.", |
148 |
|
certificate.isSignedBy(certificate.getPublicKeyParameters())); |
149 |
|
|
150 |
3 |
assertThat(certificate, instanceOf(X509CertifiedPublicKey.class)); |
151 |
3 |
X509CertifiedPublicKey x509cert = (X509CertifiedPublicKey) certificate; |
152 |
|
|
153 |
|
|
154 |
|
|
155 |
3 |
assertThat(x509cert.getVersionNumber(), equalTo(version)); |
156 |
|
|
157 |
3 |
Date yesterday = new Date(System.currentTimeMillis() - 86400000); |
158 |
3 |
Date inMoreThan500Days = new Date(System.currentTimeMillis() + 43286400000L); |
159 |
|
|
160 |
3 |
assertTrue("Certificate should be valid today.", x509cert.isValidOn(new Date())); |
161 |
3 |
assertThat(x509cert.getNotBefore().getTime(), greaterThan(yesterday.getTime())); |
162 |
3 |
assertThat(x509cert.getNotAfter().getTime(), lessThan(inMoreThan500Days.getTime())); |
163 |
3 |
assertFalse("Certificate should not be valid yesterday.", |
164 |
|
x509cert.isValidOn(yesterday)); |
165 |
3 |
assertFalse("Certificate should not be valid in more than 500 days.", |
166 |
|
x509cert.isValidOn(inMoreThan500Days)); |
167 |
3 |
assertTrue(x509cert.isRootCA()); |
168 |
|
|
169 |
3 |
return x509cert; |
170 |
|
} |
171 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (15) |
Complexity: 1 |
Complexity Density: 0.07 |
|
172 |
2 |
private X509CertifiedPublicKey checkRootSigned(CertifiedPublicKey certificate, int version) throws Exception... |
173 |
|
{ |
174 |
2 |
assertThat(certificate.getIssuer(), equalTo((PrincipalIndentifier) new DistinguishedName("CN=Test CA"))); |
175 |
2 |
assertThat(certificate.getSubject(), equalTo((PrincipalIndentifier) new DistinguishedName("CN=Test End Entity"))); |
176 |
2 |
assertTrue("Signature should match used private key.", certificate.isSignedBy(rsaPublicKey)); |
177 |
|
|
178 |
2 |
assertThat(certificate, instanceOf(X509CertifiedPublicKey.class)); |
179 |
2 |
X509CertifiedPublicKey x509cert = (X509CertifiedPublicKey) certificate; |
180 |
|
|
181 |
|
|
182 |
|
|
183 |
2 |
assertThat(x509cert.getVersionNumber(), equalTo(version)); |
184 |
|
|
185 |
2 |
Date yesterday = new Date(System.currentTimeMillis() - 86400000); |
186 |
2 |
Date inMoreThan500Days = new Date(System.currentTimeMillis() + 43286400000L); |
187 |
|
|
188 |
2 |
assertTrue("Certificate should be valid today.", x509cert.isValidOn(new Date())); |
189 |
2 |
assertThat(x509cert.getNotBefore().getTime(), greaterThan(yesterday.getTime())); |
190 |
2 |
assertThat(x509cert.getNotAfter().getTime(), lessThan(inMoreThan500Days.getTime())); |
191 |
2 |
assertFalse("Certificate should not be valid yesterday.", |
192 |
|
x509cert.isValidOn(yesterday)); |
193 |
2 |
assertFalse("Certificate should not be valid in more than 500 days.", |
194 |
|
x509cert.isValidOn(inMoreThan500Days)); |
195 |
2 |
assertFalse(x509cert.isRootCA()); |
196 |
|
|
197 |
2 |
return x509cert; |
198 |
|
} |
199 |
|
|
200 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (2) |
Complexity: 1 |
Complexity Density: 0.5 |
1PASS
|
|
201 |
1 |
@Test... |
202 |
|
public void testGenerateSelfSignedCertificateVersion1() throws Exception |
203 |
|
{ |
204 |
1 |
CertifiedPublicKey certificate = |
205 |
|
factory.getInstance(signerFactory.getInstance(true, rsaPrivateKey), |
206 |
|
new X509CertificateGenerationParameters()) |
207 |
|
.generate(new DistinguishedName("CN=Test"), rsaPublicKey, |
208 |
|
new X509CertificateParameters()); |
209 |
|
|
210 |
1 |
checkSelfSigned(certificate, 1); |
211 |
|
} |
212 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (2) |
Complexity: 1 |
Complexity Density: 0.5 |
1PASS
|
|
213 |
1 |
@Test... |
214 |
|
public void testGenerateSelfSignedCertificateVersion3WithoutExtension() throws Exception |
215 |
|
{ |
216 |
1 |
CertifiedPublicKey certificate = |
217 |
|
factory.getInstance(signerFactory.getInstance(true, rsaPrivateKey), |
218 |
|
new X509CertificateGenerationParameters(null)) |
219 |
|
.generate(new DistinguishedName("CN=Test"), rsaPublicKey, |
220 |
|
new X509CertificateParameters()); |
221 |
|
|
222 |
1 |
checkSelfSigned(certificate, 3); |
223 |
|
} |
224 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (9) |
Complexity: 1 |
Complexity Density: 0.11 |
1PASS
|
|
225 |
1 |
@Test... |
226 |
|
public void testGenerateSelfSignedCertificateVersion3RootCa() throws Exception |
227 |
|
{ |
228 |
1 |
X509ExtensionBuilder builder = builderMocker.getComponentUnderTest(); |
229 |
|
|
230 |
1 |
CertifiedPublicKey certificate = |
231 |
|
factory.getInstance(signerFactory.getInstance(true, rsaPrivateKey), |
232 |
|
new X509CertificateGenerationParameters( |
233 |
|
builder.addBasicConstraints(true) |
234 |
|
.addKeyUsage(true, EnumSet.of(KeyUsage.keyCertSign, |
235 |
|
KeyUsage.cRLSign)) |
236 |
|
.build())) |
237 |
|
.generate(new DistinguishedName("CN=Test"), rsaPublicKey, |
238 |
|
new X509CertificateParameters()); |
239 |
|
|
240 |
1 |
X509CertifiedPublicKey cert = checkSelfSigned(certificate, 3); |
241 |
|
|
242 |
1 |
assertTrue("Basic constraints should be critical.", cert.getExtensions().isCritical(X509Extensions.BASIC_CONSTRAINTS_OID)); |
243 |
1 |
assertTrue("Basic constraints should be set to CA.", cert.getExtensions().hasCertificateAuthorityBasicConstraints()); |
244 |
1 |
assertTrue("KeyUsage extension should be critical.", cert.getExtensions().isCritical(KeyUsage.OID)); |
245 |
1 |
assertThat(cert.getExtensions().getKeyUsage(), equalTo(EnumSet.of(KeyUsage.keyCertSign, |
246 |
|
KeyUsage.cRLSign))); |
247 |
1 |
assertThat(cert.getAuthorityKeyIdentifier(), notNullValue()); |
248 |
1 |
assertThat(cert.getAuthorityKeyIdentifier(), |
249 |
|
equalTo(cert.getSubjectKeyIdentifier())); |
250 |
|
} |
251 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (3) |
Complexity: 1 |
Complexity Density: 0.33 |
1PASS
|
|
252 |
1 |
@Test... |
253 |
|
public void testGenerateEndEntitySignedCertificateVersion1() throws Exception |
254 |
|
{ |
255 |
1 |
CertifiedPublicKey caCertificate = |
256 |
|
factory.getInstance(signerFactory.getInstance(true, rsaPrivateKey), |
257 |
|
new X509CertificateGenerationParameters( |
258 |
|
|
259 |
|
)) |
260 |
|
.generate(new DistinguishedName("CN=Test CA"), rsaPublicKey, |
261 |
|
new X509CertificateParameters()); |
262 |
|
|
263 |
|
|
264 |
|
|
265 |
1 |
CertifiedPublicKey certificate = |
266 |
|
factory.getInstance( |
267 |
|
CertifyingSigner.getInstance(true, new CertifiedKeyPair(rsaPrivateKey, caCertificate), signerFactory), |
268 |
|
new X509CertificateGenerationParameters( |
269 |
|
|
270 |
|
) |
271 |
|
).generate(new DistinguishedName("CN=Test End Entity"), dsaPublicKey, |
272 |
|
new X509CertificateParameters()); |
273 |
|
|
274 |
1 |
checkRootSigned(certificate, 1); |
275 |
|
} |
276 |
|
|
|
|
| 95.3% |
Uncovered Elements: 2 (43) |
Complexity: 6 |
Complexity Density: 0.18 |
1PASS
|
|
277 |
1 |
@Test... |
278 |
|
public void testGenerateEndEntitySignedCertificateVersion3() throws Exception |
279 |
|
{ |
280 |
1 |
X509ExtensionBuilder builder = builderMocker.getComponentUnderTest(); |
281 |
|
|
282 |
1 |
CertifiedPublicKey caCertificate = |
283 |
|
factory.getInstance(signerFactory.getInstance(true, rsaPrivateKey), |
284 |
|
new X509CertificateGenerationParameters( |
285 |
|
builder.addBasicConstraints(true) |
286 |
|
.addKeyUsage(true, EnumSet.of(KeyUsage.keyCertSign, |
287 |
|
KeyUsage.cRLSign)) |
288 |
|
.build())) |
289 |
|
.generate(new DistinguishedName("CN=Test CA"), rsaPublicKey, |
290 |
|
new X509CertificateParameters()); |
291 |
|
|
292 |
1 |
builder = builderMocker.getComponentUnderTest(); |
293 |
|
|
294 |
1 |
CertificateGenerator generator = factory.getInstance( |
295 |
|
CertifyingSigner.getInstance(true, new CertifiedKeyPair(rsaPrivateKey, caCertificate), signerFactory), |
296 |
|
new X509CertificateGenerationParameters( |
297 |
|
builder.addKeyUsage(EnumSet.of(KeyUsage.digitalSignature, |
298 |
|
KeyUsage.dataEncipherment)) |
299 |
|
.addExtendedKeyUsage(false, |
300 |
|
new ExtendedKeyUsages(new String[]{ExtendedKeyUsages.EMAIL_PROTECTION})) |
301 |
|
.build())); |
302 |
|
|
303 |
1 |
builder = builderMocker.getComponentUnderTest(); |
304 |
|
|
305 |
1 |
CertifiedPublicKey certificate = |
306 |
|
generator.generate(new DistinguishedName("CN=Test End Entity"), dsaPublicKey, |
307 |
|
new X509CertificateParameters( |
308 |
|
builder.addSubjectAltName(false, |
309 |
|
new X509GeneralName[] { |
310 |
|
new X509Rfc822Name("test@example.com"), |
311 |
|
new X509Rfc822Name(new InternetAddress("test@test.com")), |
312 |
|
new X509DnsName("example.com"), |
313 |
|
new X509DirectoryName("CN=Test"), |
314 |
|
new X509IpAddress("192.168.1.1"), |
315 |
|
new X509IpAddress("192.168.2.0/24"), |
316 |
|
new X509IpAddress("192.168.3.0/255.255.255.0"), |
317 |
|
new X509IpAddress(InetAddress.getByName("192.168.4.1")), |
318 |
|
new X509IpAddress(InetAddress.getByName("192.168.5.0"),InetAddress.getByName("255.255.255.0")), |
319 |
|
new X509IpAddress("2001:db8:0:85a3::ac1f:8001"), |
320 |
|
new X509IpAddress("2001:db8:1f89::/48"), |
321 |
|
new X509IpAddress(InetAddress.getByName("2001:db8:0:85a3::ac1f:8001")), |
322 |
|
new X509IpAddress(InetAddress.getByName("2001:db8:1f89::"),InetAddress.getByName("ffff:ffff:ffff::")), |
323 |
|
new X509URI("http://xwiki.org"), |
324 |
|
new X509URI(new URL("http://myxwiki.org")) |
325 |
|
}) |
326 |
|
.build() |
327 |
|
)); |
328 |
|
|
329 |
1 |
X509CertifiedPublicKey cert = checkRootSigned(certificate, 3); |
330 |
|
|
331 |
1 |
assertThat(cert.getExtensions().getExtensionOID(), equalTo(new String[] {"2.5.29.35", "2.5.29.14", "2.5.29.15", "2.5.29.37", "2.5.29.17"})); |
332 |
1 |
assertThat(cert.getExtensions().getCriticalExtensionOID(), equalTo(new String[] {"2.5.29.15"})); |
333 |
1 |
assertThat(cert.getExtensions().getNonCriticalExtensionOID(), equalTo(new String[] {"2.5.29.35", "2.5.29.14", "2.5.29.37", "2.5.29.17"})); |
334 |
|
|
335 |
1 |
assertTrue("KeyUsage extension should be critical.", cert.getExtensions().isCritical(KeyUsage.OID)); |
336 |
1 |
assertThat(cert.getExtensions().getKeyUsage(), equalTo(EnumSet.of(KeyUsage.digitalSignature, |
337 |
|
KeyUsage.dataEncipherment))); |
338 |
1 |
assertFalse("ExtendedKeyUsage extension should be non critical.", |
339 |
|
cert.getExtensions().isCritical(ExtendedKeyUsages.OID)); |
340 |
1 |
assertThat(cert.getExtensions().getExtendedKeyUsage().getAll().toArray(new String[0]), equalTo( |
341 |
|
new String[]{ExtendedKeyUsages.EMAIL_PROTECTION})); |
342 |
1 |
assertTrue("Email data protection extended usage should be set.", |
343 |
|
cert.getExtensions().getExtendedKeyUsage().hasUsage(ExtendedKeyUsages.EMAIL_PROTECTION)); |
344 |
|
|
345 |
1 |
List<X509GeneralName> names = cert.getExtensions().getSubjectAltName(); |
346 |
|
|
347 |
1 |
assertThat(names.size(), equalTo(15)); |
348 |
1 |
for (X509GeneralName name : names) { |
349 |
15 |
if (name instanceof X509Rfc822Name) { |
350 |
2 |
assertThat(((X509StringGeneralName) name).getName(), anyOf(equalTo("test@example.com"), equalTo("test@test.com"))); |
351 |
2 |
assertThat(((X509Rfc822Name) name).getAddress(), anyOf(equalTo(new InternetAddress("test@example.com")), |
352 |
|
equalTo(new InternetAddress("test@test.com")))); |
353 |
13 |
} else if (name instanceof X509DnsName) { |
354 |
1 |
assertThat(((X509StringGeneralName) name).getName(), equalTo("example.com")); |
355 |
1 |
assertThat(((X509DnsName) name).getDomain(), equalTo("example.com")); |
356 |
12 |
} else if (name instanceof X509DirectoryName) { |
357 |
1 |
assertThat(((X509StringGeneralName) name).getName(), equalTo("CN=Test")); |
358 |
11 |
} else if (name instanceof X509URI) { |
359 |
2 |
assertThat(((X509StringGeneralName) name).getName(), anyOf(equalTo("http://xwiki.org"), |
360 |
|
equalTo("http://myxwiki.org"))); |
361 |
2 |
assertThat(((X509URI) name).getURI(), anyOf(equalTo(new URI("http://xwiki.org")), |
362 |
|
equalTo(new URI("http://myxwiki.org")))); |
363 |
2 |
assertThat(((X509URI) name).getURL(), anyOf(equalTo(new URL("http://xwiki.org")), |
364 |
|
equalTo(new URL("http://myxwiki.org")))); |
365 |
9 |
} else if (name instanceof X509IpAddress) { |
366 |
9 |
assertTrue("Invalid IP address: " + ((X509StringGeneralName) name).getName(), |
367 |
|
IPAddress.isValid(((X509StringGeneralName) name).getName()) |
368 |
|
|| IPAddress.isValidWithNetMask(((X509StringGeneralName) name).getName())); |
369 |
|
} else { |
370 |
0 |
fail("Unexpected SubjectAltName type."); |
371 |
|
} |
372 |
|
} |
373 |
|
} |
374 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (28) |
Complexity: 1 |
Complexity Density: 0.04 |
1PASS
|
|
375 |
1 |
@Test... |
376 |
|
public void testGenerateIntermediateCertificateVersion3() throws Exception |
377 |
|
{ |
378 |
1 |
X509ExtensionBuilder builder = builderMocker.getComponentUnderTest(); |
379 |
|
|
380 |
1 |
CertifiedPublicKey caCertificate = |
381 |
|
factory.getInstance(signerFactory.getInstance(true, rsaPrivateKey), |
382 |
|
new X509CertificateGenerationParameters( |
383 |
|
|
384 |
|
builder.addBasicConstraints(true) |
385 |
|
.addKeyUsage(true, EnumSet.of(KeyUsage.keyCertSign, |
386 |
|
KeyUsage.cRLSign)) |
387 |
|
.build())) |
388 |
|
.generate(new DistinguishedName("CN=Test CA"), rsaPublicKey, |
389 |
|
new X509CertificateParameters()); |
390 |
|
|
391 |
|
|
392 |
|
|
393 |
1 |
X509CertifiedPublicKey caKey = (X509CertifiedPublicKey) caCertificate; |
394 |
|
|
395 |
1 |
builder = builderMocker.getComponentUnderTest(); |
396 |
|
|
397 |
1 |
CertificateGenerator generator = factory.getInstance( |
398 |
|
CertifyingSigner.getInstance(true, new CertifiedKeyPair(rsaPrivateKey, caCertificate), signerFactory), |
399 |
|
new X509CertificateGenerationParameters( |
400 |
|
|
401 |
|
builder.addBasicConstraints(0) |
402 |
|
.addKeyUsage(EnumSet.of(KeyUsage.keyCertSign, |
403 |
|
KeyUsage.cRLSign)) |
404 |
|
.build())); |
405 |
|
|
406 |
1 |
CertifiedPublicKey interCAcert = |
407 |
|
generator.generate(new DistinguishedName("CN=Test Intermediate CA"), interCaDsaPublicKey, |
408 |
|
new X509CertificateParameters()); |
409 |
|
|
410 |
|
|
411 |
|
|
412 |
1 |
assertTrue("Signature should match Root CA key.", interCAcert.isSignedBy(rsaPublicKey)); |
413 |
1 |
assertThat(interCAcert.getIssuer(), equalTo(caCertificate.getSubject())); |
414 |
1 |
assertThat(interCAcert.getSubject(), |
415 |
|
equalTo((PrincipalIndentifier) new DistinguishedName("CN=Test Intermediate CA"))); |
416 |
1 |
assertThat(interCAcert, instanceOf(X509CertifiedPublicKey.class)); |
417 |
|
|
418 |
1 |
X509CertifiedPublicKey interCaKey = (X509CertifiedPublicKey) interCAcert; |
419 |
|
|
420 |
1 |
assertThat(interCaKey.getVersionNumber(), equalTo(3)); |
421 |
1 |
assertTrue("Basic constraints should be critical.", |
422 |
|
interCaKey.getExtensions().isCritical(X509Extensions.BASIC_CONSTRAINTS_OID)); |
423 |
1 |
assertTrue("Basic constraints should be set to CA.", |
424 |
|
interCaKey.getExtensions().hasCertificateAuthorityBasicConstraints()); |
425 |
1 |
assertThat(interCaKey.getExtensions().getBasicConstraintsPathLen(), Matchers.equalTo(0)); |
426 |
1 |
assertTrue("KeyUsage extension should be critical.", interCaKey.getExtensions().isCritical(KeyUsage.OID)); |
427 |
1 |
assertThat(interCaKey.getExtensions().getKeyUsage(), equalTo(EnumSet.of(KeyUsage.keyCertSign, |
428 |
|
KeyUsage.cRLSign))); |
429 |
1 |
assertThat(interCaKey.getAuthorityKeyIdentifier(), |
430 |
|
equalTo(caKey.getSubjectKeyIdentifier())); |
431 |
|
|
432 |
1 |
builder = builderMocker.getComponentUnderTest(); |
433 |
|
|
434 |
1 |
generator = factory.getInstance( |
435 |
|
CertifyingSigner.getInstance(true, new CertifiedKeyPair(interCaDsaPrivateKey, interCAcert), (SignerFactory) mocker.getInstance(SignerFactory.class, "DSAwithSHA1")), |
436 |
|
new X509CertificateGenerationParameters( |
437 |
|
|
438 |
|
builder.addKeyUsage(EnumSet.of(KeyUsage.digitalSignature, |
439 |
|
KeyUsage.dataEncipherment)) |
440 |
|
.addExtendedKeyUsage(false, |
441 |
|
new ExtendedKeyUsages(new String[]{ExtendedKeyUsages.EMAIL_PROTECTION})) |
442 |
|
.build())); |
443 |
|
|
444 |
1 |
builder = builderMocker.getComponentUnderTest(); |
445 |
|
|
446 |
1 |
CertifiedPublicKey certificate = |
447 |
|
generator.generate(new DistinguishedName("CN=Test End Entity"), dsaPublicKey, |
448 |
|
new X509CertificateParameters( |
449 |
|
builder.addSubjectAltName(false, |
450 |
|
new X509GeneralName[] { |
451 |
|
new X509Rfc822Name("test@example.com") |
452 |
|
}) |
453 |
|
.build() |
454 |
|
)); |
455 |
|
|
456 |
|
|
457 |
|
|
458 |
1 |
assertTrue("Signature should match intermediate CA key.", certificate.isSignedBy(interCaDsaPublicKey)); |
459 |
1 |
assertThat(certificate.getIssuer(), equalTo(interCAcert.getSubject())); |
460 |
1 |
assertThat(certificate.getSubject(), equalTo((PrincipalIndentifier) new DistinguishedName("CN=Test End Entity"))); |
461 |
1 |
assertThat(certificate, instanceOf(X509CertifiedPublicKey.class)); |
462 |
|
|
463 |
1 |
X509CertifiedPublicKey key = (X509CertifiedPublicKey) certificate; |
464 |
1 |
assertThat(key.getAuthorityKeyIdentifier(), |
465 |
|
equalTo(interCaKey.getSubjectKeyIdentifier())); |
466 |
|
} |
467 |
|
} |