1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
|
18 |
|
|
19 |
|
|
20 |
|
|
21 |
|
package org.xwiki.crypto.signer.internal.cms; |
22 |
|
|
23 |
|
import java.util.Arrays; |
24 |
|
|
25 |
|
import org.junit.Before; |
26 |
|
import org.junit.Rule; |
27 |
|
import org.junit.Test; |
28 |
|
import org.xwiki.crypto.AbstractPKIXTest; |
29 |
|
import org.xwiki.crypto.AsymmetricKeyFactory; |
30 |
|
import org.xwiki.crypto.BinaryStringEncoder; |
31 |
|
import org.xwiki.crypto.internal.asymmetric.keyfactory.BcDSAKeyFactory; |
32 |
|
import org.xwiki.crypto.internal.asymmetric.keyfactory.BcRSAKeyFactory; |
33 |
|
import org.xwiki.crypto.internal.digest.factory.BcSHA1DigestFactory; |
34 |
|
import org.xwiki.crypto.internal.digest.factory.DefaultDigestFactory; |
35 |
|
import org.xwiki.crypto.internal.encoder.Base64BinaryStringEncoder; |
36 |
|
import org.xwiki.crypto.params.cipher.asymmetric.PrivateKeyParameters; |
37 |
|
import org.xwiki.crypto.pkix.CertificateFactory; |
38 |
|
import org.xwiki.crypto.pkix.CertifyingSigner; |
39 |
|
import org.xwiki.crypto.pkix.internal.BcStoreX509CertificateProvider; |
40 |
|
import org.xwiki.crypto.pkix.internal.BcX509CertificateChainBuilder; |
41 |
|
import org.xwiki.crypto.pkix.internal.BcX509CertificateFactory; |
42 |
|
import org.xwiki.crypto.pkix.params.CertifiedKeyPair; |
43 |
|
import org.xwiki.crypto.pkix.params.CertifiedPublicKey; |
44 |
|
import org.xwiki.crypto.signer.CMSSignedDataGenerator; |
45 |
|
import org.xwiki.crypto.signer.CMSSignedDataVerifier; |
46 |
|
import org.xwiki.crypto.signer.SignerFactory; |
47 |
|
import org.xwiki.crypto.signer.internal.DefaultBcContentVerifierProviderBuilder; |
48 |
|
import org.xwiki.crypto.signer.internal.factory.BcDSAwithSHA1SignerFactory; |
49 |
|
import org.xwiki.crypto.signer.internal.factory.BcSHA1withRsaSignerFactory; |
50 |
|
import org.xwiki.crypto.signer.internal.factory.DefaultSignerFactory; |
51 |
|
import org.xwiki.crypto.signer.param.CMSSignedDataGeneratorParameters; |
52 |
|
import org.xwiki.crypto.signer.param.CMSSignedDataVerified; |
53 |
|
import org.xwiki.crypto.signer.param.CMSSignerVerifiedInformation; |
54 |
|
import org.xwiki.test.annotation.ComponentList; |
55 |
|
import org.xwiki.test.mockito.MockitoComponentMockingRule; |
56 |
|
|
57 |
|
import static org.hamcrest.Matchers.contains; |
58 |
|
import static org.hamcrest.Matchers.containsInAnyOrder; |
59 |
|
import static org.hamcrest.Matchers.equalTo; |
60 |
|
import static org.junit.Assert.assertThat; |
61 |
|
|
62 |
|
@ComponentList({Base64BinaryStringEncoder.class, BcRSAKeyFactory.class, BcDSAKeyFactory.class, |
63 |
|
DefaultDigestFactory.class, BcSHA1DigestFactory.class, BcSHA1withRsaSignerFactory.class, |
64 |
|
BcDSAwithSHA1SignerFactory.class, DefaultSignerFactory.class, BcX509CertificateFactory.class, |
65 |
|
DefaultBcContentVerifierProviderBuilder.class, BcStoreX509CertificateProvider.class, |
66 |
|
BcX509CertificateChainBuilder.class}) |
|
|
| 100% |
Uncovered Elements: 0 (92) |
Complexity: 10 |
Complexity Density: 0.12 |
|
67 |
|
public class DefaultCMSSignedDataTest extends AbstractPKIXTest |
68 |
|
{ |
69 |
|
@Rule |
70 |
|
public final MockitoComponentMockingRule<CMSSignedDataGenerator> generatorMocker = |
71 |
|
new MockitoComponentMockingRule<CMSSignedDataGenerator>(DefaultCMSSignedDataGenerator.class); |
72 |
|
|
73 |
|
@Rule |
74 |
|
public final MockitoComponentMockingRule<CMSSignedDataVerifier> verifierMocker = |
75 |
|
new MockitoComponentMockingRule<CMSSignedDataVerifier>(DefaultCMSSignedDataVerifier.class); |
76 |
|
|
77 |
|
private CMSSignedDataGenerator generator; |
78 |
|
private CMSSignedDataVerifier verifier; |
79 |
|
@SuppressWarnings("unused") |
80 |
|
private static SignerFactory rsaSignerFactory; |
81 |
|
private static SignerFactory dsaSignerFactory; |
82 |
|
private static PrivateKeyParameters rsaPrivateKey; |
83 |
|
private static PrivateKeyParameters dsaPrivateKey; |
84 |
|
private static CertifiedPublicKey v3CaCert; |
85 |
|
private static CertifiedPublicKey v3InterCaCert; |
86 |
|
private static CertifiedPublicKey v3Cert; |
87 |
|
protected static byte[] text; |
88 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (15) |
Complexity: 2 |
Complexity Density: 0.15 |
|
89 |
7 |
public void setupTest(MockitoComponentMockingRule<CMSSignedDataGenerator> mocker) throws Exception... |
90 |
|
{ |
91 |
|
|
92 |
7 |
if (rsaPrivateKey == null) { |
93 |
1 |
BinaryStringEncoder base64encoder = mocker.getInstance(BinaryStringEncoder.class, "Base64"); |
94 |
1 |
AsymmetricKeyFactory rsaKeyFactory = mocker.getInstance(AsymmetricKeyFactory.class, "RSA"); |
95 |
1 |
AsymmetricKeyFactory dsaKeyFactory = mocker.getInstance(AsymmetricKeyFactory.class, "DSA"); |
96 |
1 |
CertificateFactory certFactory = mocker.getInstance(CertificateFactory.class, "X509"); |
97 |
1 |
rsaPrivateKey = rsaKeyFactory.fromPKCS8(base64encoder.decode(RSA_PRIVATE_KEY)); |
98 |
1 |
dsaPrivateKey = dsaKeyFactory.fromPKCS8(base64encoder.decode(DSA_PRIVATE_KEY)); |
99 |
1 |
v3CaCert = certFactory.decode(base64encoder.decode(V3_CA_CERT)); |
100 |
1 |
v3InterCaCert = certFactory.decode(base64encoder.decode(V3_ITERCA_CERT)); |
101 |
1 |
v3Cert = certFactory.decode(base64encoder.decode(V3_CERT)); |
102 |
1 |
text = TEXT.getBytes("UTF-8"); |
103 |
1 |
rsaSignerFactory = mocker.getInstance(SignerFactory.class, "SHA1withRSAEncryption"); |
104 |
1 |
dsaSignerFactory = mocker.getInstance(SignerFactory.class, "DSAwithSHA1"); |
105 |
|
} |
106 |
|
} |
107 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (3) |
Complexity: 1 |
Complexity Density: 0.33 |
|
108 |
7 |
@Before... |
109 |
|
public void configure() throws Exception |
110 |
|
{ |
111 |
7 |
generator = generatorMocker.getComponentUnderTest(); |
112 |
7 |
verifier = verifierMocker.getComponentUnderTest(); |
113 |
7 |
setupTest(generatorMocker); |
114 |
|
} |
115 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (10) |
Complexity: 1 |
Complexity Density: 0.1 |
1PASS
|
|
116 |
1 |
@Test... |
117 |
|
public void testDSASignatureAllEmbedded() throws Exception |
118 |
|
{ |
119 |
1 |
byte[] signature = generator.generate(text, |
120 |
|
new CMSSignedDataGeneratorParameters() |
121 |
|
.addSigner(CertifyingSigner.getInstance(true, |
122 |
|
new CertifiedKeyPair(dsaPrivateKey, v3Cert), dsaSignerFactory)) |
123 |
|
.addCertificate(v3Cert) |
124 |
|
.addCertificate(v3InterCaCert) |
125 |
|
.addCertificate(v3CaCert), true); |
126 |
|
|
127 |
1 |
CMSSignedDataVerified result = verifier.verify(signature); |
128 |
|
|
129 |
1 |
assertThat(result.isVerified(), equalTo(true)); |
130 |
1 |
assertThat(result.getCertificates(), containsInAnyOrder(v3CaCert, v3InterCaCert, v3Cert)); |
131 |
1 |
assertThat(result.getContent(), equalTo(text)); |
132 |
1 |
assertThat(result.getContentType(), equalTo("1.2.840.113549.1.7.1")); |
133 |
1 |
assertThat(result.getSignatures().size(),equalTo(1)); |
134 |
|
|
135 |
1 |
CMSSignerVerifiedInformation signerInfo = result.getSignatures().iterator().next(); |
136 |
|
|
137 |
1 |
assertThat(signerInfo.isVerified(), equalTo(true)); |
138 |
1 |
assertThat(signerInfo.getCertificateChain(), contains(v3CaCert, v3InterCaCert, v3Cert)); |
139 |
|
} |
140 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (10) |
Complexity: 1 |
Complexity Density: 0.1 |
1PASS
|
|
141 |
1 |
@Test... |
142 |
|
public void testDSASignatureWithExternalCerts() throws Exception |
143 |
|
{ |
144 |
1 |
byte[] signature = generator.generate(text, |
145 |
|
new CMSSignedDataGeneratorParameters() |
146 |
|
.addSigner(CertifyingSigner.getInstance(true, |
147 |
|
new CertifiedKeyPair(dsaPrivateKey, v3Cert), dsaSignerFactory)), true); |
148 |
|
|
149 |
1 |
CMSSignedDataVerified result = verifier.verify(signature, Arrays.asList(v3Cert, v3InterCaCert, v3CaCert)); |
150 |
|
|
151 |
1 |
assertThat(result.isVerified(), equalTo(true)); |
152 |
1 |
assertThat(result.getCertificates().isEmpty(), equalTo(true)); |
153 |
1 |
assertThat(result.getContent(), equalTo(text)); |
154 |
1 |
assertThat(result.getContentType(), equalTo("1.2.840.113549.1.7.1")); |
155 |
1 |
assertThat(result.getSignatures().size(),equalTo(1)); |
156 |
|
|
157 |
1 |
CMSSignerVerifiedInformation signerInfo = result.getSignatures().iterator().next(); |
158 |
|
|
159 |
1 |
assertThat(signerInfo.isVerified(), equalTo(true)); |
160 |
1 |
assertThat(signerInfo.getCertificateChain(), contains(v3CaCert, v3InterCaCert, v3Cert)); |
161 |
|
} |
162 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (10) |
Complexity: 1 |
Complexity Density: 0.1 |
1PASS
|
|
163 |
1 |
@Test... |
164 |
|
public void testDSADetachedSignatureWithEmbeddedCerts() throws Exception |
165 |
|
{ |
166 |
1 |
byte[] signature = generator.generate(text, |
167 |
|
new CMSSignedDataGeneratorParameters() |
168 |
|
.addSigner(CertifyingSigner.getInstance(true, |
169 |
|
new CertifiedKeyPair(dsaPrivateKey, v3Cert), dsaSignerFactory)) |
170 |
|
.addCertificate(v3Cert) |
171 |
|
.addCertificate(v3InterCaCert) |
172 |
|
.addCertificate(v3CaCert)); |
173 |
|
|
174 |
1 |
CMSSignedDataVerified result = verifier.verify(signature, text); |
175 |
|
|
176 |
1 |
assertThat(result.isVerified(), equalTo(true)); |
177 |
1 |
assertThat(result.getCertificates(), containsInAnyOrder(v3CaCert, v3InterCaCert, v3Cert)); |
178 |
1 |
assertThat(result.getContent(), equalTo(text)); |
179 |
1 |
assertThat(result.getContentType(), equalTo("1.2.840.113549.1.7.1")); |
180 |
1 |
assertThat(result.getSignatures().size(),equalTo(1)); |
181 |
|
|
182 |
1 |
CMSSignerVerifiedInformation signerInfo = result.getSignatures().iterator().next(); |
183 |
|
|
184 |
1 |
assertThat(signerInfo.isVerified(), equalTo(true)); |
185 |
1 |
assertThat(signerInfo.getCertificateChain(), contains(v3CaCert, v3InterCaCert, v3Cert)); |
186 |
|
} |
187 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (10) |
Complexity: 1 |
Complexity Density: 0.1 |
1PASS
|
|
188 |
1 |
@Test... |
189 |
|
public void testDSADetachedSignatureWithExternalCerts() throws Exception |
190 |
|
{ |
191 |
1 |
byte[] signature = generator.generate(text, |
192 |
|
new CMSSignedDataGeneratorParameters() |
193 |
|
.addSigner(CertifyingSigner.getInstance(true, |
194 |
|
new CertifiedKeyPair(dsaPrivateKey, v3Cert), dsaSignerFactory))); |
195 |
|
|
196 |
1 |
CMSSignedDataVerified result = verifier.verify(signature, text, Arrays.asList(v3Cert, v3InterCaCert, v3CaCert)); |
197 |
|
|
198 |
1 |
assertThat(result.isVerified(), equalTo(true)); |
199 |
1 |
assertThat(result.getCertificates().isEmpty(), equalTo(true)); |
200 |
1 |
assertThat(result.getContent(), equalTo(text)); |
201 |
1 |
assertThat(result.getContentType(), equalTo("1.2.840.113549.1.7.1")); |
202 |
1 |
assertThat(result.getSignatures().size(),equalTo(1)); |
203 |
|
|
204 |
1 |
CMSSignerVerifiedInformation signerInfo = result.getSignatures().iterator().next(); |
205 |
|
|
206 |
1 |
assertThat(signerInfo.isVerified(), equalTo(true)); |
207 |
1 |
assertThat(signerInfo.getCertificateChain(), contains(v3CaCert, v3InterCaCert, v3Cert)); |
208 |
|
} |
209 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (10) |
Complexity: 1 |
Complexity Density: 0.1 |
1PASS
|
|
210 |
1 |
@Test... |
211 |
|
public void testDSADetachedSignatureWitMixedCerts() throws Exception |
212 |
|
{ |
213 |
1 |
byte[] signature = generator.generate(text, |
214 |
|
new CMSSignedDataGeneratorParameters() |
215 |
|
.addSigner(CertifyingSigner.getInstance(true, |
216 |
|
new CertifiedKeyPair(dsaPrivateKey, v3Cert), dsaSignerFactory)) |
217 |
|
.addCertificate(v3Cert)); |
218 |
|
|
219 |
1 |
CMSSignedDataVerified result = verifier.verify(signature, text, Arrays.asList(v3InterCaCert, v3CaCert)); |
220 |
|
|
221 |
1 |
assertThat(result.isVerified(), equalTo(true)); |
222 |
1 |
assertThat(result.getCertificates(), containsInAnyOrder(v3Cert)); |
223 |
1 |
assertThat(result.getContent(), equalTo(text)); |
224 |
1 |
assertThat(result.getContentType(), equalTo("1.2.840.113549.1.7.1")); |
225 |
1 |
assertThat(result.getSignatures().size(),equalTo(1)); |
226 |
|
|
227 |
1 |
CMSSignerVerifiedInformation signerInfo = result.getSignatures().iterator().next(); |
228 |
|
|
229 |
1 |
assertThat(signerInfo.isVerified(), equalTo(true)); |
230 |
1 |
assertThat(signerInfo.getCertificateChain(), contains(v3CaCert, v3InterCaCert, v3Cert)); |
231 |
|
} |
232 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (5) |
Complexity: 1 |
Complexity Density: 0.2 |
1PASS
|
|
233 |
1 |
@Test... |
234 |
|
public void testPreCalculatedSignature() throws Exception |
235 |
|
{ |
236 |
1 |
byte[] signature = generator.generate(text, |
237 |
|
new CMSSignedDataGeneratorParameters() |
238 |
|
.addSigner(CertifyingSigner.getInstance(true, |
239 |
|
new CertifiedKeyPair(dsaPrivateKey, v3Cert), dsaSignerFactory)) |
240 |
|
); |
241 |
|
|
242 |
1 |
CMSSignedDataVerified result = verifier.verify(signature, text, Arrays.asList(v3Cert, v3InterCaCert, v3CaCert)); |
243 |
|
|
244 |
1 |
byte[] signature2 = generator.generate(text, |
245 |
|
new CMSSignedDataGeneratorParameters() |
246 |
|
.addSignature(result.getSignatures().iterator().next()) |
247 |
|
); |
248 |
|
|
249 |
1 |
result = verifier.verify(signature2, text, Arrays.asList(v3Cert, v3InterCaCert, v3CaCert)); |
250 |
|
|
251 |
1 |
assertThat(signature2, equalTo(signature)); |
252 |
|
} |
253 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (10) |
Complexity: 1 |
Complexity Density: 0.1 |
1PASS
|
|
254 |
1 |
@Test... |
255 |
|
public void testAddingCertificatesToSignature() throws Exception |
256 |
|
{ |
257 |
1 |
byte[] signature = generator.generate(text, |
258 |
|
new CMSSignedDataGeneratorParameters() |
259 |
|
.addSigner(CertifyingSigner.getInstance(true, |
260 |
|
new CertifiedKeyPair(dsaPrivateKey, v3Cert), dsaSignerFactory)) |
261 |
|
); |
262 |
|
|
263 |
1 |
CMSSignedDataVerified result = verifier.verify(signature, text, Arrays.asList(v3Cert, v3InterCaCert, v3CaCert)); |
264 |
|
|
265 |
1 |
byte[] signature2 = generator.generate(text, |
266 |
|
new CMSSignedDataGeneratorParameters() |
267 |
|
.addSignature(result.getSignatures().iterator().next()) |
268 |
|
.addCertificates(result.getSignatures().iterator().next().getCertificateChain()) |
269 |
|
); |
270 |
|
|
271 |
1 |
result = verifier.verify(signature2, text); |
272 |
|
|
273 |
1 |
assertThat(result.isVerified(), equalTo(true)); |
274 |
1 |
assertThat(result.getCertificates(), containsInAnyOrder(v3CaCert, v3InterCaCert, v3Cert)); |
275 |
1 |
assertThat(result.getSignatures().size(),equalTo(1)); |
276 |
|
|
277 |
1 |
CMSSignerVerifiedInformation signerInfo = result.getSignatures().iterator().next(); |
278 |
|
|
279 |
1 |
assertThat(signerInfo.isVerified(), equalTo(true)); |
280 |
1 |
assertThat(signerInfo.getCertificateChain(), contains(v3CaCert, v3InterCaCert, v3Cert)); |
281 |
|
} |
282 |
|
} |