pkixpolicymappingtest.java

kmlnjlkj nlkjlkjkljl okopokipoipo oipipipo i

package org.bouncycastle.jce.provider.test;

import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Date;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Set;

import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.PolicyMappings;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.test.SimpleTest;
import org.bouncycastle.util.test.TestFailedException;
import org.bouncycastle.x509.X509V3CertificateGenerator;

public class PKIXPolicyMappingTest
    extends SimpleTest
{
    static X509V3CertificateGenerator  v3CertGen = new X509V3CertificateGenerator();
    
    public String getName()
    {
        return "PKIXPolicyMapping";
    }
    
    /**
     * TrustAnchor's Cert
     */
    private X509Certificate createTrustCert(
        PublicKey       pubKey,
        PrivateKey      privKey)
        throws Exception
    {
        String  issuer  = "C=JP, O=policyMappingAdditionalTest, OU=trustAnchor";
        String  subject = "C=JP, O=policyMappingAdditionalTest, OU=trustAnchor";
        v3CertGen.setSerialNumber(BigInteger.valueOf(10));
        v3CertGen.setIssuerDN(new X509Principal(issuer));
        v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
        v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)));
        v3CertGen.setSubjectDN(new X509Principal(subject));
        v3CertGen.setPublicKey(pubKey);
        v3CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
        X509Certificate cert = v3CertGen.generateX509Certificate(privKey);
        return cert;
    }
    
    /**
     * intermediate cert
     */
    private X509Certificate createIntmedCert(
        PublicKey           pubKey,
        PrivateKey          caPrivKey,
        PublicKey           caPubKey,
        ASN1EncodableVector policies,
        Hashtable           policyMap)
        throws Exception
    {
        String  issuer  = "C=JP, O=policyMappingAdditionalTest, OU=trustAnchor";
        String  subject = "C=JP, O=policyMappingAdditionalTest, OU=intmedCA";
        v3CertGen.reset();
        v3CertGen.setSerialNumber(BigInteger.valueOf(20));
        v3CertGen.setIssuerDN(new X509Principal(issuer));
        v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
        v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)));
        v3CertGen.setSubjectDN(new X509Principal(subject));
        v3CertGen.setPublicKey(pubKey);
        v3CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
        v3CertGen.addExtension(X509Extensions.CertificatePolicies, true, new DERSequence(policies));
        v3CertGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
        v3CertGen.addExtension(X509Extensions.PolicyMappings, true, new PolicyMappings(policyMap));
        X509Certificate cert = v3CertGen.generateX509Certificate(caPrivKey);
        return cert;
    }
    
    /**
     * endEntity cert
     */
    private X509Certificate createEndEntityCert(
        PublicKey           pubKey,
        PrivateKey          caPrivKey,
        PublicKey           caPubKey,
        ASN1EncodableVector policies)
        throws Exception
    {
        String  issuer  = "C=JP, O=policyMappingAdditionalTest, OU=intMedCA";
        String  subject = "C=JP, O=policyMappingAdditionalTest, OU=endEntity";
        v3CertGen.reset();
        v3CertGen.setSerialNumber(BigInteger.valueOf(20));
        v3CertGen.setIssuerDN(new X509Principal(issuer));
        v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
        v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)));
        v3CertGen.setSubjectDN(new X509Principal(subject));
        v3CertGen.setPublicKey(pubKey);
        v3CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
        v3CertGen.addExtension(X509Extensions.CertificatePolicies,true,new DERSequence(policies));
        X509Certificate cert = v3CertGen.generateX509Certificate(caPrivKey);
        return cert;
    }
    
    private String testPolicies(
        int             index,
        X509Certificate trustCert, 
        X509Certificate intCert, 
        X509Certificate endCert,
        Set             requirePolicies,
        boolean         okay) 
        throws IOException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException
    {
        Set trust = new HashSet();
        trust.add(new TrustAnchor(trustCert, null));
        X509CertSelector targetConstraints = new X509CertSelector();
        targetConstraints.setSubject(endCert.getSubjectX500Principal().getEncoded());
        PKIXBuilderParameters params = new PKIXBuilderParameters(trust, targetConstraints);
        
        Set certs = new HashSet();
        certs.add(intCert);
        certs.add(endCert);
        CollectionCertStoreParameters pr = new CollectionCertStoreParameters(certs);
        CertStore store = CertStore.getInstance("Collection",pr);
        params.addCertStore(store);
        
        params.setRevocationEnabled(false);
        if (requirePolicies != null)
        {
            params.setExplicitPolicyRequired(true);
            params.setInitialPolicies(requirePolicies);
        }
        
        CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX","BC");  
//      CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX","SUN");  
        PKIXCertPathBuilderResult result = null;
        try
        {
            result = (PKIXCertPathBuilderResult)cpb.build(params);
            
            if (!okay)
            {
                fail(index + ": path validated when failure expected.");
            }
            
//            if (result.getPolicyTree() != null)
//            {
//                System.out.println("OK");
//                System.out.println("policy: " + result.getPolicyTree());
//            }
//            else
//            {
//                System.out.println("OK: policy tree = null");
//            }
            
            return "";
        }
        catch (TestFailedException e)
        {
            throw e;
        }
        catch (Exception e)
        {
            if (okay)
            {
                fail(index + ": path failed to validate when success expected.");
            }

            Throwable ee = e.getCause();
            if (ee != null)
            {
                return ee.getMessage();
            }

            return e.getMessage();
        }  
    }
    
    public void performTest()
        throws Exception
    {   
        //
        // personal keys
        //
        RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
                new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
                new BigInteger("11", 16));
        
        RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
                new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
                new BigInteger("11", 16),
                new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
                new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
                new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
                new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
                new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
                new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));
        
        //
        // intermediate keys.
        //
        RSAPublicKeySpec intPubKeySpec = new RSAPublicKeySpec(
                new BigInteger("8de0d113c5e736969c8d2b047a243f8fe18edad64cde9e842d3669230ca486f7cfdde1f8eec54d1905fff04acc85e61093e180cadc6cea407f193d44bb0e9449b8dbb49784cd9e36260c39e06a947299978c6ed8300724e887198cfede20f3fbde658fa2bd078be946a392bd349f2b49c486e20c405588e306706c9017308e69", 16),
                new BigInteger("ffff", 16));
        
        
        RSAPrivateCrtKeySpec intPrivKeySpec = new RSAPrivateCrtKeySpec(
                new BigInteger("8de0d113c5e736969c8d2b047a243f8fe18edad64cde9e842d3669230ca486f7cfdde1f8eec54d1905fff04acc85e61093e180cadc6cea407f193d44bb0e9449b8dbb49784cd9e36260c39e06a947299978c6ed8300724e887198cfede20f3fbde658fa2bd078be946a392bd349f2b49c486e20c405588e306706c9017308e69", 16),
                new BigInteger("ffff", 16),