📄 attrcerttest.java
字号:
if (!holder.match(iCert)) { fail("generated holder not matching holder certificate"); } X509Attribute[] attrs = aCert.getAttributes("2.5.24.72"); if (attrs == null) { fail("attributes related to 2.5.24.72 not found"); } X509Attribute attr = attrs[0]; if (!attr.getOID().equals("2.5.24.72")) { fail("attribute oid mismatch"); } ASN1Encodable[] values = attr.getValues(); GeneralName role = GeneralNames.getInstance(values[0]).getNames()[0]; if (role.getTagNo() != GeneralName.rfc822Name) { fail("wrong general name type found in role"); } if (!((DERString)role.getName()).getString().equals("DAU123456789")) { fail("wrong general name value found in role"); } X509Certificate sCert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(holderCertWithBaseCertificateID)); if (holder.match(sCert)) { fail("generated holder matching wrong certificate"); } equalityAndHashCodeTest(aCert, aCert.getEncoded()); } private void testGenerateWithPrincipal() throws Exception { CertificateFactory fact = CertificateFactory.getInstance("X.509","BC"); X509Certificate iCert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(signCert)); // // a sample key pair. // RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec( new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), new BigInteger("11", 16)); // // set up the keys // PrivateKey privKey; PublicKey pubKey; KeyFactory kFact = KeyFactory.getInstance("RSA", "BC"); privKey = kFact.generatePrivate(RSA_PRIVATE_KEY_SPEC); pubKey = kFact.generatePublic(pubKeySpec); X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator(); // the actual attributes GeneralName roleName = new GeneralName(GeneralName.rfc822Name, "DAU123456789"); ASN1EncodableVector roleSyntax = new ASN1EncodableVector(); roleSyntax.add(roleName); // roleSyntax OID: 2.5.24.72 X509Attribute attributes = new X509Attribute("2.5.24.72", new DERSequence(roleSyntax)); gen.addAttribute(attributes); gen.setHolder(new AttributeCertificateHolder(iCert.getSubjectX500Principal())); gen.setIssuer(new AttributeCertificateIssuer(new X509Principal("cn=test"))); gen.setNotBefore(new Date(System.currentTimeMillis() - 50000)); gen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); gen.setSerialNumber(BigInteger.ONE); gen.setSignatureAlgorithm("SHA1WithRSAEncryption"); X509AttributeCertificate aCert = gen.generate(privKey, "BC"); aCert.checkValidity(); aCert.verify(pubKey, "BC"); AttributeCertificateHolder holder = aCert.getHolder(); if (holder.getEntityNames() == null) { fail("entity names not set when expected"); } if (holder.getSerialNumber() != null) { fail("holder serial number found when none expected"); } if (holder.getIssuer() != null) { fail("holder issuer found when none expected"); } if (!holder.match(iCert)) { fail("generated holder not matching holder certificate"); } X509Certificate sCert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(holderCertWithBaseCertificateID)); if (holder.match(sCert)) { fail("principal generated holder matching wrong certificate"); } equalityAndHashCodeTest(aCert, aCert.getEncoded()); } public void performTest() throws Exception { X509AttributeCertificate aCert = new X509V2AttributeCertificate(attrCert); CertificateFactory fact = CertificateFactory.getInstance("X.509","BC"); X509Certificate sCert = (X509Certificate)fact.generateCertificate(new ByteArrayInputStream(signCert)); aCert.verify(sCert.getPublicKey(), "BC"); // // search test // List list = new ArrayList(); list.add(sCert); CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list); CertStore store = CertStore.getInstance("Collection", ccsp); Collection certs = store.getCertificates(aCert.getIssuer()); if (certs.size() != 1 || !certs.contains(sCert)) { fail("sCert not found by issuer"); } X509Attribute[] attrs = aCert.getAttributes("1.3.6.1.4.1.6760.8.1.1"); if (attrs == null || attrs.length != 1) { fail("attribute not found"); } // // reencode test // aCert = new X509V2AttributeCertificate(aCert.getEncoded()); aCert.verify(sCert.getPublicKey(), "BC"); X509AttributeCertificate saCert = new X509V2AttributeCertificate(new ByteArrayInputStream(aCert.getEncoded())); if (!aCert.getNotAfter().equals(saCert.getNotAfter())) { fail("failed date comparison"); } // base generator test // // a sample key pair. // RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec( new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), new BigInteger("11", 16)); RSAPrivateCrtKeySpec privKeySpec = RSA_PRIVATE_KEY_SPEC; // // set up the keys // PrivateKey privKey; PublicKey pubKey; KeyFactory kFact = KeyFactory.getInstance("RSA", "BC"); privKey = kFact.generatePrivate(privKeySpec); pubKey = kFact.generatePublic(pubKeySpec); X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator(); gen.addAttribute(attrs[0]); gen.setHolder(aCert.getHolder()); gen.setIssuer(aCert.getIssuer()); gen.setNotBefore(new Date(System.currentTimeMillis() - 50000)); gen.setNotAfter(new Date(System.currentTimeMillis() + 50000)); gen.setSerialNumber(aCert.getSerialNumber()); gen.setSignatureAlgorithm("SHA1WithRSAEncryption"); aCert = gen.generate(privKey, "BC"); aCert.checkValidity(); aCert.verify(pubKey, "BC"); // as the issuer is the same this should still work (even though it is not // technically correct certs = store.getCertificates(aCert.getIssuer()); if (certs.size() != 1 || !certs.contains(sCert)) { fail("sCert not found by issuer"); } attrs = aCert.getAttributes("1.3.6.1.4.1.6760.8.1.1"); if (attrs == null || attrs.length != 1) { fail("attribute not found"); } // // reencode test // aCert = new X509V2AttributeCertificate(aCert.getEncoded()); aCert.verify(pubKey, "BC"); AttributeCertificateIssuer issuer = aCert.getIssuer(); Principal[] principals = issuer.getPrincipals(); // // test holder // AttributeCertificateHolder holder = aCert.getHolder(); if (holder.getEntityNames() == null) { fail("entity names not set"); } if (holder.getSerialNumber() != null) { fail("holder serial number set when none expected"); } if (holder.getIssuer() != null) { fail("holder issuer set when none expected"); } principals = holder.getEntityNames(); if (!principals[0].toString().equals("C=US, O=vt, OU=Class 2, OU=Virginia Tech User, CN=Markus Lorch (mlorch), EMAILADDRESS=mlorch@vt.edu")) { fail("principal[0] for entity names don't match"); } // // extension test // if (aCert.hasUnsupportedCriticalExtension()) { fail("unsupported extensions found with no extensions"); } gen.addExtension("1.1", true, new DEROctetString(new byte[10])); gen.addExtension("2.2", false, new DEROctetString(new byte[20])); aCert = gen.generate(privKey, "BC"); Set exts = aCert.getCriticalExtensionOIDs(); if (exts.size() != 1 || !exts.contains("1.1")) { fail("critical extension test failed"); } exts = aCert.getNonCriticalExtensionOIDs(); if (exts.size() != 1 || !exts.contains("2.2")) { fail("non-critical extension test failed"); } if (!aCert.hasUnsupportedCriticalExtension()) { fail("unsupported extensions not found"); } byte[] extString = aCert.getExtensionValue("1.1"); ASN1Encodable extValue = X509ExtensionUtil.fromExtensionValue(extString); if (!extValue.equals(new DEROctetString(new byte[10]))) { fail("wrong extension value found for 1.1"); } testCertWithBaseCertificateID(); testGenerateWithCert(); testGenerateWithPrincipal(); } public static void main( String[] args) { Security.addProvider(new BouncyCastleProvider()); runTest(new AttrCertTest()); }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -