org.cryptacular.x509.ExtensionReaderTest.java Source code

Introduction

Here is the source code for org.cryptacular.x509.ExtensionReaderTest.java

Source

/* See LICENSE for licensing and NOTICE for copyright. */
package org.cryptacular.x509;

import java.security.cert.X509Certificate;
import java.util.List;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.PolicyQualifierInfo;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.cryptacular.util.CertUtil;
import org.cryptacular.util.CodecUtil;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

import static org.testng.Assert.assertEquals;

/**
 * Unit test for {@link ExtensionReader}.
 *
 * @author  Middleware Services
 */
public class ExtensionReaderTest {
    private static final String CRT_PATH = "src/test/resources/certs/";

    @DataProvider(name = "subject-alt-name")
    public Object[][] getSubjectAltNames() {
        return new Object[][] {
                new Object[] { CertUtil.readCertificate(CRT_PATH + "serac-dev-test.crt"),
                        new String[] { "eprov@vt.edu" }, },
                new Object[] { CertUtil.readCertificate(CRT_PATH + "ed.middleware.vt.edu.crt"),
                        new String[] { "ed.middleware.vt.edu", "directory.vt.edu", "id.directory.vt.edu",
                                "authn.directory.vt.edu", "ldap.vt.edu", }, }, };
    }

    @DataProvider(name = "issuer-alt-name")
    public Object[][] getIssuerAltNames() {
        return new Object[][] { new Object[] { CertUtil.readCertificate(CRT_PATH + "test.example.com.crt"),
                new String[] { "snake-1.example.com", "snake-2.example.com" }, }, };
    }

    @DataProvider(name = "basic-constraints")
    public Object[][] getBasicConstraints() {
        return new Object[][] {
                new Object[] { CertUtil.readCertificate(CRT_PATH + "thawte-premium-server-ca.crt"), true, },
                new Object[] { CertUtil.readCertificate(CRT_PATH + "login.live.com.crt"), false, }, };
    }

    @DataProvider(name = "certificate-policies")
    public Object[][] getCertificatePolicies() {
        return new Object[][] { new Object[] { CertUtil.readCertificate(CRT_PATH + "serac-dev-test.crt"),
                new PolicyInformation[] {
                        new PolicyInformation(new ASN1ObjectIdentifier("1.3.6.1.4.1.6760.5.2.2.2.1")),
                        new PolicyInformation(new ASN1ObjectIdentifier("1.3.6.1.4.1.6760.5.2.2.1.1")),
                        new PolicyInformation(new ASN1ObjectIdentifier("1.3.6.1.4.1.6760.5.2.2.4.1"),
                                new DERSequence(
                                        new PolicyQualifierInfo("http://www.pki.vt.edu/vtuca/cps/index.html"))),
                        new PolicyInformation(new ASN1ObjectIdentifier("1.3.6.1.4.1.6760.5.2.2.3.1")), }, }, };
    }

    @DataProvider(name = "subject-key-id")
    public Object[][] getSubjectKeyIds() {
        return new Object[][] {
                new Object[] { CertUtil.readCertificate(CRT_PATH + "serac-dev-test.crt"),
                        "25:48:2F:28:EC:5D:19:BB:1D:25:AE:94:93:B1:7B:B5:35:96:24:66", },
                new Object[] { CertUtil.readCertificate(CRT_PATH + "login.live.com.crt"),
                        "31:AE:F1:7C:98:67:E9:1F:19:69:A2:A7:84:1E:67:5C:AA:C3:6B:75", }, };
    }

    @DataProvider(name = "authority-key-id")
    public Object[][] getAuthorityKeyIds() {
        return new Object[][] {
                new Object[] { CertUtil.readCertificate(CRT_PATH + "serac-dev-test.crt"),
                        "38:E0:6F:AE:48:ED:5E:23:F6:22:9B:1E:E7:9C:19:16:47:B8:7E:92", },
                new Object[] { CertUtil.readCertificate(CRT_PATH + "login.live.com.crt"),
                        "FC:8A:50:BA:9E:B9:25:5A:7B:55:85:4F:95:00:63:8F:E9:58:6B:43", }, };
    }

    @DataProvider(name = "key-usage")
    public Object[][] getKeyUsage() {
        return new Object[][] {
                new Object[] { CertUtil.readCertificate(CRT_PATH + "serac-dev-test.crt"),
                        KeyUsageBits.usage(KeyUsageBits.DigitalSignature, KeyUsageBits.NonRepudiation), },
                new Object[] { CertUtil.readCertificate(CRT_PATH + "login.live.com.crt"),
                        KeyUsageBits.usage(KeyUsageBits.DigitalSignature, KeyUsageBits.KeyEncipherment), }, };
    }

    @DataProvider(name = "extended-key-usage")
    public Object[][] getExtendedKeyUsage() {
        return new Object[][] {
                new Object[] { CertUtil.readCertificate(CRT_PATH + "serac-dev-test.crt"),
                        new KeyPurposeId[] { KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_emailProtection,
                                KeyPurposeId.id_kp_smartcardlogon, }, },
                new Object[] { CertUtil.readCertificate(CRT_PATH + "login.live.com.crt"),
                        new KeyPurposeId[] { KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth, }, }, };
    }

    @DataProvider(name = "crl-distribution-points")
    public Object[][] getCrlDistributionPoints() {
        return new Object[][] {
                new Object[] { CertUtil.readCertificate(CRT_PATH + "login.live.com.crt"),
                        new DistributionPoint[] { new DistributionPoint(
                                new DistributionPointName(
                                        new GeneralNames(uri("http://EVSecure-crl.verisign.com/EVSecure2006.crl"))),
                                null, null), }, },
                new Object[] { CertUtil.readCertificate(CRT_PATH + "glider.cc.vt.edu.crt"),
                        new DistributionPoint[] { new DistributionPoint(new DistributionPointName(
                                new GeneralNames(uri("http://vtca-p.eprov.seti.vt.edu:8080/ejbca/publicweb/"
                                        + "webdist/certdist?cmd=crl&"
                                        + "issuer=CN=Virginia+Tech+Middleware+CA,O=Virginia+"
                                        + "Polytechnic+Institute+and+State+University," + "DC=vt,DC=edu,C=US"))),
                                null,
                                new GeneralNames(dirName("CN=Virginia Tech Middleware CA,O=Virginia Polytechnic "
                                        + "Institute and State University,DC=vt,DC=edu,C=US"))), }, }, };
    }

    @DataProvider(name = "authority-information-access")
    public Object[][] getAuthorityInformationAccess() {
        return new Object[][] { new Object[] { CertUtil.readCertificate(CRT_PATH + "login.live.com.crt"),
                new AccessDescription[] {
                        new AccessDescription(AccessDescription.id_ad_ocsp,
                                uri("http://EVSecure-ocsp.verisign.com")),
                        new AccessDescription(AccessDescription.id_ad_caIssuers,
                                uri("http://EVSecure-aia.verisign.com/EVSecure2006.cer")), }, }, };
    }

    @Test(dataProvider = "subject-alt-name")
    public void testReadSubjectAlternativeName(final X509Certificate cert, final String[] expected)
            throws Exception {
        final GeneralNames names = new ExtensionReader(cert).readSubjectAlternativeName();
        assertEquals(names.getNames().length, expected.length);
        for (int i = 0; i < expected.length; i++) {
            assertEquals(names.getNames()[i].getName().toString(), expected[i]);
        }
    }

    @Test(dataProvider = "issuer-alt-name")
    public void testReadIssuerAlternativeName(final X509Certificate cert, final String[] expected)
            throws Exception {
        final GeneralNames names = new ExtensionReader(cert).readIssuerAlternativeName();
        assertEquals(names.getNames().length, expected.length);
        for (int i = 0; i < expected.length; i++) {
            assertEquals(names.getNames()[i].getName().toString(), expected[i]);
        }
    }

    @Test(dataProvider = "basic-constraints")
    public void testReadBasicConstraints(final X509Certificate cert, final boolean expected) throws Exception {
        assertEquals(new ExtensionReader(cert).readBasicConstraints().isCA(), expected);
    }

    @Test(dataProvider = "certificate-policies")
    public void testReadCertificatePolicies(final X509Certificate cert, final PolicyInformation[] expected)
            throws Exception {
        final List<PolicyInformation> policies = new ExtensionReader(cert).readCertificatePolicies();
        assertEquals(policies.size(), expected.length);

        PolicyInformation current;
        for (int i = 0; i < expected.length; i++) {
            current = policies.get(i);
            assertEquals(current.getPolicyIdentifier(), expected[i].getPolicyIdentifier());
            if (expected[i].getPolicyQualifiers() != null) {
                for (int j = 0; j < expected[i].getPolicyQualifiers().size(); j++) {
                    assertEquals(current.getPolicyQualifiers().getObjectAt(j),
                            expected[i].getPolicyQualifiers().getObjectAt(j));
                }
            }
        }
    }

    @Test(dataProvider = "subject-key-id")
    public void testReadSubjectKeyIdentifier(final X509Certificate cert, final String expected) throws Exception {
        final SubjectKeyIdentifier keyId = new ExtensionReader(cert).readSubjectKeyIdentifier();
        assertEquals(CodecUtil.hex(keyId.getKeyIdentifier(), true).toUpperCase(), expected);
    }

    @Test(dataProvider = "authority-key-id")
    public void testReadAuthorityKeyIdentifier(final X509Certificate cert, final String expected) throws Exception {
        final AuthorityKeyIdentifier keyId = new ExtensionReader(cert).readAuthorityKeyIdentifier();
        assertEquals(CodecUtil.hex(keyId.getKeyIdentifier(), true).toUpperCase(), expected);
    }

    @Test(dataProvider = "key-usage")
    public void testReadKeyUsage(final X509Certificate cert, final int expected) throws Exception {
        final KeyUsage usage = new ExtensionReader(cert).readKeyUsage();
        final byte[] bytes = usage.getBytes();
        final int result;
        if (bytes.length == 1) {
            result = bytes[0] & 0xff;
        } else {
            result = (bytes[1] & 0xff) << 8 | (bytes[0] & 0xff);
        }
        assertEquals(result, expected);
    }

    @Test(dataProvider = "extended-key-usage")
    public void testReadExtendedKeyUsage(final X509Certificate cert, final KeyPurposeId[] expected)
            throws Exception {
        final List<KeyPurposeId> purposes = new ExtensionReader(cert).readExtendedKeyUsage();
        assertEquals(purposes.size(), expected.length);
        for (int i = 0; i < expected.length; i++) {
            assertEquals(purposes.get(i), expected[i]);
        }
    }

    @Test(dataProvider = "crl-distribution-points")
    public void testReadCRLDistributionPoints(final X509Certificate cert, final DistributionPoint[] expected)
            throws Exception {
        final List<DistributionPoint> points = new ExtensionReader(cert).readCRLDistributionPoints();
        assertEquals(points.size(), expected.length);
        for (int i = 0; i < expected.length; i++) {
            assertEquals(points.get(i), expected[i]);
        }
    }

    @Test(dataProvider = "authority-information-access")
    public void testReadAuthorityInformationAccess(final X509Certificate cert, final AccessDescription[] expected)
            throws Exception {
        final List<AccessDescription> descriptions = new ExtensionReader(cert).readAuthorityInformationAccess();
        assertEquals(descriptions.size(), expected.length);
        for (int i = 0; i < expected.length; i++) {
            assertEquals(descriptions.get(i), expected[i]);
        }
    }

    private GeneralName uri(final String uri) {
        return new GeneralName(GeneralName.uniformResourceIdentifier, uri);
    }

    private GeneralName dirName(final String dn) {
        return new GeneralName(GeneralName.directoryName, dn);
    }
}