Package org.apache.geronimo.crypto.asn1

Examples of org.apache.geronimo.crypto.asn1.DEREncodable


    props.put("id1.property.value", "1.1.1.255.1");
   
    BasicCertificateExtension baseExt = new BasicCertificateExtension();
    baseExt.init(1, "1.2.3", false, props);
   
    DEREncodable value = baseExt.getValue(null, null, null, null, null);
    assertTrue(value.getClass().toString(),value instanceof DERObjectIdentifier);
    assertTrue(((DERObjectIdentifier)value).getId(),((DERObjectIdentifier)value).getId().equals("1.1.1.255.1"));       
  }
View Full Code Here


    props.put("id1.property.value3", "foo3");
   
    BasicCertificateExtension baseExt = new BasicCertificateExtension();
    baseExt.init(1, "1.2.3", false, props);
   
    DEREncodable value = baseExt.getValue(null, null, null, null, null);
    assertTrue(value.getClass().toString(),value instanceof DERSequence);
    DERSequence seq = (DERSequence)value;
    assertEquals(3, seq.size());
    Enumeration e = seq.getObjects();
    int i = 1;
    while(e.hasMoreElements()) {
      DEREncodable v = (DEREncodable)e.nextElement();
      assertTrue(v.getClass().toString(),v instanceof DERUTF8String);
      String str = ((DERUTF8String)v).getString();
      log.info(str);
      assertEquals(str,"foo"+i++);       
    }
  }
View Full Code Here

        GeneralNames gan = GeneralNames.getInstance(obj);
        GeneralName[] gns = gan.getNames();
        for (int i = 0; i < gns.length; i++) {
          GeneralName gn = gns[i];
          int tag = gn.getTagNo();
          DEREncodable name = gn.getName();
          String str = CertTools.getGeneralNameString(tag, name);
          if (altName == null) {
            altName = str;
          } else {
            altName += ", "+str;
View Full Code Here

        // Verify signature protection
        AlgorithmIdentifier algId = msg.getMessage().getProtectedPart().getHeader().getProtectionAlg();
        String oid = algId.getObjectId().getId();
        assertEquals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), oid);
        // Check that this is an old message, created before ECA-2104, using null instead of DERNull as algorithm parameters.
        DEREncodable pp = algId.getParameters();
        assertNull(pp);
        // Try to verify, it should work good even though the small bug in ECA-2104, since we don't use algorithm parameters for RSA-PKCS signatures
        PublicKey pubKey = msg.getRequestPublicKey();
        assertTrue(CmpMessageHelper.verifyCertBasedPKIProtection(msg.getMessage(), pubKey));
        // Verify that our verification routine does not give positive result for any other keys
        KeyPair keys = KeyTools.genKeys("512", "RSA");
        assertFalse(CmpMessageHelper.verifyCertBasedPKIProtection(msg.getMessage(), keys.getPublic()));
      }
      // Re-protect the message, now fixed by ECA-2104
      {
        ASN1InputStream in = new ASN1InputStream(novosecsigpopir);
        DERObject derObject = in.readObject();
        PKIMessage myPKIMessage = PKIMessage.getInstance(derObject);
        KeyPair keys = KeyTools.genKeys("512", "RSA");
        X509Certificate signCert = CertTools.genSelfCert("CN=CMP Sign Test", 3650, null, keys.getPrivate(), keys.getPublic(), "SHA1WithRSA", false);
        // Re-sign the message
        byte[] newmsg = CmpMessageHelper.signPKIMessage(myPKIMessage, signCert, keys.getPrivate(), CMSSignedGenerator.DIGEST_SHA1, "BC");
        in = new ASN1InputStream(newmsg);
        derObject = in.readObject();
        PKIMessage pkimsg = PKIMessage.getInstance(derObject);
        // We have to do this twice, because Novosec caches ProtectedBytes in the PKIMessage object, so we need to
        // encode it and re-decode it again to get the changes from ECA-2104 encoded correctly.
        // Not needed when simply signing a new message that you create, only when re-signing
        newmsg = CmpMessageHelper.signPKIMessage(pkimsg, signCert, keys.getPrivate(), CMSSignedGenerator.DIGEST_SHA1, "BC");
        in = new ASN1InputStream(newmsg);
        derObject = in.readObject();
        pkimsg = PKIMessage.getInstance(derObject);
        AlgorithmIdentifier algId = pkimsg.getProtectedPart().getHeader().getProtectionAlg();
        String oid = algId.getObjectId().getId();
        assertEquals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), oid);
        // Check that we have DERNull and not plain java null as algorithm parameters.
        DEREncodable pp = algId.getParameters();
        assertNotNull(pp);
        assertEquals(DERNull.class.getName(), pp.getClass().getName());
        // Try to verify, also verify at the same time that encoding decoding of the signature works
        assertTrue(CmpMessageHelper.verifyCertBasedPKIProtection(pkimsg, keys.getPublic()));
        // Verify that our verification routine does not give positive result for any other keys
        CrmfRequestMessage msg = new CrmfRequestMessage(pkimsg, "CN=AdminCA1", false, "CN");
        assertTrue(msg.verify());
View Full Code Here

      // Check signature protection
      AlgorithmIdentifier algId = msg.getMessage().getProtectedPart().getHeader().getProtectionAlg();
      String oid = algId.getObjectId().getId();
      assertEquals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), oid);
      // Check that we have DERNull and not plain java null as algorithm parameters.
      DEREncodable pp = algId.getParameters();
      assertNotNull(pp);
      assertEquals(DERNull.class.getName(), pp.getClass().getName());
      // Try to verify the protection signature
      assertTrue(CmpMessageHelper.verifyCertBasedPKIProtection(msg.getMessage(), msg.getRequestPublicKey()));
    }
View Full Code Here

    // Verify signature properties
    AlgorithmIdentifier algId = msg.getMessage().getProtectedPart().getHeader().getProtectionAlg();
    String oid = algId.getObjectId().getId();
    assertEquals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), oid);
    // Check that we have DERNull and not plain java null as algorithm parameters.
    DEREncodable pp = algId.getParameters();
    assertNotNull(pp);
    assertEquals(DERNull.class.getName(), pp.getClass().getName());
    // Try to verify message protection
    // Does not work for this Huawei message, is it signed by the same key as in the request at all?
    // We will wait for another huawei message to test
    //PublicKey pubKey = msg.getRequestPublicKey();
    //assertTrue(CmpMessageHelper.verifyCertBasedPKIProtection(msg.getMessage(), pubKey));

      // Read the CertConf (certificate confirmation) CMP message that the client sends to
    // the CA after receiving the certificate. RFC4210 section "5.3.18.  Certificate Confirmation Content".
      in = new ASN1InputStream(huaweicertconf);
    derObject = in.readObject();
    PKIMessage certconf = PKIMessage.getInstance(derObject);
    //log.info(certconf.toString());
    GeneralCmpMessage conf = new GeneralCmpMessage(certconf);
    // Verify signature properties
    algId = conf.getMessage().getProtectedPart().getHeader().getProtectionAlg();
    oid = algId.getObjectId().getId();
    assertEquals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), oid);
    // Check that we have DERNull and not plain java null as algorithm parameters.
    pp = algId.getParameters();
    assertNotNull(pp);
    assertEquals(DERNull.class.getName(), pp.getClass().getName());
    // Try to verify message protection
    // Does not work for this Huawei message, is it signed by the same key as in the request at all?
    // We will wait for another huawei message to test
    //PublicKey pubKey = msg.getRequestPublicKey();
    //assertTrue(CmpMessageHelper.verifyCertBasedPKIProtection(msg.getMessage(), pubKey));
View Full Code Here

    props.put("id1.property.encoding", "DERNULL");
   
    BasicCertificateExtension baseExt = new BasicCertificateExtension();
    baseExt.init(1, "1.2.3", false, props);
   
    DEREncodable value = baseExt.getValue(null, null, null, null, null);
    assertTrue(value.getClass().toString(),value instanceof DERNull);
    assertTrue(baseExt.getOID().equals("1.2.3"));
    assertTrue(baseExt.getId() == 1);
    assertFalse(baseExt.isCriticalFlag());
  }
View Full Code Here

    props.put("id1.property.value", "1234");
   
    BasicCertificateExtension baseExt = new BasicCertificateExtension();
    baseExt.init(1, "1.2.3", false, props);
   
    DEREncodable value = baseExt.getValue(null, null, null, null, null);
    assertTrue(value.getClass().toString(),value instanceof DERInteger);
    assertTrue(((DERInteger)value).toString(),((DERInteger)value).toString().equals("1234"));
    assertTrue(baseExt.getOID().equals("1.2.3"));
    assertTrue(baseExt.getId() == 1);
    assertFalse(baseExt.isCriticalFlag())
   
View Full Code Here

    props.put("id1.property.encoding", "DERBITSTRING");
    props.put("id1.property.value", "1111"); // this is 15 decimal
    BasicCertificateExtension baseExt = new BasicCertificateExtension();
    baseExt.init(1, "1.2.3", false, props);   
    byte[] result = {15};
    DEREncodable value = baseExt.getValue(null, null, null, null, null);
    assertTrue(value.getClass().toString(),value instanceof DERBitString);
    assertEquals(((DERBitString)value).getBytes()[0],result[0]);
    assertEquals(((DERBitString)value).getPadBits(), 0);
    assertTrue(baseExt.getOID().equals("1.2.3"));
    assertTrue(baseExt.getId() == 1);
    assertFalse(baseExt.isCriticalFlag())
   
    props = new Properties();
    props.put("id1.property.encoding", "DERBITSTRING");
    // SSL Client and S/MIME in NetscapeCertType
    // This will be -96 in decimal, don't ask me why, but it is!
    props.put("id1.property.value", "10100000");
   
    baseExt = new BasicCertificateExtension();
    baseExt.init(1, "1.2.3", false, props);
    value = baseExt.getValue(null, null, null, null, null);
    assertTrue(value.getClass().toString(),value instanceof DERBitString);
    new BigInteger(((DERBitString)value).getBytes()); // Will throw if value is wrong
    //log.debug(bi.toString(2));
    //log.debug(bi.toString());
    //log.debug(((DERBitString)value).getBytes()[0]);
    assertEquals(((DERBitString)value).getBytes()[0],-96);
View Full Code Here

    props.put("id1.property.value", "true");
   
    BasicCertificateExtension baseExt = new BasicCertificateExtension();
    baseExt.init(1, "1.2.3", false, props);
   
    DEREncodable value = baseExt.getValue(null, null, null, null, null);
    assertTrue(value.getClass().toString(),value instanceof DERBoolean);
    assertTrue(((DERBoolean)value).toString(),((DERBoolean)value).toString().equals("TRUE"));
    assertTrue(baseExt.getOID().equals("1.2.3"));
    assertTrue(baseExt.getId() == 1);
    assertFalse(baseExt.isCriticalFlag());     
   
View Full Code Here

TOP

Related Classes of org.apache.geronimo.crypto.asn1.DEREncodable

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.