ExtensionReaderTest.java example

Explorer

cryptacular-master
- src
  - main
    - java
      - org
        cryptacular
        CiphertextHeader.java
        CryptoException.java
        EncodingException.java
        SaltedHash.java
        StreamException.java
        adapter
        AEADBlockCipherAdapter.java
        AbstractWrappedDSAKey.java
        AbstractWrappedECKey.java
        AbstractWrappedKey.java
        AbstractWrappedRSAKey.java
        BlockCipherAdapter.java
        BufferedBlockCipherAdapter.java
        CipherAdapter.java
        Converter.java
        WrappedDSAPrivateKey.java
        WrappedDSAPublicKey.java
        WrappedECPrivateKey.java
        WrappedECPublicKey.java
        WrappedRSAPrivateCrtKey.java
        WrappedRSAPublicKey.java
        asn
        ASN1Decoder.java
        AbstractPrivateKeyDecoder.java
        OpenSSLPrivateKeyDecoder.java
        PKCS8PrivateKeyDecoder.java
        PublicKeyDecoder.java
        bean
        AEADBlockCipherBean.java
        AbstractBlockCipherBean.java
        AbstractCipherBean.java
        AbstractHashBean.java
        BufferedBlockCipherBean.java
        CipherBean.java
        EncodingHashBean.java
        FactoryBean.java
        HashBean.java
        KeyStoreBasedKeyFactoryBean.java
        KeyStoreFactoryBean.java
        PemBasedPrivateKeyFactoryBean.java
        PemBasedPublicKeyFactoryBean.java
        ResourceBasedPrivateKeyFactoryBean.java
        ResourceBasedPublicKeyFactoryBean.java
        ResourceBasedSecretKeyFactoryBean.java
        SimpleHashBean.java
        codec
        AbstractBaseNDecoder.java
        AbstractBaseNEncoder.java
        Base32Codec.java
        Base32Decoder.java
        Base32Encoder.java
        Base64Codec.java
        Base64Decoder.java
        Base64Encoder.java
        Codec.java
        Decoder.java
        Encoder.java
        HexCodec.java
        HexDecoder.java
        HexEncoder.java
        generator
        AbstractOTPGenerator.java
        HOTPGenerator.java
        IdGenerator.java
        KeyPairGenerator.java
        LimitException.java
        Nonce.java
        RandomIdGenerator.java
        SecretKeyGenerator.java
        TOTPGenerator.java
        sp80038a
        BigIntegerCounterNonce.java
        EncryptedNonce.java
        LongCounterNonce.java
        RBGNonce.java
        sp80038d
        CounterNonce.java
        RBGNonce.java
        io
        ChunkHandler.java
        ClassPathResource.java
        DecodingInputStream.java
        DirectByteArrayOutputStream.java
        EncodingOutputStream.java
        FileResource.java
        Resource.java
        URLResource.java
        pbe
        AbstractEncryptionScheme.java
        EncryptionScheme.java
        OpenSSLAlgorithm.java
        OpenSSLEncryptionScheme.java
        PBES1Algorithm.java
        PBES1EncryptionScheme.java
        PBES2Algorithm.java
        PBES2EncryptionScheme.java
        spec
        AEADBlockCipherSpec.java
        BlockCipherSpec.java
        BufferedBlockCipherSpec.java
        CodecSpec.java
        DigestSpec.java
        KeyedBlockCipherSpec.java
        Spec.java
        StreamCipherSpec.java
        util
        ByteUtil.java
        CertUtil.java
        CipherUtil.java
        CodecUtil.java
        HashUtil.java
        KeyPairUtil.java
        NonceUtil.java
        PemUtil.java
        ReflectUtil.java
        StreamUtil.java
        x509
        ExtensionReader.java
        ExtensionType.java
        GeneralNameType.java
        KeyUsageBits.java
        dn
        Attribute.java
        AttributeType.java
        Attributes.java
        LdapNameFormatter.java
        NameFormatter.java
        NameReader.java
        RDN.java
        RDNSequence.java
        StandardAttributeType.java
        UnknownAttributeType.java
  - test
    - java
      - org
        cryptacular
        FailListener.java
        adapter
        WrappedKeyTest.java
        bean
        AEADBlockCipherBeanTest.java
        BufferedBlockCipherBeanTest.java
        EncodingHashBeanTest.java
        KeyStoreBasedKeyFactoryBeanTest.java
        KeyStoreFactoryBeanTest.java
        PemBasedPrivateKeyFactoryBeanTest.java
        PemBasedPublicKeyFactoryBeanTest.java
        ResourceBasedPrivateKeyFactoryBeanTest.java
        ResourceBasedPublicKeyFactoryBeanTest.java
        ResourceBasedSecretKeyFactoryBeanTest.java
        SimpleHashBeanTest.java
        codec
        Base32DecoderTest.java
        Base32EncoderTest.java
        Base64DecoderTest.java
        Base64EncoderTest.java
        HexDecoderTest.java
        HexEncoderTest.java
        generator
        HOTPGeneratorTest.java
        RandomIdGeneratorTest.java
        sp80038a
        BigIntegerCounterNonceTest.java
        io
        DecodingInputStreamTest.java
        EncodingOutputStreamTest.java
        util
        ByteUtilTest.java
        CertUtilTest.java
        CipherUtilTest.java
        HashUtilTest.java
        KeyPairUtilTest.java
        x509
        ExtensionReaderTest.java
        dn
        LdapNameFormatterTest.java
        NameReaderTest.java

/* See LICENSE for licensing and NOTICE for copyright. */
package org.cryptacular.x509;

import java.security.cert.X509Certificate;
import java.util.List;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.PolicyQualifierInfo;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.cryptacular.FailListener;
import org.cryptacular.util.CertUtil;
import org.cryptacular.util.CodecUtil;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Listeners;
import org.testng.annotations.Test;

import static org.testng.Assert.assertEquals;

/**
 * Unit test for {@link ExtensionReader}.
 *
 * @author  Middleware Services
 */
@Listeners(FailListener.class)
public class ExtensionReaderTest
{
  private static final String CRT_PATH = "src/test/resources/certs/";

  @DataProvider(name = "subject-alt-name")
  public Object[][] getSubjectAltNames()
  {
    return
      new Object[][] {
        new Object[] {
          CertUtil.readCertificate(CRT_PATH + "serac-dev-test.crt"),
          new String[] {"eprov@vt.edu"},
        },
        new Object[] {
          CertUtil.readCertificate(CRT_PATH + "ed.middleware.vt.edu.crt"),
          new String[] {
            "ed.middleware.vt.edu",
            "directory.vt.edu",
            "id.directory.vt.edu",
            "authn.directory.vt.edu",
            "ldap.vt.edu",
          },
        },
      };
  }

  @DataProvider(name = "issuer-alt-name")
  public Object[][] getIssuerAltNames()
  {
    return
      new Object[][] {
        new Object[] {
          CertUtil.readCertificate(CRT_PATH + "test.example.com.crt"),
          new String[] {"snake-1.example.com", "snake-2.example.com"},
        },
      };
  }

  @DataProvider(name = "basic-constraints")
  public Object[][] getBasicConstraints()
  {
    return
      new Object[][] {
        new Object[] {
          CertUtil.readCertificate(CRT_PATH + "thawte-premium-server-ca.crt"),
          true,
        },
        new Object[] {
          CertUtil.readCertificate(CRT_PATH + "login.live.com.crt"),
          false,
        },
      };
  }

  @DataProvider(name = "certificate-policies")
  public Object[][] getCertificatePolicies()
  {
    return
      new Object[][] {
        new Object[] {
          CertUtil.readCertificate(CRT_PATH + "serac-dev-test.crt"),
          new PolicyInformation[] {
            new PolicyInformation(new ASN1ObjectIdentifier("1.3.6.1.4.1.6760.5.2.2.2.1")),
            new PolicyInformation(new ASN1ObjectIdentifier("1.3.6.1.4.1.6760.5.2.2.1.1")),
            new PolicyInformation(
              new ASN1ObjectIdentifier("1.3.6.1.4.1.6760.5.2.2.4.1"),
              new DERSequence(new PolicyQualifierInfo("http://www.pki.vt.edu/vtuca/cps/index.html"))),
            new PolicyInformation(new ASN1ObjectIdentifier("1.3.6.1.4.1.6760.5.2.2.3.1")),
          },
        },
      };
  }

  @DataProvider(name = "subject-key-id")
  public Object[][] getSubjectKeyIds()
  {
    return
      new Object[][] {
        new Object[] {
          CertUtil.readCertificate(CRT_PATH + "serac-dev-test.crt"),
          "25:48:2F:28:EC:5D:19:BB:1D:25:AE:94:93:B1:7B:B5:35:96:24:66",
        },
        new Object[] {
          CertUtil.readCertificate(CRT_PATH + "login.live.com.crt"),
          "31:AE:F1:7C:98:67:E9:1F:19:69:A2:A7:84:1E:67:5C:AA:C3:6B:75",
        },
      };
  }

  @DataProvider(name = "authority-key-id")
  public Object[][] getAuthorityKeyIds()
  {
    return
      new Object[][] {
        new Object[] {
          CertUtil.readCertificate(CRT_PATH + "serac-dev-test.crt"),
          "38:E0:6F:AE:48:ED:5E:23:F6:22:9B:1E:E7:9C:19:16:47:B8:7E:92",
        },
        new Object[] {
          CertUtil.readCertificate(CRT_PATH + "login.live.com.crt"),
          "FC:8A:50:BA:9E:B9:25:5A:7B:55:85:4F:95:00:63:8F:E9:58:6B:43",
        },
      };
  }

  @DataProvider(name = "key-usage")
  public Object[][] getKeyUsage()
  {
    return
      new Object[][] {
        new Object[] {
          CertUtil.readCertificate(CRT_PATH + "serac-dev-test.crt"),
          KeyUsageBits.usage(KeyUsageBits.DigitalSignature, KeyUsageBits.NonRepudiation),
        },
        new Object[] {
          CertUtil.readCertificate(CRT_PATH + "login.live.com.crt"),
          KeyUsageBits.usage(KeyUsageBits.DigitalSignature, KeyUsageBits.KeyEncipherment),
        },
      };
  }

  @DataProvider(name = "extended-key-usage")
  public Object[][] getExtendedKeyUsage()
  {
    return
      new Object[][] {
        new Object[] {
          CertUtil.readCertificate(CRT_PATH + "serac-dev-test.crt"),
          new KeyPurposeId[] {
            KeyPurposeId.id_kp_clientAuth,
            KeyPurposeId.id_kp_emailProtection,
            KeyPurposeId.id_kp_smartcardlogon,
          },
        },
        new Object[] {
          CertUtil.readCertificate(CRT_PATH + "login.live.com.crt"),
          new KeyPurposeId[] {
            KeyPurposeId.id_kp_serverAuth,
            KeyPurposeId.id_kp_clientAuth,
          },
        },
      };
  }

  @DataProvider(name = "crl-distribution-points")
  public Object[][] getCrlDistributionPoints()
  {
    return
      new Object[][] {
        new Object[] {
          CertUtil.readCertificate(CRT_PATH + "login.live.com.crt"),
          new DistributionPoint[] {
            new DistributionPoint(
              new DistributionPointName(new GeneralNames(uri("http://EVSecure-crl.verisign.com/EVSecure2006.crl"))),
              null,
              null),
          },
        },
        new Object[] {
          CertUtil.readCertificate(CRT_PATH + "glider.cc.vt.edu.crt"),
          new DistributionPoint[] {
            new DistributionPoint(
              new DistributionPointName(
                new GeneralNames(
                  uri(
                    "http://vtca-p.eprov.seti.vt.edu:8080/ejbca/publicweb/" +
                    "webdist/certdist?cmd=crl&" +
                    "issuer=CN=Virginia+Tech+Middleware+CA,O=Virginia+" +
                    "Polytechnic+Institute+and+State+University," +
                    "DC=vt,DC=edu,C=US"))),
              null,
              new GeneralNames(
                dirName(
                  "CN=Virginia Tech Middleware CA,O=Virginia Polytechnic " +
                  "Institute and State University,DC=vt,DC=edu,C=US"))),
          },
        },
      };
  }

  @DataProvider(name = "authority-information-access")
  public Object[][] getAuthorityInformationAccess()
  {
    return
      new Object[][] {
        new Object[] {
          CertUtil.readCertificate(CRT_PATH + "login.live.com.crt"),
          new AccessDescription[] {
            new AccessDescription(AccessDescription.id_ad_ocsp, uri("http://EVSecure-ocsp.verisign.com")),
            new AccessDescription(
              AccessDescription.id_ad_caIssuers,
              uri("http://EVSecure-aia.verisign.com/EVSecure2006.cer")),
          },
        },
      };
  }


  @Test(dataProvider = "subject-alt-name")
  public void testReadSubjectAlternativeName(final X509Certificate cert, final String[] expected)
    throws Exception
  {
    final GeneralNames names = new ExtensionReader(cert).readSubjectAlternativeName();
    assertEquals(names.getNames().length, expected.length);
    for (int i = 0; i < expected.length; i++) {
      assertEquals(names.getNames()[i].getName().toString(), expected[i]);
    }
  }

  @Test(dataProvider = "issuer-alt-name")
  public void testReadIssuerAlternativeName(final X509Certificate cert, final String[] expected)
    throws Exception
  {
    final GeneralNames names = new ExtensionReader(cert).readIssuerAlternativeName();
    assertEquals(names.getNames().length, expected.length);
    for (int i = 0; i < expected.length; i++) {
      assertEquals(names.getNames()[i].getName().toString(), expected[i]);
    }
  }

  @Test(dataProvider = "basic-constraints")
  public void testReadBasicConstraints(final X509Certificate cert, final boolean expected)
    throws Exception
  {
    assertEquals(new ExtensionReader(cert).readBasicConstraints().isCA(), expected);
  }

  @Test(dataProvider = "certificate-policies")
  public void testReadCertificatePolicies(final X509Certificate cert, final PolicyInformation[] expected)
    throws Exception
  {
    final List<PolicyInformation> policies = new ExtensionReader(cert).readCertificatePolicies();
    assertEquals(policies.size(), expected.length);

    PolicyInformation current;
    for (int i = 0; i < expected.length; i++) {
      current = policies.get(i);
      assertEquals(current.getPolicyIdentifier(), expected[i].getPolicyIdentifier());
      if (expected[i].getPolicyQualifiers() != null) {
        for (int j = 0; j < expected[i].getPolicyQualifiers().size(); j++) {
          assertEquals(current.getPolicyQualifiers().getObjectAt(j), expected[i].getPolicyQualifiers().getObjectAt(j));
        }
      }
    }
  }

  @Test(dataProvider = "subject-key-id")
  public void testReadSubjectKeyIdentifier(final X509Certificate cert, final String expected)
    throws Exception
  {
    final SubjectKeyIdentifier keyId = new ExtensionReader(cert).readSubjectKeyIdentifier();
    assertEquals(CodecUtil.hex(keyId.getKeyIdentifier(), true).toUpperCase(), expected);
  }

  @Test(dataProvider = "authority-key-id")
  public void testReadAuthorityKeyIdentifier(final X509Certificate cert, final String expected)
    throws Exception
  {
    final AuthorityKeyIdentifier keyId = new ExtensionReader(cert).readAuthorityKeyIdentifier();
    assertEquals(CodecUtil.hex(keyId.getKeyIdentifier(), true).toUpperCase(), expected);
  }

  @Test(dataProvider = "key-usage")
  public void testReadKeyUsage(final X509Certificate cert, final int expected)
    throws Exception
  {
    final KeyUsage usage = new ExtensionReader(cert).readKeyUsage();
    final byte[] bytes = usage.getBytes();
    final int result;
    if (bytes.length == 1) {
      result = bytes[0] & 0xff;
    } else {
      result = (bytes[1] & 0xff) << 8 | (bytes[0] & 0xff);
    }
    assertEquals(result, expected);
  }

  @Test(dataProvider = "extended-key-usage")
  public void testReadExtendedKeyUsage(final X509Certificate cert, final KeyPurposeId[] expected)
    throws Exception
  {
    final List<KeyPurposeId> purposes = new ExtensionReader(cert).readExtendedKeyUsage();
    assertEquals(purposes.size(), expected.length);
    for (int i = 0; i < expected.length; i++) {
      assertEquals(purposes.get(i), expected[i]);
    }
  }

  @Test(dataProvider = "crl-distribution-points")
  public void testReadCRLDistributionPoints(final X509Certificate cert, final DistributionPoint[] expected)
    throws Exception
  {
    final List<DistributionPoint> points = new ExtensionReader(cert).readCRLDistributionPoints();
    assertEquals(points.size(), expected.length);
    for (int i = 0; i < expected.length; i++) {
      assertEquals(points.get(i), expected[i]);
    }
  }

  @Test(dataProvider = "authority-information-access")
  public void testReadAuthorityInformationAccess(final X509Certificate cert, final AccessDescription[] expected)
    throws Exception
  {
    final List<AccessDescription> descriptions = new ExtensionReader(cert).readAuthorityInformationAccess();
    assertEquals(descriptions.size(), expected.length);
    for (int i = 0; i < expected.length; i++) {
      assertEquals(descriptions.get(i), expected[i]);
    }
  }

  private GeneralName uri(final String uri)
  {
    return new GeneralName(GeneralName.uniformResourceIdentifier, uri);
  }

  private GeneralName dirName(final String dn)
  {
    return new GeneralName(GeneralName.directoryName, dn);
  }
}