From d342a45d98c4795b3a3fe1aaef5236ad4a782b55 Mon Sep 17 00:00:00 2001 From: Yuuta Liang Date: Thu, 12 Oct 2023 12:10:33 +0800 Subject: Implement data structures from X.680, X.501, X.509, and PKCS#10, with X.690 encoding / decoding support The implementation took four days, and it is still a little bit rough. Updated version should arrive soon. Signed-off-by: Yuuta Liang --- src/test/model/TestConstants.java | 544 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 544 insertions(+) create mode 100644 src/test/model/TestConstants.java (limited to 'src/test/model/TestConstants.java') diff --git a/src/test/model/TestConstants.java b/src/test/model/TestConstants.java new file mode 100644 index 0000000..3356549 --- /dev/null +++ b/src/test/model/TestConstants.java @@ -0,0 +1,544 @@ +package model; + +import model.asn1.*; +import model.asn1.exceptions.ParseException; +import model.asn1.parsing.BytesReader; +import model.csr.Attribute; +import model.csr.Attributes; +import model.csr.Values; +import model.pki.AlgorithmIdentifier; +import model.pki.SubjectPublicKeyInfo; +import model.pki.cert.Extension; +import model.pki.cert.Extensions; +import model.pki.cert.TbsCertificate; +import model.pki.cert.Validity; +import model.pki.crl.CertificateListContent; +import model.pki.crl.Reason; +import model.pki.crl.RevokedCertificate; +import model.x501.AttributeTypeAndValue; +import model.x501.Name; +import model.x501.RelativeDistinguishedName; +import ui.Utils; + +import java.nio.charset.StandardCharsets; +import java.time.ZoneId; +import java.time.ZonedDateTime; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.stream.Collectors; +import java.util.stream.Stream; + +import static model.asn1.ASN1Object.TAG_SEQUENCE; +import static model.asn1.ASN1Object.TAG_SET; +import static model.asn1.ObjectIdentifier.OID_EXTENSION_REQUEST; +import static model.asn1.ObjectIdentifier.TAG; +import static org.junit.jupiter.api.Assertions.assertArrayEquals; +import static org.junit.jupiter.api.Assertions.assertEquals; + +public final class TestConstants { + // An opaque value of extended key usage block. + public static final ASN1Object EXT_KEY_USAGE; + + // Example SubjectAlternativeName request attribute. + public static final ASN1Object SAN; + + public static final Values CSR_ATTR_VALUES_2; + + public static final Attribute CSR_ATTR_2; + + public static final Byte[] CSR_ATTR_VALUES_2_DER = new Byte[]{ + 0x30, 81, // Attribute + // 1.2.840.1113549.1.9.14 + 0x06, 0x09, 0x2A, -122, 0x48, -122, -9, 0x0D, 0x01, 0x09, 0x0E, + + 0x31, 68, // Values + + 0x30, 0x1F, // SEQUENCE (AttributeValue) + 0x30, 0x1D, // SEQUENCE + 0x06, 0x03, 0x55, 0x1D, 0x25, // 2.5.29.37 extKeyUsage + 0x04, 0x16, // OCTET STRING + 0x30, 0x14, // SEQUENCE + // 1.3.6.1.5.5.7.3.1 serverAuth + 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, + // 1.3.6.1.5.5.7.3.2 clientAuth + 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, + + 0x30, 0x21, // SEQUENCE (AttributeValue) + 0x30, 0x1F, // SEQUENCE + 0x06, 0x03, 0x55, 0x1D, 0x11, // 2.5.29.17 subjectAltName + 0x04, 0x18, // OCTET STRING + 0x30, 0x16, // SEQUENCE + -126, 0x14, // [2] + 0x6C, 0x70, 0x2D, 0x62, 0x32, 0x35, 0x35, 0x2E, 0x61, // lp-b255.yuuta.moe + 0x64, 0x2E, 0x79, 0x75, 0x75, 0x74, 0x61, 0x2E, 0x6D, 0x6F, 0x65 + }; + + public static final Attribute CSR_ATTR_1; + + public static final Byte[] CSR_ATTR_1_DER = new Byte[] { + 0x30, 0x1C, + 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, -126, 0x37, 0x0D, 0x02, 0x03, 0x31, 0x0E, 0x16, + 0x0C, 0x31, 0x30, 0x2E, 0x30, 0x2E, 0x31, 0x39, 0x30, 0x34, 0x35, 0x2E, 0x32 + }; + + public static final Attributes CSR_ATTRS_2; + + public static final Byte[] L_MILANO_DER = new Byte[]{ + 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, + 0x06, 0x4D, 0x69, 0x6C, 0x61, 0x6E, 0x6F + }; + public static final RelativeDistinguishedName L_MILANO; + public static final Byte[] CN_TEST_ED25519_DER = new Byte[] { + 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, + 0x0C, 0x54, 0x65, 0x73, 0x74, 0x20, 0x65, 0x64, + 0x32, 0x35, 0x35, 0x31, 0x39, + }; + public static final RelativeDistinguishedName L_MILANO_CN_TEST_ED25519; + + // CN = yuuta + public static final RelativeDistinguishedName CN_YUUTA; + + // OU = users + public static final RelativeDistinguishedName OU_USERS; + + // C = CA + public static final RelativeDistinguishedName C_CA; + + // CN = yuuta, OU = users, C = CA + public static final Name NAME_1; + + // SN = Qwq + public static final RelativeDistinguishedName SN_QWQ; + + // O = IT + public static final RelativeDistinguishedName O_IT; + + // C = CN + public static final RelativeDistinguishedName C_CN; + + // SN = Qwq, O = IT, C = CN + public static final Name NAME_2; + + /** + * Certificate: + * Data: + * Version: 3 (0x2) + * Serial Number: + * 70:fa:0f:fa:a6:d7:f4:b4:93:05:5d:a9:d3:e4:42:a8:52:60:b3:f8 + * Signature Algorithm: ecdsa-with-SHA256 + * Issuer: CN = Yuuta Root CA, C = CA + * Validity + * Not Before: Jun 23 02:50:46 2023 GMT + * Not After : Jun 23 02:50:46 2048 GMT + * Subject: CN = Yuuta Root CA, C = CA + * Subject Public Key Info: + * Public Key Algorithm: id-ecPublicKey + * Public-Key: (256 bit) + * pub: + * ASN1 OID: prime256v1 + * NIST CURVE: P-256 + * X509v3 extensions: + * X509v3 Subject Key Identifier: + * 78:92:E0:6C:70:F5:A3:BE:02:EE:44:BA:A7:8C:DA:D6:B5:43:A7:93 + * X509v3 Authority Key Identifier: + * 78:92:E0:6C:70:F5:A3:BE:02:EE:44:BA:A7:8C:DA:D6:B5:43:A7:93 + * X509v3 Basic Constraints: critical + * CA:TRUE + * X509v3 Key Usage: critical + * Digital Signature, Certificate Sign, CRL Sign + * Signature Algorithm: ecdsa-with-SHA256 + * Signature Value: + */ + public static final String CERT_L1_ECC_PEM = + "-----BEGIN CERTIFICATE-----\n" + + "MIIBrzCCAVWgAwIBAgIUcPoP+qbX9LSTBV2p0+RCqFJgs/gwCgYIKoZIzj0EAwIw\n" + + "JTEWMBQGA1UEAwwNWXV1dGEgUm9vdCBDQTELMAkGA1UEBhMCQ0EwHhcNMjMwNjIz\n" + + "MDI1MDQ2WhcNNDgwNjIzMDI1MDQ2WjAlMRYwFAYDVQQDDA1ZdXV0YSBSb290IENB\n" + + "MQswCQYDVQQGEwJDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABB3ocbzdSHAm\n" + + "cWzdBFs/Xd4UMYs/MYAYKjPlGYYT1udIL5UVOlmN7QnkUxrzYbI1YW5mX1/PCuJl\n" + + "ZT0iKzBxLCSjYzBhMB0GA1UdDgQWBBR4kuBscPWjvgLuRLqnjNrWtUOnkzAfBgNV\n" + + "HSMEGDAWgBR4kuBscPWjvgLuRLqnjNrWtUOnkzAPBgNVHRMBAf8EBTADAQH/MA4G\n" + + "A1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgNIADBFAiAJr6S6xkgxMitFmnS/0cIu\n" + + "E7W9Ykii5d2Fe9+Lu4nL9wIhAIwHnAvZ4YzwfY6P5K4SaBwzzKPiq2zdpaXBm0lX\n" + + "qcsz\n" + + "-----END CERTIFICATE-----"; + /** + * Certificate: + * Data: + * Version: 3 (0x2) + * Serial Number: + * 3e:10:93:9d:e4:57:8d:39:87:fd:ff:42:7b:da:65:5b:1f:21:cb:07 + * Signature Algorithm: ecdsa-with-SHA512 + * Issuer: CN = Yuuta Root CA, C = CA + * Validity + * Not Before: Jun 24 00:15:22 2023 GMT + * Not After : Jun 21 00:15:22 2033 GMT + * Subject: DC = MOE, DC = YUUTA, DC = AD, CN = Yuuta Home Issuing CA + * Subject Public Key Info: + * Public Key Algorithm: rsaEncryption + * Public-Key: (4096 bit) + * Modulus: + * Exponent: 65537 (0x10001) + * X509v3 extensions: + * X509v3 Subject Key Identifier: + * B1:C2:A7:81:63:66:4B:72:0A:DD:FD:7D:20:29:BD:6B:49:09:61:C0 + * X509v3 Authority Key Identifier: + * 78:92:E0:6C:70:F5:A3:BE:02:EE:44:BA:A7:8C:DA:D6:B5:43:A7:93 + * X509v3 Basic Constraints: critical + * CA:TRUE, pathlen:0 + * X509v3 Key Usage: critical + * Digital Signature, Certificate Sign, CRL Sign + * X509v3 CRL Distribution Points: + * Full Name: + * URI:http://home.yuuta.moe/pki/rootca.crl + * Authority Information Access: + * CA Issuers - URI:http://home.yuuta.moe/pki/rootca.crt + * Signature Algorithm: ecdsa-with-SHA512 + * Signature Value: + */ + public static final String CERT_L2_RSA_PEM = + "-----BEGIN CERTIFICATE-----\n" + + "MIIEMjCCA9mgAwIBAgIUPhCTneRXjTmH/f9Ce9plWx8hywcwCgYIKoZIzj0EAwQw\n" + + "JTEWMBQGA1UEAwwNWXV1dGEgUm9vdCBDQTELMAkGA1UEBhMCQ0EwHhcNMjMwNjI0\n" + + "MDAxNTIyWhcNMzMwNjIxMDAxNTIyWjBgMRMwEQYKCZImiZPyLGQBGRYDTU9FMRUw\n" + + "EwYKCZImiZPyLGQBGRYFWVVVVEExEjAQBgoJkiaJk/IsZAEZFgJBRDEeMBwGA1UE\n" + + "AwwVWXV1dGEgSG9tZSBJc3N1aW5nIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A\n" + + "MIICCgKCAgEA2WTLz4X8B2XN/AiDJNsQQNMiBDjye/TfpbC3dLsUZr4BneH9EX+I\n" + + "lKkaoJaSIXU7iXoN43FeLX5iuoq+aj4f3x+qevWySD7xLLt8gpozN5MKBdRXtaem\n" + + "4js3Nm3YLUbjv115sddHN/3QTQXgBSUGdjyi8woL54IKdKYzB1g2Jn2Et383usMA\n" + + "yHd3gCbwszvE5jpOgBIHxZMgMnmVAQhbQNzoEDMIkwaXmSt4jwX03oigf0KAaD+a\n" + + "XIwQRl15iIDZnG6rRw6+eiIR8c+x1ot1/u5qncwNhRUtLbbX3QfBQ6D/XBSfrqmA\n" + + "zhddM/i2Qt5Iw44CcLSGujFeb9ybU7NLx02EjfQsSAUGQR4VuXyD+//FsLYkh7g3\n" + + "WmdBTWzIhVnYEU9ohTeXaZZNTp9T67czqnntFbaCdOxnwOrcmFt1v0skrHd5mHKe\n" + + "1W3OU6XOjM6vQwcwhPUUGxAXYBcqwQ84fzD26CZz5g8I8HpnpmJ+SNtFIg+SnPOs\n" + + "sslnsoeMZpDPESwORYgayXIWkglop1fYeD4/ictH4me70vOIHF9fWqI8ydHoNxuw\n" + + "uZjZDa0mQgsHTmr40NhDLP/q6MEnS2w/MwHuSd3YbhbjPWFbu0Zo7XreiRkXjRLa\n" + + "R22XkuH+FkEGB3ZxQVIkkWf1znaKQS+ZdPuTzpZph5BPL50gE58k+i0CAwEAAaOB\n" + + "4DCB3TAdBgNVHQ4EFgQUscKngWNmS3IK3f19ICm9a0kJYcAwHwYDVR0jBBgwFoAU\n" + + "eJLgbHD1o74C7kS6p4za1rVDp5MwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8B\n" + + "Af8EBAMCAYYwNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2hvbWUueXV1dGEubW9l\n" + + "L3BraS9yb290Y2EuY3JsMEAGCCsGAQUFBwEBBDQwMjAwBggrBgEFBQcwAoYkaHR0\n" + + "cDovL2hvbWUueXV1dGEubW9lL3BraS9yb290Y2EuY3J0MAoGCCqGSM49BAMEA0cA\n" + + "MEQCIHShp7SwbQ2rQC7l8u4u9rSU6Zl4DRfyor4jiHGAjm0gAiAbOHk6q+3Vm3uq\n" + + "Jj92o1yDl09pFNIryojHMDRBpHl6yQ==\n" + + "-----END CERTIFICATE-----"; + + /** + * Certificate: + * Data: + * Version: 1 (0x0) + * Serial Number: 3580 (0xdfc) + * Signature Algorithm: sha1WithRSAEncryption + * Issuer: C = JP, ST = Tokyo, L = Chuo-ku, O = Frank4DD, OU = WebCert Support, CN = Frank4DD Web CA, emailAddress = support@frank4dd.com + * Validity + * Not Before: Aug 22 05:27:41 2012 GMT + * Not After : Aug 21 05:27:41 2017 GMT + * Subject: C = JP, ST = Tokyo, O = Frank4DD, CN = www.example.com + * Subject Public Key Info: + * Public Key Algorithm: rsaEncryption + * Public-Key: (2048 bit) + * Modulus: + * Exponent: 65537 (0x10001) + * Signature Algorithm: sha1WithRSAEncryption + * Signature Value: + */ + public static final String CERT_V1_PEM = + "-----BEGIN CERTIFICATE-----\n" + + "MIIC2jCCAkMCAg38MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG\n" + + "A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE\n" + + "MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl\n" + + "YiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmcmFuazRkZC5jb20wHhcNMTIw\n" + + "ODIyMDUyNzQxWhcNMTcwODIxMDUyNzQxWjBKMQswCQYDVQQGEwJKUDEOMAwGA1UE\n" + + "CAwFVG9reW8xETAPBgNVBAoMCEZyYW5rNEREMRgwFgYDVQQDDA93d3cuZXhhbXBs\n" + + "ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0z9FeMynsC8+u\n" + + "dvX+LciZxnh5uRj4C9S6tNeeAlIGCfQYk0zUcNFCoCkTknNQd/YEiawDLNbxBqut\n" + + "bMDZ1aarys1a0lYmUeVLCIqvzBkPJTSQsCopQQ9V8WuT252zzNzs68dVGNdCJd5J\n" + + "NRQykpwexmnjPPv0mvj7i8XgG379TyW6P+WWV5okeUkXJ9eJS2ouDYdR2SM9BoVW\n" + + "+FgxDu6BmXhozW5EfsnajFp7HL8kQClI0QOc79yuKl3492rH6bzFsFn2lfwWy9ic\n" + + "7cP8EpCTeFp1tFaD+vxBhPZkeTQ1HKx6hQ5zeHIB5ySJJZ7af2W8r4eTGYzbdRW2\n" + + "4DDHCPhZAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAQMv+BFvGdMVzkQaQ3/+2noVz\n" + + "/uAKbzpEL8xTcxYyP3lkOeh4FoxiSWqy5pGFALdPONoDuYFpLhjJSZaEwuvjI/Tr\n" + + "rGhLV1pRG9frwDFshqD2Vaj4ENBCBh6UpeBop5+285zQ4SI7q4U9oSebUDJiuOx6\n" + + "+tZ9KynmrbJpTSi0+BM=\n" + + "-----END CERTIFICATE-----"; + + public static final Byte[] CERT_L1_ECC; + public static final Byte[] CERT_L2_RSA; + public static final Byte[] CERT_V1; + + public static final ZonedDateTime NOW = ZonedDateTime.now(ZoneId.of("UTC")); + public static final TbsCertificate CERT_GENERATED; + + public static final RevokedCertificate REVOKED_CESSATION; + public static final Byte[] REVOKED_CESSATION_DER; + public static final RevokedCertificate REVOKED_KEY_COMPROMISE; + public static final Byte[] REVOKED_KEY_COMPROMISE_DER; + public static final CertificateListContent CRL_CONTENT_1; + public static final Byte[] CRL_CONTENT_1_DER; + public static final CertificateListContent CRL_CONTENT_2; + public static final Byte[] CRL_CONTENT_2_DER; + + static { + try { + EXT_KEY_USAGE = ASN1Object.parse(new BytesReader(new Byte[]{ + 0x30, 0x1F, // SEQUENCE (AttributeValue) + 0x30, 0x1D, // SEQUENCE + 0x06, 0x03, 0x55, 0x1D, 0x25, // 2.5.29.37 extKeyUsage + 0x04, 0x16, // OCTET STRING + 0x30, 0x14, // SEQUENCE + // 1.3.6.1.5.5.7.3.1 serverAuth + 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, + // 1.3.6.1.5.5.7.3.2 clientAuth + 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02 + }), false); + + SAN = ASN1Object.parse(new BytesReader(new Byte[]{ + 0x30, 0x21, // SEQUENCE (AttributeValue) + 0x30, 0x1F, // SEQUENCE + 0x06, 0x03, 0x55, 0x1D, 0x11, // 2.5.29.17 subjectAltName + 0x04, 0x18, // OCTET STRING + 0x30, 0x16, // SEQUENCE + -126, 0x14, // [2] + 0x6C, 0x70, 0x2D, 0x62, 0x32, 0x35, 0x35, 0x2E, 0x61, // lp-b255.yuuta.moe + 0x64, 0x2E, 0x79, 0x75, 0x75, 0x74, 0x61, 0x2E, 0x6D, 0x6F, 0x65 + }), false); + + CSR_ATTR_VALUES_2 = new Values(TAG_SET, null, new ASN1Object[]{ + EXT_KEY_USAGE, + SAN + }); + + CSR_ATTR_2 = new Attribute( + ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, OID_EXTENSION_REQUEST), + CSR_ATTR_VALUES_2); + + CSR_ATTR_1 = new Attribute( + TAG_SEQUENCE, null, + new ObjectIdentifier(TAG, null, new Integer[]{ 1, 3, 6, 1, 4, 1, 311, 13, 2, 3 }), + new Values(TAG_SET, null, new ASN1Object[]{ + new IA5String(IA5String.TAG, null, "10.0.19045.2") + }) + ); + + CSR_ATTRS_2 = new Attributes(TAG_SET, null, new Attribute[]{ + CSR_ATTR_2, CSR_ATTR_1 + }); + + // L = Milano + L_MILANO = new RelativeDistinguishedName(TAG_SET, null, + new AttributeTypeAndValue[]{ + new AttributeTypeAndValue(TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_L), + new PrintableString(PrintableString.TAG, null, "Milano")) + }); + // CN = Test ed25519+L = Milano + L_MILANO_CN_TEST_ED25519 = new RelativeDistinguishedName(TAG_SET, null, + new AttributeTypeAndValue[]{ + new AttributeTypeAndValue(TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_CN), + new UTF8String(UTF8String.TAG, null, "Test ed25519")), + new AttributeTypeAndValue(TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_L), + new UTF8String(UTF8String.TAG, null, "Milano")) + }); + + CN_YUUTA = new RelativeDistinguishedName(ASN1Object.TAG_SET, null, new AttributeTypeAndValue[]{ + new AttributeTypeAndValue(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_CN), + new PrintableString(PrintableString.TAG, null, "yuuta")) + }); + OU_USERS = new RelativeDistinguishedName(ASN1Object.TAG_SET, null, new AttributeTypeAndValue[]{ + new AttributeTypeAndValue(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_OU), + new PrintableString(PrintableString.TAG, null, "users")) + }); + C_CA = new RelativeDistinguishedName(ASN1Object.TAG_SET, null, new AttributeTypeAndValue[]{ + new AttributeTypeAndValue(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_C), + new PrintableString(PrintableString.TAG, null, "CA")) + }); + NAME_1 = new Name(ASN1Object.TAG_SEQUENCE, null, new RelativeDistinguishedName[]{ + CN_YUUTA, OU_USERS, C_CA + }); + + SN_QWQ = new RelativeDistinguishedName(ASN1Object.TAG_SET, null, new AttributeTypeAndValue[]{ + new AttributeTypeAndValue(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_SN), + new PrintableString(PrintableString.TAG, null, "Qwq")) + }); + O_IT = new RelativeDistinguishedName(ASN1Object.TAG_SET, null, new AttributeTypeAndValue[]{ + new AttributeTypeAndValue(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_O), + new PrintableString(PrintableString.TAG, null, "IT")) + }); + C_CN = new RelativeDistinguishedName(ASN1Object.TAG_SET, null, new AttributeTypeAndValue[]{ + new AttributeTypeAndValue(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_C), + new PrintableString(PrintableString.TAG, null, "CN")) + }); + NAME_2 = new Name(ASN1Object.TAG_SEQUENCE, null, new RelativeDistinguishedName[]{ + SN_QWQ, O_IT, C_CN + }); + + CERT_L1_ECC = Utils.parsePEM(Utils.byteToByte(CERT_L1_ECC_PEM.getBytes(StandardCharsets.UTF_8)), + "CERTIFICATE"); + CERT_L2_RSA = Utils.parsePEM(Utils.byteToByte(CERT_L2_RSA_PEM.getBytes(StandardCharsets.UTF_8)), + "CERTIFICATE"); + CERT_V1 = Utils.parsePEM(Utils.byteToByte(CERT_V1_PEM.getBytes(StandardCharsets.UTF_8)), + "CERTIFICATE"); + + CERT_GENERATED = new TbsCertificate(ASN1Object.TAG_SEQUENCE, null, + new Int(Int.TAG, new Tag(TagClass.CONTEXT_SPECIFIC, false, 0), TbsCertificate.VERSION_V3), + new Int(Int.TAG, null, 100), + new AlgorithmIdentifier(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_RSA_ENCRYPTION), + new Null(Null.TAG, null)), + new Name(ASN1Object.TAG_SEQUENCE, null, new RelativeDistinguishedName[]{ + new RelativeDistinguishedName(ASN1Object.TAG_SET, null, new AttributeTypeAndValue[]{ + new AttributeTypeAndValue(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, + ObjectIdentifier.OID_CN), + new PrintableString(PrintableString.TAG, null, "Test CA")) + }), + new RelativeDistinguishedName(ASN1Object.TAG_SET, null, new AttributeTypeAndValue[]{ + new AttributeTypeAndValue(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, + ObjectIdentifier.OID_C), + new PrintableString(PrintableString.TAG, null, "CA")) + }) + }), + new Validity(ASN1Object.TAG_SEQUENCE, null, + new UtcTime(UtcTime.TAG, null, NOW), + new GeneralizedTime(GeneralizedTime.TAG, null, NOW.plusYears(1))), + new Name(ASN1Object.TAG_SEQUENCE, null, new RelativeDistinguishedName[]{ + new RelativeDistinguishedName(ASN1Object.TAG_SET, null, new AttributeTypeAndValue[]{ + new AttributeTypeAndValue(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, + ObjectIdentifier.OID_CN), + new PrintableString(PrintableString.TAG, null, "Yuuta Liang")) + }), + new RelativeDistinguishedName(ASN1Object.TAG_SET, null, new AttributeTypeAndValue[]{ + new AttributeTypeAndValue(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, + ObjectIdentifier.OID_C), + new PrintableString(PrintableString.TAG, null, "CA")) + }) + }), + new SubjectPublicKeyInfo(ASN1Object.TAG_SEQUENCE, null, + new AlgorithmIdentifier(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, + ObjectIdentifier.OID_EC_PUBLIC_KEY), + new ObjectIdentifier(ObjectIdentifier.TAG, null, + ObjectIdentifier.OID_PRIME256_V1)), + new BitString(BitString.TAG, null, 0, new Byte[]{ 1, 2, 3 })), + new Extensions(ASN1Object.TAG_SEQUENCE, + new Tag(TagClass.CONTEXT_SPECIFIC, false, 3), + new Extension[]{ + new Extension(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, + ObjectIdentifier.OID_BASIC_CONSTRAINTS), + new Bool(Bool.TAG, null, true), + new OctetString(OctetString.TAG, null, + new Byte[]{ 0x30, 0x06, 0x01, 0x01, -1, 0x02, 0x01, 0x00 })), + new Extension(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, + ObjectIdentifier.OID_KEY_USAGE), + new Bool(Bool.TAG, null, true), + new OctetString(OctetString.TAG, null, + new Byte[]{ 0x03, 0x02, 0x01, -122 })) + })); + + REVOKED_CESSATION = + new RevokedCertificate(ASN1Object.TAG_SEQUENCE, null, + new Int(Int.TAG, null, 123), + new UtcTime(UtcTime.TAG, null, ZonedDateTime.now(ZoneId.of("UTC"))), + Reason.CESSATION_OF_OPERATION); + REVOKED_KEY_COMPROMISE = + new RevokedCertificate(ASN1Object.TAG_SEQUENCE, null, + new Int(Int.TAG, null, 2), + new UtcTime(UtcTime.TAG, null, ZonedDateTime.now(ZoneId.of("UTC"))), + Reason.KEY_COMPROMISE); + REVOKED_CESSATION_DER = combine((byte) 0x30, + REVOKED_CESSATION.getSerialNumber().encodeDER(), + REVOKED_CESSATION.getRevocationDate().encodeDER(), + combine((byte) 0x30, + combine((byte) 0x30, + new ObjectIdentifier(ObjectIdentifier.TAG, null, + ObjectIdentifier.OID_CRL_REASON).encodeDER(), + new OctetString(OctetString.TAG, null, + new Byte[]{ 0x0A, 0x01, (byte) Reason.CESSATION_OF_OPERATION.getVal() }) + .encodeDER()))); + REVOKED_KEY_COMPROMISE_DER = combine((byte) 0x30, + REVOKED_KEY_COMPROMISE.getSerialNumber().encodeDER(), + REVOKED_KEY_COMPROMISE.getRevocationDate().encodeDER(), + combine((byte) 0x30, + combine((byte) 0x30, + new ObjectIdentifier(ObjectIdentifier.TAG, null, + ObjectIdentifier.OID_CRL_REASON).encodeDER(), + new OctetString(OctetString.TAG, null, + new Byte[]{ 0x0A, 0x01, (byte) Reason.KEY_COMPROMISE.getVal() }) + .encodeDER()))); + CRL_CONTENT_1 = + new CertificateListContent(ASN1Object.TAG_SEQUENCE, null, + new Name(ASN1Object.TAG_SEQUENCE, null, + new RelativeDistinguishedName[]{ + new RelativeDistinguishedName(ASN1Object.TAG_SET, null, + new AttributeTypeAndValue[]{ + new AttributeTypeAndValue(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, + ObjectIdentifier.OID_CN), + new PrintableString(PrintableString.TAG, null, + "Test CA")) + }) + }), + new AlgorithmIdentifier(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, + ObjectIdentifier.OID_SHA256_WITH_RSA_ENCRYPTION), + new Null(Null.TAG, null)), + new GeneralizedTime(GeneralizedTime.TAG, null, + ZonedDateTime.now(ZoneId.of("UTC"))), + null, + new RevokedCertificate[]{ + TestConstants.REVOKED_CESSATION, + TestConstants.REVOKED_KEY_COMPROMISE + }); + CRL_CONTENT_1_DER = combine((byte) 0x30, CRL_CONTENT_1.getVersion().encodeDER(), + CRL_CONTENT_1.getIssuer().encodeDER(), + CRL_CONTENT_1.getSignature().encodeDER(), + CRL_CONTENT_1.getThisUpdate().encodeDER(), + combine((byte) 0x30, REVOKED_CESSATION_DER, REVOKED_KEY_COMPROMISE_DER)); + CRL_CONTENT_2 = new CertificateListContent(CRL_CONTENT_1.getTag(), CRL_CONTENT_1.getParentTag(), + CRL_CONTENT_1.getIssuer(), + CRL_CONTENT_1.getSignature(), + CRL_CONTENT_1.getThisUpdate(), + CRL_CONTENT_1.getThisUpdate(), + CRL_CONTENT_1.getRevokedCertificates()); + CRL_CONTENT_2_DER = combine((byte) 0x30, CRL_CONTENT_2.getVersion().encodeDER(), + CRL_CONTENT_2.getIssuer().encodeDER(), + CRL_CONTENT_2.getSignature().encodeDER(), + CRL_CONTENT_2.getThisUpdate().encodeDER(), + CRL_CONTENT_2.getNextUpdate().encodeDER(), + combine((byte) 0x30, REVOKED_CESSATION_DER, REVOKED_KEY_COMPROMISE_DER)); + } catch (ParseException e) { + throw new RuntimeException(e); + } + } + + public static Byte[] mutate(Byte[] in, int i, int from, int to) { + Byte[] b = new Byte[in.length]; + System.arraycopy(in, 0, b, 0, in.length); + assertEquals(from, (int) in[i]); + b[i] = (byte) to; + return b; + } + + public static Byte[] combine(Byte tag, Byte[]... vals) { + return Stream.of(Collections.singletonList(tag), + Arrays.asList(new ASN1Length(Arrays.stream(vals).mapToInt(b -> b.length).sum()).encodeDER()), + Arrays.stream(vals).flatMap(Arrays::stream).collect(Collectors.toList())) + .flatMap(Collection::stream) + .toArray(Byte[]::new); + } +} -- cgit v1.2.3