From 0bcc057e741af3fbc108f42b75f9d42f48f6a51e Mon Sep 17 00:00:00 2001
From: Yuuta Liang <yuutaw@students.cs.ubc.ca>
Date: Sat, 14 Oct 2023 05:12:06 +0800
Subject: Implement the CA

Signed-off-by: Yuuta Liang <yuutaw@students.cs.ubc.ca>
---
 src/test/model/ca/CACertificateTest.java | 178 +++++++++++++++++++++++++++++++
 1 file changed, 178 insertions(+)
 create mode 100644 src/test/model/ca/CACertificateTest.java

(limited to 'src/test/model/ca/CACertificateTest.java')

diff --git a/src/test/model/ca/CACertificateTest.java b/src/test/model/ca/CACertificateTest.java
new file mode 100644
index 0000000..4db7bf4
--- /dev/null
+++ b/src/test/model/ca/CACertificateTest.java
@@ -0,0 +1,178 @@
+package model.ca;
+
+import model.TestConstants;
+import model.asn1.ASN1Object;
+import model.asn1.ObjectIdentifier;
+import model.asn1.UtcTime;
+import model.asn1.parsing.BytesReader;
+import model.csr.CertificationRequest;
+import model.csr.CertificationRequestInfo;
+import model.pki.cert.Certificate;
+import model.pki.crl.Reason;
+import model.pki.crl.RevokedCertificate;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import ui.Utils;
+
+import java.nio.charset.StandardCharsets;
+import java.time.ZoneId;
+import java.time.ZonedDateTime;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+public class CACertificateTest {
+    private static final String CA = "-----BEGIN CERTIFICATE-----\n" +
+            "MIIC3zCCAoagAwIBAgIUWcL8J0hbxGSffN0fR76j8TlGxJswCgYIKoZIzj0EAwQw\n" +
+            "JDEVMBMGA1UEAwwMVGVzdCBSb290IENBMQswCQYDVQQGEwJDQTAeFw0yMzEwMTMw\n" +
+            "MTQ3MzFaFw0zMzEwMTAwMTQ3MzFaMA4xDDAKBgNVBAMTA0pDQTCCASIwDQYJKoZI\n" +
+            "hvcNAQEBBQADggEPADCCAQoCggEBAINbCR88MTUsx/poxNzXxN1aWt/DkkFrRA3r\n" +
+            "dHmLXQLjopULgHIJTshSq2jDe1QEYJ0Nrj9U9YclmxkWO0HvzedmTyl0YzAhPJXj\n" +
+            "HUK0T9sYSg+eE4WI03yuy7lGBJLUl9VEBR0JEZdy/mT5CRW44ryGGeeBNK3fqQrk\n" +
+            "5Rm9/wY5M2cKjYmvyp5D8E+HEd+FXNreO+r9pWpKSajPn+B6OwFUUESbRf8iWiF4\n" +
+            "v6ZLXDOBCEHFZcd2lTVHExuE+V3eDG3evn8HV5SB7FzRDZBV2Jz0Pfiqu2WlH4r8\n" +
+            "c1804G4WCjQlSX4bPs7994+KjUoFC95r40vexi2O9mVIIEF4LtkCAwEAAaOB4DCB\n" +
+            "3TAdBgNVHQ4EFgQU+c9PnChWwj4sWHFMN/dikzOS5o8wHwYDVR0jBBgwFoAUba4m\n" +
+            "yCy2hdnsc6Hhw4m8dvIbit0wEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E\n" +
+            "BAMCAYYwNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2hvbWUueXV1dGEubW9lL3Br\n" +
+            "aS9yb290Y2EuY3JsMEAGCCsGAQUFBwEBBDQwMjAwBggrBgEFBQcwAoYkaHR0cDov\n" +
+            "L2hvbWUueXV1dGEubW9lL3BraS9yb290Y2EuY3J0MAoGCCqGSM49BAMEA0cAMEQC\n" +
+            "IETA9hpUnbrWpLfu2HUWr9UQC273jyg/nt30rJ96PNS+AiAsNzbKVyBpkG41Hf1/\n" +
+            "+355E7vortNonvf0DDGJZjC7MA==\n" +
+            "-----END CERTIFICATE-----";
+
+    private static final String CSR = "-----BEGIN CERTIFICATE REQUEST-----\n" +
+            "MIIEZjCCAk4CAQAwITELMAkGA1UEBhMCQ0ExEjAQBgNVBAMMCVRlc3QgTGVhZjCC\n" +
+            "AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYDEoMbxZEuerV5G9IXUXfe\n" +
+            "UB3u3Yf4b9QI7ewea3Vw04eS/XY4J/KC58OAKc+/3B0Vjghza1+bMalkdFHuIYls\n" +
+            "/57wbmKIoRSZouma31gHJATWPdDpzcAeZVGRfqfniw3dDfVpIea5gi63gmTFGD7l\n" +
+            "rmdn5BhQBijWXQY5gD52vGmnalqPBBL+HXgynYiTxmoGI/UNW16V1k8OTnT2F3kt\n" +
+            "OES+5/mu2r4c7fExmkh64wXYqL2EUvh7xvd4KKIh05Bsl5J2G0Lkl1gh89FJHOVW\n" +
+            "5+jrMku1wU4KBSZWNvxgcSgfKOI3IAx6iqxflhb7FKK3VTYZ7zJ/cAhaJvv1gJ7N\n" +
+            "S5AlxsFxMRMgLoFtad9Qk5wH+wX+9Ozf7jNoWZQnLgzfr7CdvjBPmYR/THg0OWFS\n" +
+            "0bkr20G8lMvtGMbmjN6Ot70KzYCIDjaCV5sX60i76p7rSheibgCslO49cRU7G266\n" +
+            "HB1GXZNQbT3xBzoaVN9B5uQnL8tUnTn0PsQ4KN2MKIfQt+IO0yesBI7yjXRHSOJX\n" +
+            "WmbZnrojfYbyAWPBKXnQ4vFcqBdXIXGuI4f67Y8BBuJjV9FOUxcCu++ypP2RtS8h\n" +
+            "sly2wgtRwPCN7BbLOY9A7qm821DJ3MneHKloGodNvcBvq9VLcwFA9QFX5tgnETV8\n" +
+            "4oc0VHxaiB7zuNchjINFAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAiRKUSg4m\n" +
+            "i+qozc3Nx80LfCO9b4+oWp7/bcv0fUADfet7nsobwY8Y6INYMEs6aBNnj2ofFmEd\n" +
+            "Kup3VHh3vce7Grwkn0MWXKRdCbsLVJ5joWixxxbCDgiRZLYDVlhnU7ZFm3mxmC4l\n" +
+            "KfKMiHfW833gnemQYRAyamDErKgPV8O9spm0TLj2nLllcA5ugR98kh9TnvnQqRdq\n" +
+            "dO0ic8C2OECRPV9OVmP13qXiVJRApWYBrw+WJT+sz3LRGfQMIzaTPYWen0dd8+iG\n" +
+            "HhJot7DNbdLMf6jtWXazrsmUhjjgr5KHMZdOWcbqBCRZkVTkf1HfoRbBTt/wEkBX\n" +
+            "fJrXVpGbA7H7xXDXKFVUM19q7JJr9M5CfAvCtUGg/UnqfhDnqsFHgQqro21YwNQP\n" +
+            "/bahU44eNoz8RUiyDEKUW9ginyd0zc3aSAkd98r5u1+tOTmU0KeIr3yc0P+tKxgB\n" +
+            "bAQaKrXMlLwSHHHutEkJH2KtwKx8w66VtpYtkggfTic1ae6EoVV5LpLHIlZmRMdg\n" +
+            "CDUatEdRweCdtO0TTR7ik8wMzs6GxAVDfTMaQ41Ks8OBnmLDZQTdRfssm2u6jYut\n" +
+            "DQxdF5LWe8RVlkEHB2KZJg2fWZ8bjEWr3DkCvnxRlK4Tabo5/mlymjVxTRxxRoGR\n" +
+            "TXU09TZASjVPzxKIyZbhgNqQvkZl2/hSCE8=\n" +
+            "-----END CERTIFICATE REQUEST-----";
+
+    private CACertificate ca;
+
+    @BeforeEach
+    void setup() {
+        ca = new CACertificate();
+    }
+
+    @Test
+    void testConstructor() {
+        assertNull(ca.getPublicKey());
+        assertNull(ca.getCertificate());
+        assertEquals(1, ca.getSerial());
+        assertEquals(0, ca.getSigned().size());
+        assertEquals(0, ca.getRevoked().size());
+    }
+
+    @Test
+    void testGenerateKey() throws Throwable {
+        ca.generateKey();
+        assertNotNull(ca.getPublicKey());
+    }
+
+    @Test
+    void testInstallCertificate() throws Throwable {
+        ca.generateKey();
+        ca.installCertificate(new Certificate(new BytesReader(TestConstants.CERT_L2_RSA), false));
+        assertNotNull(ca.getCertificate());
+    }
+
+    @Test
+    void testSignCSR() throws Throwable {
+        ca.generateKey();
+        CertificationRequest req = ca.signCSR();
+        assertArrayEquals(ObjectIdentifier.OID_SHA256_WITH_RSA_ENCRYPTION,
+                req.getSignatureAlgorithm().getType().getInts());
+        assertEquals("CN=JCA", req.getCertificationRequestInfo().getSubject().toString());
+        assertArrayEquals(ObjectIdentifier.OID_RSA_ENCRYPTION, req.getCertificationRequestInfo().getSubjectPKInfo()
+                .getAlgorithm().getType().getInts());
+    }
+
+    @Test
+    void testGetCAPublicKeyInfo() throws Throwable {
+        ca.generateKey();
+        ca.installCertificate(new Certificate(new BytesReader(Utils.parsePEM(
+                Utils.byteToByte(CA.getBytes(StandardCharsets.UTF_8)), "CERTIFICATE")), false));
+        assertArrayEquals(ObjectIdentifier.OID_RSA_ENCRYPTION,
+                ca.getCAPublicKeyInfo().getAlgorithm().getType().getInts());
+    }
+
+    @Test
+    void testSignCert() throws Throwable {
+        ca.generateKey();
+        ca.installCertificate(new Certificate(new BytesReader(Utils.parsePEM(
+                Utils.byteToByte(CA.getBytes(StandardCharsets.UTF_8)), "CERTIFICATE")), false));
+        CertificationRequestInfo req = new CertificationRequest(new BytesReader(Utils.parsePEM(
+                Utils.byteToByte(CSR.getBytes(StandardCharsets.UTF_8)), "CERTIFICATE REQUEST")),
+                false).getCertificationRequestInfo();
+        Template template = new Template("123", true, null, 60);
+        Certificate cert = ca.signCert(req, template);
+        assertEquals(req.getSubject().toString(), cert.getCertificate().getSubject().toString());
+        assertEquals(60,
+                cert.getCertificate().getValidity().getNotAfter().getTimestamp().getDayOfYear()
+                        - cert.getCertificate().getValidity().getNotBefore().getTimestamp().getDayOfYear());
+        assertEquals(1, ca.getSigned().size());
+
+        template = new Template("123", true, null, 60);
+        template.setSubject("Test Test");
+        cert = ca.signCert(req, template);
+        assertEquals(60,
+                cert.getCertificate().getValidity().getNotAfter().getTimestamp().getDayOfYear()
+                        - cert.getCertificate().getValidity().getNotBefore().getTimestamp().getDayOfYear());
+        assertEquals(template.getSubject().toString(), cert.getCertificate().getSubject().toString());
+        assertEquals(2, ca.getSigned().size());
+    }
+
+    @Test
+    void testRevoke() throws Throwable {
+        ca.generateKey();
+        ca.installCertificate(new Certificate(new BytesReader(Utils.parsePEM(
+                Utils.byteToByte(CA.getBytes(StandardCharsets.UTF_8)), "CERTIFICATE")), false));
+        CertificationRequestInfo req = new CertificationRequest(new BytesReader(Utils.parsePEM(
+                Utils.byteToByte(CSR.getBytes(StandardCharsets.UTF_8)), "CERTIFICATE REQUEST")),
+                false).getCertificationRequestInfo();
+        Template template = new Template("123", true, null, 60);
+        Certificate cert = ca.signCert(req, template);
+        ca.revoke(new RevokedCertificate(ASN1Object.TAG_SEQUENCE, null,
+                cert.getCertificate().getSerialNumber(),
+                new UtcTime(UtcTime.TAG, null, ZonedDateTime.now(ZoneId.of("UTC"))),
+                Reason.KEY_COMPROMISE));
+        assertEquals(1, ca.getRevoked().size());
+    }
+
+    @Test
+    void testSignCRL() throws Throwable {
+        ca.generateKey();
+        ca.installCertificate(new Certificate(new BytesReader(Utils.parsePEM(
+                Utils.byteToByte(CA.getBytes(StandardCharsets.UTF_8)), "CERTIFICATE")), false));
+        CertificationRequestInfo req = new CertificationRequest(new BytesReader(Utils.parsePEM(
+                Utils.byteToByte(CSR.getBytes(StandardCharsets.UTF_8)), "CERTIFICATE REQUEST")),
+                false).getCertificationRequestInfo();
+        Template template = new Template("123", true, null, 60);
+        Certificate cert = ca.signCert(req, template);
+        ca.revoke(new RevokedCertificate(ASN1Object.TAG_SEQUENCE, null,
+                cert.getCertificate().getSerialNumber(),
+                new UtcTime(UtcTime.TAG, null, ZonedDateTime.now(ZoneId.of("UTC"))),
+                Reason.KEY_COMPROMISE));
+        assertEquals(1, ca.signCRL().getCrl().getRevokedCertificates().length);
+    }
+}
-- 
cgit v1.2.3