From d342a45d98c4795b3a3fe1aaef5236ad4a782b55 Mon Sep 17 00:00:00 2001 From: Yuuta Liang Date: Thu, 12 Oct 2023 12:10:33 +0800 Subject: Implement data structures from X.680, X.501, X.509, and PKCS#10, with X.690 encoding / decoding support The implementation took four days, and it is still a little bit rough. Updated version should arrive soon. Signed-off-by: Yuuta Liang --- src/test/model/pki/cert/CertificateTest.java | 81 +++++++++++ src/test/model/pki/cert/ExtensionTest.java | 118 +++++++++++++++ src/test/model/pki/cert/ExtensionsTest.java | 112 +++++++++++++++ src/test/model/pki/cert/TbsCertificateTest.java | 184 ++++++++++++++++++++++++ src/test/model/pki/cert/ValidityTest.java | 118 +++++++++++++++ 5 files changed, 613 insertions(+) create mode 100644 src/test/model/pki/cert/CertificateTest.java create mode 100644 src/test/model/pki/cert/ExtensionTest.java create mode 100644 src/test/model/pki/cert/ExtensionsTest.java create mode 100644 src/test/model/pki/cert/TbsCertificateTest.java create mode 100644 src/test/model/pki/cert/ValidityTest.java (limited to 'src/test/model/pki/cert') diff --git a/src/test/model/pki/cert/CertificateTest.java b/src/test/model/pki/cert/CertificateTest.java new file mode 100644 index 0000000..70564fc --- /dev/null +++ b/src/test/model/pki/cert/CertificateTest.java @@ -0,0 +1,81 @@ +package model.pki.cert; + +import model.TestConstants; +import model.asn1.*; +import model.asn1.exceptions.ParseException; +import model.asn1.parsing.BytesReader; +import model.csr.CertificationRequest; +import model.csr.CertificationRequestInfo; +import model.csr.CertificationRequestInfoTest; +import model.pki.AlgorithmIdentifier; +import model.pki.SubjectPublicKeyInfo; +import org.junit.jupiter.api.Test; + +import java.util.Arrays; +import java.util.Collection; +import java.util.stream.Stream; + +import static model.TestConstants.mutate; +import static org.junit.jupiter.api.Assertions.*; + +public class CertificateTest { + @Test + void testConstructor() { + final Certificate certificate = new Certificate(ASN1Object.TAG_SEQUENCE, null, + TestConstants.CERT_GENERATED, + new AlgorithmIdentifier(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_RSA_ENCRYPTION), + new Null(Null.TAG, null)), + new BitString(BitString.TAG, null, 0, new Byte[]{ 1, 2, 3 })); + + assertEquals(TbsCertificate.VERSION_V3, + certificate.getCertificate().getVersion().getLong()); + assertArrayEquals(ObjectIdentifier.OID_RSA_ENCRYPTION, + certificate.getSignatureAlgorithm().getType().getInts()); + assertArrayEquals(new Byte[]{ 1, 2, 3 }, + certificate.getSignature().getConvertedVal()); + } + + @Test + void testParse() throws ParseException { + Certificate parsed = new Certificate(new BytesReader(TestConstants.CERT_L2_RSA), false); + assertEquals(TbsCertificate.VERSION_V3, + parsed.getCertificate().getVersion().getLong()); + assertArrayEquals(ObjectIdentifier.OID_ECDSA_WITH_SHA512, parsed.getSignatureAlgorithm().getType().getInts()); + assertNull(parsed.getSignatureAlgorithm().getParameters()); + assertEquals(70, parsed.getSignature().getVal().length); + + parsed = new Certificate(new BytesReader(TestConstants.CERT_L1_ECC), false); + assertEquals(TbsCertificate.VERSION_V3, + parsed.getCertificate().getVersion().getLong()); + assertArrayEquals(ObjectIdentifier.OID_ECDSA_WITH_SHA256, parsed.getSignatureAlgorithm().getType().getInts()); + assertNull(parsed.getSignatureAlgorithm().getParameters()); + assertEquals(71, parsed.getSignature().getVal().length); + } + + @Test + void testParseFail() { + // Incorrect certificate tag + assertThrows(ParseException.class, () -> + new Certificate(new BytesReader(mutate(TestConstants.CERT_L1_ECC, 4, 0x30, 0x31)), false) + ); + // Incorrect signatureAlgorithm tag + assertThrows(ParseException.class, () -> + new Certificate(new BytesReader(mutate(TestConstants.CERT_L1_ECC, 349, 0x30, 0x31)), false) + ); + // Incorrect signature tag + assertThrows(ParseException.class, () -> + new Certificate(new BytesReader(mutate(TestConstants.CERT_L1_ECC, 361, 0x3, 0x5)), false) + ); + } + + @Test + void testEncode() throws ParseException { + assertArrayEquals(TestConstants.CERT_V1, + new Certificate(new BytesReader(TestConstants.CERT_V1), false).encodeDER()); + assertArrayEquals(TestConstants.CERT_L1_ECC, + new Certificate(new BytesReader(TestConstants.CERT_L1_ECC), false).encodeDER()); + assertArrayEquals(TestConstants.CERT_L2_RSA, + new Certificate(new BytesReader(TestConstants.CERT_L2_RSA), false).encodeDER()); + } +} diff --git a/src/test/model/pki/cert/ExtensionTest.java b/src/test/model/pki/cert/ExtensionTest.java new file mode 100644 index 0000000..06561ba --- /dev/null +++ b/src/test/model/pki/cert/ExtensionTest.java @@ -0,0 +1,118 @@ +package model.pki.cert; + +import model.asn1.ASN1Object; +import model.asn1.Bool; +import model.asn1.ObjectIdentifier; +import model.asn1.OctetString; +import model.asn1.exceptions.ParseException; +import model.asn1.parsing.BytesReader; +import org.junit.jupiter.api.Test; + +import static org.junit.jupiter.api.Assertions.*; + +public class ExtensionTest { + static final Byte[] EXT_SUBJECT_KEY_ID = new Byte[] { + 0x30, 0x1D, // SEQUENCE Extension + 0x06, 0x03, 0x55, 0x1D, 0x0E, // OID subjectKeyIdentifier + 0x04, 0x16, // OCTET STRING + 0x04, 0x14, -79, -62, -89, -127, 0x63, 0x66, + 0x4B, 0x72, 0x0A, -35, -3, 0x7D, 0x20, 0x29, + -67, 0x6B, 0x49, 0x09, 0x61, -64 + }; + + static final Byte[] EXT_KEY_USAGE = new Byte[] { + 0x30, 0x0E, // SEQUENCE Extension + 0x06, 0x03, 0x55, 0x1D, 0x0F, // OID keyUsage + 0x01, 0x01, -1, // BOOLEAN critical + 0x04, 0x04, // OCTET STRING + 0x03, 0x02, 0x01, -122 + }; + + @Test + void testConstructor() throws ParseException { + final Extension ext = new Extension(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_BASIC_CONSTRAINTS), + new Bool(Bool.TAG, null, true), + new OctetString(OctetString.TAG, null, new Byte[]{ 0x30, 0x03, 0x01, 0x01, -1 })); + assertArrayEquals(ObjectIdentifier.OID_BASIC_CONSTRAINTS, ext.getExtnId().getInts()); + assertTrue(ext.getCritical().getValue()); + assertArrayEquals(new Byte[]{ 0x30, 0x03, 0x01, 0x01, -1 }, ext.getExtnValue().getBytes()); + } + + @Test + void testParse() throws ParseException { + Extension parsed = new Extension(new BytesReader(EXT_SUBJECT_KEY_ID), false); + assertArrayEquals(ObjectIdentifier.OID_SUBJECT_KEY_IDENTIFIER, parsed.getExtnId().getInts()); + assertNull(parsed.getCritical()); + assertArrayEquals(new Byte[] { + 0x04, 0x14, -79, -62, -89, -127, 0x63, 0x66, + 0x4B, 0x72, 0x0A, -35, -3, 0x7D, 0x20, 0x29, + -67, 0x6B, 0x49, 0x09, 0x61, -64 + }, parsed.getExtnValue().getBytes()); + + parsed = new Extension(new BytesReader(EXT_KEY_USAGE), false); + assertArrayEquals(ObjectIdentifier.OID_KEY_USAGE, parsed.getExtnId().getInts()); + assertTrue(parsed.getCritical().getValue()); + assertArrayEquals(new Byte[] { + 0x03, 0x02, 0x01, -122 + }, parsed.getExtnValue().getBytes()); + } + + @Test + void testParseFail() throws ParseException { + // Too short (no ID) + assertThrows(ParseException.class, () -> new Extension(new BytesReader(new Byte[]{ + 0x30, 0x00 + }), false)); + // Wrong ID tag + assertThrows(ParseException.class, () -> new Extension(new BytesReader(new Byte[]{ + 0x30, 0x0E, // SEQUENCE Extension + 0x07, 0x03, 0x55, 0x1D, 0x0F, // OID keyUsage + 0x01, 0x01, -1, // BOOLEAN critical + 0x04, 0x04, // OCTET STRING + 0x03, 0x02, 0x01, -122 + }), false)); + // Wrong critical tag (neither bool nor sequence) + assertThrows(ParseException.class, () -> new Extension(new BytesReader(new Byte[]{ + 0x30, 0x0E, // SEQUENCE Extension + 0x06, 0x03, 0x55, 0x1D, 0x0F, // OID keyUsage + 0x05, 0x01, -1, // BOOLEAN critical + 0x04, 0x04, // OCTET STRING + 0x03, 0x02, 0x01, -122 + }), false)); + // Critical and wrong value tag + assertThrows(ParseException.class, () -> new Extension(new BytesReader(new Byte[]{ + 0x30, 0x0E, // SEQUENCE Extension + 0x06, 0x03, 0x55, 0x1D, 0x0F, // OID keyUsage + 0x01, 0x01, -1, // BOOLEAN critical + 0x09, 0x04, // OCTET STRING + 0x03, 0x02, 0x01, -122 + }), false)); + + // No critical and wrong value tag + assertThrows(ParseException.class, () -> new Extension(new BytesReader(new Byte[]{ + 0x30, 0x0B, // SEQUENCE Extension + 0x06, 0x03, 0x55, 0x1D, 0x0F, // OID keyUsage + 0x09, 0x04, // OCTET STRING + 0x03, 0x02, 0x01, -122 + }), false)); + } + + @Test + void testEncode() { + assertArrayEquals(EXT_SUBJECT_KEY_ID, new Extension(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_SUBJECT_KEY_IDENTIFIER), + null, + new OctetString(OctetString.TAG, null, new Byte[] { + 0x04, 0x14, -79, -62, -89, -127, 0x63, 0x66, + 0x4B, 0x72, 0x0A, -35, -3, 0x7D, 0x20, 0x29, + -67, 0x6B, 0x49, 0x09, 0x61, -64 + })).encodeDER()); + assertArrayEquals(EXT_KEY_USAGE, new Extension(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_KEY_USAGE), + new Bool(Bool.TAG, null, true), + new OctetString(OctetString.TAG, null, new Byte[] { + 0x03, 0x02, 0x01, -122 + })).encodeDER()); + } +} diff --git a/src/test/model/pki/cert/ExtensionsTest.java b/src/test/model/pki/cert/ExtensionsTest.java new file mode 100644 index 0000000..e50b3e6 --- /dev/null +++ b/src/test/model/pki/cert/ExtensionsTest.java @@ -0,0 +1,112 @@ +package model.pki.cert; + +import model.asn1.ASN1Object; +import model.asn1.Bool; +import model.asn1.ObjectIdentifier; +import model.asn1.OctetString; +import model.asn1.exceptions.ParseException; +import model.asn1.parsing.BytesReader; +import org.junit.jupiter.api.Test; + +import java.util.Arrays; +import java.util.Collection; +import java.util.stream.Stream; + +import static org.junit.jupiter.api.Assertions.*; + +public class ExtensionsTest { + @Test + void testConstructor() { + final Extension ext1 = new Extension(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_BASIC_CONSTRAINTS), + new Bool(Bool.TAG, null, true), + new OctetString(OctetString.TAG, null, new Byte[]{0x30, 0x03, 0x01, 0x01, -1})); + final Extension ext2 = new Extension(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_SUBJECT_KEY_IDENTIFIER), + null, + new OctetString(OctetString.TAG, null, new Byte[]{ + 0x04, 0x14, -79, -62, -89, -127, 0x63, 0x66, + 0x4B, 0x72, 0x0A, -35, -3, 0x7D, 0x20, 0x29, + -67, 0x6B, 0x49, 0x09, 0x61, -64 + })); + final Extensions extensions = new Extensions(ASN1Object.TAG_SEQUENCE, null, new Extension[]{ + ext1, ext2 + }); + + assertEquals(2, extensions.getExtensions().length); + assertArrayEquals(ObjectIdentifier.OID_BASIC_CONSTRAINTS, extensions.getExtensions()[0].getExtnId().getInts()); + assertArrayEquals(ObjectIdentifier.OID_SUBJECT_KEY_IDENTIFIER, extensions.getExtensions()[1].getExtnId().getInts()); + } + + @Test + void testParse() throws ParseException { + final Extensions parsed = new Extensions(new BytesReader( + Stream.of(Arrays.asList(new Byte[]{0x30, + (byte) (ExtensionTest.EXT_KEY_USAGE.length + ExtensionTest.EXT_SUBJECT_KEY_ID.length)}), + Arrays.asList(ExtensionTest.EXT_KEY_USAGE), + Arrays.asList(ExtensionTest.EXT_SUBJECT_KEY_ID)) + .flatMap(Collection::stream) + .toArray(Byte[]::new)), false); + assertArrayEquals(ObjectIdentifier.OID_KEY_USAGE, parsed.getExtensions()[0].getExtnId().getInts()); + assertArrayEquals(ObjectIdentifier.OID_SUBJECT_KEY_IDENTIFIER, parsed.getExtensions()[1].getExtnId().getInts()); + } + + @Test + void testParseFail() { + assertThrows(ParseException.class, () -> { + new Extensions(new BytesReader(new Byte[]{0x30, 0x1}), false); + }); + assertThrows(ParseException.class, () -> { + Byte[] bytes = + Stream.of(Arrays.asList(new Byte[]{0x30, + (byte) (ExtensionTest.EXT_KEY_USAGE.length + ExtensionTest.EXT_SUBJECT_KEY_ID.length)}), + Arrays.asList(ExtensionTest.EXT_KEY_USAGE), + Arrays.asList(ExtensionTest.EXT_SUBJECT_KEY_ID)) + .flatMap(Collection::stream) + .toArray(Byte[]::new); + assertEquals((byte) 0x30, bytes[2]); + bytes[2] = 0x31; + new Extensions(new BytesReader(bytes), false); + }); + assertThrows(ParseException.class, () -> { + Byte[] bytes = + Stream.of(Arrays.asList(new Byte[]{0x30, + (byte) (ExtensionTest.EXT_KEY_USAGE.length + ExtensionTest.EXT_SUBJECT_KEY_ID.length)}), + Arrays.asList(ExtensionTest.EXT_KEY_USAGE), + Arrays.asList(ExtensionTest.EXT_SUBJECT_KEY_ID)) + .flatMap(Collection::stream) + .toArray(Byte[]::new); + assertEquals((byte) 0x30, bytes[2 + ExtensionTest.EXT_KEY_USAGE.length]); + bytes[2 + ExtensionTest.EXT_KEY_USAGE.length] = 0x31; + new Extensions(new BytesReader(bytes), false); + }); + } + + @Test + void testEncode() { + assertArrayEquals( + Stream.of(Arrays.asList(new Byte[]{0x30, + (byte) (ExtensionTest.EXT_KEY_USAGE.length + + ExtensionTest.EXT_SUBJECT_KEY_ID.length)}), + Arrays.asList(ExtensionTest.EXT_SUBJECT_KEY_ID), + Arrays.asList(ExtensionTest.EXT_KEY_USAGE)) + .flatMap(Collection::stream) + .toArray(Byte[]::new), + new Extensions(ASN1Object.TAG_SEQUENCE, null, new Extension[]{ + new Extension(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_SUBJECT_KEY_IDENTIFIER), + null, + new OctetString(OctetString.TAG, null, new Byte[]{ + 0x04, 0x14, -79, -62, -89, -127, 0x63, 0x66, + 0x4B, 0x72, 0x0A, -35, -3, 0x7D, 0x20, 0x29, + -67, 0x6B, 0x49, 0x09, 0x61, -64 + })), + new Extension(ASN1Object.TAG_SEQUENCE, null, + new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_KEY_USAGE), + new Bool(Bool.TAG, null, true), + new OctetString(OctetString.TAG, null, new Byte[]{ + 0x03, 0x02, 0x01, -122 + })) + }).encodeDER()); + } +} diff --git a/src/test/model/pki/cert/TbsCertificateTest.java b/src/test/model/pki/cert/TbsCertificateTest.java new file mode 100644 index 0000000..ae92ace --- /dev/null +++ b/src/test/model/pki/cert/TbsCertificateTest.java @@ -0,0 +1,184 @@ +package model.pki.cert; + +import model.asn1.*; +import model.asn1.exceptions.ParseException; +import model.asn1.parsing.BytesReader; +import model.TestConstants; +import org.junit.jupiter.api.Test; + +import java.math.BigInteger; +import java.time.ZoneId; +import java.time.ZonedDateTime; +import java.util.Arrays; + +import static model.TestConstants.mutate; +import static org.junit.jupiter.api.Assertions.*; + +public class TbsCertificateTest { + @Test + void testConstructor() { + assertEquals(TbsCertificate.VERSION_V3, TestConstants.CERT_GENERATED.getVersion().getLong()); + assertEquals(100, TestConstants.CERT_GENERATED.getSerialNumber().getLong()); + assertArrayEquals(ObjectIdentifier.OID_RSA_ENCRYPTION, TestConstants.CERT_GENERATED.getSignature().getType().getInts()); + assertEquals("CN=Test CA,C=CA", TestConstants.CERT_GENERATED.getIssuer().toString()); + assertEquals(TestConstants.NOW, TestConstants.CERT_GENERATED.getValidity().getNotBefore().getTimestamp()); + assertEquals(TestConstants.NOW.plusYears(1), + TestConstants.CERT_GENERATED.getValidity().getNotAfter().getTimestamp()); + assertEquals("CN=Yuuta Liang,C=CA", TestConstants.CERT_GENERATED.getSubject().toString()); + assertArrayEquals(ObjectIdentifier.OID_EC_PUBLIC_KEY, + TestConstants.CERT_GENERATED.getSubjectPublicKeyInfo().getAlgorithm().getType().getInts()); + assertEquals(2, TestConstants.CERT_GENERATED.getExtensions().getExtensions().length); + assertArrayEquals(ObjectIdentifier.OID_BASIC_CONSTRAINTS, + TestConstants.CERT_GENERATED.getExtensions().getExtensions()[0].getExtnId().getInts()); + assertArrayEquals(ObjectIdentifier.OID_KEY_USAGE, + TestConstants.CERT_GENERATED.getExtensions().getExtensions()[1].getExtnId().getInts()); + } + + @Test + void testParse() throws ParseException { + TbsCertificate parsed = new TbsCertificate(new BytesReader(trimToTbs(TestConstants.CERT_L1_ECC)), + false); + assertEquals(TbsCertificate.VERSION_V3, parsed.getVersion().getLong()); + assertEquals(0, parsed.getSerialNumber().getValue() + .compareTo(new BigInteger("644983544608556543477205958886697401602227090424"))); + assertArrayEquals(ObjectIdentifier.OID_ECDSA_WITH_SHA256, + parsed.getSignature().getType().getInts()); + assertNull(parsed.getSignature().getParameters()); + assertEquals("CN=Yuuta Root CA,C=CA", parsed.getIssuer().toString()); + assertEquals(ZonedDateTime.of(2023, 6, 23, + 2, 50, 46, 0, ZoneId.of("UTC")), + parsed.getValidity().getNotBefore().getTimestamp()); + assertEquals(ZonedDateTime.of(2048, 6, 23, + 2, 50, 46, 0, ZoneId.of("UTC")), + parsed.getValidity().getNotAfter().getTimestamp()); + assertEquals("CN=Yuuta Root CA,C=CA", parsed.getSubject().toString()); + assertArrayEquals(ObjectIdentifier.OID_EC_PUBLIC_KEY, + parsed.getSubjectPublicKeyInfo().getAlgorithm().getType().getInts()); + assertArrayEquals(ObjectIdentifier.OID_PRIME256_V1, + ((ObjectIdentifier) parsed.getSubjectPublicKeyInfo().getAlgorithm().getParameters()).getInts()); + assertEquals(4, parsed.getExtensions().getExtensions().length); + assertArrayEquals(ObjectIdentifier.OID_SUBJECT_KEY_IDENTIFIER, + parsed.getExtensions().getExtensions()[0].getExtnId().getInts()); + assertArrayEquals(ObjectIdentifier.OID_AUTHORITY_KEY_IDENTIFIER, + parsed.getExtensions().getExtensions()[1].getExtnId().getInts()); + assertArrayEquals(ObjectIdentifier.OID_BASIC_CONSTRAINTS, + parsed.getExtensions().getExtensions()[2].getExtnId().getInts()); + assertArrayEquals(ObjectIdentifier.OID_KEY_USAGE, + parsed.getExtensions().getExtensions()[3].getExtnId().getInts()); + + parsed = new TbsCertificate( + new BytesReader(trimToTbs(TestConstants.CERT_L2_RSA)), + false); + assertEquals(TbsCertificate.VERSION_V3, parsed.getVersion().getLong()); + assertEquals(0, parsed.getSerialNumber().getValue() + .compareTo(new BigInteger("354327098948136693059815576591331472151989570311"))); + assertArrayEquals(ObjectIdentifier.OID_ECDSA_WITH_SHA512, + parsed.getSignature().getType().getInts()); + assertNull(parsed.getSignature().getParameters()); + assertEquals("CN=Yuuta Root CA,C=CA", parsed.getIssuer().toString()); + assertEquals(ZonedDateTime.of(2023, 6, 24, + 0, 15, 22, 0, ZoneId.of("UTC")), + parsed.getValidity().getNotBefore().getTimestamp()); + assertEquals(ZonedDateTime.of(2033, 6, 21, + 0, 15, 22, 0, ZoneId.of("UTC")), + parsed.getValidity().getNotAfter().getTimestamp()); + assertEquals("DC=MOE,DC=YUUTA,DC=AD,CN=Yuuta Home Issuing CA", parsed.getSubject().toString()); + assertArrayEquals(ObjectIdentifier.OID_RSA_ENCRYPTION, + parsed.getSubjectPublicKeyInfo().getAlgorithm().getType().getInts()); + assertEquals(Null.TAG.getNumber(), + parsed.getSubjectPublicKeyInfo().getAlgorithm().getParameters().getTag().getNumber()); + assertEquals(526, parsed.getSubjectPublicKeyInfo().getSubjectPublicKey().getVal().length); + assertEquals(6, parsed.getExtensions().getExtensions().length); + assertArrayEquals(ObjectIdentifier.OID_SUBJECT_KEY_IDENTIFIER, + parsed.getExtensions().getExtensions()[0].getExtnId().getInts()); + assertArrayEquals(ObjectIdentifier.OID_AUTHORITY_KEY_IDENTIFIER, + parsed.getExtensions().getExtensions()[1].getExtnId().getInts()); + assertArrayEquals(ObjectIdentifier.OID_BASIC_CONSTRAINTS, + parsed.getExtensions().getExtensions()[2].getExtnId().getInts()); + assertArrayEquals(ObjectIdentifier.OID_KEY_USAGE, + parsed.getExtensions().getExtensions()[3].getExtnId().getInts()); + assertArrayEquals(ObjectIdentifier.OID_CRL_DISTRIBUTION_POINTS, + parsed.getExtensions().getExtensions()[4].getExtnId().getInts()); + assertArrayEquals(ObjectIdentifier.OID_AUTHORITY_INFO_ACCESS, + parsed.getExtensions().getExtensions()[5].getExtnId().getInts()); + + parsed = new TbsCertificate( + new BytesReader(Arrays.stream(TestConstants.CERT_V1).skip(4).toArray(Byte[]::new)), + false); + assertNull(parsed.getVersion()); + assertNull(parsed.getExtensions()); + } + + @Test + void testParseFail() throws ParseException { + final Byte[] in = trimToTbs(TestConstants.CERT_L2_RSA); + // Wrong version parent tag + assertThrows(ParseException.class, () -> + new TbsCertificate(new BytesReader(mutate(in, 4, -96, 2)), false)); + // Wrong version inner tag + assertThrows(ParseException.class, () -> + new TbsCertificate(new BytesReader(mutate(in, 6, 0x2, 3)), false)); + // Wrong serial number tag + assertThrows(ParseException.class, () -> + new TbsCertificate(new BytesReader(mutate(in, 9, 0x2, 3)), false)); + // Wrong signature tag + assertThrows(ParseException.class, () -> + new TbsCertificate(new BytesReader(mutate(in, 31, 0x30, 3)), false)); + // Wrong issuer tag + assertThrows(ParseException.class, () -> + new TbsCertificate(new BytesReader(mutate(in, 43, 0x30, 0x31)), false)); + // Wrong validity tag + assertThrows(ParseException.class, () -> + new TbsCertificate(new BytesReader(mutate(in, 82, 0x30, 0x31)), false)); + // Wrong subject tag + assertThrows(ParseException.class, () -> + new TbsCertificate(new BytesReader(mutate(in, 114, 0x30, 0x31)), false)); + // Wrong subject public key info tag + assertThrows(ParseException.class, () -> + new TbsCertificate(new BytesReader(mutate(in, 212, 0x30, 0x31)), false)); + // Wrong extensions parent tag + assertThrows(ParseException.class, () -> + new TbsCertificate(new BytesReader(mutate(in, 762, -93, 0x31)), false)); + // Wrong extensions inner tag + assertThrows(ParseException.class, () -> + new TbsCertificate(new BytesReader(mutate(in, 765, 0x30, 0x31)), false)); + // Extensions exist, but wrong version + assertThrows(ParseException.class, () -> + new TbsCertificate(new BytesReader(mutate(in, 8, 0x2, TbsCertificate.VERSION_V2)), + false)); + // Totally wrong version + assertThrows(ParseException.class, () -> + new TbsCertificate(new BytesReader(mutate(in, 8, 0x2, TbsCertificate.VERSION_V3 + 1)), + false)); + + // Extensions exist, but no version + final TbsCertificate certV1 = new TbsCertificate(new BytesReader(trimToTbs(TestConstants.CERT_V1)), false); + final TbsCertificate certV3 = new TbsCertificate(new BytesReader(trimToTbs(TestConstants.CERT_L2_RSA)), false); + Byte[] wrongCert = new TbsCertificate(ASN1Object.TAG_SEQUENCE, null, + null, + certV1.getSerialNumber(), + certV1.getSignature(), + certV1.getIssuer(), + certV1.getValidity(), + certV1.getSubject(), + certV1.getSubjectPublicKeyInfo(), + certV3.getExtensions()) + .encodeDER(); + assertThrows(ParseException.class, () -> + new TbsCertificate(new BytesReader(wrongCert), false)); + } + + @Test + void testEncode() throws ParseException { + Byte[] in = trimToTbs(TestConstants.CERT_L1_ECC); + assertArrayEquals(Arrays.copyOfRange(in, 0, 345), new TbsCertificate(new BytesReader(in), false).encodeDER()); + in = trimToTbs(TestConstants.CERT_L2_RSA); + assertArrayEquals(Arrays.copyOfRange(in, 0, 989), new TbsCertificate(new BytesReader(in), false).encodeDER()); + in = trimToTbs(TestConstants.CERT_V1); + assertArrayEquals(Arrays.copyOfRange(in, 0, 583), new TbsCertificate(new BytesReader(in), false).encodeDER()); + } + + private static Byte[] trimToTbs(Byte[] in) { + return Arrays.stream(in).skip(4).toArray(Byte[]::new); + } +} diff --git a/src/test/model/pki/cert/ValidityTest.java b/src/test/model/pki/cert/ValidityTest.java new file mode 100644 index 0000000..eba5092 --- /dev/null +++ b/src/test/model/pki/cert/ValidityTest.java @@ -0,0 +1,118 @@ +package model.pki.cert; + +import jdk.jshell.EvalException; +import model.asn1.*; +import model.asn1.exceptions.ParseException; +import model.asn1.parsing.BytesReader; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; + +import java.time.ZoneId; +import java.time.ZonedDateTime; +import java.util.Arrays; +import java.util.Collection; +import java.util.stream.Stream; + +import static model.TestConstants.combine; +import static model.TestConstants.mutate; +import static org.junit.jupiter.api.Assertions.*; + +public class ValidityTest { + private ZonedDateTime now; + + @BeforeEach + void setup() { + now = ZonedDateTime.now(ZoneId.of("UTC")).withNano(0); + } + + @Test + void testConstructor() { + final ASN1Time time = new GeneralizedTime(GeneralizedTime.TAG, null, now); + assertEquals(time.getTimestamp(), new Validity(ASN1Object.TAG_SEQUENCE, null, time, time) + .getNotBefore().getTimestamp()); + assertEquals(time.getTimestamp(), new Validity(ASN1Object.TAG_SEQUENCE, null, time, time) + .getNotAfter().getTimestamp()); + } + + @Test + void testParse() throws ParseException { + final ASN1Time utc = new UtcTime(UtcTime.TAG, null, now); + final ASN1Time gen = new GeneralizedTime(GeneralizedTime.TAG, null, now); + final Byte[] utcBytes = utc.encodeDER(); + final Byte[] genBytes = gen.encodeDER(); + + // UTC, Generalized + Validity parsed = new Validity(new BytesReader(combine((byte) ASN1Object.TAG_SEQUENCE.getNumber(), utcBytes, + genBytes)), false); + assertEquals(UtcTime.TAG.getNumber(), parsed.getNotBefore().getTag().getNumber()); + assertEquals(now, parsed.getNotBefore().getTimestamp()); + assertEquals(GeneralizedTime.TAG.getNumber(), parsed.getNotAfter().getTag().getNumber()); + assertEquals(now, parsed.getNotAfter().getTimestamp()); + + // UTC, UTC + parsed = new Validity(new BytesReader(combine((byte) ASN1Object.TAG_SEQUENCE.getNumber(), utcBytes, utcBytes)), + false); + assertEquals(UtcTime.TAG.getNumber(), parsed.getNotBefore().getTag().getNumber()); + assertEquals(now, parsed.getNotBefore().getTimestamp()); + assertEquals(UtcTime.TAG.getNumber(), parsed.getNotAfter().getTag().getNumber()); + assertEquals(now, parsed.getNotAfter().getTimestamp()); + + // Generalized, Generalized + parsed = new Validity(new BytesReader(combine((byte) ASN1Object.TAG_SEQUENCE.getNumber(), genBytes, genBytes)), + false); + assertEquals(GeneralizedTime.TAG.getNumber(), parsed.getNotBefore().getTag().getNumber()); + assertEquals(now, parsed.getNotBefore().getTimestamp()); + assertEquals(GeneralizedTime.TAG.getNumber(), parsed.getNotAfter().getTag().getNumber()); + assertEquals(now, parsed.getNotAfter().getTimestamp()); + + // Generalized, UTC + parsed = new Validity(new BytesReader(combine((byte) ASN1Object.TAG_SEQUENCE.getNumber(), genBytes, utcBytes)), + false); + assertEquals(GeneralizedTime.TAG.getNumber(), parsed.getNotBefore().getTag().getNumber()); + assertEquals(now, parsed.getNotBefore().getTimestamp()); + assertEquals(UtcTime.TAG.getNumber(), parsed.getNotAfter().getTag().getNumber()); + assertEquals(now, parsed.getNotAfter().getTimestamp()); + } + + @Test + void testParseFail() { + final ASN1Time utc = new UtcTime(UtcTime.TAG, null, now); + final Byte[] utcBytes = utc.encodeDER(); + + // Too short + assertThrows(ParseException.class, () -> + new Validity(new BytesReader(new Byte[] { + 0x30, 0x0 + }), false)); + assertThrows(ParseException.class, () -> { + new Validity(new BytesReader(combine((byte) 0x30, utcBytes)), false); + }); + + // Illegal notBefore tag + assertThrows(ParseException.class, () -> { + new Validity(new BytesReader(mutate(combine((byte) 0x30, utcBytes, utcBytes), 2, + UtcTime.TAG.getNumber(), 0x2)), false); + }); + // Illegal notAfter tag + assertThrows(ParseException.class, () -> { + new Validity(new BytesReader(mutate(combine((byte) 0x30, utcBytes, utcBytes), utcBytes.length + 2, + UtcTime.TAG.getNumber(), 0x2)), false); + }); + } + + @Test + void testEncode() { + final ASN1Time utc = new UtcTime(UtcTime.TAG, null, now); + final ASN1Time gen = new GeneralizedTime(GeneralizedTime.TAG, null, now); + final Byte[] utcBytes = utc.encodeDER(); + final Byte[] genBytes = gen.encodeDER(); + + assertArrayEquals(Stream.of(Arrays.asList(new Byte[]{ 0x30, (byte) (utcBytes.length + genBytes.length) }), + Arrays.asList(utcBytes), + Arrays.asList(genBytes)) + .flatMap(Collection::stream) + .toArray(Byte[]::new), + new Validity(ASN1Object.TAG_SEQUENCE, null, utc, gen) + .encodeDER()); + } +} -- cgit v1.2.3