package model; import model.asn1.*; import model.asn1.exceptions.ParseException; import model.asn1.parsing.BytesReader; import model.csr.Attribute; import model.csr.Attributes; import model.csr.Values; import model.pki.AlgorithmIdentifier; import model.pki.SubjectPublicKeyInfo; import model.pki.cert.Extension; import model.pki.cert.Extensions; import model.pki.cert.TbsCertificate; import model.pki.cert.Validity; import model.pki.crl.CertificateListContent; import model.pki.crl.Reason; import model.pki.crl.RevokedCertificate; import model.x501.AttributeTypeAndValue; import model.x501.Name; import model.x501.RelativeDistinguishedName; import ui.Utils; import java.nio.charset.StandardCharsets; import java.time.ZoneId; import java.time.ZonedDateTime; import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.stream.Collectors; import java.util.stream.Stream; import static model.asn1.ASN1Object.TAG_SEQUENCE; import static model.asn1.ASN1Object.TAG_SET; import static model.asn1.ObjectIdentifier.OID_EXTENSION_REQUEST; import static model.asn1.ObjectIdentifier.TAG; import static org.junit.jupiter.api.Assertions.assertEquals; public final class TestConstants { // An opaque value of extended key usage block. public static final ASN1Object EXT_KEY_USAGE; // Example SubjectAlternativeName request attribute. public static final ASN1Object SAN; public static final Values CSR_ATTR_VALUES_2; public static final Attribute CSR_ATTR_2; public static final Byte[] CSR_ATTR_VALUES_2_DER = new Byte[]{ 0x30, 81, // Attribute // 1.2.840.1113549.1.9.14 0x06, 0x09, 0x2A, -122, 0x48, -122, -9, 0x0D, 0x01, 0x09, 0x0E, 0x31, 68, // Values 0x30, 0x1F, // SEQUENCE (AttributeValue) 0x30, 0x1D, // SEQUENCE 0x06, 0x03, 0x55, 0x1D, 0x25, // 2.5.29.37 extKeyUsage 0x04, 0x16, // OCTET STRING 0x30, 0x14, // SEQUENCE // 1.3.6.1.5.5.7.3.1 serverAuth 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, // 1.3.6.1.5.5.7.3.2 clientAuth 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x21, // SEQUENCE (AttributeValue) 0x30, 0x1F, // SEQUENCE 0x06, 0x03, 0x55, 0x1D, 0x11, // 2.5.29.17 subjectAltName 0x04, 0x18, // OCTET STRING 0x30, 0x16, // SEQUENCE -126, 0x14, // [2] 0x6C, 0x70, 0x2D, 0x62, 0x32, 0x35, 0x35, 0x2E, 0x61, // lp-b255.yuuta.moe 0x64, 0x2E, 0x79, 0x75, 0x75, 0x74, 0x61, 0x2E, 0x6D, 0x6F, 0x65 }; public static final Attribute CSR_ATTR_1; public static final Byte[] CSR_ATTR_1_DER = new Byte[]{ 0x30, 0x1C, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, -126, 0x37, 0x0D, 0x02, 0x03, 0x31, 0x0E, 0x16, 0x0C, 0x31, 0x30, 0x2E, 0x30, 0x2E, 0x31, 0x39, 0x30, 0x34, 0x35, 0x2E, 0x32 }; public static final Attributes CSR_ATTRS_2; public static final Byte[] L_MILANO_DER = new Byte[]{ 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x06, 0x4D, 0x69, 0x6C, 0x61, 0x6E, 0x6F }; public static final RelativeDistinguishedName L_MILANO; public static final Byte[] CN_TEST_ED25519_DER = new Byte[]{ 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0C, 0x54, 0x65, 0x73, 0x74, 0x20, 0x65, 0x64, 0x32, 0x35, 0x35, 0x31, 0x39, }; public static final RelativeDistinguishedName L_MILANO_CN_TEST_ED25519; // CN = yuuta public static final RelativeDistinguishedName CN_YUUTA; // OU = users public static final RelativeDistinguishedName OU_USERS; // C = CA public static final RelativeDistinguishedName C_CA; // CN = yuuta, OU = users, C = CA public static final Name NAME_1; // SN = Qwq public static final RelativeDistinguishedName SN_QWQ; // O = IT public static final RelativeDistinguishedName O_IT; // C = CN public static final RelativeDistinguishedName C_CN; // SN = Qwq, O = IT, C = CN public static final Name NAME_2; /** * Certificate: * Data: * Version: 3 (0x2) * Serial Number: * 70:fa:0f:fa:a6:d7:f4:b4:93:05:5d:a9:d3:e4:42:a8:52:60:b3:f8 * Signature Algorithm: ecdsa-with-SHA256 * Issuer: CN = Yuuta Root CA, C = CA * Validity * Not Before: Jun 23 02:50:46 2023 GMT * Not After : Jun 23 02:50:46 2048 GMT * Subject: CN = Yuuta Root CA, C = CA * Subject Public Key Info: * Public Key Algorithm: id-ecPublicKey * Public-Key: (256 bit) * pub: * ASN1 OID: prime256v1 * NIST CURVE: P-256 * X509v3 extensions: * X509v3 Subject Key Identifier: * 78:92:E0:6C:70:F5:A3:BE:02:EE:44:BA:A7:8C:DA:D6:B5:43:A7:93 * X509v3 Authority Key Identifier: * 78:92:E0:6C:70:F5:A3:BE:02:EE:44:BA:A7:8C:DA:D6:B5:43:A7:93 * X509v3 Basic Constraints: critical * CA:TRUE * X509v3 Key Usage: critical * Digital Signature, Certificate Sign, CRL Sign * Signature Algorithm: ecdsa-with-SHA256 * Signature Value: */ public static final String CERT_L1_ECC_PEM = "-----BEGIN CERTIFICATE-----\n" + "MIIBrzCCAVWgAwIBAgIUcPoP+qbX9LSTBV2p0+RCqFJgs/gwCgYIKoZIzj0EAwIw\n" + "JTEWMBQGA1UEAwwNWXV1dGEgUm9vdCBDQTELMAkGA1UEBhMCQ0EwHhcNMjMwNjIz\n" + "MDI1MDQ2WhcNNDgwNjIzMDI1MDQ2WjAlMRYwFAYDVQQDDA1ZdXV0YSBSb290IENB\n" + "MQswCQYDVQQGEwJDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABB3ocbzdSHAm\n" + "cWzdBFs/Xd4UMYs/MYAYKjPlGYYT1udIL5UVOlmN7QnkUxrzYbI1YW5mX1/PCuJl\n" + "ZT0iKzBxLCSjYzBhMB0GA1UdDgQWBBR4kuBscPWjvgLuRLqnjNrWtUOnkzAfBgNV\n" + "HSMEGDAWgBR4kuBscPWjvgLuRLqnjNrWtUOnkzAPBgNVHRMBAf8EBTADAQH/MA4G\n" + "A1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDAgNIADBFAiAJr6S6xkgxMitFmnS/0cIu\n" + "E7W9Ykii5d2Fe9+Lu4nL9wIhAIwHnAvZ4YzwfY6P5K4SaBwzzKPiq2zdpaXBm0lX\n" + "qcsz\n" + "-----END CERTIFICATE-----"; /** * Certificate: * Data: * Version: 3 (0x2) * Serial Number: * 3e:10:93:9d:e4:57:8d:39:87:fd:ff:42:7b:da:65:5b:1f:21:cb:07 * Signature Algorithm: ecdsa-with-SHA512 * Issuer: CN = Yuuta Root CA, C = CA * Validity * Not Before: Jun 24 00:15:22 2023 GMT * Not After : Jun 21 00:15:22 2033 GMT * Subject: DC = MOE, DC = YUUTA, DC = AD, CN = Yuuta Home Issuing CA * Subject Public Key Info: * Public Key Algorithm: rsaEncryption * Public-Key: (4096 bit) * Modulus: * Exponent: 65537 (0x10001) * X509v3 extensions: * X509v3 Subject Key Identifier: * B1:C2:A7:81:63:66:4B:72:0A:DD:FD:7D:20:29:BD:6B:49:09:61:C0 * X509v3 Authority Key Identifier: * 78:92:E0:6C:70:F5:A3:BE:02:EE:44:BA:A7:8C:DA:D6:B5:43:A7:93 * X509v3 Basic Constraints: critical * CA:TRUE, pathlen:0 * X509v3 Key Usage: critical * Digital Signature, Certificate Sign, CRL Sign * X509v3 CRL Distribution Points: * Full Name: * URI:http://home.yuuta.moe/pki/rootca.crl * Authority Information Access: * CA Issuers - URI:http://home.yuuta.moe/pki/rootca.crt * Signature Algorithm: ecdsa-with-SHA512 * Signature Value: */ public static final String CERT_L2_RSA_PEM = "-----BEGIN CERTIFICATE-----\n" + "MIIEMjCCA9mgAwIBAgIUPhCTneRXjTmH/f9Ce9plWx8hywcwCgYIKoZIzj0EAwQw\n" + "JTEWMBQGA1UEAwwNWXV1dGEgUm9vdCBDQTELMAkGA1UEBhMCQ0EwHhcNMjMwNjI0\n" + "MDAxNTIyWhcNMzMwNjIxMDAxNTIyWjBgMRMwEQYKCZImiZPyLGQBGRYDTU9FMRUw\n" + "EwYKCZImiZPyLGQBGRYFWVVVVEExEjAQBgoJkiaJk/IsZAEZFgJBRDEeMBwGA1UE\n" + "AwwVWXV1dGEgSG9tZSBJc3N1aW5nIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A\n" + "MIICCgKCAgEA2WTLz4X8B2XN/AiDJNsQQNMiBDjye/TfpbC3dLsUZr4BneH9EX+I\n" + "lKkaoJaSIXU7iXoN43FeLX5iuoq+aj4f3x+qevWySD7xLLt8gpozN5MKBdRXtaem\n" + "4js3Nm3YLUbjv115sddHN/3QTQXgBSUGdjyi8woL54IKdKYzB1g2Jn2Et383usMA\n" + "yHd3gCbwszvE5jpOgBIHxZMgMnmVAQhbQNzoEDMIkwaXmSt4jwX03oigf0KAaD+a\n" + "XIwQRl15iIDZnG6rRw6+eiIR8c+x1ot1/u5qncwNhRUtLbbX3QfBQ6D/XBSfrqmA\n" + "zhddM/i2Qt5Iw44CcLSGujFeb9ybU7NLx02EjfQsSAUGQR4VuXyD+//FsLYkh7g3\n" + "WmdBTWzIhVnYEU9ohTeXaZZNTp9T67czqnntFbaCdOxnwOrcmFt1v0skrHd5mHKe\n" + "1W3OU6XOjM6vQwcwhPUUGxAXYBcqwQ84fzD26CZz5g8I8HpnpmJ+SNtFIg+SnPOs\n" + "sslnsoeMZpDPESwORYgayXIWkglop1fYeD4/ictH4me70vOIHF9fWqI8ydHoNxuw\n" + "uZjZDa0mQgsHTmr40NhDLP/q6MEnS2w/MwHuSd3YbhbjPWFbu0Zo7XreiRkXjRLa\n" + "R22XkuH+FkEGB3ZxQVIkkWf1znaKQS+ZdPuTzpZph5BPL50gE58k+i0CAwEAAaOB\n" + "4DCB3TAdBgNVHQ4EFgQUscKngWNmS3IK3f19ICm9a0kJYcAwHwYDVR0jBBgwFoAU\n" + "eJLgbHD1o74C7kS6p4za1rVDp5MwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8B\n" + "Af8EBAMCAYYwNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2hvbWUueXV1dGEubW9l\n" + "L3BraS9yb290Y2EuY3JsMEAGCCsGAQUFBwEBBDQwMjAwBggrBgEFBQcwAoYkaHR0\n" + "cDovL2hvbWUueXV1dGEubW9lL3BraS9yb290Y2EuY3J0MAoGCCqGSM49BAMEA0cA\n" + "MEQCIHShp7SwbQ2rQC7l8u4u9rSU6Zl4DRfyor4jiHGAjm0gAiAbOHk6q+3Vm3uq\n" + "Jj92o1yDl09pFNIryojHMDRBpHl6yQ==\n" + "-----END CERTIFICATE-----"; /** * Certificate: * Data: * Version: 1 (0x0) * Serial Number: 3580 (0xdfc) * Signature Algorithm: sha1WithRSAEncryption * Issuer: C = JP, ST = Tokyo, L = Chuo-ku, O = Frank4DD, OU = WebCert Support, CN = Frank4DD Web CA, * emailAddress = support@frank4dd.com * Validity * Not Before: Aug 22 05:27:41 2012 GMT * Not After : Aug 21 05:27:41 2017 GMT * Subject: C = JP, ST = Tokyo, O = Frank4DD, CN = www.example.com * Subject Public Key Info: * Public Key Algorithm: rsaEncryption * Public-Key: (2048 bit) * Modulus: * Exponent: 65537 (0x10001) * Signature Algorithm: sha1WithRSAEncryption * Signature Value: */ public static final String CERT_V1_PEM = "-----BEGIN CERTIFICATE-----\n" + "MIIC2jCCAkMCAg38MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG\n" + "A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE\n" + "MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl\n" + "YiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmcmFuazRkZC5jb20wHhcNMTIw\n" + "ODIyMDUyNzQxWhcNMTcwODIxMDUyNzQxWjBKMQswCQYDVQQGEwJKUDEOMAwGA1UE\n" + "CAwFVG9reW8xETAPBgNVBAoMCEZyYW5rNEREMRgwFgYDVQQDDA93d3cuZXhhbXBs\n" + "ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0z9FeMynsC8+u\n" + "dvX+LciZxnh5uRj4C9S6tNeeAlIGCfQYk0zUcNFCoCkTknNQd/YEiawDLNbxBqut\n" + "bMDZ1aarys1a0lYmUeVLCIqvzBkPJTSQsCopQQ9V8WuT252zzNzs68dVGNdCJd5J\n" + "NRQykpwexmnjPPv0mvj7i8XgG379TyW6P+WWV5okeUkXJ9eJS2ouDYdR2SM9BoVW\n" + "+FgxDu6BmXhozW5EfsnajFp7HL8kQClI0QOc79yuKl3492rH6bzFsFn2lfwWy9ic\n" + "7cP8EpCTeFp1tFaD+vxBhPZkeTQ1HKx6hQ5zeHIB5ySJJZ7af2W8r4eTGYzbdRW2\n" + "4DDHCPhZAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAQMv+BFvGdMVzkQaQ3/+2noVz\n" + "/uAKbzpEL8xTcxYyP3lkOeh4FoxiSWqy5pGFALdPONoDuYFpLhjJSZaEwuvjI/Tr\n" + "rGhLV1pRG9frwDFshqD2Vaj4ENBCBh6UpeBop5+285zQ4SI7q4U9oSebUDJiuOx6\n" + "+tZ9KynmrbJpTSi0+BM=\n" + "-----END CERTIFICATE-----"; public static final Byte[] CERT_L1_ECC; public static final Byte[] CERT_L2_RSA; public static final Byte[] CERT_V1; public static final ZonedDateTime NOW = ZonedDateTime.now(ZoneId.of("UTC")); public static final TbsCertificate CERT_GENERATED; public static final RevokedCertificate REVOKED_CESSATION; public static final Byte[] REVOKED_CESSATION_DER; public static final RevokedCertificate REVOKED_KEY_COMPROMISE; public static final Byte[] REVOKED_KEY_COMPROMISE_DER; public static final CertificateListContent CRL_CONTENT_1; public static final Byte[] CRL_CONTENT_1_DER; public static final CertificateListContent CRL_CONTENT_2; public static final Byte[] CRL_CONTENT_2_DER; static { try { EXT_KEY_USAGE = ASN1Object.parse(new BytesReader(new Byte[]{ 0x30, 0x1F, // SEQUENCE (AttributeValue) 0x30, 0x1D, // SEQUENCE 0x06, 0x03, 0x55, 0x1D, 0x25, // 2.5.29.37 extKeyUsage 0x04, 0x16, // OCTET STRING 0x30, 0x14, // SEQUENCE // 1.3.6.1.5.5.7.3.1 serverAuth 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, // 1.3.6.1.5.5.7.3.2 clientAuth 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02 }), false); SAN = ASN1Object.parse(new BytesReader(new Byte[]{ 0x30, 0x21, // SEQUENCE (AttributeValue) 0x30, 0x1F, // SEQUENCE 0x06, 0x03, 0x55, 0x1D, 0x11, // 2.5.29.17 subjectAltName 0x04, 0x18, // OCTET STRING 0x30, 0x16, // SEQUENCE -126, 0x14, // [2] 0x6C, 0x70, 0x2D, 0x62, 0x32, 0x35, 0x35, 0x2E, 0x61, // lp-b255.yuuta.moe 0x64, 0x2E, 0x79, 0x75, 0x75, 0x74, 0x61, 0x2E, 0x6D, 0x6F, 0x65 }), false); CSR_ATTR_VALUES_2 = new Values(TAG_SET, null, new ASN1Object[]{ EXT_KEY_USAGE, SAN }); CSR_ATTR_2 = new Attribute( ASN1Object.TAG_SEQUENCE, null, new ObjectIdentifier(ObjectIdentifier.TAG, null, OID_EXTENSION_REQUEST), CSR_ATTR_VALUES_2); CSR_ATTR_1 = new Attribute( TAG_SEQUENCE, null, new ObjectIdentifier(TAG, null, new Integer[]{1, 3, 6, 1, 4, 1, 311, 13, 2, 3}), new Values(TAG_SET, null, new ASN1Object[]{ new IA5String(IA5String.TAG, null, "10.0.19045.2") }) ); CSR_ATTRS_2 = new Attributes(TAG_SET, null, new Attribute[]{ CSR_ATTR_2, CSR_ATTR_1 }); // L = Milano L_MILANO = new RelativeDistinguishedName(TAG_SET, null, new AttributeTypeAndValue[]{ new AttributeTypeAndValue(TAG_SEQUENCE, null, new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_L), new PrintableString(PrintableString.TAG, null, "Milano")) }); // CN = Test ed25519+L = Milano L_MILANO_CN_TEST_ED25519 = new RelativeDistinguishedName(TAG_SET, null, new AttributeTypeAndValue[]{ new AttributeTypeAndValue(TAG_SEQUENCE, null, new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_CN), new UTF8String(UTF8String.TAG, null, "Test ed25519")), new AttributeTypeAndValue(TAG_SEQUENCE, null, new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_L), new UTF8String(UTF8String.TAG, null, "Milano")) }); CN_YUUTA = new RelativeDistinguishedName(ASN1Object.TAG_SET, null, new AttributeTypeAndValue[]{ new AttributeTypeAndValue(ASN1Object.TAG_SEQUENCE, null, new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_CN), new PrintableString(PrintableString.TAG, null, "yuuta")) }); OU_USERS = new RelativeDistinguishedName(ASN1Object.TAG_SET, null, new AttributeTypeAndValue[]{ new AttributeTypeAndValue(ASN1Object.TAG_SEQUENCE, null, new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_OU), new PrintableString(PrintableString.TAG, null, "users")) }); C_CA = new RelativeDistinguishedName(ASN1Object.TAG_SET, null, new AttributeTypeAndValue[]{ new AttributeTypeAndValue(ASN1Object.TAG_SEQUENCE, null, new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_C), new PrintableString(PrintableString.TAG, null, "CA")) }); NAME_1 = new Name(ASN1Object.TAG_SEQUENCE, null, new RelativeDistinguishedName[]{ CN_YUUTA, OU_USERS, C_CA }); SN_QWQ = new RelativeDistinguishedName(ASN1Object.TAG_SET, null, new AttributeTypeAndValue[]{ new AttributeTypeAndValue(ASN1Object.TAG_SEQUENCE, null, new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_SN), new PrintableString(PrintableString.TAG, null, "Qwq")) }); O_IT = new RelativeDistinguishedName(ASN1Object.TAG_SET, null, new AttributeTypeAndValue[]{ new AttributeTypeAndValue(ASN1Object.TAG_SEQUENCE, null, new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_O), new PrintableString(PrintableString.TAG, null, "IT")) }); C_CN = new RelativeDistinguishedName(ASN1Object.TAG_SET, null, new AttributeTypeAndValue[]{ new AttributeTypeAndValue(ASN1Object.TAG_SEQUENCE, null, new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_C), new PrintableString(PrintableString.TAG, null, "CN")) }); NAME_2 = new Name(ASN1Object.TAG_SEQUENCE, null, new RelativeDistinguishedName[]{ SN_QWQ, O_IT, C_CN }); CERT_L1_ECC = Utils.parsePEM(Utils.byteToByte(CERT_L1_ECC_PEM.getBytes(StandardCharsets.UTF_8)), "CERTIFICATE"); CERT_L2_RSA = Utils.parsePEM(Utils.byteToByte(CERT_L2_RSA_PEM.getBytes(StandardCharsets.UTF_8)), "CERTIFICATE"); CERT_V1 = Utils.parsePEM(Utils.byteToByte(CERT_V1_PEM.getBytes(StandardCharsets.UTF_8)), "CERTIFICATE"); CERT_GENERATED = new TbsCertificate(ASN1Object.TAG_SEQUENCE, null, new Int(Int.TAG, new Tag(TagClass.CONTEXT_SPECIFIC, false, 0), TbsCertificate.VERSION_V3), new Int(Int.TAG, null, 100), new AlgorithmIdentifier(ASN1Object.TAG_SEQUENCE, null, new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_RSA_ENCRYPTION), new Null(Null.TAG, null)), new Name(ASN1Object.TAG_SEQUENCE, null, new RelativeDistinguishedName[]{ new RelativeDistinguishedName(ASN1Object.TAG_SET, null, new AttributeTypeAndValue[]{ new AttributeTypeAndValue(ASN1Object.TAG_SEQUENCE, null, new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_CN), new PrintableString(PrintableString.TAG, null, "Test CA")) }), new RelativeDistinguishedName(ASN1Object.TAG_SET, null, new AttributeTypeAndValue[]{ new AttributeTypeAndValue(ASN1Object.TAG_SEQUENCE, null, new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_C), new PrintableString(PrintableString.TAG, null, "CA")) }) }), new Validity(ASN1Object.TAG_SEQUENCE, null, new UtcTime(UtcTime.TAG, null, NOW), new GeneralizedTime(GeneralizedTime.TAG, null, NOW.plusYears(1))), new Name(ASN1Object.TAG_SEQUENCE, null, new RelativeDistinguishedName[]{ new RelativeDistinguishedName(ASN1Object.TAG_SET, null, new AttributeTypeAndValue[]{ new AttributeTypeAndValue(ASN1Object.TAG_SEQUENCE, null, new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_CN), new PrintableString(PrintableString.TAG, null, "Yuuta Liang")) }), new RelativeDistinguishedName(ASN1Object.TAG_SET, null, new AttributeTypeAndValue[]{ new AttributeTypeAndValue(ASN1Object.TAG_SEQUENCE, null, new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_C), new PrintableString(PrintableString.TAG, null, "CA")) }) }), new SubjectPublicKeyInfo(ASN1Object.TAG_SEQUENCE, null, new AlgorithmIdentifier(ASN1Object.TAG_SEQUENCE, null, new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_EC_PUBLIC_KEY), new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_PRIME256_V1)), new BitString(BitString.TAG, null, 0, new Byte[]{1, 2, 3})), new Extensions(ASN1Object.TAG_SEQUENCE, new Tag(TagClass.CONTEXT_SPECIFIC, false, 3), new Extension[]{ new Extension(ASN1Object.TAG_SEQUENCE, null, new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_BASIC_CONSTRAINTS), new Bool(Bool.TAG, null, true), new OctetString(OctetString.TAG, null, new Byte[]{0x30, 0x06, 0x01, 0x01, -1, 0x02, 0x01, 0x00})), new Extension(ASN1Object.TAG_SEQUENCE, null, new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_KEY_USAGE), new Bool(Bool.TAG, null, true), new OctetString(OctetString.TAG, null, new Byte[]{0x03, 0x02, 0x01, -122})) })); REVOKED_CESSATION = new RevokedCertificate(ASN1Object.TAG_SEQUENCE, null, new Int(Int.TAG, null, 123), new UtcTime(UtcTime.TAG, null, ZonedDateTime.now(ZoneId.of("UTC"))), Reason.CESSATION_OF_OPERATION); REVOKED_KEY_COMPROMISE = new RevokedCertificate(ASN1Object.TAG_SEQUENCE, null, new Int(Int.TAG, null, 2), new UtcTime(UtcTime.TAG, null, ZonedDateTime.now(ZoneId.of("UTC"))), Reason.KEY_COMPROMISE); REVOKED_CESSATION_DER = combine((byte) 0x30, REVOKED_CESSATION.getSerialNumber().encodeDER(), REVOKED_CESSATION.getRevocationDate().encodeDER(), combine((byte) 0x30, combine((byte) 0x30, new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_CRL_REASON).encodeDER(), new OctetString(OctetString.TAG, null, new Byte[]{0x0A, 0x01, (byte) Reason.CESSATION_OF_OPERATION.getVal()}) .encodeDER()))); REVOKED_KEY_COMPROMISE_DER = combine((byte) 0x30, REVOKED_KEY_COMPROMISE.getSerialNumber().encodeDER(), REVOKED_KEY_COMPROMISE.getRevocationDate().encodeDER(), combine((byte) 0x30, combine((byte) 0x30, new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_CRL_REASON).encodeDER(), new OctetString(OctetString.TAG, null, new Byte[]{0x0A, 0x01, (byte) Reason.KEY_COMPROMISE.getVal()}) .encodeDER()))); CRL_CONTENT_1 = new CertificateListContent(ASN1Object.TAG_SEQUENCE, null, new Name(ASN1Object.TAG_SEQUENCE, null, new RelativeDistinguishedName[]{ new RelativeDistinguishedName(ASN1Object.TAG_SET, null, new AttributeTypeAndValue[]{ new AttributeTypeAndValue(ASN1Object.TAG_SEQUENCE, null, new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_CN), new PrintableString(PrintableString.TAG, null, "Test CA")) }) }), new AlgorithmIdentifier(ASN1Object.TAG_SEQUENCE, null, new ObjectIdentifier(ObjectIdentifier.TAG, null, ObjectIdentifier.OID_SHA256_WITH_RSA_ENCRYPTION), new Null(Null.TAG, null)), new GeneralizedTime(GeneralizedTime.TAG, null, ZonedDateTime.now(ZoneId.of("UTC"))), null, new RevokedCertificate[]{ TestConstants.REVOKED_CESSATION, TestConstants.REVOKED_KEY_COMPROMISE }); CRL_CONTENT_1_DER = combine((byte) 0x30, CRL_CONTENT_1.getVersion().encodeDER(), CRL_CONTENT_1.getSignature().encodeDER(), CRL_CONTENT_1.getIssuer().encodeDER(), CRL_CONTENT_1.getThisUpdate().encodeDER(), combine((byte) 0x30, REVOKED_CESSATION_DER, REVOKED_KEY_COMPROMISE_DER)); CRL_CONTENT_2 = new CertificateListContent(CRL_CONTENT_1.getTag(), CRL_CONTENT_1.getParentTag(), CRL_CONTENT_1.getIssuer(), CRL_CONTENT_1.getSignature(), CRL_CONTENT_1.getThisUpdate(), CRL_CONTENT_1.getThisUpdate(), CRL_CONTENT_1.getRevokedCertificates()); CRL_CONTENT_2_DER = combine((byte) 0x30, CRL_CONTENT_2.getVersion().encodeDER(), CRL_CONTENT_2.getSignature().encodeDER(), CRL_CONTENT_2.getIssuer().encodeDER(), CRL_CONTENT_2.getThisUpdate().encodeDER(), CRL_CONTENT_2.getNextUpdate().encodeDER(), combine((byte) 0x30, REVOKED_CESSATION_DER, REVOKED_KEY_COMPROMISE_DER)); } catch (ParseException e) { throw new RuntimeException(e); } } public static Byte[] mutate(Byte[] in, int i, int from, int to) { Byte[] b = new Byte[in.length]; System.arraycopy(in, 0, b, 0, in.length); assertEquals(from, (int) in[i]); b[i] = (byte) to; return b; } public static Byte[] combine(Byte tag, Byte[]... vals) { return Stream.of(Collections.singletonList(tag), Arrays.asList(new ASN1Length(Arrays.stream(vals).mapToInt(b -> b.length).sum()).encodeDER()), Arrays.stream(vals).flatMap(Arrays::stream).collect(Collectors.toList())) .flatMap(Collection::stream) .toArray(Byte[]::new); } }