package model.ca; import model.asn1.ASN1Object; import model.asn1.ObjectIdentifier; import model.asn1.UtcTime; import model.asn1.exceptions.InvalidCAException; import model.asn1.exceptions.ParseException; import model.asn1.parsing.BytesReader; import model.csr.CertificationRequest; import model.pki.cert.Certificate; import model.pki.crl.Reason; import model.pki.crl.RevokedCertificate; import model.x501.Name; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import ui.Utils; import java.math.BigInteger; import java.nio.charset.StandardCharsets; import java.time.ZoneId; import java.time.ZonedDateTime; import static org.junit.jupiter.api.Assertions.*; public class CertificationAuthorityTest { // openssl genrsa -out /dev/stdout 2048 | openssl rsa -text -noout -in /dev/stdin private static final BigInteger KEY_N = new BigInteger("00c9fed848b2b17e39b8d1fc27216e" + "06d0a10030c32c9044e4608cac5a4b" + "4aa4fa2f6d78f167ae5ac565003976" + "2696f05e5aa77e734e2bb3becf3b7b" + "a68eff30f56997c2cb307787a54300" + "326283aaf917649e5b66aa77459309" + "d74a70e2e54ce8c242335d7f6e4b8b" + "a70209ea65ba9ed3bce68595e19299" + "5576b0f7bc62b8d1d6db4c7ba44a7a" + "5f5b68321a110869fdb5649ba39683" + "c291bbecf89ac951325be26dbcf449" + "82677328375a4ffc3257bc0fe8a261" + "021cb8b1316723b26e05cd7abd030c" + "c0eb386604f9ce5eb5dac5047b7002" + "b9f49e78e390c62705c609a730f5ff" + "2e59f600b46dd37fff29e013c6b0cd" + "4b924b365dd0b2a45f833c1fa58180" + "b7d5", 16); private static final BigInteger KEY_P = new BigInteger("2e432f8270e8ad55e782324bbd008f" + "cf82fc41eec57b5247f2e3ed0a6e11" + "8db8de1966b8754c4dae456c587cba" + "a859ab667c537df1929943737f7659" + "a689044bc4b0151547c7ac79b95f67" + "6ac028ad8d81c631fd50bfe9df9c02" + "a2a239991634fddebf186419dcf402" + "5f3969a57c692969eb6aff718f0b8e" + "b315235c12492d87ad047537854adf" + "8ebcc5f69c930e2f3a51f818225e64" + "885431049accb474b764aeebae052d" + "50a094354f2905a600fb0e3314de9c" + "4f8af3afc16ae2231b09511d60ecba" + "0bf5f7abaa74a0d2208b52558f2383" + "85e06672280014a9d545547938606b" + "947549a0ea9b6e92fa84ac42bdbe91" + "86c1e428246d635aec1fc0209c0d1b" + "29", 16); private static final BigInteger KEY_E = new BigInteger("65537", 10); private static final String CA_NORMAL = "-----BEGIN CERTIFICATE-----\n" + "MIICYjCCAgigAwIBAgIUHflZOHj+NxNnCdHe68pxL5ed4GowCgYIKoZIzj0EAwQw\n" + "JDEVMBMGA1UEAwwMVGVzdCBSb290IENBMQswCQYDVQQGEwJDQTAeFw0yMzEwMjQw\n" + "NTMwMDJaFw0zMzEwMjEwNTMwMDJaMA4xDDAKBgNVBAMTA0pDQTCCASIwDQYJKoZI\n" + "hvcNAQEBBQADggEPADCCAQoCggEBAMn+2EiysX45uNH8JyFuBtChADDDLJBE5GCM\n" + "rFpLSqT6L2148WeuWsVlADl2JpbwXlqnfnNOK7O+zzt7po7/MPVpl8LLMHeHpUMA\n" + "MmKDqvkXZJ5bZqp3RZMJ10pw4uVM6MJCM11/bkuLpwIJ6mW6ntO85oWV4ZKZVXaw\n" + "97xiuNHW20x7pEp6X1toMhoRCGn9tWSbo5aDwpG77PiayVEyW+JtvPRJgmdzKDda\n" + "T/wyV7wP6KJhAhy4sTFnI7JuBc16vQMMwOs4ZgT5zl612sUEe3ACufSeeOOQxicF\n" + "xgmnMPX/Lln2ALRt03//KeATxrDNS5JLNl3QsqRfgzwfpYGAt9UCAwEAAaNjMGEw\n" + "HQYDVR0OBBYEFKLntJQ7phJGu7A9dfIovZy6rV6SMB8GA1UdIwQYMBaAFPMn0b1s\n" + "t26LXxJKvjFSvn8X1IetMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGG\n" + "MAoGCCqGSM49BAMEA0gAMEUCIEMXMU30a3M5fjhq2M2wsAe5j2d1iuRIn+mXf4BB\n" + "1uVhAiEA5UynPbqF1zav4/fqPaDB3UyWArzFqi6mjXQUdHOyvXo=\n" + "-----END CERTIFICATE-----"; private static final String CA_BASIC_CONSTRAINTS_NO = "-----BEGIN CERTIFICATE-----\n" + "MIICUDCCAfegAwIBAgIUIBXIjis7QbevVm8ywXyDxxGWW/4wCgYIKoZIzj0EAwQw\n" + "JDEVMBMGA1UEAwwMVGVzdCBSb290IENBMQswCQYDVQQGEwJDQTAeFw0yMzEwMjQw\n" + "NTMwMDJaFw0zMzEwMjEwNTMwMDJaMA4xDDAKBgNVBAMTA0pDQTCCASIwDQYJKoZI\n" + "hvcNAQEBBQADggEPADCCAQoCggEBAMn+2EiysX45uNH8JyFuBtChADDDLJBE5GCM\n" + "rFpLSqT6L2148WeuWsVlADl2JpbwXlqnfnNOK7O+zzt7po7/MPVpl8LLMHeHpUMA\n" + "MmKDqvkXZJ5bZqp3RZMJ10pw4uVM6MJCM11/bkuLpwIJ6mW6ntO85oWV4ZKZVXaw\n" + "97xiuNHW20x7pEp6X1toMhoRCGn9tWSbo5aDwpG77PiayVEyW+JtvPRJgmdzKDda\n" + "T/wyV7wP6KJhAhy4sTFnI7JuBc16vQMMwOs4ZgT5zl612sUEe3ACufSeeOOQxicF\n" + "xgmnMPX/Lln2ALRt03//KeATxrDNS5JLNl3QsqRfgzwfpYGAt9UCAwEAAaNSMFAw\n" + "HQYDVR0OBBYEFKLntJQ7phJGu7A9dfIovZy6rV6SMB8GA1UdIwQYMBaAFPMn0b1s\n" + "t26LXxJKvjFSvn8X1IetMA4GA1UdDwEB/wQEAwIBhjAKBggqhkjOPQQDBANHADBE\n" + "AiAXYbWzCQ4wjw50avMVtC0H5Z0zWxVJx0f2T1x+2g+5dQIgc8HMxFPYONLCK0hS\n" + "KNBoht6VUv8UEAabNYI94Oe18J8=\n" + "-----END CERTIFICATE-----"; private static final String CA_BASIC_CONSTRAINTS_WRONG = "-----BEGIN CERTIFICATE-----\n" + "MIICXzCCAgWgAwIBAgIUWMccLZPdSplt4sUkyvjdmm8YvGUwCgYIKoZIzj0EAwQw\n" + "JDEVMBMGA1UEAwwMVGVzdCBSb290IENBMQswCQYDVQQGEwJDQTAeFw0yMzEwMjQw\n" + "NTMwMDJaFw0zMzEwMjEwNTMwMDJaMA4xDDAKBgNVBAMTA0pDQTCCASIwDQYJKoZI\n" + "hvcNAQEBBQADggEPADCCAQoCggEBAMn+2EiysX45uNH8JyFuBtChADDDLJBE5GCM\n" + "rFpLSqT6L2148WeuWsVlADl2JpbwXlqnfnNOK7O+zzt7po7/MPVpl8LLMHeHpUMA\n" + "MmKDqvkXZJ5bZqp3RZMJ10pw4uVM6MJCM11/bkuLpwIJ6mW6ntO85oWV4ZKZVXaw\n" + "97xiuNHW20x7pEp6X1toMhoRCGn9tWSbo5aDwpG77PiayVEyW+JtvPRJgmdzKDda\n" + "T/wyV7wP6KJhAhy4sTFnI7JuBc16vQMMwOs4ZgT5zl612sUEe3ACufSeeOOQxicF\n" + "xgmnMPX/Lln2ALRt03//KeATxrDNS5JLNl3QsqRfgzwfpYGAt9UCAwEAAaNgMF4w\n" + "HQYDVR0OBBYEFKLntJQ7phJGu7A9dfIovZy6rV6SMB8GA1UdIwQYMBaAFPMn0b1s\n" + "t26LXxJKvjFSvn8X1IetMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgGGMAoG\n" + "CCqGSM49BAMEA0gAMEUCIHJD0tNitQbXoDhtfU/0QZzrQOMbGWOjoa/MVDD8sk9f\n" + "AiEAqJh9gl7CqHhl+g6YpmCt07muQPYLqwg7wA9ieWDMWAo=\n" + "-----END CERTIFICATE-----"; private static final String CA_BASIC_CONSTRAINTS_WRONG_1 = "-----BEGIN CERTIFICATE-----\n" + "MIICYjCCAgigAwIBAgIUWMccLZPdSplt4sUkyvjdmm8YvGUwCgYIKoZIzj0EAwQw\n" + "JDEVMBMGA1UEAwwMVGVzdCBSb290IENBMQswCQYDVQQGEwJDQTAeFw0yMzEwMjQw\n" + "NTMwMDJaFw0zMzEwMjEwNTMwMDJaMA4xDDAKBgNVBAMTA0pDQTCCASIwDQYJKoZI\n" + "hvcNAQEBBQADggEPADCCAQoCggEBAMn+2EiysX45uNH8JyFuBtChADDDLJBE5GCM\n" + "rFpLSqT6L2148WeuWsVlADl2JpbwXlqnfnNOK7O+zzt7po7/MPVpl8LLMHeHpUMA\n" + "MmKDqvkXZJ5bZqp3RZMJ10pw4uVM6MJCM11/bkuLpwIJ6mW6ntO85oWV4ZKZVXaw\n" + "97xiuNHW20x7pEp6X1toMhoRCGn9tWSbo5aDwpG77PiayVEyW+JtvPRJgmdzKDda\n" + "T/wyV7wP6KJhAhy4sTFnI7JuBc16vQMMwOs4ZgT5zl612sUEe3ACufSeeOOQxicF\n" + "xgmnMPX/Lln2ALRt03//KeATxrDNS5JLNl3QsqRfgzwfpYGAt9UCAwEAAaNjMGEw\n" + "HQYDVR0OBBYEFKLntJQ7phJGu7A9dfIovZy6rV6SMB8GA1UdIwQYMBaAFPMn0b1s\n" + "t26LXxJKvjFSvn8X1IetMA8GA1UdEwEB/wQFMAMBAQAwDgYDVR0PAQH/BAQDAgGG\n" + "MAoGCCqGSM49BAMEA0gAMEUCIHJD0tNitQbXoDhtfU/0QZzrQOMbGWOjoa/MVDD8\n" + "sk9fAiEAqJh9gl7CqHhl+g6YpmCt07muQPYLqwg7wA9ieWDMWAo=\n" + "-----END CERTIFICATE-----"; private static final String CA_KEY_USAGE_NO = "-----BEGIN CERTIFICATE-----\n" + "MIICUTCCAfigAwIBAgIUc6s/9WDXTrYkTZAnQIwKVCiugsowCgYIKoZIzj0EAwQw\n" + "JDEVMBMGA1UEAwwMVGVzdCBSb290IENBMQswCQYDVQQGEwJDQTAeFw0yMzEwMjQw\n" + "NTMwMDJaFw0zMzEwMjEwNTMwMDJaMA4xDDAKBgNVBAMTA0pDQTCCASIwDQYJKoZI\n" + "hvcNAQEBBQADggEPADCCAQoCggEBAMn+2EiysX45uNH8JyFuBtChADDDLJBE5GCM\n" + "rFpLSqT6L2148WeuWsVlADl2JpbwXlqnfnNOK7O+zzt7po7/MPVpl8LLMHeHpUMA\n" + "MmKDqvkXZJ5bZqp3RZMJ10pw4uVM6MJCM11/bkuLpwIJ6mW6ntO85oWV4ZKZVXaw\n" + "97xiuNHW20x7pEp6X1toMhoRCGn9tWSbo5aDwpG77PiayVEyW+JtvPRJgmdzKDda\n" + "T/wyV7wP6KJhAhy4sTFnI7JuBc16vQMMwOs4ZgT5zl612sUEe3ACufSeeOOQxicF\n" + "xgmnMPX/Lln2ALRt03//KeATxrDNS5JLNl3QsqRfgzwfpYGAt9UCAwEAAaNTMFEw\n" + "HQYDVR0OBBYEFKLntJQ7phJGu7A9dfIovZy6rV6SMB8GA1UdIwQYMBaAFPMn0b1s\n" + "t26LXxJKvjFSvn8X1IetMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwQDRwAw\n" + "RAIgCYoK8MHJ4VDL5nlfn9QBu+TDNJ3pQye1P5fAVxlSjXoCIHBXQ7/GiV5boVZh\n" + "+I4BMH1A7iD3T4w5Bac9JWLqjOiw\n" + "-----END CERTIFICATE-----"; private static final String CA_KEY_USAGE_WRONG_1 = "-----BEGIN CERTIFICATE-----\n" + "MIICYjCCAgigAwIBAgIUFBXd38tfIIwA3nQiNLEUellWeVwwCgYIKoZIzj0EAwQw\n" + "JDEVMBMGA1UEAwwMVGVzdCBSb290IENBMQswCQYDVQQGEwJDQTAeFw0yMzEwMjQw\n" + "NTMwMDJaFw0zMzEwMjEwNTMwMDJaMA4xDDAKBgNVBAMTA0pDQTCCASIwDQYJKoZI\n" + "hvcNAQEBBQADggEPADCCAQoCggEBAMn+2EiysX45uNH8JyFuBtChADDDLJBE5GCM\n" + "rFpLSqT6L2148WeuWsVlADl2JpbwXlqnfnNOK7O+zzt7po7/MPVpl8LLMHeHpUMA\n" + "MmKDqvkXZJ5bZqp3RZMJ10pw4uVM6MJCM11/bkuLpwIJ6mW6ntO85oWV4ZKZVXaw\n" + "97xiuNHW20x7pEp6X1toMhoRCGn9tWSbo5aDwpG77PiayVEyW+JtvPRJgmdzKDda\n" + "T/wyV7wP6KJhAhy4sTFnI7JuBc16vQMMwOs4ZgT5zl612sUEe3ACufSeeOOQxicF\n" + "xgmnMPX/Lln2ALRt03//KeATxrDNS5JLNl3QsqRfgzwfpYGAt9UCAwEAAaNjMGEw\n" + "HQYDVR0OBBYEFKLntJQ7phJGu7A9dfIovZy6rV6SMB8GA1UdIwQYMBaAFPMn0b1s\n" + "t26LXxJKvjFSvn8X1IetMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG\n" + "MAoGCCqGSM49BAMEA0gAMEUCIQCHBeDQIUvYlFv8f/YjbDb5nNyUiH/w66VbSqDd\n" + "OnQlyQIgVvvmCin5sMXFN0t90ZxlT9QtX6nXWq5nPuLNiNb/Ka8=\n" + "-----END CERTIFICATE-----"; private static final String CA_KEY_USAGE_WRONG_2 = "-----BEGIN CERTIFICATE-----\n" + "MIICYjCCAgigAwIBAgIUFlQfTUXmYWgVMi8IZxP2LMztBoEwCgYIKoZIzj0EAwQw\n" + "JDEVMBMGA1UEAwwMVGVzdCBSb290IENBMQswCQYDVQQGEwJDQTAeFw0yMzEwMjQw\n" + "NTMwMDJaFw0zMzEwMjEwNTMwMDJaMA4xDDAKBgNVBAMTA0pDQTCCASIwDQYJKoZI\n" + "hvcNAQEBBQADggEPADCCAQoCggEBAMn+2EiysX45uNH8JyFuBtChADDDLJBE5GCM\n" + "rFpLSqT6L2148WeuWsVlADl2JpbwXlqnfnNOK7O+zzt7po7/MPVpl8LLMHeHpUMA\n" + "MmKDqvkXZJ5bZqp3RZMJ10pw4uVM6MJCM11/bkuLpwIJ6mW6ntO85oWV4ZKZVXaw\n" + "97xiuNHW20x7pEp6X1toMhoRCGn9tWSbo5aDwpG77PiayVEyW+JtvPRJgmdzKDda\n" + "T/wyV7wP6KJhAhy4sTFnI7JuBc16vQMMwOs4ZgT5zl612sUEe3ACufSeeOOQxicF\n" + "xgmnMPX/Lln2ALRt03//KeATxrDNS5JLNl3QsqRfgzwfpYGAt9UCAwEAAaNjMGEw\n" + "HQYDVR0OBBYEFKLntJQ7phJGu7A9dfIovZy6rV6SMB8GA1UdIwQYMBaAFPMn0b1s\n" + "t26LXxJKvjFSvn8X1IetMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgKE\n" + "MAoGCCqGSM49BAMEA0gAMEUCIQC0wekpTe83hkgxSDs8odWWZX51bz3r0xQE7NNk\n" + "PnWyZQIgDzKe0mPQg0bMlmA7JfuWKJEPNej9b94qb9dYb/u4484=\n" + "-----END CERTIFICATE-----"; private static final String CA_KEY_USAGE_WRONG_3 = "-----BEGIN CERTIFICATE-----\n" + "MIICYjCCAgigAwIBAgIUEB4O3DWS3LG9+p7Dm7ERCDIsknAwCgYIKoZIzj0EAwQw\n" + "JDEVMBMGA1UEAwwMVGVzdCBSb290IENBMQswCQYDVQQGEwJDQTAeFw0yMzEwMjQw\n" + "NTMwMDJaFw0zMzEwMjEwNTMwMDJaMA4xDDAKBgNVBAMTA0pDQTCCASIwDQYJKoZI\n" + "hvcNAQEBBQADggEPADCCAQoCggEBAMn+2EiysX45uNH8JyFuBtChADDDLJBE5GCM\n" + "rFpLSqT6L2148WeuWsVlADl2JpbwXlqnfnNOK7O+zzt7po7/MPVpl8LLMHeHpUMA\n" + "MmKDqvkXZJ5bZqp3RZMJ10pw4uVM6MJCM11/bkuLpwIJ6mW6ntO85oWV4ZKZVXaw\n" + "97xiuNHW20x7pEp6X1toMhoRCGn9tWSbo5aDwpG77PiayVEyW+JtvPRJgmdzKDda\n" + "T/wyV7wP6KJhAhy4sTFnI7JuBc16vQMMwOs4ZgT5zl612sUEe3ACufSeeOOQxicF\n" + "xgmnMPX/Lln2ALRt03//KeATxrDNS5JLNl3QsqRfgzwfpYGAt9UCAwEAAaNjMGEw\n" + "HQYDVR0OBBYEFKLntJQ7phJGu7A9dfIovZy6rV6SMB8GA1UdIwQYMBaAFPMn0b1s\n" + "t26LXxJKvjFSvn8X1IetMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGC\n" + "MAoGCCqGSM49BAMEA0gAMEUCIQCLEeyvD7Ap2ZJuNn5ElkdgT7TugBuyZu1EBAhZ\n" + "emddIAIgK+h7W/SRn7IC3fgfLui9qp/Sdsdpv/x6gm/Ly6e2c8Y=\n" + "-----END CERTIFICATE-----"; private static final String CA_V1 = "-----BEGIN CERTIFICATE-----\n" + "MIIB+DCCAZ4CFDLEYIlbLYpdN7KCcbYs8vWup6h5MAoGCCqGSM49BAMEMCQxFTAT\n" + "BgNVBAMMDFRlc3QgUm9vdCBDQTELMAkGA1UEBhMCQ0EwHhcNMjMxMDI0MDUzMDAy\n" + "WhcNMzMxMDIxMDUzMDAyWjAOMQwwCgYDVQQDEwNKQ0EwggEiMA0GCSqGSIb3DQEB\n" + "AQUAA4IBDwAwggEKAoIBAQDJ/thIsrF+ObjR/CchbgbQoQAwwyyQRORgjKxaS0qk\n" + "+i9tePFnrlrFZQA5diaW8F5ap35zTiuzvs87e6aO/zD1aZfCyzB3h6VDADJig6r5\n" + "F2SeW2aqd0WTCddKcOLlTOjCQjNdf25Li6cCCeplup7TvOaFleGSmVV2sPe8YrjR\n" + "1ttMe6RKel9baDIaEQhp/bVkm6OWg8KRu+z4mslRMlvibbz0SYJncyg3Wk/8Mle8\n" + "D+iiYQIcuLExZyOybgXNer0DDMDrOGYE+c5etdrFBHtwArn0nnjjkMYnBcYJpzD1\n" + "/y5Z9gC0bdN//yngE8awzUuSSzZd0LKkX4M8H6WBgLfVAgMBAAEwCgYIKoZIzj0E\n" + "AwQDSAAwRQIhAL7p/tcs0GF85oepkgvbFWgadeDtL070sUZNaj+vKBsVAiBv/2Zp\n" + "fd64OJmI+xefF51qrFW212UjZA7H8JY91LHKaw==\n" + "-----END CERTIFICATE-----"; private static final String CA_WRONG_KEY = "-----BEGIN CERTIFICATE-----\n" + "MIIC3zCCAoagAwIBAgIUWcL8J0hbxGSffN0fR76j8TlGxJswCgYIKoZIzj0EAwQw\n" + "JDEVMBMGA1UEAwwMVGVzdCBSb290IENBMQswCQYDVQQGEwJDQTAeFw0yMzEwMTMw\n" + "MTQ3MzFaFw0zMzEwMTAwMTQ3MzFaMA4xDDAKBgNVBAMTA0pDQTCCASIwDQYJKoZI\n" + "hvcNAQEBBQADggEPADCCAQoCggEBAINbCR88MTUsx/poxNzXxN1aWt/DkkFrRA3r\n" + "dHmLXQLjopULgHIJTshSq2jDe1QEYJ0Nrj9U9YclmxkWO0HvzedmTyl0YzAhPJXj\n" + "HUK0T9sYSg+eE4WI03yuy7lGBJLUl9VEBR0JEZdy/mT5CRW44ryGGeeBNK3fqQrk\n" + "5Rm9/wY5M2cKjYmvyp5D8E+HEd+FXNreO+r9pWpKSajPn+B6OwFUUESbRf8iWiF4\n" + "v6ZLXDOBCEHFZcd2lTVHExuE+V3eDG3evn8HV5SB7FzRDZBV2Jz0Pfiqu2WlH4r8\n" + "c1804G4WCjQlSX4bPs7994+KjUoFC95r40vexi2O9mVIIEF4LtkCAwEAAaOB4DCB\n" + "3TAdBgNVHQ4EFgQU+c9PnChWwj4sWHFMN/dikzOS5o8wHwYDVR0jBBgwFoAUba4m\n" + "yCy2hdnsc6Hhw4m8dvIbit0wEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E\n" + "BAMCAYYwNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2hvbWUueXV1dGEubW9lL3Br\n" + "aS9yb290Y2EuY3JsMEAGCCsGAQUFBwEBBDQwMjAwBggrBgEFBQcwAoYkaHR0cDov\n" + "L2hvbWUueXV1dGEubW9lL3BraS9yb290Y2EuY3J0MAoGCCqGSM49BAMEA0cAMEQC\n" + "IETA9hpUnbrWpLfu2HUWr9UQC273jyg/nt30rJ96PNS+AiAsNzbKVyBpkG41Hf1/\n" + "+355E7vortNonvf0DDGJZjC7MA==\n" + "-----END CERTIFICATE-----"; private static final String CA_WRONG_KEY_ECC = "-----BEGIN CERTIFICATE-----\n" + "MIIBrjCCAVOgAwIBAgIUUd7mZGEF1iT9+R3K7y+M/k6P2L4wCgYIKoZIzj0EAwIw\n" + "JDEVMBMGA1UEAwwMVGVzdCBSb290IENBMQswCQYDVQQGEwJDQTAeFw0yMzEwMTMy\n" + "MTI3MzdaFw00ODEwMTMyMTI3MzdaMCQxFTATBgNVBAMMDFRlc3QgUm9vdCBDQTEL\n" + "MAkGA1UEBhMCQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQjgXFX7Ul6Zmeg\n" + "cTDw460HUpBTaxKFrRFJ66BbYvmAu+yoBB8Yc+pDV+qo6M5EdjwmAEeeI/BGlZ4m\n" + "RfO+rfQTo2MwYTAdBgNVHQ4EFgQU8yfRvWy3botfEkq+MVK+fxfUh60wHwYDVR0j\n" + "BBgwFoAU8yfRvWy3botfEkq+MVK+fxfUh60wDwYDVR0TAQH/BAUwAwEB/zAOBgNV\n" + "HQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwIDSQAwRgIhALFKqvFhzHPNRBWwjKho8QUL\n" + "ztHOtTXmnM9BN6eS5edlAiEAm8PTq0e9a9pqwovLXtAFXlb6iuvj85pACvBdvqqJ\n" + "qeQ=\n" + "-----END CERTIFICATE-----"; private static final String CA_V2 = "-----BEGIN CERTIFICATE-----\n" + "MIIB/TCCAaOgAwIBAQIUMsRgiVstil03soJxtizy9a6nqHkwCgYIKoZIzj0EAwQw\n" + "JDEVMBMGA1UEAwwMVGVzdCBSb290IENBMQswCQYDVQQGEwJDQTAeFw0yMzEwMjQw\n" + "NTMwMDJaFw0zMzEwMjEwNTMwMDJaMA4xDDAKBgNVBAMTA0pDQTCCASIwDQYJKoZI\n" + "hvcNAQEBBQADggEPADCCAQoCggEBAMn+2EiysX45uNH8JyFuBtChADDDLJBE5GCM\n" + "rFpLSqT6L2148WeuWsVlADl2JpbwXlqnfnNOK7O+zzt7po7/MPVpl8LLMHeHpUMA\n" + "MmKDqvkXZJ5bZqp3RZMJ10pw4uVM6MJCM11/bkuLpwIJ6mW6ntO85oWV4ZKZVXaw\n" + "97xiuNHW20x7pEp6X1toMhoRCGn9tWSbo5aDwpG77PiayVEyW+JtvPRJgmdzKDda\n" + "T/wyV7wP6KJhAhy4sTFnI7JuBc16vQMMwOs4ZgT5zl612sUEe3ACufSeeOOQxicF\n" + "xgmnMPX/Lln2ALRt03//KeATxrDNS5JLNl3QsqRfgzwfpYGAt9UCAwEAATAKBggq\n" + "hkjOPQQDBANIADBFAiEAvun+1yzQYXzmh6mSC9sVaBp14O0vTvSxRk1qP68oGxUC\n" + "IG//Zml93rg4mYj7F58XnWqsVbbXZSNkDsfwlj3Uscpr\n" + "-----END CERTIFICATE-----"; private static final String CSR = "-----BEGIN CERTIFICATE REQUEST-----\n" + "MIIEZjCCAk4CAQAwITELMAkGA1UEBhMCQ0ExEjAQBgNVBAMMCVRlc3QgTGVhZjCC\n" + "AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYDEoMbxZEuerV5G9IXUXfe\n" + "UB3u3Yf4b9QI7ewea3Vw04eS/XY4J/KC58OAKc+/3B0Vjghza1+bMalkdFHuIYls\n" + "/57wbmKIoRSZouma31gHJATWPdDpzcAeZVGRfqfniw3dDfVpIea5gi63gmTFGD7l\n" + "rmdn5BhQBijWXQY5gD52vGmnalqPBBL+HXgynYiTxmoGI/UNW16V1k8OTnT2F3kt\n" + "OES+5/mu2r4c7fExmkh64wXYqL2EUvh7xvd4KKIh05Bsl5J2G0Lkl1gh89FJHOVW\n" + "5+jrMku1wU4KBSZWNvxgcSgfKOI3IAx6iqxflhb7FKK3VTYZ7zJ/cAhaJvv1gJ7N\n" + "S5AlxsFxMRMgLoFtad9Qk5wH+wX+9Ozf7jNoWZQnLgzfr7CdvjBPmYR/THg0OWFS\n" + "0bkr20G8lMvtGMbmjN6Ot70KzYCIDjaCV5sX60i76p7rSheibgCslO49cRU7G266\n" + "HB1GXZNQbT3xBzoaVN9B5uQnL8tUnTn0PsQ4KN2MKIfQt+IO0yesBI7yjXRHSOJX\n" + "WmbZnrojfYbyAWPBKXnQ4vFcqBdXIXGuI4f67Y8BBuJjV9FOUxcCu++ypP2RtS8h\n" + "sly2wgtRwPCN7BbLOY9A7qm821DJ3MneHKloGodNvcBvq9VLcwFA9QFX5tgnETV8\n" + "4oc0VHxaiB7zuNchjINFAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAiRKUSg4m\n" + "i+qozc3Nx80LfCO9b4+oWp7/bcv0fUADfet7nsobwY8Y6INYMEs6aBNnj2ofFmEd\n" + "Kup3VHh3vce7Grwkn0MWXKRdCbsLVJ5joWixxxbCDgiRZLYDVlhnU7ZFm3mxmC4l\n" + "KfKMiHfW833gnemQYRAyamDErKgPV8O9spm0TLj2nLllcA5ugR98kh9TnvnQqRdq\n" + "dO0ic8C2OECRPV9OVmP13qXiVJRApWYBrw+WJT+sz3LRGfQMIzaTPYWen0dd8+iG\n" + "HhJot7DNbdLMf6jtWXazrsmUhjjgr5KHMZdOWcbqBCRZkVTkf1HfoRbBTt/wEkBX\n" + "fJrXVpGbA7H7xXDXKFVUM19q7JJr9M5CfAvCtUGg/UnqfhDnqsFHgQqro21YwNQP\n" + "/bahU44eNoz8RUiyDEKUW9ginyd0zc3aSAkd98r5u1+tOTmU0KeIr3yc0P+tKxgB\n" + "bAQaKrXMlLwSHHHutEkJH2KtwKx8w66VtpYtkggfTic1ae6EoVV5LpLHIlZmRMdg\n" + "CDUatEdRweCdtO0TTR7ik8wMzs6GxAVDfTMaQ41Ks8OBnmLDZQTdRfssm2u6jYut\n" + "DQxdF5LWe8RVlkEHB2KZJg2fWZ8bjEWr3DkCvnxRlK4Tabo5/mlymjVxTRxxRoGR\n" + "TXU09TZASjVPzxKIyZbhgNqQvkZl2/hSCE8=\n" + "-----END CERTIFICATE REQUEST-----"; private Certificate crtNormal; private Certificate crtBasicConstraintsNo; private Certificate crtBasicConstraintsWrong; private Certificate crtBasicConstraintsWrong1; private Certificate crtKeyUsageNo; private Certificate crtKeyUsageWrong1; private Certificate crtKeyUsageWrong2; private Certificate crtKeyUsageWrong3; private Certificate crtWrongKey; private Certificate crtWrongKeyECC; private Certificate crtV1; private Certificate crtV2; private Template template; private CertificationRequest csr; private CertificationAuthority ca; private CertificationAuthority caWithPrivateKey; private static Certificate getCert(String pem) throws ParseException { return new Certificate(new BytesReader(Utils.parsePEM(Utils.byteToByte(pem.getBytes(StandardCharsets.UTF_8)), "CERTIFICATE")), false); } @BeforeEach void setupCerts() throws Throwable { crtNormal = getCert(CA_NORMAL); crtBasicConstraintsNo = getCert(CA_BASIC_CONSTRAINTS_NO); crtBasicConstraintsWrong = getCert(CA_BASIC_CONSTRAINTS_WRONG); crtBasicConstraintsWrong1 = getCert(CA_BASIC_CONSTRAINTS_WRONG_1); crtKeyUsageNo = getCert(CA_KEY_USAGE_NO); crtKeyUsageWrong1 = getCert(CA_KEY_USAGE_WRONG_1); crtKeyUsageWrong2 = getCert(CA_KEY_USAGE_WRONG_2); crtKeyUsageWrong3 = getCert(CA_KEY_USAGE_WRONG_3); crtWrongKey = getCert(CA_WRONG_KEY); crtWrongKeyECC = getCert(CA_WRONG_KEY_ECC); crtV1 = getCert(CA_V1); crtV2 = getCert(CA_V2); csr = new CertificationRequest(new BytesReader(Utils.parsePEM( Utils.byteToByte(CSR.getBytes(StandardCharsets.UTF_8)), "CERTIFICATE REQUEST")), false); template = new Template("123", true, (Name) null, 60); } @BeforeEach void setup() throws Throwable { ca = new CertificationAuthority(); caWithPrivateKey = new CertificationAuthority(); caWithPrivateKey.loadKey(KEY_N, KEY_P, KEY_E); } @Test void testConstructor() { assertNull(ca.getPublicKey()); assertNull(ca.getCertificate()); assertEquals(1, ca.getSerial()); assertEquals(0, ca.getSigned().size()); assertEquals(0, ca.getRevoked().size()); assertEquals(0, ca.getTemplates().size()); assertEquals(0, ca.getLogs().size()); assertEquals("yuuta", ca.getUser()); } @Test void testGenerateKey() throws Throwable { int logCount = ca.getLogs().size(); ca.generateKey(); assertNotNull(ca.getPublicKey()); assertEquals(logCount + 1, ca.getLogs().size()); } @Test void testInstallCertificate() throws Throwable { int logCount = caWithPrivateKey.getLogs().size(); caWithPrivateKey.installCertificate(crtNormal); assertNotNull(caWithPrivateKey.getCertificate()); assertEquals(logCount + 1, caWithPrivateKey.getLogs().size()); } @Test void testInstallCertificateFailed() { assertThrows(InvalidCAException.class, () -> caWithPrivateKey.installCertificate(crtBasicConstraintsNo)); assertThrows(InvalidCAException.class, () -> caWithPrivateKey.installCertificate(crtBasicConstraintsWrong)); assertThrows(InvalidCAException.class, () -> caWithPrivateKey.installCertificate(crtBasicConstraintsWrong1)); assertThrows(InvalidCAException.class, () -> caWithPrivateKey.installCertificate(crtKeyUsageNo)); assertThrows(InvalidCAException.class, () -> caWithPrivateKey.installCertificate(crtKeyUsageWrong1)); assertThrows(InvalidCAException.class, () -> caWithPrivateKey.installCertificate(crtKeyUsageWrong2)); assertThrows(InvalidCAException.class, () -> caWithPrivateKey.installCertificate(crtKeyUsageWrong3)); assertThrows(InvalidCAException.class, () -> caWithPrivateKey.installCertificate(crtWrongKey)); assertThrows(InvalidCAException.class, () -> caWithPrivateKey.installCertificate(crtWrongKeyECC)); assertThrows(InvalidCAException.class, () -> caWithPrivateKey.installCertificate(crtV1)); assertThrows(InvalidCAException.class, () -> caWithPrivateKey.installCertificate(crtV2)); } @Test void testSignCSR() throws Throwable { caWithPrivateKey.installCertificate(crtNormal); int logCount = caWithPrivateKey.getLogs().size(); CertificationRequest req = caWithPrivateKey.signCSR(); assertArrayEquals(ObjectIdentifier.OID_SHA256_WITH_RSA_ENCRYPTION, req.getSignatureAlgorithm().getType().getInts()); assertEquals("CN=JCA", req.getCertificationRequestInfo().getSubject().toString()); assertArrayEquals(ObjectIdentifier.OID_RSA_ENCRYPTION, req.getCertificationRequestInfo().getSubjectPKInfo() .getAlgorithm().getType().getInts()); assertEquals(logCount + 1, caWithPrivateKey.getLogs().size()); } @Test void testGetCAPublicKeyInfo() throws Throwable { caWithPrivateKey.installCertificate(crtNormal); assertArrayEquals(ObjectIdentifier.OID_RSA_ENCRYPTION, caWithPrivateKey.getCAPublicKeyInfo().getAlgorithm().getType().getInts()); } @Test void testSignCert() throws Throwable { caWithPrivateKey.installCertificate(crtNormal); int logCount = caWithPrivateKey.getLogs().size(); Certificate cert = caWithPrivateKey.signCert(csr.getCertificationRequestInfo(), new Template(template.getName(), true, (Name) null, template.getValidity())); assertEquals(csr.getCertificationRequestInfo().getSubject().toString(), cert.getCertificate().getSubject().toString()); assertEquals(60, cert.getCertificate().getValidity().getNotAfter().getTimestamp().getDayOfYear() - cert.getCertificate().getValidity().getNotBefore().getTimestamp().getDayOfYear()); assertEquals(1, caWithPrivateKey.getSigned().size()); assertEquals(logCount + 1, caWithPrivateKey.getLogs().size()); Template tmp = new Template(template.getName(), true, "ABCC", template.getValidity()); cert = caWithPrivateKey.signCert(csr.getCertificationRequestInfo(), tmp); assertEquals(60, cert.getCertificate().getValidity().getNotAfter().getTimestamp().getDayOfYear() - cert.getCertificate().getValidity().getNotBefore().getTimestamp().getDayOfYear()); assertEquals(tmp.getSubject().toString(), cert.getCertificate().getSubject().toString()); assertEquals(2, caWithPrivateKey.getSigned().size()); assertEquals(logCount + 2, caWithPrivateKey.getLogs().size()); } @Test void testRevoke() throws Throwable { caWithPrivateKey.installCertificate(crtNormal); int logCount = caWithPrivateKey.getLogs().size(); Certificate cert = caWithPrivateKey.signCert(csr.getCertificationRequestInfo(), template); assertEquals(++logCount, caWithPrivateKey.getLogs().size()); caWithPrivateKey.revoke(new RevokedCertificate(ASN1Object.TAG_SEQUENCE, null, cert.getCertificate().getSerialNumber(), new UtcTime(UtcTime.TAG, null, ZonedDateTime.now(ZoneId.of("UTC"))), Reason.KEY_COMPROMISE)); assertEquals(++logCount, caWithPrivateKey.getLogs().size()); assertEquals(1, caWithPrivateKey.getRevoked().size()); } @Test void testSignCRL() throws Throwable { caWithPrivateKey.installCertificate(crtNormal); int logCount = caWithPrivateKey.getLogs().size(); Certificate cert = caWithPrivateKey.signCert(csr.getCertificationRequestInfo(), template); assertEquals(++logCount, caWithPrivateKey.getLogs().size()); caWithPrivateKey.revoke(new RevokedCertificate(ASN1Object.TAG_SEQUENCE, null, cert.getCertificate().getSerialNumber(), new UtcTime(UtcTime.TAG, null, ZonedDateTime.now(ZoneId.of("UTC"))), Reason.KEY_COMPROMISE)); assertEquals(++logCount, caWithPrivateKey.getLogs().size()); assertEquals(1, caWithPrivateKey.signCRL().getCrl().getRevokedCertificates().length); assertEquals(++logCount, caWithPrivateKey.getLogs().size()); } @Test void testTemplateOperations() { int logCount = ca.getLogs().size(); assertNull(ca.findTemplate(template.getName(), false)); ca.addTemplate(template); assertEquals(++logCount, ca.getLogs().size()); assertNotNull(ca.findTemplate(template.getName(), false)); ca.setTemplateEnable(template, false); assertEquals(++logCount, ca.getLogs().size()); assertNull(ca.findTemplate(template.getName(), true)); ca.setTemplateEnable(template, true); assertEquals(++logCount, ca.getLogs().size()); assertNotNull(ca.findTemplate(template.getName(), true)); ca.removeTemplate(template); assertEquals(++logCount, ca.getLogs().size()); assertNull(ca.findTemplate(template.getName(), false)); } }