Utilities/test/dorkbox/util/crypto/x509Test.java

/*
 * Copyright 2015 dorkbox, llc
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package dorkbox.util.crypto;

import static org.junit.Assert.fail;

import java.io.IOException;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.Calendar;
import java.util.Date;

import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
import org.junit.Test;


public class x509Test {

    private static String entropySeed = "asdjhaffasdgfaasttjjhgpx600gn,-356268909087s0dfg4-42kjh255124515hasdg87";

    @Test
    public void EcdsaCertificate() throws IOException {
        // create the certificate
        Calendar expiry = Calendar.getInstance();
        expiry.add(Calendar.DAY_OF_YEAR, 360);

        Date startDate = new Date();              // time from which certificate is valid
        Date expiryDate = expiry.getTime();       // time after which certificate is not valid
        BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());     // serial number for certificate


        AsymmetricCipherKeyPair generateKeyPair = CryptoECC.generateKeyPair(CryptoECC.p521_curve, new SecureRandom());  // key name from Crypto class
        ECPrivateKeyParameters privateKey = (ECPrivateKeyParameters) generateKeyPair.getPrivate();
        ECPublicKeyParameters publicKey = (ECPublicKeyParameters) generateKeyPair.getPublic();



        X509CertificateHolder ECDSAx509Certificate = CryptoX509.ECDSA.createCertHolder("SHA384",
                                                                                        startDate, expiryDate,
                                                                                        new X500Name("CN=Test"), new X500Name("CN=Test"), serialNumber,
                                                                                        privateKey, publicKey);
        // make sure it's a valid cert.
        if (ECDSAx509Certificate != null) {
            boolean valid = CryptoX509.ECDSA.validate(ECDSAx509Certificate);

            if (!valid) {
                fail("Unable to verify a x509 certificate.");
            }
        } else {
            fail("Unable to create a x509 certificate.");
        }

        // now sign something, then verify the signature.
        byte[] data = "My keyboard is awesome".getBytes();
        byte[] signatureBlock = CryptoX509.createSignature(data, ECDSAx509Certificate, privateKey);

        boolean verifySignature = CryptoX509.ECDSA.verifySignature(signatureBlock, publicKey);

        if (!verifySignature) {
            fail("Unable to verify a x509 certificate signature.");
        }
    }

    @Test
    public void DsaCertificate() throws IOException {
        // create the certificate
        Calendar expiry = Calendar.getInstance();
        expiry.add(Calendar.DAY_OF_YEAR, 360);

        Date startDate = new Date();              // time from which certificate is valid
        Date expiryDate = expiry.getTime();       // time after which certificate is not valid
        BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());     // serial number for certificate


        @SuppressWarnings("deprecation")
        AsymmetricCipherKeyPair generateKeyPair = CryptoDSA.generateKeyPair(new SecureRandom(entropySeed.getBytes()), 1024);


        DSAPrivateKeyParameters privateKey = (DSAPrivateKeyParameters) generateKeyPair.getPrivate();
        DSAPublicKeyParameters publicKey = (DSAPublicKeyParameters) generateKeyPair.getPublic();



        X509CertificateHolder DSAx509Certificate = CryptoX509.DSA.createCertHolder(startDate, expiryDate,
                                                                                   new X500Name("CN=Test"), new X500Name("CN=Test"), serialNumber,
                                                                                   privateKey, publicKey);
        // make sure it's a valid cert.
        if (DSAx509Certificate != null) {
            boolean valid = CryptoX509.DSA.validate(DSAx509Certificate);

            if (!valid) {
                fail("Unable to verify a x509 certificate.");
            }
        } else {
            fail("Unable to create a x509 certificate.");
        }

        // now sign something, then verify the signature.
        byte[] data = "My keyboard is awesome".getBytes();
        byte[] signatureBlock = CryptoX509.createSignature(data, DSAx509Certificate, privateKey);

        boolean verifySignature = CryptoX509.DSA.verifySignature(signatureBlock, publicKey);

        if (!verifySignature) {
            fail("Unable to verify a x509 certificate signature.");
        }
    }

    @Test
    public void RsaCertificate() throws IOException {
        // create the certificate
        Calendar expiry = Calendar.getInstance();
        expiry.add(Calendar.DAY_OF_YEAR, 360);

        Date startDate = new Date();              // time from which certificate is valid
        Date expiryDate = expiry.getTime();       // time after which certificate is not valid
        BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());     // serial number for certificate

        @SuppressWarnings("deprecation")
        AsymmetricCipherKeyPair generateKeyPair = CryptoRSA.generateKeyPair(new SecureRandom(entropySeed.getBytes()), 1024);
        RSAPrivateCrtKeyParameters privateKey = (RSAPrivateCrtKeyParameters) generateKeyPair.getPrivate();
        RSAKeyParameters publicKey = (RSAKeyParameters) generateKeyPair.getPublic();


        X509CertificateHolder RSAx509Certificate = CryptoX509.RSA.createCertHolder(startDate, expiryDate,
                                                                                   new X500Name("CN=Test"), new X500Name("CN=Test"), serialNumber,
                                                                                   privateKey, publicKey);
        // make sure it's a valid cert.
        if (RSAx509Certificate != null) {
            boolean valid = CryptoX509.RSA.validate(RSAx509Certificate);

            if (!valid) {
                fail("Unable to verify a x509 certificate.");
            }
        } else {
            fail("Unable to create a x509 certificate.");
        }

        // now sign something, then verify the signature.
        byte[] data = "My keyboard is awesome".getBytes();
        byte[] signatureBlock = CryptoX509.createSignature(data, RSAx509Certificate, privateKey);

        boolean verifySignature = CryptoX509.RSA.verifySignature(signatureBlock, publicKey);

        if (!verifySignature) {
            fail("Unable to verify a x509 certificate signature.");
        }
    }
}