171 lines
7.4 KiB
Java
171 lines
7.4 KiB
Java
/*
|
|
* Copyright 2015 dorkbox, llc
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
package dorkbox.util.crypto;
|
|
|
|
import static org.junit.Assert.fail;
|
|
|
|
import java.io.IOException;
|
|
import java.math.BigInteger;
|
|
import java.security.SecureRandom;
|
|
import java.util.Calendar;
|
|
import java.util.Date;
|
|
|
|
import org.bouncycastle.asn1.x500.X500Name;
|
|
import org.bouncycastle.cert.X509CertificateHolder;
|
|
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
|
|
import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
|
|
import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
|
|
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
|
|
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
|
|
import org.bouncycastle.crypto.params.RSAKeyParameters;
|
|
import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
|
|
import org.junit.Test;
|
|
|
|
|
|
public class x509Test {
|
|
|
|
private static String entropySeed = "asdjhaffasdgfaasttjjhgpx600gn,-356268909087s0dfg4-42kjh255124515hasdg87";
|
|
|
|
@Test
|
|
public void EcdsaCertificate() throws IOException {
|
|
// create the certificate
|
|
Calendar expiry = Calendar.getInstance();
|
|
expiry.add(Calendar.DAY_OF_YEAR, 360);
|
|
|
|
Date startDate = new Date(); // time from which certificate is valid
|
|
Date expiryDate = expiry.getTime(); // time after which certificate is not valid
|
|
BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis()); // serial number for certificate
|
|
|
|
|
|
AsymmetricCipherKeyPair generateKeyPair = CryptoECC.generateKeyPair(CryptoECC.p521_curve, new SecureRandom()); // key name from Crypto class
|
|
ECPrivateKeyParameters privateKey = (ECPrivateKeyParameters) generateKeyPair.getPrivate();
|
|
ECPublicKeyParameters publicKey = (ECPublicKeyParameters) generateKeyPair.getPublic();
|
|
|
|
|
|
|
|
X509CertificateHolder ECDSAx509Certificate = CryptoX509.ECDSA.createCertHolder("SHA384",
|
|
startDate, expiryDate,
|
|
new X500Name("CN=Test"), new X500Name("CN=Test"), serialNumber,
|
|
privateKey, publicKey);
|
|
// make sure it's a valid cert.
|
|
if (ECDSAx509Certificate != null) {
|
|
boolean valid = CryptoX509.ECDSA.validate(ECDSAx509Certificate);
|
|
|
|
if (!valid) {
|
|
fail("Unable to verify a x509 certificate.");
|
|
}
|
|
} else {
|
|
fail("Unable to create a x509 certificate.");
|
|
}
|
|
|
|
// now sign something, then verify the signature.
|
|
byte[] data = "My keyboard is awesome".getBytes();
|
|
byte[] signatureBlock = CryptoX509.createSignature(data, ECDSAx509Certificate, privateKey);
|
|
|
|
boolean verifySignature = CryptoX509.ECDSA.verifySignature(signatureBlock, publicKey);
|
|
|
|
if (!verifySignature) {
|
|
fail("Unable to verify a x509 certificate signature.");
|
|
}
|
|
}
|
|
|
|
@Test
|
|
public void DsaCertificate() throws IOException {
|
|
// create the certificate
|
|
Calendar expiry = Calendar.getInstance();
|
|
expiry.add(Calendar.DAY_OF_YEAR, 360);
|
|
|
|
Date startDate = new Date(); // time from which certificate is valid
|
|
Date expiryDate = expiry.getTime(); // time after which certificate is not valid
|
|
BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis()); // serial number for certificate
|
|
|
|
|
|
@SuppressWarnings("deprecation")
|
|
AsymmetricCipherKeyPair generateKeyPair = CryptoDSA.generateKeyPair(new SecureRandom(entropySeed.getBytes()), 1024);
|
|
|
|
|
|
DSAPrivateKeyParameters privateKey = (DSAPrivateKeyParameters) generateKeyPair.getPrivate();
|
|
DSAPublicKeyParameters publicKey = (DSAPublicKeyParameters) generateKeyPair.getPublic();
|
|
|
|
|
|
|
|
X509CertificateHolder DSAx509Certificate = CryptoX509.DSA.createCertHolder(startDate, expiryDate,
|
|
new X500Name("CN=Test"), new X500Name("CN=Test"), serialNumber,
|
|
privateKey, publicKey);
|
|
// make sure it's a valid cert.
|
|
if (DSAx509Certificate != null) {
|
|
boolean valid = CryptoX509.DSA.validate(DSAx509Certificate);
|
|
|
|
if (!valid) {
|
|
fail("Unable to verify a x509 certificate.");
|
|
}
|
|
} else {
|
|
fail("Unable to create a x509 certificate.");
|
|
}
|
|
|
|
// now sign something, then verify the signature.
|
|
byte[] data = "My keyboard is awesome".getBytes();
|
|
byte[] signatureBlock = CryptoX509.createSignature(data, DSAx509Certificate, privateKey);
|
|
|
|
boolean verifySignature = CryptoX509.DSA.verifySignature(signatureBlock, publicKey);
|
|
|
|
if (!verifySignature) {
|
|
fail("Unable to verify a x509 certificate signature.");
|
|
}
|
|
}
|
|
|
|
@Test
|
|
public void RsaCertificate() throws IOException {
|
|
// create the certificate
|
|
Calendar expiry = Calendar.getInstance();
|
|
expiry.add(Calendar.DAY_OF_YEAR, 360);
|
|
|
|
Date startDate = new Date(); // time from which certificate is valid
|
|
Date expiryDate = expiry.getTime(); // time after which certificate is not valid
|
|
BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis()); // serial number for certificate
|
|
|
|
@SuppressWarnings("deprecation")
|
|
AsymmetricCipherKeyPair generateKeyPair = CryptoRSA.generateKeyPair(new SecureRandom(entropySeed.getBytes()), 1024);
|
|
RSAPrivateCrtKeyParameters privateKey = (RSAPrivateCrtKeyParameters) generateKeyPair.getPrivate();
|
|
RSAKeyParameters publicKey = (RSAKeyParameters) generateKeyPair.getPublic();
|
|
|
|
|
|
X509CertificateHolder RSAx509Certificate = CryptoX509.RSA.createCertHolder(startDate, expiryDate,
|
|
new X500Name("CN=Test"), new X500Name("CN=Test"), serialNumber,
|
|
privateKey, publicKey);
|
|
// make sure it's a valid cert.
|
|
if (RSAx509Certificate != null) {
|
|
boolean valid = CryptoX509.RSA.validate(RSAx509Certificate);
|
|
|
|
if (!valid) {
|
|
fail("Unable to verify a x509 certificate.");
|
|
}
|
|
} else {
|
|
fail("Unable to create a x509 certificate.");
|
|
}
|
|
|
|
// now sign something, then verify the signature.
|
|
byte[] data = "My keyboard is awesome".getBytes();
|
|
byte[] signatureBlock = CryptoX509.createSignature(data, RSAx509Certificate, privateKey);
|
|
|
|
boolean verifySignature = CryptoX509.RSA.verifySignature(signatureBlock, publicKey);
|
|
|
|
if (!verifySignature) {
|
|
fail("Unable to verify a x509 certificate signature.");
|
|
}
|
|
}
|
|
}
|