1 13 14 package se.anatom.ejbca.util; 15 16 import java.io.ByteArrayInputStream ; 17 import java.io.ByteArrayOutputStream ; 18 import java.security.KeyFactory ; 19 import java.security.KeyPair ; 20 import java.security.KeyStore ; 21 import java.security.PrivateKey ; 22 import java.security.cert.Certificate ; 23 import java.security.cert.X509Certificate ; 24 import java.security.spec.PKCS8EncodedKeySpec ; 25 26 import junit.framework.TestCase; 27 28 import org.apache.log4j.Logger; 29 import org.ejbca.core.model.ca.catoken.CATokenConstants; 30 import org.ejbca.core.model.ca.catoken.CATokenInfo; 31 import org.ejbca.util.Base64; 32 import org.ejbca.util.CertTools; 33 import org.ejbca.util.KeyTools; 34 35 40 public class TestKeyTools extends TestCase { 41 42 private static Logger log = Logger.getLogger(TestKeyTools.class); 43 44 static byte[] ks3 = Base64.decode(("MIACAQMwgAYJKoZIhvcNAQcBoIAkgASCAyYwgDCABgkqhkiG9w0BBwGggCSABIID" 45 + "DjCCAwowggMGBgsqhkiG9w0BDAoBAqCCAqkwggKlMCcGCiqGSIb3DQEMAQMwGQQU" 46 + "/h0pQXq7ZVjYWlDvzEwwmiJ8O8oCAWQEggJ4MZ12+kTVGd1w7SP4ZWlq0bCc4MsJ" 47 + "O0FFSX3xeVp8Bx16io1WkEFOW3xfqjuxKOL6YN9atoOZdfhlOMhmbhglm2PJSzIg" 48 + "JSDHvWk2xKels5vh4hY1iXWOh48077Us4wP4Qt94iKglCq4xwxYcSCW8BJwbu93F" 49 + "uxE1twnWXbH192nMhaeIAy0v4COdduQamJEtHRmIJ4GZwIhH+lNHj/ARdIfNw0Dm" 50 + "uPspuSu7rh6rQ8SrRsjg63EoxfSH4Lz6zIJKF0OjNX07T8TetFgznCdGCrqOZ1fK" 51 + "5oRzXIA9hi6UICiuLSm4EoHzEpifCObpiApwNj3Kmp2uyz2uipU0UKhf/WqvmU96" 52 + "yJj6j1JjZB6p+9sgecPFj1UMWhEFTwxMEwR7iZDvjkKDNWMit+0cQyeS7U0Lxn3u" 53 + "m2g5e6C/1akwHZsioLC5OpFq/BkPtnbtuy4Kr5Kwb2y7vSiKpjFr7sKInjdAsgCi" 54 + "8kyUV8MyaIfZdtREjwqBe0imfP+IPVqAsl1wGW95YXsLlK+4P1bspAgeHdDq7Q91" 55 + "bJJQAS5OTD38i1NY6MRtt/fWsShVBLjf2FzNpw6siHHl2N7BDNyO3ALtgfp50e0Z" 56 + "Dsw5WArgKLiXfwZIrIKbYA73RFc10ReDqnJSF+NXgBo1/i4WhZLHC1Osl5UoKt9q" 57 + "UoXIUmYhAwdAT5ZKVw6A8yp4e270yZTXNsDz8u/onEwNc1iM0v0RnPQhNE5sKEZH" 58 + "QrMxttiwbKe3YshCjbruz/27XnNA51t2p1M6eC1HRab4xSHAyH5NTxGJ8yKhOfiT" 59 + "aBKqdTH3P7QzlcoCUDVDDe7aLMaZEf+a2Te63cZTuUVpkysxSjAjBgkqhkiG9w0B" 60 + "CRQxFh4UAHAAcgBpAHYAYQB0AGUASwBlAHkwIwYJKoZIhvcNAQkVMRYEFCfeHSg6" 61 + "EdeP5A1IC8ydjyrjyFSdAAQBAAQBAAQBAAQBAASCCBoAMIAGCSqGSIb3DQEHBqCA" 62 + "MIACAQAwgAYJKoZIhvcNAQcBMCcGCiqGSIb3DQEMAQYwGQQURNy47tUcttscSleo" 63 + "8gY6ZAPFOl0CAWSggASCB8jdZ+wffUP1B25Ys48OFBMg/itT0EBS6J+dYVofZ84c" 64 + "x41q9U+CRMZJwVNZbkqfRZ+F3tLORSwuIcwyioa2/JUpv8uJCjQ2tru5+HtqCrzR" 65 + "Huh7TfdiMqvjkKpnXi69DPPjQdCSPwYMy1ahZrP5KgEZg4S92xpU2unF1kKQ30Pq" 66 + "PTEBueDlFC39rojp51Wsnqb1QzjPo53YvJQ8ztCoG0yk+0omELyPbc/qMKe5/g5h" 67 + "Lx7Q+2D0PC/ZHtoDkCRfMDKwgwALFsSj2uWNJsCplspmc7YgIzSr/GqqeSXHp4Ue" 68 + "dwVJAswrhpkXZTlp1rtl/lCSFl9akwjY1fI144zfpYKpLqfoHL1uI1c3OumrFzHd" 69 + "ZldZYgsM/h3qjgu8qcXqI0sKVXsffcftCaVs+Bxmdu9vpY15rlx1e0an/O05nMKU" 70 + "MBU2XpGkmWxuy0tOKs3QtGzHUJR5+RdEPURctRyZocEjJgTvaIMq1dy/FIaBhi+d" 71 + "IeAbFmjBu7cv9C9v/jMuUjLroycmo7QW9jGgyTOQ68J+6w2/PtqiqIo3Ry9WC0SQ" 72 + "8+fVNOGLr5O2YPpw17sDQa/+2gjozngvL0OHiABwQ3EbXAQLF046VYkTi5R+8iGV" 73 + "3jlTvvStIKY06E/s/ih86bzwJWAQENCazXErN69JO+K3IUiwxac+1AOO5WyR9qyv" 74 + "6m/yHdIdbOVE21M2RARbI8UiDpRihCzk4duPfj/x2bZyFqLclIMhbTd2UOQQvr+W" 75 + "4etpMJRtyFGhdLmNgYAhYrbUgmdL1kRkzPzOs77PqleMpfkii7HPk3HlVkM7NIqd" 76 + "dN0WQaQwGJuh5f1ynhyqtsaw6Gu/X56H7hpziAh0eSDQ5roRE7yy98h2Mcwb2wtY" 77 + "PqVFTmoKuRWR2H5tT6gCaAM3xiSC7RLa5SF1hYQGaqunqBaNPYyUIg/r03dfwF9r" 78 + "AkOhh6Mq7Z2ktzadWTxPl8OtIZFVeyqIOtSKBHhJyGDGiz3+SSnTnSX81NaTSJYZ" 79 + "7YTiXkXvSYNpjpPckIKfjpBw0T4pOva3a6s1z5p94Dkl4kz/zOmgveGd3dal6wUV" 80 + "n3TR+2cyv51WcnvB9RIp58SJOc+CvCvYTvkEdvE2QtRw3wt4ngGJ5pxmC+7+8fCf" 81 + "hRDzw9LBNz/ry88y/0Bidpbhwr8gEkmHuaLp43WGQQsQ+cWYJ8AeLZMvKplbCWqy" 82 + "iuks0MnKeaC5dcB+3BL55OvcTfGkMtz0oYBkcGBTbbR8BKJZgkIAx7Q+/rCaqv6H" 83 + "HN/cH5p8iz5k+R3MkmR3gi6ktelQ2zx1pbPz3IqR67cTX3IyTX56F2aY54ueY17m" 84 + "7hFwSy4aMen27EO06DXn/b6vPKj73ClE2B/IPHO/H2e8r04JWMltFWuStV0If5x0" 85 + "5ZImXx068Xw34eqSWvoMzr97xDxUwdlFgrKrkMKNoTDhA4afrZ/lwHdUbNzh6cht" 86 + "jHW/IfIaMo3NldN/ihO851D399FMsWZW7YA7//RrWzBDiLvh+RfwkMOfEpbujy0G" 87 + "73rO/Feed2MoVXvmuKBRpTNyFuBVvFDwIzBT4m/RaVf5m1pvprSk3lo43aumdN9f" 88 + "NDETktVZ/CYaKlYK8rLcNBKJicM5+maiQSTa06XZXDMY84Q0xtCqJ/aUH4sa/z8j" 89 + "KukVUSyUZDJk/O82B3NA4+CoP3Xyc9LAUKucUvoOmGt2JCw6goB/vqeZEg9Tli0Q" 90 + "+aRer720QdVRkPVXKSshL2FoXHWUMaBF8r//zT6HbjTNQEdxbRcBNvkUXUHzITfl" 91 + "YjQcEn+FGrF8+HVdXCKzSXSgu7mSouYyJmZh42spUFCa4j60Ks1fhQb2H1p72nJD" 92 + "n1mC5sZkU68ITVu1juVl/L2WJPmWfasb1Ihnm9caJ/mEE/i1iKp7qaY9DPTw5hw4" 93 + "3QplYWFv47UA/sOmnWwupRuPk7ISdimuUnih8OYR75rJ0z6OYexvj/2svx9/O5Mw" 94 + "654jFF2hAq69jt7GJo6VZaeCRCAxEU7N97l3EjqaKJVrpIPQ+3yLmqHit/CWxImB" 95 + "iIl3sW7MDEHgPdQy3QiZmAYNLQ0Te0ygcIHwtPyzhFoFmjbQwib2vxDqWaMQpUM1" 96 + "/W96R/vbCjA7tfKYchImwAPCyRM5Je2FHewErG413kZct5tJ1JqkcjPsP7Q8kmgw" 97 + "Ec5QNq1/PZOzL1ZLr6ryfA4gLBXa6bJmf43TUkdFYTvIYbvH2jp4wpAtA152YgPI" 98 + "FL19/Tv0B3Bmb1qaK+FKiiQmYfVOm/J86i/L3b8Z3jj8dRWEBztaI/KazZ/ZVcs/" 99 + "50bF9jH7y5+2uZxByjkM/kM/Ov9zIHbYdxLw2KHnHsGKTCooSSWvPupQLBGgkd6P" 100 + "M9mgE6MntS+lk9ucpP5j1LXo5zlZaLSwrvSzE3/bbWJKsJuomhRbKeZ+qSYOWvPl" 101 + "/1RqREyZHbSDKzVk39oxH9EI9EWKlCbrz5EHWiSv0+9HPczxbO3q+YfqcY8plPYX" 102 + "BvgxHUeDR+LxaAEcVEX6wd2Pky8pVwxQydU4cEgohrgZnKhxxLAvCp5sb9kgqCrh" 103 + "luvBsHpmiUSCi/r0PNXDgApvTrVS/Yv0jTpX9u9IWMmNMrnskdcP7tpEdkw8/dpf" 104 + "RFLLgqwmNEhCggfbyT0JIUxf2rldKwd6N1wZozaBg1uKjNmAhJc1RxsABAEABAEA" 105 + "BAEABAEABAEABAEABAEABAEABAEABAEABAEAAAAAAAAAMDwwITAJBgUrDgMCGgUA" 106 + "BBSS2GOUxqv3IT+aesPrMPNn9RQ//gQUYhjCLPh/h2ULjh+1L2s3f5JIZf0CAWQA" 107 + "AA==").getBytes()); 108 109 static byte[] keys1024bit = Base64.decode(("MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAKA5rNhYbPuVcArT" 110 + "mkthfrW2tX1Z7SkCD01sDYrkiwOcodFmS1cSyz8eHM51iwHA7CW0WFvfUjomBT5y" 111 + "gRQfIsf5M5DUtYcKM1hmGKSPzvmF4nYv+3UBUesCvBXVRN/wFZ44SZZ3CVvpQUYb" 112 + "GWjyC+Dgol5n8oKOC287rnZUPEW5AgMBAAECgYEAhMtoeyLGqLlRVFfOoL1cVGTr" 113 + "BMp8ail/30435y7GHKc74p6iwLcd5uEhROhc3oYz8ogHV5W+w9zxKbGjU7b+jmh+" 114 + "h/WFao+Gu3sSrZ7ieg95fSuQsBlJp3w+eCAOZwlEu/JQQHDtURui25SPVblZ9/41" 115 + "u8VwFjk9YQx+nT6LclECQQDYlC9bOr1SWL8PBlipXB/UszMsTM5xEH920A+JPF4E" 116 + "4tw+AHecanjr5bXSluRbWSWUjtl5LV2edqAP9EsH1/A1AkEAvWOctUvTlm6fWHJq" 117 + "lZhsWVvOhDG7cn5gFu34J8JJd5QHov0469CpSamY0Q/mPE/y3kDllmyYvnQ+yobB" 118 + "ZRg39QJBAINCM/0/eVQ58vlBKGTkL2pyfNYhapB9pjK04GWVD4o4j7CICfXjVYvq" 119 + "eSq7RoTSX4NMnCLjyrRqQpHIxdxoE+0CQQCz7MzWWGF+Cz6LUrf7w0E8a8H5SR4i" 120 + "GfnEDvSxIR2W4yWWLShEsIoEF4G9LHO5XOMJT3JOxIEgf2OgGQHmv2l5AkBThYUo" 121 + "ni82jZuue3YqXXHY2lz3rVmooAv7LfQ63yzHECFsQz7kDwuRVWWRsoCOURtymAHp" 122 + "La09g2BE+Q5oUUFx").getBytes()); 123 124 125 static byte[] certbytes = Base64.decode(("MIICNzCCAaCgAwIBAgIIIOqiVwJHz+8wDQYJKoZIhvcNAQEFBQAwKzENMAsGA1UE" 126 + "AxMEVGVzdDENMAsGA1UEChMEVGVzdDELMAkGA1UEBhMCU0UwHhcNMDQwNTA4MDkx" 127 + "ODMwWhcNMDUwNTA4MDkyODMwWjArMQ0wCwYDVQQDEwRUZXN0MQ0wCwYDVQQKEwRU" 128 + "ZXN0MQswCQYDVQQGEwJTRTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAgbf2" 129 + "Sv34lsY43C8WJjbUd57TNuHJ6p2Es7ojS3D2yxtzQg/A8wL1OfXes344PPNGHkDd" 130 + "QPBaaWYQrvLvqpjKwx/vA1835L3I92MsGs+uivq5L5oHfCxEh8Kwb9J2p3xjgeWX" 131 + "YdZM5dBj3zzyu+Jer4iU4oCAnnyG+OlVnPsFt6ECAwEAAaNkMGIwDwYDVR0TAQH/" 132 + "BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBQArVZXuGqbb9yhBLbu" 133 + "XfzjSuXfHTAfBgNVHSMEGDAWgBQArVZXuGqbb9yhBLbuXfzjSuXfHTANBgkqhkiG" 134 + "9w0BAQUFAAOBgQA1cB6wWzC2rUKBjFAzfkLvDUS3vEMy7ntYMqqQd6+5s1LHCoPw" 135 + "eaR42kMWCxAbdSRgv5ATM0JU3Q9jWbLO54FkJDzq+vw2TaX+Y5T+UL1V0o4TPKxp" 136 + "nKuay+xl5aoUcVEs3h3uJDjcpgMAtyusMEyv4d+RFYvWJWFzRTKDueyanw==").getBytes()); 137 138 static String storepwd = "foo123"; 139 static String pkAlias = "privateKey"; 140 141 public TestKeyTools(String name) { 142 super(name); 143 } 144 145 protected void setUp() throws Exception { 146 log.debug(">setUp()"); 147 CertTools.installBCProvider(); 149 log.debug("<setUp()"); 150 151 } 152 153 protected void tearDown() throws Exception { 154 } 155 156 public void test01GetCertChain() throws Exception { 157 log.debug(">test01GetCertChain()"); 158 KeyStore store = KeyStore.getInstance("PKCS12", "BC"); 159 ByteArrayInputStream fis = new ByteArrayInputStream (ks3); 160 store.load(fis, storepwd.toCharArray()); 161 Certificate [] certs = KeyTools.getCertChain(store, pkAlias); 162 log.debug("Number of certs: " + certs.length); 163 assertEquals("Wrong number of certs returned", 3, certs.length); 164 for (int i = 0; i < certs.length; i++) { 165 X509Certificate cert = (X509Certificate ) certs[i]; 166 log.debug("SubjectDN: " + cert.getSubjectDN().toString()); 167 if (i == 0) assertEquals("Wrong subjectDN", cert.getSubjectDN().toString(), "CN=fooca,C=SE"); 168 if (i == 1) assertEquals("Wrong subjectDN", cert.getSubjectDN().toString(), "CN=TestSubCA,O=AnaTom,C=SE"); 169 if (i == 2) assertEquals("Wrong subjectDN", cert.getSubjectDN().toString(), "CN=TestCA,O=AnaTom,C=SE"); 170 } 171 log.debug("<test01GetCertChain()"); 172 } 173 174 public void test02GenKeysRSA() throws Exception { 175 log.debug(">test02GenKeysRSA()"); 176 KeyPair keys = KeyTools.genKeys("512", CATokenConstants.KEYALGORITHM_RSA); 177 assertNotNull("keys must not be null", keys); 178 String b64private = new String (Base64.encode(keys.getPrivate().getEncoded())); 179 assertNotNull("b64private must not be null", b64private); 180 X509Certificate cert = CertTools.genSelfCert("C=SE,O=Test,CN=Test", 365, null, keys.getPrivate(), keys.getPublic(), CATokenInfo.SIGALG_SHA1_WITH_RSA, true); 182 assertNotNull("cert must not be null", cert); 183 String b64cert = new String (Base64.encode(cert.getEncoded())); 184 assertNotNull("b64cert cannot be null", b64cert); 185 log.debug("<test02GenKeysRSA()"); 187 } 188 189 public void test03CreateP12() throws Exception { 190 log.debug(">test03CreateP12()"); 191 X509Certificate cert = CertTools.getCertfromByteArray(certbytes); 192 PKCS8EncodedKeySpec pkKeySpec = new PKCS8EncodedKeySpec (keys1024bit); 193 KeyFactory keyFactory = KeyFactory.getInstance("RSA"); 194 PrivateKey pk = keyFactory.generatePrivate(pkKeySpec); 195 KeyStore ks = KeyTools.createP12("Foo", pk, cert, (X509Certificate ) null); 196 assertNotNull("ks must not be null", ks); 197 ByteArrayOutputStream baos = new ByteArrayOutputStream (); 198 ks.store(baos, "foo123".toCharArray()); 200 assertTrue("baos size must not be 0", baos.size() > 0); 201 log.debug("<test03CreateP12()"); 202 } 203 204 public void test03GenKeysECDSAx9() throws Exception { 205 log.debug(">test03GenKeysECDSA()"); 206 KeyPair keys = KeyTools.genKeys("prime192v1", CATokenConstants.KEYALGORITHM_ECDSA); 207 assertNotNull("keys must not be null", keys); 208 String b64private = new String (Base64.encode(keys.getPrivate().getEncoded())); 209 assertNotNull("b64private must not be null", b64private); 210 X509Certificate cert = CertTools.genSelfCert("C=SE,O=Test,CN=Test", 365, null, keys.getPrivate(), keys.getPublic(), CATokenInfo.SIGALG_SHA256_WITH_ECDSA, true); 212 assertNotNull("cert must not be null", cert); 214 String b64cert = new String (Base64.encode(cert.getEncoded())); 215 assertNotNull("b64cert cannot be null", b64cert); 216 log.debug("<test03GenKeysECDSA()"); 218 } 219 220 public void test04GenKeysECDSANist() throws Exception { 221 log.debug(">test04GenKeysECDSANist()"); 222 KeyPair keys = KeyTools.genKeys("secp384r1", CATokenConstants.KEYALGORITHM_ECDSA); 223 assertNotNull("keys must not be null", keys); 224 String b64private = new String (Base64.encode(keys.getPrivate().getEncoded())); 225 assertNotNull("b64private must not be null", b64private); 226 X509Certificate cert = CertTools.genSelfCert("C=SE,O=Test,CN=Test", 365, null, keys.getPrivate(), keys.getPublic(), CATokenInfo.SIGALG_SHA256_WITH_ECDSA, true); 228 assertNotNull("cert must not be null", cert); 230 String b64cert = new String (Base64.encode(cert.getEncoded())); 231 assertNotNull("b64cert cannot be null", b64cert); 232 System.out.println(b64cert); 233 log.debug("<test04GenKeysECDSANist()"); 234 } 235 236 public void test05GenKeysECDSAImplicitlyCA() throws Exception { 237 log.debug(">test05GenKeysECDSAImplicitlyCA()"); 238 KeyPair keys = KeyTools.genKeys("implicitlyCA", CATokenConstants.KEYALGORITHM_ECDSA); 239 assertNotNull("keys must not be null", keys); 240 String b64private = new String (Base64.encode(keys.getPrivate().getEncoded())); 241 assertNotNull("b64private must not be null", b64private); 242 X509Certificate cert = CertTools.genSelfCert("C=SE,O=Test,CN=Test", 365, null, keys.getPrivate(), keys.getPublic(), CATokenInfo.SIGALG_SHA256_WITH_ECDSA, true); 244 assertNotNull("cert must not be null", cert); 246 String b64cert = new String (Base64.encode(cert.getEncoded())); 247 assertNotNull("b64cert cannot be null", b64cert); 248 System.out.println(b64cert); 249 log.debug("<test05GenKeysECDSAImplicitlyCA()"); 250 } 251 } 252 | Popular Tags |