/*
* Copyright 1999-2010 University of Chicago
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is
* distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied.
*
* See the License for the specific language governing permissions and limitations under the License.
*/
package org.globus.gsi.bc;
import java.util.Set;
import java.security.cert.X509Certificate;
import org.globus.gsi.GlobusCredential;
import org.globus.gsi.GSIConstants;
import org.globus.gsi.X509ExtensionSet;
import org.globus.gsi.X509Extension;
import org.globus.gsi.bc.BouncyCastleCertProcessingFactory;
import org.globus.gsi.bc.BouncyCastleX509Extension;
import org.globus.gsi.proxy.ext.ProxyPolicy;
import org.globus.gsi.proxy.ext.ProxyCertInfo;
import org.globus.gsi.proxy.ext.ProxyCertInfoExtension;
import org.bouncycastle.asn1.ASN1Boolean;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.DERBoolean;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.X509Extensions;
import junit.framework.TestCase;
import junit.framework.TestSuite;
import junit.framework.Test;
public class BouncyCastleCertProcessingFactoryTest extends TestCase {
private String proxyFile = "validatorTest/gsi2fullproxy.pem";
public static BouncyCastleCertProcessingFactory factory =
BouncyCastleCertProcessingFactory.getDefault();
public BouncyCastleCertProcessingFactoryTest(String name) {
super(name);
}
public static void main (String[] args) {
junit.textui.TestRunner.run (suite());
}
public static Test suite() {
return new TestSuite(BouncyCastleCertProcessingFactoryTest.class);
}
public void testResctrictedNoProxyCertInfoExt() throws Exception {
ClassLoader loader = BouncyCastleCertProcessingFactoryTest.class.getClassLoader();
GlobusCredential cred = new GlobusCredential(loader.getResource(proxyFile).getPath());
try {
factory.createCredential(cred.getCertificateChain(),
cred.getPrivateKey(),
512,
60 * 60,
GSIConstants.GSI_3_RESTRICTED_PROXY,
(X509ExtensionSet)null,
null);
fail("Expected to fail");
} catch (IllegalArgumentException e) {
// that's what we expected
}
}
public void testResctrictedWithOtherExt() throws Exception {
ClassLoader loader = BouncyCastleCertProcessingFactoryTest.class.getClassLoader();
GlobusCredential cred = new GlobusCredential(loader.getResource(proxyFile).getPath());
X509Extension ext = null;
String oid = "1.2.3.4";
String expectedValue = "foo";
boolean critical = false;
String policyOid = "1.2.3.4.5.6.7.8.9";
String policyValue = "bar";
X509ExtensionSet extSet = new X509ExtensionSet();
ext = new X509Extension(oid, critical, expectedValue.getBytes());
extSet.add(ext);
DERSequence seq = new DERSequence(new ASN1Encodable[] { DERBoolean.FALSE, new ASN1Integer(15) });
BasicConstraints constraints = BasicConstraints.getInstance(seq);
ext = new BouncyCastleX509Extension(org.bouncycastle.asn1.x509.X509Extension.basicConstraints.getId(),
false, constraints);
extSet.add(ext);
ProxyPolicy policy = new ProxyPolicy(policyOid, policyValue.getBytes());
ext = new ProxyCertInfoExtension(new ProxyCertInfo(policy));
extSet.add(ext);
GlobusCredential newCred =
factory.createCredential(cred.getCertificateChain(),
cred.getPrivateKey(),
512,
60 * 60,
GSIConstants.GSI_3_RESTRICTED_PROXY,
extSet,
null);
X509Certificate newCert = newCred.getCertificateChain()[0];
verifyExtension(newCert, oid, expectedValue, critical);
byte [] realValue =
BouncyCastleUtil.getExtensionValue(newCert,
ProxyCertInfo.OID.getId());
assertTrue(realValue != null && realValue.length > 0);
ProxyCertInfo proxyCertInfo =
ProxyCertInfo.getInstance(realValue);
assertTrue(proxyCertInfo != null);
assertTrue(proxyCertInfo.getProxyPolicy() != null);
assertEquals(policyOid,
proxyCertInfo.getProxyPolicy().getPolicyLanguage().getId());
assertEquals(policyValue,
proxyCertInfo.getProxyPolicy().getPolicyAsString());
}
public void testExtensions() throws Exception {
ClassLoader loader = BouncyCastleCertProcessingFactoryTest.class.getClassLoader();
GlobusCredential cred = new GlobusCredential(loader.getResource(proxyFile).getPath());
X509Extension ext = null;
String oid1 = "1.2.3.4";
String expectedValue1 = "foo";
boolean critical1 = false;
// COMMENT Used to be 5.6.7.8. Didn't work with newer bouncy castle version
String oid2 = "1.2.3.5";
String expectedValue2 = "bar";
boolean critical2 = true;
X509ExtensionSet extSet = new X509ExtensionSet();
ext = new X509Extension(oid1, critical1, expectedValue1.getBytes());
extSet.add(ext);
ext = new X509Extension(oid2, critical2, expectedValue2.getBytes());
extSet.add(ext);
GlobusCredential newCred =
factory.createCredential(cred.getCertificateChain(),
cred.getPrivateKey(),
512,
60 * 60,
GSIConstants.GSI_3_IMPERSONATION_PROXY,
extSet,
null);
X509Certificate newCert = newCred.getCertificateChain()[0];
verifyExtension(newCert, oid1, expectedValue1, critical1);
verifyExtension(newCert, oid2, expectedValue2, critical2);
}
private void verifyExtension(X509Certificate cert,
String oid,
String expectedValue,
boolean critical) throws Exception {
byte [] realValue = BouncyCastleUtil.getExtensionValue(cert, oid);
assertTrue(realValue != null && realValue.length > 0);
assertEquals(expectedValue, new String(realValue));
Set exts = null;
if (critical) {
exts = cert.getCriticalExtensionOIDs();
} else {
exts = cert.getNonCriticalExtensionOIDs();
}
assertTrue(exts.contains(oid));
}
}