/*
* Copyright (c) 2012 Mike Heath. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package cloudeventbus.pki;
import cloudeventbus.Subject;
import org.testng.annotations.Test;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.KeyPair;
import java.util.List;
import static org.testng.Assert.assertEquals;
/**
* @author Mike Heath <elcapo@gmail.com>
*/
public class CertificateTest {
@Test
public void createSerializeDeserializeHash() throws Exception {
final KeyPair keyPair = CertificateUtils.generateKeyPair();
final Certificate.Type type = Certificate.Type.AUTHORITY;
final long serialNumber = 1234l;
final long issuer = 5678;
final long expirationDate = System.currentTimeMillis();
final List<Subject> subscribe = Subject.list("foo.bar", "test");
final List<Subject> publish = Subject.list("this", "that", "theOtherOne");
final String comment = "This is a comment.";
final byte[] signature = new byte[Certificate.SIGNATURE_LENGTH];
final Certificate certificate = new Certificate(type, serialNumber, issuer, expirationDate, keyPair.getPublic(), subscribe, publish, comment, signature);
final byte[] firstHash = certificate.hash();
final ByteArrayOutputStream out = new ByteArrayOutputStream();
certificate.store(out);
final Certificate copy = new Certificate(new ByteArrayInputStream(out.toByteArray()));
assertEquals(copy, certificate);
assertEquals(copy.hashCode(), certificate.hashCode());
assertEquals(copy.hash(), firstHash);
assertEquals(type, copy.getType());
assertEquals(copy.getSerialNumber(), serialNumber);
assertEquals(copy.getIssuer(), issuer);
assertEquals(copy.getExpirationDate(), expirationDate);
assertEquals(copy.getPublicKey(), keyPair.getPublic());
assertEquals(copy.getSubscribePermissions(), subscribe);
assertEquals(copy.getPublishPermissions(), publish);
assertEquals(copy.getComment(), comment);
assertEquals(copy.getSignature(), signature);
}
@Test(expectedExceptions = CertificateIssuerMismatchException.class)
public void mismatchedIssuer() throws Exception {
final KeyPair issuerKeyPair = CertificateUtils.generateKeyPair();
final KeyPair certificateKeyPair = CertificateUtils.generateKeyPair();
final Certificate issuerCertificate = CertificateUtils.generateSelfSignedCertificate(issuerKeyPair, -1, "Issuer");
final Certificate certificate = CertificateUtils.generateSignedCertificate(
issuerCertificate,
issuerKeyPair.getPrivate(),
certificateKeyPair.getPublic(),
Certificate.Type.CLIENT,
-1,
Subject.list("*"),
Subject.list("*"),
"Client certificate");
final Certificate secondIssuerCertificate = CertificateUtils.generateSelfSignedCertificate(issuerKeyPair, -1, "Issuer");
secondIssuerCertificate.validateSignature(certificate);
}
@Test(expectedExceptions = CertificateSecurityException.class)
public void invalidSignature() {
final KeyPair issuerKeyPair = CertificateUtils.generateKeyPair();
final KeyPair certificateKeyPair = CertificateUtils.generateKeyPair();
final Certificate issuerCertificate = CertificateUtils.generateSelfSignedCertificate(issuerKeyPair, -1, "Issuer");
final Certificate certificate = new Certificate(
Certificate.Type.CLIENT,
1,
issuerCertificate.getSerialNumber(),
-1,
certificateKeyPair.getPublic(),
Subject.list("*"),
Subject.list("*"),
"This is a bad signature",
new byte[Certificate.SIGNATURE_LENGTH]);
issuerCertificate.validateSignature(certificate);
}
@Test(expectedExceptions = InvalidCertificateSignatureException.class)
public void modifiedCertificate() {
final KeyPair issuerKeyPair = CertificateUtils.generateKeyPair();
final KeyPair certificateKeyPair = CertificateUtils.generateKeyPair();
final Certificate issuerCertificate = CertificateUtils.generateSelfSignedCertificate(issuerKeyPair, -1, "Issuer");
final Certificate validCertificate = CertificateUtils.generateSignedCertificate(
issuerCertificate,
issuerKeyPair.getPrivate(),
certificateKeyPair.getPublic(),
Certificate.Type.CLIENT,
-1,
Subject.list("*"),
Subject.list("*"),
"Client certificate");
final Certificate certificate = new Certificate(
validCertificate.getType(),
2l,
validCertificate.getIssuer(),
validCertificate.getExpirationDate(),
validCertificate.getPublicKey(),
validCertificate.getSubscribePermissions(),
validCertificate.getPublishPermissions(),
validCertificate.getComment(),
validCertificate.getSignature());
issuerCertificate.validateSignature(certificate);
}
}