/*
* Copyright (C) 2012 Intel Corporation
* All rights reserved.
*/
package test.privacyca;
import com.intel.dcsg.cpg.x509.X509Util;
import com.intel.mtwilson.util.ResourceFinder;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.apache.commons.io.IOUtils;
import org.junit.Test;
/**
*
* @author jbuhacoff
*/
public class AikValidityTest {
@Test
public void testPrivacyCASelfSignedCertificate() throws CertificateException, IOException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
// read privacy ca certificate
InputStream privacyCaIn = new FileInputStream(new File("src/test/resources/PrivacyCA.2.crt")); // XXX TODO currently we only support one privacy CA cert... in the future we should read a PEM format file with possibly multiple trusted privacy ca certs
X509Certificate privacyCaCert = X509Util.decodeDerCertificate(IOUtils.toByteArray(privacyCaIn));
IOUtils.closeQuietly(privacyCaIn);
privacyCaCert.checkValidity();
// verify the trusted privacy ca signed this aik cert
privacyCaCert.verify(privacyCaCert.getPublicKey()); // NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException
}
@Test
public void testAikCertificateIsValid() throws CertificateException, IOException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
InputStream hostAikIn = new FileInputStream(new File("src/test/resources/aikcert.167.crt.pem"));
X509Certificate hostAikCert = X509Util.decodePemCertificate(IOUtils.toString(hostAikIn));
IOUtils.closeQuietly(hostAikIn);
hostAikCert.checkValidity();
// read privacy ca certificate
InputStream privacyCaIn = new FileInputStream(new File("src/test/resources/PrivacyCA.88-167.crt")); // XXX TODO currently we only support one privacy CA cert... in the future we should read a PEM format file with possibly multiple trusted privacy ca certs
X509Certificate privacyCaCert = X509Util.decodeDerCertificate(IOUtils.toByteArray(privacyCaIn));
IOUtils.closeQuietly(privacyCaIn);
privacyCaCert.checkValidity();
// verify the trusted privacy ca signed this aik cert
hostAikCert.verify(privacyCaCert.getPublicKey()); // NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException
}
}