@Test
public void testV3Cert() throws Exception {
CertifiedPublicKey interCaCert = factory.decode(v3InterCaCert);
CertifiedPublicKey certificate = factory.decode(v3Cert);
assertTrue(
"End certificate should be verified by CA.",
certificate.isSignedBy(interCaCert.getPublicKeyParameters()));
assertThat(certificate, instanceOf(X509CertifiedPublicKey.class));
X509CertifiedPublicKey cert = (X509CertifiedPublicKey) certificate;
assertThat(cert.getVersionNumber(), equalTo(3));
assertTrue(
"KeyUsage extension should be critical.", cert.getExtensions().isCritical(KeyUsage.OID));
assertThat(
cert.getExtensions().getKeyUsage(),
equalTo(EnumSet.of(KeyUsage.digitalSignature, KeyUsage.dataEncipherment)));
assertFalse(
"ExtendedKeyUsage extension should be non critical.",
cert.getExtensions().isCritical(ExtendedKeyUsages.OID));
assertThat(
cert.getExtensions().getExtendedKeyUsage().getAll().toArray(new String[0]),
equalTo(new String[] {ExtendedKeyUsages.EMAIL_PROTECTION}));
assertTrue(
"Email data protection extended usage should be set.",
cert.getExtensions().getExtendedKeyUsage().hasUsage(ExtendedKeyUsages.EMAIL_PROTECTION));
assertThat(
cert.getExtensions().getAuthorityKeyIdentifier(),
equalTo(((X509CertifiedPublicKey) interCaCert).getExtensions().getSubjectKeyIdentifier()));
assertThat(cert.isRootCA(), equalTo(false));
}
@Test
public void testV3InterCACert() throws Exception {
CertifiedPublicKey caCert = factory.decode(v3CaCert);
CertifiedPublicKey interCaCert = factory.decode(v3InterCaCert);
assertTrue(
"Intermediate CA certificate should be verified by CA.",
interCaCert.isSignedBy(caCert.getPublicKeyParameters()));
assertThat(interCaCert, instanceOf(X509CertifiedPublicKey.class));
X509CertifiedPublicKey cert = (X509CertifiedPublicKey) interCaCert;
assertThat(cert.getVersionNumber(), equalTo(3));
assertTrue(
"Basic constraints should be critical.",
cert.getExtensions().isCritical(X509Extensions.BASIC_CONSTRAINTS_OID));
assertTrue(
"Basic constraints should be set to CA.",
cert.getExtensions().hasCertificateAuthorityBasicConstraints());
assertThat(cert.getExtensions().getBasicConstraintsPathLen(), equalTo(0));
assertTrue(
"KeyUsage extension should be critical.", cert.getExtensions().isCritical(KeyUsage.OID));
assertThat(
cert.getExtensions().getKeyUsage(),
equalTo(EnumSet.of(KeyUsage.keyCertSign, KeyUsage.cRLSign)));
assertThat(
cert.getExtensions().getAuthorityKeyIdentifier(),
equalTo(((X509CertifiedPublicKey) caCert).getExtensions().getSubjectKeyIdentifier()));
assertThat(cert.isRootCA(), equalTo(false));
}
@Test
public void testV1Cert() throws Exception {
CertifiedPublicKey caCert = factory.decode(v1CaCert);
CertifiedPublicKey certificate = factory.decode(v1Cert);
assertTrue(
"End certificate should be verified by CA.",
certificate.isSignedBy(caCert.getPublicKeyParameters()));
assertThat(certificate, instanceOf(X509CertifiedPublicKey.class));
X509CertifiedPublicKey cert = (X509CertifiedPublicKey) certificate;
assertThat(cert.getVersionNumber(), equalTo(1));
}
@Test
public void testV3CaCert() throws Exception {
CertifiedPublicKey certificate = factory.decode(v3CaCert);
assertTrue(
"CA should verify itself.", certificate.isSignedBy(certificate.getPublicKeyParameters()));
assertThat(certificate, instanceOf(X509CertifiedPublicKey.class));
X509CertifiedPublicKey cert = (X509CertifiedPublicKey) certificate;
assertThat(cert.getVersionNumber(), equalTo(3));
assertTrue(
"Basic constraints should be critical.",
cert.getExtensions().isCritical(X509Extensions.BASIC_CONSTRAINTS_OID));
assertTrue(
"Basic constraints should be set to CA.",
cert.getExtensions().hasCertificateAuthorityBasicConstraints());
assertTrue(
"KeyUsage extension should be critical.", cert.getExtensions().isCritical(KeyUsage.OID));
assertThat(
cert.getExtensions().getKeyUsage(),
equalTo(EnumSet.of(KeyUsage.keyCertSign, KeyUsage.cRLSign)));
assertThat(cert.getExtensions().getAuthorityKeyIdentifier(), notNullValue());
assertThat(
cert.getExtensions().getAuthorityKeyIdentifier(),
equalTo(cert.getExtensions().getSubjectKeyIdentifier()));
assertThat(cert.isRootCA(), equalTo(true));
}
@Test
public void testV1CaCert() throws Exception {
CertifiedPublicKey certificate = factory.decode(v1CaCert);
assertTrue(
"CA should verify itself.", certificate.isSignedBy(certificate.getPublicKeyParameters()));
assertThat(certificate, instanceOf(X509CertifiedPublicKey.class));
X509CertifiedPublicKey cert = (X509CertifiedPublicKey) certificate;
assertThat(cert.getVersionNumber(), equalTo(1));
assertThat(cert.isRootCA(), equalTo(true));
}