@Test public void testV3InterCACert() throws Exception { CertifiedPublicKey caCert = factory.decode(v3CaCert); CertifiedPublicKey interCaCert = factory.decode(v3InterCaCert); assertTrue( "Intermediate CA certificate should be verified by CA.", interCaCert.isSignedBy(caCert.getPublicKeyParameters())); assertThat(interCaCert, instanceOf(X509CertifiedPublicKey.class)); X509CertifiedPublicKey cert = (X509CertifiedPublicKey) interCaCert; assertThat(cert.getVersionNumber(), equalTo(3)); assertTrue( "Basic constraints should be critical.", cert.getExtensions().isCritical(X509Extensions.BASIC_CONSTRAINTS_OID)); assertTrue( "Basic constraints should be set to CA.", cert.getExtensions().hasCertificateAuthorityBasicConstraints()); assertThat(cert.getExtensions().getBasicConstraintsPathLen(), equalTo(0)); assertTrue( "KeyUsage extension should be critical.", cert.getExtensions().isCritical(KeyUsage.OID)); assertThat( cert.getExtensions().getKeyUsage(), equalTo(EnumSet.of(KeyUsage.keyCertSign, KeyUsage.cRLSign))); assertThat( cert.getExtensions().getAuthorityKeyIdentifier(), equalTo(((X509CertifiedPublicKey) caCert).getExtensions().getSubjectKeyIdentifier())); assertThat(cert.isRootCA(), equalTo(false)); }
@Test public void testV3Cert() throws Exception { CertifiedPublicKey interCaCert = factory.decode(v3InterCaCert); CertifiedPublicKey certificate = factory.decode(v3Cert); assertTrue( "End certificate should be verified by CA.", certificate.isSignedBy(interCaCert.getPublicKeyParameters())); assertThat(certificate, instanceOf(X509CertifiedPublicKey.class)); X509CertifiedPublicKey cert = (X509CertifiedPublicKey) certificate; assertThat(cert.getVersionNumber(), equalTo(3)); assertTrue( "KeyUsage extension should be critical.", cert.getExtensions().isCritical(KeyUsage.OID)); assertThat( cert.getExtensions().getKeyUsage(), equalTo(EnumSet.of(KeyUsage.digitalSignature, KeyUsage.dataEncipherment))); assertFalse( "ExtendedKeyUsage extension should be non critical.", cert.getExtensions().isCritical(ExtendedKeyUsages.OID)); assertThat( cert.getExtensions().getExtendedKeyUsage().getAll().toArray(new String[0]), equalTo(new String[] {ExtendedKeyUsages.EMAIL_PROTECTION})); assertTrue( "Email data protection extended usage should be set.", cert.getExtensions().getExtendedKeyUsage().hasUsage(ExtendedKeyUsages.EMAIL_PROTECTION)); assertThat( cert.getExtensions().getAuthorityKeyIdentifier(), equalTo(((X509CertifiedPublicKey) interCaCert).getExtensions().getSubjectKeyIdentifier())); assertThat(cert.isRootCA(), equalTo(false)); }
@Test public void testV3CaCert() throws Exception { CertifiedPublicKey certificate = factory.decode(v3CaCert); assertTrue( "CA should verify itself.", certificate.isSignedBy(certificate.getPublicKeyParameters())); assertThat(certificate, instanceOf(X509CertifiedPublicKey.class)); X509CertifiedPublicKey cert = (X509CertifiedPublicKey) certificate; assertThat(cert.getVersionNumber(), equalTo(3)); assertTrue( "Basic constraints should be critical.", cert.getExtensions().isCritical(X509Extensions.BASIC_CONSTRAINTS_OID)); assertTrue( "Basic constraints should be set to CA.", cert.getExtensions().hasCertificateAuthorityBasicConstraints()); assertTrue( "KeyUsage extension should be critical.", cert.getExtensions().isCritical(KeyUsage.OID)); assertThat( cert.getExtensions().getKeyUsage(), equalTo(EnumSet.of(KeyUsage.keyCertSign, KeyUsage.cRLSign))); assertThat(cert.getExtensions().getAuthorityKeyIdentifier(), notNullValue()); assertThat( cert.getExtensions().getAuthorityKeyIdentifier(), equalTo(cert.getExtensions().getSubjectKeyIdentifier())); assertThat(cert.isRootCA(), equalTo(true)); }
@Test public void testV1CaCert() throws Exception { CertifiedPublicKey certificate = factory.decode(v1CaCert); assertTrue( "CA should verify itself.", certificate.isSignedBy(certificate.getPublicKeyParameters())); assertThat(certificate, instanceOf(X509CertifiedPublicKey.class)); X509CertifiedPublicKey cert = (X509CertifiedPublicKey) certificate; assertThat(cert.getVersionNumber(), equalTo(1)); assertThat(cert.isRootCA(), equalTo(true)); }