-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCertGeneratorTest.java
More file actions
122 lines (97 loc) · 5.69 KB
/
Copy pathCertGeneratorTest.java
File metadata and controls
122 lines (97 loc) · 5.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package beldon.proxy.crt;
import org.bouncycastle.asn1.x509.Certificate;
import org.junit.Assert;
import org.junit.Test;
import sun.misc.BASE64Encoder;
import sun.security.provider.X509Factory;
import java.io.*;
import java.security.KeyPair;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
public class CertGeneratorTest {
private static final String DN_ZHANGSAN = "CN=www.baidu.com,OU=Beldon,O=Beldon,L=ShenZhen,ST=GuangDong,C=CN";
private static final String DN_CA = "CN=BeldonLearn,OU=Beldon,O=Beldon,L=GuangZou,ST=GuangDong,C=CN";
private CertGenerator certGenerator = new DefaultCertGenerator();
private static final String ROOT_PATH = "src/main/resources";
private static final String CA_FILE_NAME = "ca.crt";
private static final String CA_PRIVATE_FILE_NAME = "ca_private.der";
@Test
public void verifyRootCert() throws Exception {
KeyPair keyPair = certGenerator.generateKeyPair();
Certificate ca = certGenerator.generateCA(keyPair.getPrivate(), keyPair.getPublic(), "SHA1withRSA", DN_CA, 100 * 24 * 60 * 60 * 1000L);
byte[] encoded = ca.getEncoded();
ByteArrayInputStream inStream = new ByteArrayInputStream(encoded);
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(inStream);
Signature signature = Signature.getInstance(certificate.getSigAlgName());
signature.initVerify(certificate);
signature.update(certificate.getTBSCertificate());
Assert.assertTrue(signature.verify(certificate.getSignature()));
}
@Test
public void verifyCert() throws Exception {
KeyPair rootKeyPair = certGenerator.generateKeyPair();
Certificate ca = certGenerator.generateCA(rootKeyPair.getPrivate(), rootKeyPair.getPublic(), "SHA256withRSA", DN_CA, 100 * 24 * 60 * 60 * 1000L);
byte[] encoded = ca.getEncoded();
ByteArrayInputStream inStream = new ByteArrayInputStream(encoded);
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
X509Certificate rootCert = (X509Certificate) certificateFactory.generateCertificate(inStream);
KeyPair clientKeyPair = certGenerator.generateKeyPair();
Date notAfter = new Date(System.currentTimeMillis() + 100 * 24 * 60 * 60 * 1000L);
Date notBefore = new Date();
X509Certificate clientCert = certGenerator.generateCert(rootKeyPair.getPrivate(), clientKeyPair.getPublic(),
"SHA1withRSA", DN_CA, DN_ZHANGSAN, notBefore, notAfter);
Signature signature = Signature.getInstance(clientCert.getSigAlgName());
signature.initVerify(rootCert.getPublicKey());
signature.update(clientCert.getTBSCertificate());
Assert.assertTrue(signature.verify(clientCert.getSignature()));
}
@Test
public void verifyCert2() throws Exception {
KeyPair rootKeyPair = certGenerator.generateKeyPair();
Certificate ca = certGenerator.generateCA(rootKeyPair.getPrivate(), rootKeyPair.getPublic(), "SHA256withRSA", DN_CA, 100 * 24 * 60 * 60 * 1000L);
byte[] encoded = ca.getEncoded();
ByteArrayInputStream inStream = new ByteArrayInputStream(encoded);
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
X509Certificate rootCert = (X509Certificate) certificateFactory.generateCertificate(inStream);
KeyPair clientKeyPair = certGenerator.generateKeyPair();
Date notAfter = new Date(System.currentTimeMillis() + 100 * 24 * 60 * 60 * 1000L);
Date notBefore = new Date();
String host = "www.baidu.com";
String subject = "C=CN, ST=GD, L=SZ, O=lee, OU=study, CN=" + host;
X509Certificate clientCert = certGenerator.generateCert(rootKeyPair.getPrivate(), rootKeyPair.getPublic(), "SHA256WithRSAEncryption", DN_CA, subject, notBefore, notAfter, host);
Signature signature2 = Signature.getInstance(clientCert.getSigAlgName());
signature2.initVerify(rootCert.getPublicKey());
signature2.update(clientCert.getTBSCertificate());
Assert.assertTrue(signature2.verify(clientCert.getSignature()));
}
// @Test
public void printCA() throws Exception {
KeyPair keyPair = certGenerator.generateKeyPair();
Certificate ca = certGenerator.generateCA(keyPair.getPrivate(), keyPair.getPublic(), "SHA1withRSA", DN_CA, 100 * 24 * 60 * 60 * 1000L);
byte[] encoded = ca.getEncoded();
BASE64Encoder encoder = new BASE64Encoder();
System.out.println(X509Factory.BEGIN_CERT);
encoder.encodeBuffer(encoded, System.out);
System.out.println(X509Factory.END_CERT);
}
@Test
public void writeCA() throws Exception {
File root = new File(ROOT_PATH);
File caFile = new File(root, CA_FILE_NAME);
File caPriFile = new File(root, CA_PRIVATE_FILE_NAME);
KeyPair keyPair = certGenerator.generateKeyPair();
Certificate ca = certGenerator.generateCA(keyPair.getPrivate(), keyPair.getPublic(), "SHA256withRSA", DN_CA, 100 * 24 * 60 * 60 * 1000L);
byte[] encoded = ca.getEncoded();
new FileOutputStream(caFile).write(encoded);
new FileOutputStream(caPriFile).write(keyPair.getPrivate().getEncoded());
// BASE64Encoder encoder = new BASE64Encoder();
// BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(caFile));
// bos.write(X509Factory.BEGIN_CERT.getBytes());
// bos.write("\n".getBytes());
// encoder.encodeBuffer(encoded, bos);
// bos.write(X509Factory.END_CERT.getBytes());
}
}