mirrors
/
poi
mirror of https://github.com/apache/poi.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 100 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3452 Commits
26 Branches
Tree: bef0cdf35c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'bef0cdf35c'
${ noResults }
poi/src/ooxml/testcases/org/apache/poi/ooxml/signature/service/signer/PkiTestUtils.java

PkiTestUtils.java 9.8KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212 
  1. /* ====================================================================

  2.    Licensed to the Apache Software Foundation (ASF) under one or more

  3.    contributor license agreements.  See the NOTICE file distributed with

  4.    this work for additional information regarding copyright ownership.

  5.    The ASF licenses this file to You under the Apache License, Version 2.0

  6.    (the "License"); you may not use this file except in compliance with

  7.    the License.  You may obtain a copy of the License at

  8. 

  9.        http://www.apache.org/licenses/LICENSE-2.0

  10. 

  11.    Unless required by applicable law or agreed to in writing, software

  12.    distributed under the License is distributed on an "AS IS" BASIS,

  13.    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  14.    See the License for the specific language governing permissions and

  15.    limitations under the License.

  16. ==================================================================== */

  17. 

  18. /*

  19.  * Based on the eID Applet Project code.

  20.  * Original Copyright (C) 2008-2009 FedICT.

  21.  */

  22. 

  23. package org.apache.poi.ooxml.signature.service.signer;

  24. 

  25. import java.io.ByteArrayInputStream;

  26. import java.io.IOException;

  27. import java.io.InputStream;

  28. import java.io.StringWriter;

  29. import java.math.BigInteger;

  30. import java.security.InvalidKeyException;

  31. import java.security.KeyPair;

  32. import java.security.KeyPairGenerator;

  33. import java.security.NoSuchAlgorithmException;

  34. import java.security.PrivateKey;

  35. import java.security.PublicKey;

  36. import java.security.SecureRandom;

  37. import java.security.SignatureException;

  38. import java.security.cert.CertificateException;

  39. import java.security.cert.CertificateFactory;

  40. import java.security.cert.X509Certificate;

  41. import java.security.spec.RSAKeyGenParameterSpec;

  42. import java.util.Calendar;

  43. import java.util.Date;

  44. 

  45. import javax.xml.parsers.DocumentBuilder;

  46. import javax.xml.parsers.DocumentBuilderFactory;

  47. import javax.xml.parsers.ParserConfigurationException;

  48. import javax.xml.transform.OutputKeys;

  49. import javax.xml.transform.Result;

  50. import javax.xml.transform.Source;

  51. import javax.xml.transform.Transformer;

  52. import javax.xml.transform.TransformerException;

  53. import javax.xml.transform.TransformerFactory;

  54. import javax.xml.transform.dom.DOMSource;

  55. import javax.xml.transform.stream.StreamResult;

  56. 

  57. import org.apache.poi.util.HexRead;

  58. import org.bouncycastle.asn1.ASN1InputStream;

  59. import org.bouncycastle.asn1.ASN1Sequence;

  60. import org.bouncycastle.asn1.DERIA5String;

  61. import org.bouncycastle.asn1.DERSequence;

  62. import org.bouncycastle.asn1.x509.AuthorityInformationAccess;

  63. import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;

  64. import org.bouncycastle.asn1.x509.BasicConstraints;

  65. import org.bouncycastle.asn1.x509.DistributionPoint;

  66. import org.bouncycastle.asn1.x509.DistributionPointName;

  67. import org.bouncycastle.asn1.x509.GeneralName;

  68. import org.bouncycastle.asn1.x509.GeneralNames;

  69. import org.bouncycastle.asn1.x509.KeyUsage;

  70. import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;

  71. import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;

  72. import org.bouncycastle.asn1.x509.X509Extensions;

  73. import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;

  74. import org.bouncycastle.jce.X509Principal;

  75. import org.bouncycastle.x509.X509V3CertificateGenerator;

  76. import org.w3c.dom.Document;

  77. import org.w3c.dom.Node;

  78. import org.xml.sax.InputSource;

  79. import org.xml.sax.SAXException;

  80. 

  81. final class PkiTestUtils {

  82. 

  83.     public static final byte[] SHA1_DIGEST_INFO_PREFIX =

  84.         HexRead.readFromString( "30 1f 30 07 06 05 2b 0e 03 02 1a 04 14");

  85. 

  86.     private PkiTestUtils() {

  87.         // no instances of this class

  88.     }

  89. 

  90.     static KeyPair generateKeyPair() throws Exception {

  91.         KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");

  92.         SecureRandom random = new SecureRandom();

  93.         keyPairGenerator.initialize(new RSAKeyGenParameterSpec(1024, RSAKeyGenParameterSpec.F4), random);

  94.         KeyPair keyPair = keyPairGenerator.generateKeyPair();

  95.         return keyPair;

  96.     }

  97. 

  98.     private static SubjectKeyIdentifier createSubjectKeyId(PublicKey publicKey) throws IOException {

  99.         ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded());

  100.         SubjectPublicKeyInfo info = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(bais).readObject());

  101.         return new SubjectKeyIdentifier(info);

  102.     }

  103. 

  104.     private static AuthorityKeyIdentifier createAuthorityKeyId(PublicKey publicKey) throws IOException {

  105. 

  106.         ByteArrayInputStream bais = new ByteArrayInputStream(publicKey.getEncoded());

  107.         SubjectPublicKeyInfo info = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(bais).readObject());

  108. 

  109.         return new AuthorityKeyIdentifier(info);

  110.     }

  111. 

  112.     public static X509Certificate generateCertificate(PublicKey subjectPublicKey, String subjectDn,

  113.                                     X509Certificate issuerCertificate, PrivateKey issuerPrivateKey, boolean caFlag, int pathLength, String crlUri,

  114.                                     String ocspUri, KeyUsage keyUsage) throws IOException, InvalidKeyException, IllegalStateException,

  115.                                     NoSuchAlgorithmException, SignatureException, CertificateException {

  116. 

  117.         Date notBefore = makeDate(2010, 1, 1);

  118.         Date notAfter = makeDate(2011, 1, 1);

  119. 

  120.         String signatureAlgorithm = "SHA1withRSA";

  121.         X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();

  122.         certificateGenerator.reset();

  123.         certificateGenerator.setPublicKey(subjectPublicKey);

  124.         certificateGenerator.setSignatureAlgorithm(signatureAlgorithm);

  125.         certificateGenerator.setNotBefore(notBefore);

  126.         certificateGenerator.setNotAfter(notAfter);

  127.         X509Principal issuerDN;

  128.         if (null != issuerCertificate) {

  129.             issuerDN = new X509Principal(issuerCertificate.getSubjectX500Principal().toString());

  130.         } else {

  131.             issuerDN = new X509Principal(subjectDn);

  132.         }

  133.         certificateGenerator.setIssuerDN(issuerDN);

  134.         certificateGenerator.setSubjectDN(new X509Principal(subjectDn));

  135.         certificateGenerator.setSerialNumber(new BigInteger(128, new SecureRandom()));

  136. 

  137.         certificateGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false, createSubjectKeyId(subjectPublicKey));

  138.         PublicKey issuerPublicKey;

  139.         issuerPublicKey = subjectPublicKey;

  140.         certificateGenerator.addExtension(X509Extensions.AuthorityKeyIdentifier, false, createAuthorityKeyId(issuerPublicKey));

  141. 

  142.         if (caFlag) {

  143.             if (-1 == pathLength) {

  144.                 certificateGenerator.addExtension(X509Extensions.BasicConstraints, false, new BasicConstraints(true));

  145.             } else {

  146.                 certificateGenerator.addExtension(X509Extensions.BasicConstraints, false, new BasicConstraints(pathLength));

  147.             }

  148.         }

  149. 

  150.         if (null != crlUri) {

  151.             GeneralName gn = new GeneralName(GeneralName.uniformResourceIdentifier, new DERIA5String(crlUri));

  152.             GeneralNames gns = new GeneralNames(new DERSequence(gn));

  153.             DistributionPointName dpn = new DistributionPointName(0, gns);

  154.             DistributionPoint distp = new DistributionPoint(dpn, null, null);

  155.             certificateGenerator.addExtension(X509Extensions.CRLDistributionPoints, false, new DERSequence(distp));

  156.         }

  157. 

  158.         if (null != ocspUri) {

  159.             GeneralName ocspName = new GeneralName(GeneralName.uniformResourceIdentifier, ocspUri);

  160.             AuthorityInformationAccess authorityInformationAccess = new AuthorityInformationAccess(X509ObjectIdentifiers.ocspAccessMethod, ocspName);

  161.             certificateGenerator.addExtension(X509Extensions.AuthorityInfoAccess.getId(), false, authorityInformationAccess);

  162.         }

  163. 

  164.         if (null != keyUsage) {

  165.             certificateGenerator.addExtension(X509Extensions.KeyUsage, true, keyUsage);

  166.         }

  167. 

  168.         X509Certificate certificate;

  169.         certificate = certificateGenerator.generate(issuerPrivateKey);

  170. 

  171.         /*

  172.          * Next certificate factory trick is needed to make sure that the

  173.          * certificate delivered to the caller is provided by the default

  174.          * security provider instead of BouncyCastle. If we don't do this trick

  175.          * we might run into trouble when trying to use the CertPath validator.

  176.          */

  177.         CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");

  178.         certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certificate.getEncoded()));

  179.         return certificate;

  180.     }

  181. 

  182.     private static Date makeDate(int year, int month, int day) {

  183.         Calendar c = Calendar.getInstance();

  184.         c.set(year, month, day, 0, 0, 0);

  185.         c.set(Calendar.MILLISECOND, 0);

  186.         return c.getTime();

  187.     }

  188. 

  189.     static Document loadDocument(InputStream documentInputStream) throws ParserConfigurationException, SAXException, IOException {

  190.         InputSource inputSource = new InputSource(documentInputStream);

  191.         DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();

  192.         documentBuilderFactory.setNamespaceAware(true);

  193.         DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();

  194.         Document document = documentBuilder.parse(inputSource);

  195.         return document;

  196.     }

  197. 

  198.     static String toString(Node dom) throws TransformerException {

  199.         Source source = new DOMSource(dom);

  200.         StringWriter stringWriter = new StringWriter();

  201.         Result result = new StreamResult(stringWriter);

  202.         TransformerFactory transformerFactory = TransformerFactory.newInstance();

  203.         Transformer transformer = transformerFactory.newTransformer();

  204.         /*

  205.          * We have to omit the ?xml declaration if we want to embed the

  206.          * document.

  207.          */

  208.         transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");

  209.         transformer.transform(source, result);

  210.         return stringWriter.getBuffer().toString();

  211.     }

  212. }