mirror of https://github.com/shred/acme4j
Fix detection of NIST P521. Add unit tests for SignatureUtils.
parent
99edd1032c
commit
749abc8f99
|
@ -51,7 +51,7 @@ public final class SignatureUtils {
|
|||
case "P-384":
|
||||
return AlgorithmIdentifiers.ECDSA_USING_P384_CURVE_AND_SHA384;
|
||||
|
||||
case "P-512":
|
||||
case "P-521":
|
||||
return AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512;
|
||||
|
||||
default:
|
||||
|
|
|
@ -0,0 +1,83 @@
|
|||
/*
|
||||
* acme4j - Java ACME client
|
||||
*
|
||||
* Copyright (C) 2016 Richard "Shred" Körber
|
||||
* http://acme4j.shredzone.org
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*/
|
||||
package org.shredzone.acme4j.util;
|
||||
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.junit.Assert.assertThat;
|
||||
|
||||
import java.security.KeyPair;
|
||||
|
||||
import org.jose4j.jwk.PublicJsonWebKey;
|
||||
import org.junit.Test;
|
||||
|
||||
/**
|
||||
* Unit tests for {@link SignatureUtils}.
|
||||
*
|
||||
* @author Richard "Shred" Körber
|
||||
*/
|
||||
public class SignatureUtilsTest {
|
||||
|
||||
/**
|
||||
* Test if RSA using SHA-256 keys are properly detected.
|
||||
*/
|
||||
@Test
|
||||
public void testRsaKey() throws Exception {
|
||||
KeyPair rsaKeyPair = TestUtils.createKeyPair();
|
||||
final PublicJsonWebKey jwk = PublicJsonWebKey.Factory.newPublicJwk(rsaKeyPair.getPublic());
|
||||
|
||||
String type = SignatureUtils.keyAlgorithm(jwk);
|
||||
|
||||
assertThat(type, is("RS256"));
|
||||
}
|
||||
|
||||
/**
|
||||
* Test if ECDSA using NIST P-256 curve and SHA-256 keys are properly detected.
|
||||
*/
|
||||
@Test
|
||||
public void testP256ECKey() throws Exception {
|
||||
KeyPair ecKeyPair = TestUtils.createECKeyPair("secp256r1");
|
||||
final PublicJsonWebKey jwk = PublicJsonWebKey.Factory.newPublicJwk(ecKeyPair.getPublic());
|
||||
|
||||
String type = SignatureUtils.keyAlgorithm(jwk);
|
||||
|
||||
assertThat(type, is("ES256"));
|
||||
}
|
||||
|
||||
/**
|
||||
* Test if ECDSA using NIST P-384 curve and SHA-384 keys are properly detected.
|
||||
*/
|
||||
@Test
|
||||
public void testP384ECKey() throws Exception {
|
||||
KeyPair ecKeyPair = TestUtils.createECKeyPair("secp384r1");
|
||||
final PublicJsonWebKey jwk = PublicJsonWebKey.Factory.newPublicJwk(ecKeyPair.getPublic());
|
||||
|
||||
String type = SignatureUtils.keyAlgorithm(jwk);
|
||||
|
||||
assertThat(type, is("ES384"));
|
||||
}
|
||||
|
||||
/**
|
||||
* Test if ECDSA using NIST P-521 curve and SHA-512 keys are properly detected.
|
||||
*/
|
||||
@Test
|
||||
public void testP521ECKey() throws Exception {
|
||||
KeyPair ecKeyPair = TestUtils.createECKeyPair("secp521r1");
|
||||
final PublicJsonWebKey jwk = PublicJsonWebKey.Factory.newPublicJwk(ecKeyPair.getPublic());
|
||||
|
||||
String type = SignatureUtils.keyAlgorithm(jwk);
|
||||
|
||||
assertThat(type, is("ES512"));
|
||||
}
|
||||
|
||||
}
|
|
@ -17,6 +17,7 @@ import java.io.ByteArrayOutputStream;
|
|||
import java.io.FileOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.KeyFactory;
|
||||
import java.security.KeyPair;
|
||||
import java.security.KeyPairGenerator;
|
||||
|
@ -24,9 +25,11 @@ import java.security.MessageDigest;
|
|||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.PublicKey;
|
||||
import java.security.SecureRandom;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.CertificateFactory;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.security.spec.ECGenParameterSpec;
|
||||
import java.security.spec.InvalidKeySpecException;
|
||||
import java.security.spec.PKCS8EncodedKeySpec;
|
||||
import java.security.spec.X509EncodedKeySpec;
|
||||
|
@ -161,6 +164,24 @@ public final class TestUtils {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a random ECC key pair with the given curve name.
|
||||
*
|
||||
* @param name
|
||||
* Curve name
|
||||
* @return {@link KeyPair} for testing
|
||||
*/
|
||||
public static KeyPair createECKeyPair(String name) throws IOException {
|
||||
try {
|
||||
ECGenParameterSpec ecSpec = new ECGenParameterSpec(name);
|
||||
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
|
||||
keyGen.initialize(ecSpec, new SecureRandom());
|
||||
return keyGen.generateKeyPair();
|
||||
} catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException ex) {
|
||||
throw new IOException(ex);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a standard certificate for testing. This certificate is read from a test
|
||||
* resource and is guaranteed not to change between test runs.
|
||||
|
|
Loading…
Reference in New Issue