Fix detection of NIST P521. Add unit tests for SignatureUtils.

2016-02-02 00:08:31 +01:00 · 2016-02-02 00:08:31 +01:00 · 749abc8f99
parent 99edd1032c
commit 749abc8f99
3 changed files with 105 additions and 1 deletions
--- a/acme4j-client/src/main/java/org/shredzone/acme4j/util/SignatureUtils.java
+++ b/acme4j-client/src/main/java/org/shredzone/acme4j/util/SignatureUtils.java
@ -51,7 +51,7 @@ public final class SignatureUtils {
                case "P-384":
                    return AlgorithmIdentifiers.ECDSA_USING_P384_CURVE_AND_SHA384;

-                case "P-512":
+                case "P-521":
                    return AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512;

                default:
--- a/acme4j-client/src/test/java/org/shredzone/acme4j/util/SignatureUtilsTest.java
+++ b/acme4j-client/src/test/java/org/shredzone/acme4j/util/SignatureUtilsTest.java
@ -0,0 +1,83 @@
+/*
+ * acme4j - Java ACME client
+ *
+ * Copyright (C) 2016 Richard "Shred" Körber
+ *   http://acme4j.shredzone.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ */
+package org.shredzone.acme4j.util;
+
+import static org.hamcrest.Matchers.is;
+import static org.junit.Assert.assertThat;
+
+import java.security.KeyPair;
+
+import org.jose4j.jwk.PublicJsonWebKey;
+import org.junit.Test;
+
+/**
+ * Unit tests for {@link SignatureUtils}.
+ *
+ * @author Richard "Shred" Körber
+ */
+public class SignatureUtilsTest {
+
+    /**
+     * Test if RSA using SHA-256 keys are properly detected.
+     */
+    @Test
+    public void testRsaKey() throws Exception {
+        KeyPair rsaKeyPair = TestUtils.createKeyPair();
+        final PublicJsonWebKey jwk = PublicJsonWebKey.Factory.newPublicJwk(rsaKeyPair.getPublic());
+
+        String type = SignatureUtils.keyAlgorithm(jwk);
+
+        assertThat(type, is("RS256"));
+    }
+
+    /**
+     * Test if ECDSA using NIST P-256 curve and SHA-256 keys are properly detected.
+     */
+    @Test
+    public void testP256ECKey() throws Exception {
+        KeyPair ecKeyPair = TestUtils.createECKeyPair("secp256r1");
+        final PublicJsonWebKey jwk = PublicJsonWebKey.Factory.newPublicJwk(ecKeyPair.getPublic());
+
+        String type = SignatureUtils.keyAlgorithm(jwk);
+
+        assertThat(type, is("ES256"));
+    }
+
+    /**
+     * Test if ECDSA using NIST P-384 curve and SHA-384 keys are properly detected.
+     */
+    @Test
+    public void testP384ECKey() throws Exception {
+        KeyPair ecKeyPair = TestUtils.createECKeyPair("secp384r1");
+        final PublicJsonWebKey jwk = PublicJsonWebKey.Factory.newPublicJwk(ecKeyPair.getPublic());
+
+        String type = SignatureUtils.keyAlgorithm(jwk);
+
+        assertThat(type, is("ES384"));
+    }
+
+    /**
+     * Test if ECDSA using NIST P-521 curve and SHA-512 keys are properly detected.
+     */
+    @Test
+    public void testP521ECKey() throws Exception {
+        KeyPair ecKeyPair = TestUtils.createECKeyPair("secp521r1");
+        final PublicJsonWebKey jwk = PublicJsonWebKey.Factory.newPublicJwk(ecKeyPair.getPublic());
+
+        String type = SignatureUtils.keyAlgorithm(jwk);
+
+        assertThat(type, is("ES512"));
+    }
+
+}
--- a/acme4j-client/src/test/java/org/shredzone/acme4j/util/TestUtils.java
+++ b/acme4j-client/src/test/java/org/shredzone/acme4j/util/TestUtils.java
@ -17,6 +17,7 @@ import java.io.ByteArrayOutputStream;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.InvalidAlgorithmParameterException;
 import java.security.KeyFactory;
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
@ -24,9 +25,11 @@ import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.PublicKey;
+import java.security.SecureRandom;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
+import java.security.spec.ECGenParameterSpec;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.X509EncodedKeySpec;
@ -161,6 +164,24 @@ public final class TestUtils {
        }
    }

+    /**
+     * Creates a random ECC key pair with the given curve name.
+     *
+     * @param name
+     *            Curve name
+     * @return {@link KeyPair} for testing
+     */
+    public static KeyPair createECKeyPair(String name) throws IOException {
+        try {
+            ECGenParameterSpec ecSpec = new ECGenParameterSpec(name);
+            KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
+            keyGen.initialize(ecSpec, new SecureRandom());
+            return keyGen.generateKeyPair();
+        } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException ex) {
+            throw new IOException(ex);
+        }
+    }
+
    /**
     * Creates a standard certificate for testing. This certificate is read from a test
     * resource and is guaranteed not to change between test runs.