diff --git a/acme4j-client/src/main/java/org/shredzone/acme4j/util/SignatureUtils.java b/acme4j-client/src/main/java/org/shredzone/acme4j/util/SignatureUtils.java index c32b8d8b..3d8630d9 100644 --- a/acme4j-client/src/main/java/org/shredzone/acme4j/util/SignatureUtils.java +++ b/acme4j-client/src/main/java/org/shredzone/acme4j/util/SignatureUtils.java @@ -51,7 +51,7 @@ public final class SignatureUtils { case "P-384": return AlgorithmIdentifiers.ECDSA_USING_P384_CURVE_AND_SHA384; - case "P-512": + case "P-521": return AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512; default: diff --git a/acme4j-client/src/test/java/org/shredzone/acme4j/util/SignatureUtilsTest.java b/acme4j-client/src/test/java/org/shredzone/acme4j/util/SignatureUtilsTest.java new file mode 100644 index 00000000..006417c4 --- /dev/null +++ b/acme4j-client/src/test/java/org/shredzone/acme4j/util/SignatureUtilsTest.java @@ -0,0 +1,83 @@ +/* + * acme4j - Java ACME client + * + * Copyright (C) 2016 Richard "Shred" Körber + * http://acme4j.shredzone.org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + */ +package org.shredzone.acme4j.util; + +import static org.hamcrest.Matchers.is; +import static org.junit.Assert.assertThat; + +import java.security.KeyPair; + +import org.jose4j.jwk.PublicJsonWebKey; +import org.junit.Test; + +/** + * Unit tests for {@link SignatureUtils}. + * + * @author Richard "Shred" Körber + */ +public class SignatureUtilsTest { + + /** + * Test if RSA using SHA-256 keys are properly detected. + */ + @Test + public void testRsaKey() throws Exception { + KeyPair rsaKeyPair = TestUtils.createKeyPair(); + final PublicJsonWebKey jwk = PublicJsonWebKey.Factory.newPublicJwk(rsaKeyPair.getPublic()); + + String type = SignatureUtils.keyAlgorithm(jwk); + + assertThat(type, is("RS256")); + } + + /** + * Test if ECDSA using NIST P-256 curve and SHA-256 keys are properly detected. + */ + @Test + public void testP256ECKey() throws Exception { + KeyPair ecKeyPair = TestUtils.createECKeyPair("secp256r1"); + final PublicJsonWebKey jwk = PublicJsonWebKey.Factory.newPublicJwk(ecKeyPair.getPublic()); + + String type = SignatureUtils.keyAlgorithm(jwk); + + assertThat(type, is("ES256")); + } + + /** + * Test if ECDSA using NIST P-384 curve and SHA-384 keys are properly detected. + */ + @Test + public void testP384ECKey() throws Exception { + KeyPair ecKeyPair = TestUtils.createECKeyPair("secp384r1"); + final PublicJsonWebKey jwk = PublicJsonWebKey.Factory.newPublicJwk(ecKeyPair.getPublic()); + + String type = SignatureUtils.keyAlgorithm(jwk); + + assertThat(type, is("ES384")); + } + + /** + * Test if ECDSA using NIST P-521 curve and SHA-512 keys are properly detected. + */ + @Test + public void testP521ECKey() throws Exception { + KeyPair ecKeyPair = TestUtils.createECKeyPair("secp521r1"); + final PublicJsonWebKey jwk = PublicJsonWebKey.Factory.newPublicJwk(ecKeyPair.getPublic()); + + String type = SignatureUtils.keyAlgorithm(jwk); + + assertThat(type, is("ES512")); + } + +} diff --git a/acme4j-client/src/test/java/org/shredzone/acme4j/util/TestUtils.java b/acme4j-client/src/test/java/org/shredzone/acme4j/util/TestUtils.java index 0070c226..b4fef27b 100644 --- a/acme4j-client/src/test/java/org/shredzone/acme4j/util/TestUtils.java +++ b/acme4j-client/src/test/java/org/shredzone/acme4j/util/TestUtils.java @@ -17,6 +17,7 @@ import java.io.ByteArrayOutputStream; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; +import java.security.InvalidAlgorithmParameterException; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; @@ -24,9 +25,11 @@ import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.PublicKey; +import java.security.SecureRandom; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; +import java.security.spec.ECGenParameterSpec; import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; @@ -161,6 +164,24 @@ public final class TestUtils { } } + /** + * Creates a random ECC key pair with the given curve name. + * + * @param name + * Curve name + * @return {@link KeyPair} for testing + */ + public static KeyPair createECKeyPair(String name) throws IOException { + try { + ECGenParameterSpec ecSpec = new ECGenParameterSpec(name); + KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC"); + keyGen.initialize(ecSpec, new SecureRandom()); + return keyGen.generateKeyPair(); + } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException ex) { + throw new IOException(ex); + } + } + /** * Creates a standard certificate for testing. This certificate is read from a test * resource and is guaranteed not to change between test runs.