2 * ============LICENSE_START=======================================================
3 * Copyright (C) 2021 Nokia.
4 * ================================================================================
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 * SPDX-License-Identifier: Apache-2.0
18 * ============LICENSE_END=========================================================
21 package org.onap.oom.certservice.cmpv2client.impl.protections;
23 import org.bouncycastle.asn1.DERBitString;
24 import org.bouncycastle.asn1.cmp.PKIBody;
25 import org.bouncycastle.asn1.cmp.PKIHeader;
26 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
27 import org.bouncycastle.cert.cmp.CMPException;
28 import org.bouncycastle.cert.cmp.ProtectedPKIMessage;
29 import org.bouncycastle.jce.provider.BouncyCastleProvider;
30 import org.bouncycastle.operator.ContentVerifierProvider;
31 import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
32 import org.bouncycastle.operator.OperatorCreationException;
33 import org.junit.jupiter.api.AfterAll;
34 import org.junit.jupiter.api.BeforeAll;
35 import org.junit.jupiter.api.Test;
36 import org.onap.oom.certservice.cmpv2client.exceptions.CmpClientException;
38 import java.security.GeneralSecurityException;
39 import java.security.KeyPair;
40 import java.security.Security;
42 import static org.junit.jupiter.api.Assertions.assertEquals;
43 import static org.junit.jupiter.api.Assertions.assertNotNull;
44 import static org.junit.jupiter.api.Assertions.assertTrue;
45 import static org.onap.oom.certservice.cmpv2client.impl.protections.PkiTestUtils.getProtectedPkiMessage;
46 import static org.onap.oom.certservice.cmpv2client.impl.protections.PkiTestUtils.getTestPkiBody;
47 import static org.onap.oom.certservice.cmpv2client.impl.protections.PkiTestUtils.getTestPkiHeader;
49 class SignatureProtectionTest {
51 private static final String SHA256_RSA_OID = "1.2.840.113549.1.1.11";
52 private static final AlgorithmIdentifier SHA256_RSA_ALGORITHM = new DefaultSignatureAlgorithmIdentifierFinder()
53 .find("SHA256withRSA");
54 private static final String BC_PROVIDER = "BC";
58 Security.addProvider(new BouncyCastleProvider());
63 Security.removeProvider(BC_PROVIDER);
67 void shouldReturnExpectedAlgorithmWhenGetAlgorithmMethodCalled() {
69 SignatureProtection signatureProtection = new SignatureProtection(null);
71 AlgorithmIdentifier algorithmIdentifier = signatureProtection.getAlgorithmIdentifier();
73 assertNotNull(algorithmIdentifier);
74 assertNotNull(algorithmIdentifier.getAlgorithm());
75 assertEquals(SHA256_RSA_OID, algorithmIdentifier.getAlgorithm().toString());
79 void shouldReturnProtectionByPkWhenGenerateProtectionMethodCalled()
80 throws GeneralSecurityException, CmpClientException, OperatorCreationException, CMPException {
82 KeyPair keyPair = PkiTestUtils.getKeyPair();
83 SignatureProtection signatureProtection = new SignatureProtection(keyPair.getPrivate());
84 PKIHeader pkiHeader = getTestPkiHeader(SHA256_RSA_ALGORITHM);
85 PKIBody pkiBody = getTestPkiBody(SHA256_RSA_ALGORITHM);
87 DERBitString protection = signatureProtection.generatePkiMessageProtection(pkiHeader, pkiBody);
89 ProtectedPKIMessage protectedPkiMessage = getProtectedPkiMessage(pkiHeader, pkiBody, protection);
90 ContentVerifierProvider verifierProvider = PkiTestUtils.getContentVerifierProvider(keyPair.getPublic());
91 assertTrue(protectedPkiMessage.verify(verifierProvider));