1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.ws.security.components.crypto;
21  
22  import java.io.InputStream;
23  import java.security.KeyStore;
24  import java.security.cert.X509Certificate;
25  
26  import org.apache.ws.security.WSSConfig;
27  import org.apache.ws.security.util.Base64;
28  import org.apache.ws.security.util.Loader;
29  
30  /**
31   * This is a test for WSS-300 - "SubjectKeyIdentifier (SKI) incorrectly calculated for 2048-bit RSA key".
32   * The SKI value WSS4J generates for various key sizes is tested against the output from openssl, e.g.:
33   * 
34   * openssl x509 -inform der -ocspid -in wss40_server.crt | grep 'Public key OCSP hash' 
35   * | perl -ne 'split; print pack("H*",$_[4])' | base64
36   */
37  public class SKITest extends org.junit.Assert {
38      
39      public SKITest() {
40          WSSConfig.init();
41      }
42      
43      @org.junit.Test
44      public void testRSA1024() throws Exception {
45          // Load the keystore
46          Crypto crypto = new Merlin();
47          KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
48          ClassLoader loader = Loader.getClassLoader(CryptoTest.class);
49          InputStream input = Merlin.loadInputStream(loader, "keys/wss40_server.jks");
50          keyStore.load(input, "security".toCharArray());
51          ((Merlin)crypto).setKeyStore(keyStore);
52          
53          CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
54          cryptoType.setAlias("wss40_server");
55          X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
56          assertTrue(certs != null && certs.length > 0);
57          
58          byte[] skiBytes = crypto.getSKIBytesFromCert(certs[0]);
59          String knownBase64Encoding = "TFM0+4PSEUvWgzeLu28btvYR4BQ=";
60          assertTrue(knownBase64Encoding.equals(Base64.encode(skiBytes)));
61      }
62      
63      @org.junit.Test
64      public void testRSA2048() throws Exception {
65          // Load the keystore
66          Crypto crypto = new Merlin();
67          KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
68          ClassLoader loader = Loader.getClassLoader(CryptoTest.class);
69          InputStream input = Merlin.loadInputStream(loader, "keys/rsa2048.jks");
70          keyStore.load(input, "password".toCharArray());
71          ((Merlin)crypto).setKeyStore(keyStore);
72          
73          CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
74          cryptoType.setAlias("test");
75          X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
76          assertTrue(certs != null && certs.length > 0);
77          
78          byte[] skiBytes = crypto.getSKIBytesFromCert(certs[0]);
79          String knownBase64Encoding = "tgkZUMZ461ZSA1nZkBu6E5GDxLM=";
80          assertTrue(knownBase64Encoding.equals(Base64.encode(skiBytes)));
81      }
82  }