Basic tests for PKCS#10

cmake/JSSTests.cmake

@@ -186,6 +186,11 @@ macro(jss_tests)
         COMMAND "pk12util" "-o" "${RESULTS_NSSDB_OUTPUT_DIR}/dss.pfx" "-n" "CA_DSS" "-d" "${RESULTS_NSSDB_OUTPUT_DIR}" "-K" "${DB_PWD}" "-W" "${DB_PWD}"
         DEPENDS "Generate_known_DSS_cert_pair"
     )
+    jss_test_java(
+        NAME "Netscape_Security_PKCS10"
+        COMMAND "org.mozilla.jss.tests.PKCS10Test"
+        DEPENDS "Setup_DBs"
+    )
     jss_test_java(
         NAME "List_CA_certs"
         COMMAND "org.mozilla.jss.tests.ListCACerts" "${RESULTS_NSSDB_OUTPUT_DIR}" "Verbose"
@@ -264,12 +269,12 @@ macro(jss_tests)
     jss_test_java(
         NAME "KeyStoreTest"
         COMMAND "org.mozilla.jss.tests.KeyStoreTest" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}" getAliases
-        DEPENDS "List_CA_certs" "X509CertTest" "Secret_Key_Generation" "Symmetric_Key_Deriving" "SSLClientAuth"
+        DEPENDS "List_CA_certs" "X509CertTest" "Secret_Key_Generation" "Symmetric_Key_Deriving" "SSLClientAuth" "Netscape_Security_PKCS10"
     )
     jss_test_java(
         NAME "JSSProvider"
         COMMAND "org.mozilla.jss.tests.JSSProvider" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}"
-        DEPENDS "List_CA_certs" "X509CertTest" "Secret_Key_Generation" "Symmetric_Key_Deriving" "SSLClientAuth"
+        DEPENDS "List_CA_certs" "X509CertTest" "Secret_Key_Generation" "Symmetric_Key_Deriving" "SSLClientAuth" "Netscape_Security_PKCS10"
     )
     jss_test_java(
         NAME "SSLEngine_RSA"

org/mozilla/jss/netscape/security/pkcs/PKCS10.java

@@ -157,13 +157,10 @@ public PKCS10(byte data[], boolean sigver)
         //
         // Inner sequence:  version, name, key, attributes
         //
-        @SuppressWarnings("unused")
-        BigInt serial = seq[0].data.getInteger(); // consume serial
-
-        /*
-        	if (serial.toInt () != 0)
-        	    throw new IllegalArgumentException ("not PKCS #10 v1");
-        */
+        BigInt version = seq[0].data.getInteger(); // consume version number
+        if (version.toInt() != 0) {
+            throw new IllegalArgumentException ("unknown version: not PKCS #10 v1: " + version);
+        }
 
         subject = new X500Name(seq[0].data);
         msg = "Request Subject: " + subject + ": ";

org/mozilla/jss/netscape/security/provider/RSAPublicKey.java

@@ -19,6 +19,7 @@
 
 import java.io.IOException;
 import java.io.Serializable;
+import java.math.BigInteger;
 import java.security.InvalidKeyException;
 
 import org.mozilla.jss.netscape.security.util.BigInt;
@@ -64,6 +65,14 @@ in bits (redundant!)
     public RSAPublicKey() {
     }
 
+    /*
+     * Make a RSA public key out of a public exponent and modulus
+     * in the standard classes (BigInteger).
+     */
+    public RSAPublicKey(BigInteger modulus, BigInteger exponent) throws InvalidKeyException {
+        this(new BigInt(modulus), new BigInt(exponent));
+    }
+
     /**
      * Make a RSA public key out of a public exponent and modulus
      */

org/mozilla/jss/netscape/security/x509/CertAndKeyGen.java

@@ -125,6 +125,12 @@ public void generate(int keyBits)
         if (publicKey instanceof X509Key) {
             this.publicKey = (X509Key) publicKey;
 
+        } else if (publicKey instanceof java.security.interfaces.RSAPublicKey) {
+            java.security.interfaces.RSAPublicKey rsa = (java.security.interfaces.RSAPublicKey) publicKey;
+            this.publicKey = new org.mozilla.jss.netscape.security.provider.RSAPublicKey(
+                rsa.getModulus(),
+                rsa.getPublicExponent()
+            );
         } else {
             throw new InvalidKeyException("public key " + publicKey +
                       " not an X509Key.");

org/mozilla/jss/pkcs10/CertificationRequest.java

@@ -4,9 +4,6 @@
 
 package org.mozilla.jss.pkcs10;
 
-import java.io.BufferedInputStream;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
@@ -247,77 +244,4 @@ public ASN1Value decode(Tag implicitTag, InputStream istream)
                         );
         }
     }
-
-    public static void main(String argv[]) {
-
-      try {
-
-        if(argv.length > 2 || argv.length < 1) {
-            System.out.println("Usage: CertificationRequest <dbdir> [<certfile>]");
-            System.exit(0);
-        }
-
-        CryptoManager.initialize( argv[0] );
-        CryptoManager cm = CryptoManager.getInstance();
-
-        CertificationRequest cert;
-
-        // read in a cert
-        FileInputStream fis = new FileInputStream(argv[1]);
-        try (BufferedInputStream bis = new BufferedInputStream(fis)) {
-            cert = (CertificationRequest) CertificationRequest.getTemplate().decode(bis);
-        }
-
-        CertificationRequestInfo info = cert.getInfo();
-
-        info.print(System.out);
-
-        //X509CertificationRequest hardcore = cm.findCertByNickname("Hardcore");
-        //PublicKey key = hardcore.getPublicKey();
-
-        cert.verify();
-        System.out.println("verified");
-
-        FileOutputStream fos = new FileOutputStream("certinfo.der");
-        info.encode(fos);
-        fos.close();
-
-        // make a new public key
-        CryptoToken token = cm.getInternalKeyStorageToken();
-        KeyPairGenerator kpg = token.getKeyPairGenerator(KeyPairAlgorithm.RSA);
-        kpg.initialize(512);
-        System.out.println("Generating a new key pair...");
-        KeyPair kp = kpg.genKeyPair();
-        System.out.println("Generated key pair");
-
-        // set the CertificationRequest's public key
-        info.setSubjectPublicKeyInfo(kp.getPublic());
-
-        // make new Name
-        Name name = new Name();
-        name.addCommonName("asldkj");
-        name.addCountryName("US");
-        name.addOrganizationName("Some Corp");
-        name.addOrganizationalUnitName("Some Org Unit");
-        name.addLocalityName("Silicon Valley");
-        name.addStateOrProvinceName("California");
-        info.setSubject(name);
-
-        System.out.println("About to create a new cert request...");
-        // create a new cert requestfrom this certReqinfo
-        CertificationRequest genCert = new CertificationRequest(info, kp.getPrivate(),
-                SignatureAlgorithm.RSASignatureWithMD5Digest);
-        System.out.println("Created new cert request");
-
-        genCert.verify();
-        System.out.println("Cert verifies!");
-
-        fos = new FileOutputStream("gencert.der");
-        genCert.encode(fos);
-        fos.close();
-
-      } catch( Exception e ) {
-        e.printStackTrace();
-      }
-    }
 }

org/mozilla/jss/tests/PKCS10Test.java

@@ -0,0 +1,20 @@
+package org.mozilla.jss.tests;
+
+import java.security.PublicKey;
+import java.security.KeyPair;
+import java.security.interfaces.*;
+
+import org.mozilla.jss.*;
+import org.mozilla.jss.crypto.*;
+import org.mozilla.jss.netscape.security.pkcs.*;
+import org.mozilla.jss.netscape.security.x509.*;
+
+public class PKCS10Test {
+    public static void main(String[] args) throws Exception {
+        CryptoManager cm = CryptoManager.getInstance();
+
+        CertAndKeyGen ckg = new CertAndKeyGen("RSA", "SHA256withRSA");
+        ckg.generate(4096);
+        PKCS10 csr = ckg.getCertRequest(new X500Name("CN=localhost"));
+    }
+}

org/mozilla/jss/tests/TestCertificationRequest.java

@@ -0,0 +1,33 @@
+package org.mozilla.jss.tests;
+
+import java.io.*;
+import java.security.KeyPair;
+
+import org.mozilla.jss.*;
+import org.mozilla.jss.asn1.*;
+import org.mozilla.jss.crypto.*;
+import org.mozilla.jss.pkcs10.*;
+import org.mozilla.jss.pkix.primitive.*;
+
+public class TestCertificationRequest {
+    public static void main(String[] argv) throws Exception {
+        if (argv.length > 2 || argv.length < 1) {
+            System.out.println("Usage: TestCertificationRequest <dbdir> [<certfile>]");
+            System.exit(0);
+        }
+
+        CryptoManager cm = CryptoManager.getInstance();
+
+        CertificationRequest cert;
+
+        // read in a cert
+        FileInputStream fis = new FileInputStream(argv[1]);
+        try (BufferedInputStream bis = new BufferedInputStream(fis)) {
+            cert = (CertificationRequest) CertificationRequest.getTemplate().decode(bis);
+        }
+
+        CertificationRequestInfo info = cert.getInfo();
+
+        info.print(System.out);
+    }
+}