package application; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import gui.CertificateTab; import helpers.CertificateHelper; import java.io.IOException; import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.Security; import java.security.SignatureException; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.CertificateParsingException; import java.security.spec.InvalidKeySpecException; import java.text.ParseException; import java.util.Date; import model.BurpCertificate; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.operator.OperatorCreationException; import org.junit.Before; import org.junit.Rule; import org.junit.Test; import org.junit.rules.TemporaryFolder; public class CreateCertificateTest { CertificateTabController certificateController; BurpCertificate certificate; @Rule public TemporaryFolder tempFolder = new TemporaryFolder(); /* * Create new Certificate */ @Before public void setup() throws CertificateException, IOException, ParseException, InvalidKeySpecException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IllegalStateException, SignatureException { Security.addProvider(new BouncyCastleProvider()); String outputFileCertificate = tempFolder.newFile("certificate.pem").toString(); String outputFilePrivateKey = tempFolder.newFile("privatekey.pem").toString(); certificateController = new CertificateTabController(new CertificateTab()); String subject = "O=SAML2 Burp Plugin Test, CN=saml.lan"; BurpCertificateBuilder burpCertificateBuilder = new FakeBurpCertificateBuilder(subject); burpCertificateBuilder.setVersion(3); burpCertificateBuilder.setSerial("11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF"); burpCertificateBuilder.setNotAfter("May 23 23:23:23 2023 GMT"); burpCertificateBuilder.setNotBefore("May 23 23:23:23 2005 GMT"); burpCertificateBuilder.setKeySize(2048); burpCertificateBuilder.setSignatureAlgorithm("SHA256withRSA"); burpCertificateBuilder.setIssuer(subject); // Self-signed burpCertificateBuilder.setHasBasicConstraints(true); burpCertificateBuilder.setPathLimit(23); burpCertificateBuilder.addKeyUsage("Key Encipherment"); burpCertificateBuilder.addKeyUsage("Digital Signature"); burpCertificateBuilder.addExtendedKeyUsage("Server Authentication"); burpCertificateBuilder.addExtendedKeyUsage("Client Authentication"); burpCertificateBuilder.addSubjectAlternativeName("DNS", "foobar.hsr.ch"); burpCertificateBuilder.addSubjectAlternativeName("E-Mail", "[email protected]"); burpCertificateBuilder.addSubjectAlternativeName("[email protected] (E-Mail)"); // Other Format burpCertificateBuilder.addIssuerAlternativeName("DNS", "issuer.example.net"); burpCertificateBuilder.addIssuerAlternativeName("E-Mail", "[email protected]"); burpCertificateBuilder.addIssuerAlternativeName("[email protected] (E-Mail)"); // Other Format burpCertificateBuilder.setAuthorityKeyIdentifier("01:02:03:04:05:06:07:08:09:0A:0B:0C:0D:0E:0F:10:11:12:13:14"); burpCertificateBuilder.setSubjectKeyIdentifier(true); certificate = burpCertificateBuilder.generateSelfSignedCertificate(); certificateController = new CertificateTabController(new CertificateTab()); certificateController.exportCertificate(certificate, outputFileCertificate); certificateController.exportPrivateKey(certificate, outputFilePrivateKey); assertEquals(subject, certificate.getIssuer()); } /* * X.509 Fields */ @Test public void versionNumberIsCorrect() throws IOException, ParseException, CertificateException { assertEquals(3, certificate.getVersionNumber()); } @Test public void serialNumberIsCorrect() throws IOException, ParseException, CertificateException { BigInteger serial = CertificateHelper.hexStringToBigInteger("11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF"); assertEquals(serial, certificate.getSerialNumberBigInteger()); } @Test public void SerialNumberHexIsCorrect() throws IOException, ParseException, CertificateException { String serialHex = "11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF".toLowerCase(); assertEquals(serialHex, certificate.getSerialNumber()); } @Test public void issuerIsCorrect() throws IOException, ParseException, CertificateException { String issuer = "O=SAML2 Burp Plugin Test, CN=saml.lan"; assertEquals(issuer, certificate.getIssuer()); } @Test public void notBeforeDateIsCorrect() throws IOException, ParseException, CertificateException { Date notBefore = CertificateHelper.stringToDate("May 23 23:23:23 2005 GMT"); assertEquals(notBefore, certificate.getNotBefore()); } @Test public void notAfterDateIsCorrect() throws IOException, ParseException, CertificateException { Date notAfter = CertificateHelper.stringToDate(("May 23 23:23:23 2023 GMT")); assertEquals(notAfter, certificate.getNotAfter()); } @Test public void validOnDateIsCorrect() throws IOException, ParseException, CertificateException { Date testDate = CertificateHelper.stringToDate("May 23 23:23:05 2015 GMT"); assertTrue(certificate.isValidOn(testDate)); } @Test public void subjectIsCorrect() throws IOException, ParseException, CertificateException { String subject = "O=SAML2 Burp Plugin Test, CN=saml.lan"; assertEquals(subject, certificate.getSubject()); } @Test public void publicKeyAlgorithmIsCorrect() throws IOException, ParseException, CertificateException { assertEquals("RSA", certificate.getPublicKeyAlgorithm()); } @Test public void keySizeIsCorrect() throws IOException, ParseException, CertificateException { assertEquals(512, certificate.getKeySize()); } @Test public void modulusIsCorrect() { String modulus = "b4:a7:e4:61:70:57:4f:16:a9:70:82:b2:2b:e5:8b:6a:2a:62:97:98:41:9b:e1:28:72:a4:bd:ba:62:6c:fa:e9:90:0f:76:ab:fb:12:13:9d:ce:5d:e5:65:64:fa:b2:b6:54:31:65:a0:40:c6:06:88:74:20:e3:3d:91:ed:7e:d7"; assertEquals(modulus, certificate.getPublicKeyModulus()); } @Test public void exponentIsCorrect() { String exponent = "11"; assertEquals(exponent, certificate.getPublicKeyExponent()); } @Test public void signatureAlgorithmIsCorrect() throws IOException, ParseException, CertificateException { assertEquals("SHA256WITHRSA", certificate.getSignatureAlgorithm()); } /* * Signature */ @Test public void signatureValueIsCorrect() throws IOException, ParseException, CertificateException { String signatureValue = "36:C0:19:45:50:F8:9D:DC:0A:6C:9A:BC:7A:26:C7:5B:ED:D0:41:10:18:FE:FE:6F:12:22:C9:2E:1F:5A:D1:58:51:0B:5E:CB:59:AE:9C:ED:A3:93:67:90:82:FE:14:0D:E4:8B:E1:AF:DE:FE:31:1E:B4:F8:BD:48:F6:F4:EA:CC"; assertEquals(signatureValue, certificate.getSignature()); } /* * X.509 Extensions */ @Test public void hasExtensionsIsCorrect() throws IOException, ParseException, CertificateException { assertTrue(certificate.hasExtensions()); } @Test public void extensionsCountIsCorrect() throws IOException, ParseException, CertificateException { assertEquals(7, certificate.getExtensionsCount()); } @Test public void subjectAlternativeNamesAreCorrect() throws IOException, ParseException, CertificateException { String subjectAlternativeNames = "[foobar.hsr.ch (DNS), [email protected] (E-Mail), [email protected] (E-Mail)]"; assertEquals(subjectAlternativeNames, certificate.getSubjectAlternativeNames().toString()); } @Test public void keyUsageIsCorrect() throws IOException, ParseException, CertificateException { assertEquals("[Digital Signature, Key Encipherment]", certificate.getKeyUsage().toString()); } @Test public void extendedKeyUsagesAreCorrect() throws IOException, ParseException, CertificateException { assertEquals("[Server Authentication, Client Authentication]", certificate.getExtendedKeyUsage().toString()); } @Test public void issuerAlternativeNameIsCorrect() throws CertificateParsingException { assertEquals("[issuer.example.net (DNS), [email protected] (E-Mail), [email protected] (E-Mail)]", certificate.getIssuerAlternativeNames().toString()); } @Test public void AuthorityKeyIdentifierIsCorrect() throws IOException, CertificateEncodingException, NoSuchAlgorithmException { String authorityKeyIdentifier = "01:02:03:04:05:06:07:08:09:0A:0B:0C:0D:0E:0F:10:11:12:13:14"; assertEquals(authorityKeyIdentifier, certificate.getAuthorityKeyIdentifier()); } @Test public void subjectKeyIdentifierIsCorrect() throws IOException { String subjectKeyIdentifier = "D0:6C:EC:6D:35:83:BC:55:12:1B:0C:CB:3E:FE:D7:26:A6:16:64:68"; assertEquals(subjectKeyIdentifier, certificate.getSubjectKeyIdentifier()); } @Test public void basicConstraintsIsCorrect() { assertEquals("CA: True. Path limit: 23.", certificate.getBasicConstraints()); } /* * Other Tests */ @Test public void createSelfSignedCertificateShort() throws InvalidKeySpecException, NoSuchAlgorithmException, NoSuchProviderException, OperatorCreationException, IOException, CertificateEncodingException, InvalidKeyException, IllegalStateException, SignatureException { String subject = "C=CH, ST=St. Gallen, L=Rapperswil, O=Hochschule Rapperswil, OU=IT-Systems, CN=www.hsr.ch"; BurpCertificateBuilder burpCertificateBuilder = new FakeBurpCertificateBuilder(subject); BurpCertificate certificate = burpCertificateBuilder.generateSelfSignedCertificate(); assertEquals(subject, certificate.getIssuer()); } }