update bouncycastle from deprecated bcprov-jdk16 to bcprov-jdk18on

uwemaurer · uwemaurer · commit 73a9f94a1f92 · 2025-11-18T16:53:54.000+01:00
add a basic test for the CertificateManager
diff --git a/pom.xml b/pom.xml
@@ -25,8 +25,8 @@
         </dependency>
         <dependency>
             <groupId>org.bouncycastle</groupId>
-            <artifactId>bcprov-jdk16</artifactId>
-            <version>1.46</version>
+            <artifactId>bcprov-jdk18on</artifactId>
+            <version>1.82</version>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
diff --git a/src/main/java/org/kopi/ebics/certificate/CertificateManager.java b/src/main/java/org/kopi/ebics/certificate/CertificateManager.java
@@ -55,15 +55,13 @@ public CertificateManager(EbicsUser user) {
    * @throws IOException
    */
   public void create() throws GeneralSecurityException, IOException {
-    Calendar		calendar;
+      Calendar calendar = Calendar.getInstance();
+      calendar.add(Calendar.DAY_OF_YEAR, X509Constants.DEFAULT_DURATION);
 
-    calendar = Calendar.getInstance();
-    calendar.add(Calendar.DAY_OF_YEAR, X509Constants.DEFAULT_DURATION);
-
-    createA005Certificate(new Date(calendar.getTimeInMillis()));
-    createX002Certificate(new Date(calendar.getTimeInMillis()));
-    createE002Certificate(new Date(calendar.getTimeInMillis()));
-    setUserCertificates();
+      createA005Certificate(new Date(calendar.getTimeInMillis()));
+      createX002Certificate(new Date(calendar.getTimeInMillis()));
+      createE002Certificate(new Date(calendar.getTimeInMillis()));
+      setUserCertificates();
   }
 
   /**
@@ -86,19 +84,18 @@ private void setUserCertificates() {
    * @throws IOException
    */
   public void createA005Certificate(Date end) throws GeneralSecurityException, IOException {
-    KeyPair			keypair;
+      KeyPair keypair = KeyUtil.makeKeyPair(X509Constants.EBICS_KEY_SIZE);
+      a005Certificate = generator.generateA005Certificate(keypair, user.getDN(), new Date(), end);
+      a005PrivateKey = keypair.getPrivate();
+  }
 
-    keypair = KeyUtil.makeKeyPair(X509Constants.EBICS_KEY_SIZE);
-    a005Certificate = generator.generateA005Certificate(keypair,
-	                                                user.getDN(),
-	                                                new Date(),
-	                                                end);
-    a005PrivateKey = keypair.getPrivate();
+  X509Certificate getA005Certificate() {
+      return a005Certificate;
   }
 
   /**
    * Creates the authentication certificate.
-   * @param end the expiration date of a the certificate.
+   * @param end the expiration date of a certificate.
    * @throws GeneralSecurityException
    * @throws IOException
    */
diff --git a/src/main/java/org/kopi/ebics/certificate/X509Generator.java b/src/main/java/org/kopi/ebics/certificate/X509Generator.java
@@ -35,6 +35,7 @@
 import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
 import org.bouncycastle.asn1.x509.BasicConstraints;
 import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
@@ -151,7 +152,6 @@ public X509Certificate generate(KeyPair keypair,
     X509V3CertificateGenerator		generator;
     BigInteger				serial;
     X509Certificate			certificate;
-    ASN1EncodableVector			vector;
 
     serial = BigInteger.valueOf(generateSerial());
     generator = new X509V3CertificateGenerator();
@@ -174,10 +174,10 @@ public X509Certificate generate(KeyPair keypair,
 	                                             getPublic(),
 	                                             issuer,
 	                                             serial));
-    vector = new ASN1EncodableVector();
-    vector.add(KeyPurposeId.id_kp_emailProtection);
 
-    generator.addExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(new DERSequence(vector)));
+    var purposeIds = new KeyPurposeId[] { KeyPurposeId.id_kp_emailProtection };
+
+      generator.addExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(purposeIds));
 
     switch (keyusage) {
     case X509Constants.SIGNATURE_KEY_USAGE:
@@ -208,23 +208,14 @@ public X509Certificate generate(KeyPair keypair,
    * @param issuer the certificate issuer
    * @param serial the certificate serial number
    * @return the authority key identifier of the public key
-   * @throws IOException
    */
   private AuthorityKeyIdentifier getAuthorityKeyIdentifier(PublicKey publicKey,
                                                            String issuer,
-                                                           BigInteger serial)
-    throws IOException
-  {
-    InputStream			input;
-    SubjectPublicKeyInfo	keyInfo;
-    ASN1EncodableVector 	vector;
-
-    input = new ByteArrayInputStream(publicKey.getEncoded());
-    keyInfo = new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream(input).readObject());
-    vector = new ASN1EncodableVector();
-    vector.add(new GeneralName(new X509Name(issuer)));
-
-    return new AuthorityKeyIdentifier(keyInfo, new GeneralNames(new DERSequence(vector)), serial);
+                                                           BigInteger serial) {
+      SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
+      X500Name issuerName = new X500Name(issuer);
+      GeneralNames generalNames = new GeneralNames(new GeneralName(issuerName));
+      return new AuthorityKeyIdentifier(keyInfo, generalNames, serial);
   }
 
   /**
@@ -237,27 +228,19 @@ private AuthorityKeyIdentifier getAuthorityKeyIdentifier(PublicKey publicKey,
   private SubjectKeyIdentifier getSubjectKeyIdentifier(PublicKey publicKey)
     throws IOException
   {
-    InputStream			input;
-    SubjectPublicKeyInfo	keyInfo;
-
-    input = new ByteArrayInputStream(publicKey.getEncoded());
-    keyInfo = new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream(input).readObject());
-
-    return new SubjectKeyIdentifier(keyInfo);
+      SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
+      return new SubjectKeyIdentifier(keyInfo.getEncoded());
   }
 
   /**
-   * Generates a random serial number
+   * Generates a serial number from current timestamp
    *
    * @return the serial number
    */
   private long generateSerial() {
-    Date		now;
-
-    now = new Date();
-    String sNow = sdfSerial.format(now);
-
-    return Long.valueOf(sNow).longValue();
+      Date now = new Date();
+      String sNow = sdfSerial.format(now);
+      return Long.parseLong(sNow);
   }
 
   // --------------------------------------------------------------------
diff --git a/src/test/java/org/kopi/ebics/certificate/CertificateManagerTest.java b/src/test/java/org/kopi/ebics/certificate/CertificateManagerTest.java
@@ -0,0 +1,157 @@
+package org.kopi.ebics.certificate;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.RSAPublicKey;
+import java.util.Calendar;
+import java.util.Date;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.junit.jupiter.api.Test;
+import org.kopi.ebics.client.User;
+import org.kopi.ebics.exception.EbicsException;
+import org.kopi.ebics.interfaces.EbicsPartner;
+import org.kopi.ebics.interfaces.EbicsUser;
+import org.kopi.ebics.interfaces.PasswordCallback;
+
+class CertificateManagerTest {
+    static {
+        org.apache.xml.security.Init.init();
+        java.security.Security.addProvider(new BouncyCastleProvider());
+    }
+
+    @Test
+    void createA005Certificate() throws GeneralSecurityException, IOException {
+        var user = new EbicsUser() {
+            @Override
+            public RSAPublicKey getA005PublicKey() {
+                return null;
+            }
+
+            @Override
+            public RSAPublicKey getE002PublicKey() {
+                return null;
+            }
+
+            @Override
+            public RSAPublicKey getX002PublicKey() {
+                return null;
+            }
+
+            @Override
+            public byte[] getA005Certificate() throws EbicsException {
+                return new byte[0];
+            }
+
+            @Override
+            public byte[] getX002Certificate() throws EbicsException {
+                return new byte[0];
+            }
+
+            @Override
+            public byte[] getE002Certificate() throws EbicsException {
+                return new byte[0];
+            }
+
+            @Override
+            public void setA005Certificate(X509Certificate a005certificate) {
+
+            }
+
+            @Override
+            public void setX002Certificate(X509Certificate x002certificate) {
+
+            }
+
+            @Override
+            public void setE002Certificate(X509Certificate e002certificate) {
+
+            }
+
+            @Override
+            public void setA005PrivateKey(PrivateKey a005Key) {
+
+            }
+
+            @Override
+            public void setX002PrivateKey(PrivateKey x002Key) {
+
+            }
+
+            @Override
+            public void setE002PrivateKey(PrivateKey e002Key) {
+
+            }
+
+            @Override
+            public String getSecurityMedium() {
+                return "";
+            }
+
+            @Override
+            public EbicsPartner getPartner() {
+                return null;
+            }
+
+            @Override
+            public String getUserId() {
+                return "";
+            }
+
+            @Override
+            public String getName() {
+                return "test-name";
+            }
+
+            @Override
+            public String getDN() {
+                return "CN=test-dn";
+            }
+
+            @Override
+            public PasswordCallback getPasswordCallback() {
+                return null;
+            }
+
+            @Override
+            public byte[] authenticate(byte[] digest) throws GeneralSecurityException {
+                return new byte[0];
+            }
+
+            @Override
+            public byte[] sign(byte[] digest) throws IOException, GeneralSecurityException {
+                return new byte[0];
+            }
+
+            @Override
+            public byte[] decrypt(byte[] encryptedKey, byte[] transactionKey)
+                throws GeneralSecurityException, IOException, EbicsException {
+                return new byte[0];
+            }
+
+        };
+        var manager = new CertificateManager(user);
+        Calendar calendar = Calendar.getInstance();
+        calendar.add(Calendar.DAY_OF_YEAR, X509Constants.DEFAULT_DURATION);
+
+        manager.createA005Certificate(new Date(calendar.getTimeInMillis()));
+
+        var cert = manager.getA005Certificate();
+
+        assertNotNull(cert);
+
+        System.out.println(cert);
+
+        assertEquals(3, cert.getVersion(), "Certificate version must be 3 (V3).");
+        String expectedDN = "CN=test-dn";
+        assertEquals(expectedDN, cert.getIssuerX500Principal().getName(X500Principal.RFC2253));
+        assertEquals(expectedDN, cert.getSubjectX500Principal().getName(X500Principal.RFC2253));
+        assertEquals("SHA256WITHRSA", cert.getSigAlgName());
+    }
+}
