michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: package org.mozilla.gecko.browserid; michael@0: michael@0: import java.math.BigInteger; michael@0: import java.security.NoSuchAlgorithmException; michael@0: import java.security.spec.InvalidKeySpecException; michael@0: michael@0: /** michael@0: * Generate certificates and assertions backed by mockmyid.com's private key. michael@0: *

michael@0: * These artifacts are for testing only. michael@0: */ michael@0: public class MockMyIDTokenFactory { michael@0: public static final BigInteger MOCKMYID_x = new BigInteger("385cb3509f086e110c5e24bdd395a84b335a09ae", 16); michael@0: public static final BigInteger MOCKMYID_y = new BigInteger("738ec929b559b604a232a9b55a5295afc368063bb9c20fac4e53a74970a4db7956d48e4c7ed523405f629b4cc83062f13029c4d615bbacb8b97f5e56f0c7ac9bc1d4e23809889fa061425c984061fca1826040c399715ce7ed385c4dd0d402256912451e03452d3c961614eb458f188e3e8d2782916c43dbe2e571251ce38262", 16); michael@0: public static final BigInteger MOCKMYID_p = new BigInteger("ff600483db6abfc5b45eab78594b3533d550d9f1bf2a992a7a8daa6dc34f8045ad4e6e0c429d334eeeaaefd7e23d4810be00e4cc1492cba325ba81ff2d5a5b305a8d17eb3bf4a06a349d392e00d329744a5179380344e82a18c47933438f891e22aeef812d69c8f75e326cb70ea000c3f776dfdbd604638c2ef717fc26d02e17", 16); michael@0: public static final BigInteger MOCKMYID_q = new BigInteger("e21e04f911d1ed7991008ecaab3bf775984309c3", 16); michael@0: public static final BigInteger MOCKMYID_g = new BigInteger("c52a4a0ff3b7e61fdf1867ce84138369a6154f4afa92966e3c827e25cfa6cf508b90e5de419e1337e07a2e9e2a3cd5dea704d175f8ebf6af397d69e110b96afb17c7a03259329e4829b0d03bbc7896b15b4ade53e130858cc34d96269aa89041f409136c7242a38895c9d5bccad4f389af1d7a4bd1398bd072dffa896233397a", 16); michael@0: michael@0: // Computed lazily by static getMockMyIDPrivateKey. michael@0: protected static SigningPrivateKey cachedMockMyIDPrivateKey = null; michael@0: michael@0: public static SigningPrivateKey getMockMyIDPrivateKey() throws NoSuchAlgorithmException, InvalidKeySpecException { michael@0: if (cachedMockMyIDPrivateKey == null) { michael@0: cachedMockMyIDPrivateKey = DSACryptoImplementation.createPrivateKey(MOCKMYID_x, MOCKMYID_p, MOCKMYID_q, MOCKMYID_g); michael@0: } michael@0: return cachedMockMyIDPrivateKey; michael@0: } michael@0: michael@0: /** michael@0: * Sign a public key asserting ownership of username@mockmyid.com with michael@0: * mockmyid.com's private key. michael@0: * michael@0: * @param publicKeyToSign michael@0: * public key to sign. michael@0: * @param username michael@0: * sign username@mockmyid.com michael@0: * @param issuedAt michael@0: * timestamp for certificate, in milliseconds since the epoch. michael@0: * @param expiresAt michael@0: * expiration timestamp for certificate, in milliseconds since the epoch. michael@0: * @return encoded certificate string. michael@0: * @throws Exception michael@0: */ michael@0: public String createMockMyIDCertificate(final VerifyingPublicKey publicKeyToSign, String username, michael@0: final long issuedAt, final long expiresAt) michael@0: throws Exception { michael@0: if (!username.endsWith("@mockmyid.com")) { michael@0: username = username + "@mockmyid.com"; michael@0: } michael@0: SigningPrivateKey mockMyIdPrivateKey = getMockMyIDPrivateKey(); michael@0: return JSONWebTokenUtils.createCertificate(publicKeyToSign, username, "mockmyid.com", issuedAt, expiresAt, mockMyIdPrivateKey); michael@0: } michael@0: michael@0: /** michael@0: * Sign a public key asserting ownership of username@mockmyid.com with michael@0: * mockmyid.com's private key. michael@0: * michael@0: * @param publicKeyToSign michael@0: * public key to sign. michael@0: * @param username michael@0: * sign username@mockmyid.com michael@0: * @return encoded certificate string. michael@0: * @throws Exception michael@0: */ michael@0: public String createMockMyIDCertificate(final VerifyingPublicKey publicKeyToSign, final String username) michael@0: throws Exception { michael@0: long ciat = System.currentTimeMillis(); michael@0: long cexp = ciat + JSONWebTokenUtils.DEFAULT_CERTIFICATE_DURATION_IN_MILLISECONDS; michael@0: return createMockMyIDCertificate(publicKeyToSign, username, ciat, cexp); michael@0: } michael@0: michael@0: /** michael@0: * Generate an assertion asserting ownership of username@mockmyid.com to a michael@0: * relying party. The underlying certificate is signed by mockymid.com's michael@0: * private key. michael@0: * michael@0: * @param keyPair michael@0: * to sign with. michael@0: * @param username michael@0: * sign username@mockmyid.com. michael@0: * @param certificateIssuedAt michael@0: * timestamp for certificate, in milliseconds since the epoch. michael@0: * @param certificateExpiresAt michael@0: * expiration timestamp for certificate, in milliseconds since the epoch. michael@0: * @param assertionIssuedAt michael@0: * timestamp for assertion, in milliseconds since the epoch; if null, michael@0: * no timestamp is included. michael@0: * @param assertionExpiresAt michael@0: * expiration timestamp for assertion, in milliseconds since the epoch. michael@0: * @return encoded assertion string. michael@0: * @throws Exception michael@0: */ michael@0: public String createMockMyIDAssertion(BrowserIDKeyPair keyPair, String username, String audience, michael@0: long certificateIssuedAt, long certificateExpiresAt, michael@0: Long assertionIssuedAt, long assertionExpiresAt) michael@0: throws Exception { michael@0: String certificate = createMockMyIDCertificate(keyPair.getPublic(), username, michael@0: certificateIssuedAt, certificateExpiresAt); michael@0: return JSONWebTokenUtils.createAssertion(keyPair.getPrivate(), certificate, audience, michael@0: JSONWebTokenUtils.DEFAULT_ASSERTION_ISSUER, assertionIssuedAt, assertionExpiresAt); michael@0: } michael@0: michael@0: /** michael@0: * Generate an assertion asserting ownership of username@mockmyid.com to a michael@0: * relying party. The underlying certificate is signed by mockymid.com's michael@0: * private key. michael@0: * michael@0: * @param keyPair michael@0: * to sign with. michael@0: * @param username michael@0: * sign username@mockmyid.com. michael@0: * @return encoded assertion string. michael@0: * @throws Exception michael@0: */ michael@0: public String createMockMyIDAssertion(BrowserIDKeyPair keyPair, String username, String audience) michael@0: throws Exception { michael@0: long ciat = System.currentTimeMillis(); michael@0: long cexp = ciat + JSONWebTokenUtils.DEFAULT_CERTIFICATE_DURATION_IN_MILLISECONDS; michael@0: long aiat = ciat + 1; michael@0: long aexp = aiat + JSONWebTokenUtils.DEFAULT_ASSERTION_DURATION_IN_MILLISECONDS; michael@0: return createMockMyIDAssertion(keyPair, username, audience, michael@0: ciat, cexp, aiat, aexp); michael@0: } michael@0: }