added ml-dsa with SHA-512 test.

dghgit · dghgit · commit 1119427354c2 · 2025-07-22T11:16:00.000+10:00
diff --git a/pkix/src/test/java/org/bouncycastle/tsp/test/PQCTSPTest.java b/pkix/src/test/java/org/bouncycastle/tsp/test/PQCTSPTest.java
@@ -194,4 +194,79 @@ public void testSPHINCSPlus()
 
         assertNotNull("no signingCertificate attribute found", table.get(PKCSObjectIdentifiers.id_aa_signingCertificate));
     }
+
+    public void testMLDSA()
+            throws Exception
+        {
+            //
+            // set up the keys
+            //
+            PrivateKey privKey;
+            PublicKey pubKey;
+
+            try
+            {
+                KeyPairGenerator g = KeyPairGenerator.getInstance("ML-DSA", BC);
+
+                KeyPair p = g.generateKeyPair();
+
+                privKey = p.getPrivate();
+                pubKey = p.getPublic();
+            }
+            catch (Exception e)
+            {
+                fail("error setting up keys - " + e);
+                return;
+            }
+
+            //
+            // extensions
+            //
+
+            //
+            // create the certificate - version 1
+            //
+
+            ContentSigner sigGen = new JcaContentSignerBuilder("ML-DSA")
+                .setProvider(BC).build(privKey);
+            JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(
+                new X500Name("CN=Test"),
+                BigInteger.valueOf(1),
+                new Date(System.currentTimeMillis() - 50000),
+                new Date(System.currentTimeMillis() + 50000),
+                new X500Name("CN=Test"),
+                pubKey);
+
+            certGen.addExtension(Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping));
+
+            X509Certificate cert = new JcaX509CertificateConverter()
+                .setProvider("BC").getCertificate(certGen.build(sigGen));
+
+            ContentSigner signer = new JcaContentSignerBuilder("ML-DSA").setProvider(BC).build(privKey);
+
+            TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
+                new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build())
+                    .setContentDigest(new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512))
+                    .build(signer, cert), new SHA1DigestCalculator(), new ASN1ObjectIdentifier("1.2"));
+
+            // tsTokenGen.addCertificates(certs);
+
+            TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
+            TimeStampRequest request = reqGen.generate(TSPAlgorithms.SHA3_256, new byte[32], BigInteger.valueOf(100));
+
+            TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TSPAlgorithms.ALLOWED);
+
+            TimeStampResponse tsResp = tsRespGen.generate(request, new BigInteger("23"), new Date());
+
+            tsResp = new TimeStampResponse(tsResp.getEncoded());
+
+            TimeStampToken tsToken = tsResp.getTimeStampToken();
+
+            tsToken.validate(new JcaSignerInfoVerifierBuilder(new JcaDigestCalculatorProviderBuilder().build())
+                .setProvider(BC).build(cert));
+
+            AttributeTable table = tsToken.getSignedAttributes();
+
+            assertNotNull("no signingCertificate attribute found", table.get(PKCSObjectIdentifiers.id_aa_signingCertificate));
+        }
 }
