List of usage examples for java.security.cert X509CertSelector X509CertSelector
public X509CertSelector()
From source file:mitm.common.security.crl.PKITSTest.java
@Test public void test_4_4_5_Invalid_Bad_CRL_Issuer_Name_Test5() throws Exception { // add certificates addCertificates(new File(testBase, "certs/BadCRLIssuerNameCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/InvalidBadCRLIssuerNameTest5EE.crt"), certStoreParams.getCertStore()); // add crls//w w w .j a v a2 s . c om addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/BadCRLIssuerNameCACRL.crl"), certStoreParams.getCRLStore()); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("1")); selector.setIssuer("CN=Bad CRL Issuer Name CA, O=Test Certificates, C=US"); PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector); CertPath certPath = result.getCertPath(); TrustAnchor trustAnchor = result.getTrustAnchor(); assertNotNull(trustAnchor); assertEquals("CN=Trust Anchor, O=Test Certificates, C=US", trustAnchor.getTrustedCert().getSubjectX500Principal().toString()); PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore()); RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate); assertEquals(RevocationStatus.UNKNOWN, revocationResult.getStatus()); assertEquals(null, revocationResult.getReason()); RevocationDetail[] detail = revocationResult.getDetails(); assertEquals(detail.length, 2); assertEquals(RevocationStatus.UNKNOWN, detail[0].getStatus()); assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus()); }
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testBuildPathCRLUnavailable() throws Exception { // add roots// w w w .j ava 2s. c om addCertificates("windows-xp-all-roots.p7b", rootStoreParams.getCertStore()); addCertificates("mitm-test-root.cer", rootStoreParams.getCertStore()); addCertificates("windows-xp-all-intermediates.p7b", certStoreParams.getCertStore()); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); trustAnchors = getTrustAnchors(); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("115FD110A82F742D0AE14A71B651962")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.setTrustAnchors(trustAnchors); builder.addCertPathChecker(new SMIMEExtendedKeyUsageCertPathChecker()); builder.addCertStore(certStore); builder.setRevocationEnabled(true); try { builder.buildPath(selector); fail(); } catch (CertPathBuilderException e) { Throwable cause = ExceptionUtils.getCause(e); assertTrue(cause.getMessage().startsWith("No CRLs found")); } }
From source file:mitm.common.security.crl.PKITSTest.java
@Test public void test_4_4_6_Invalid_Wrong_CRL_Test6() throws Exception { // add certificates addCertificates(new File(testBase, "certs/WrongCRLCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/InvalidWrongCRLTest6EE.crt"), certStoreParams.getCertStore()); // add crls/* ww w . j a v a 2s . com*/ addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore()); // This test wants us to add "WrongCRLCACRL.crl" but it's the exact same crl as "TrustAnchorRootCRL.crl" // so we will not add it again because we can only add a crl just once (thumbprint must be unique) X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("1")); selector.setIssuer("CN=Wrong CRL CA, O=Test Certificates, C=US"); PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector); CertPath certPath = result.getCertPath(); TrustAnchor trustAnchor = result.getTrustAnchor(); assertNotNull(trustAnchor); assertEquals("CN=Trust Anchor, O=Test Certificates, C=US", trustAnchor.getTrustedCert().getSubjectX500Principal().toString()); PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore()); RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate); assertEquals(RevocationStatus.UNKNOWN, revocationResult.getStatus()); assertEquals(null, revocationResult.getReason()); RevocationDetail[] detail = revocationResult.getDetails(); assertEquals(detail.length, 2); assertEquals(RevocationStatus.UNKNOWN, detail[0].getStatus()); assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus()); }
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testBuildPathCRLUnavailableButCRLCheckOff() throws Exception { // add roots/* w w w .j a va 2s.c om*/ addCertificates("windows-xp-all-roots.p7b", rootStoreParams.getCertStore()); addCertificates("mitm-test-root.cer", rootStoreParams.getCertStore()); addCertificates("windows-xp-all-intermediates.p7b", certStoreParams.getCertStore()); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); trustAnchors = getTrustAnchors(); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("115FD110A82F742D0AE14A71B651962")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.setTrustAnchors(trustAnchors); builder.addCertPathChecker(new SMIMEExtendedKeyUsageCertPathChecker()); builder.addCertStore(certStore); builder.setRevocationEnabled(false); CertPathBuilderResult result = builder.buildPath(selector); List<? extends Certificate> certificates = result.getCertPath().getCertificates(); assertEquals(2, certificates.size()); CertStore store = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certificates)); Collection<? extends Certificate> foundCertificates = store.getCertificates(selector); assertEquals(1, foundCertificates.size()); }
From source file:mitm.common.security.crl.PKITSTest.java
@Test public void test_4_4_7_Valid_Two_CRLs_Test7() throws Exception { // add certificates addCertificates(new File(testBase, "certs/TwoCRLsCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/ValidTwoCRLsTest7EE.crt"), certStoreParams.getCertStore()); // add crls//from w w w .j a va 2 s . co m addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/TwoCRLsCAGoodCRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/TwoCRLsCABadCRL.crl"), certStoreParams.getCRLStore()); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("1")); selector.setIssuer("CN=Two CRLs CA, O=Test Certificates, C=US"); PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector); CertPath certPath = result.getCertPath(); TrustAnchor trustAnchor = result.getTrustAnchor(); assertNotNull(trustAnchor); assertEquals("CN=Trust Anchor, O=Test Certificates, C=US", trustAnchor.getTrustedCert().getSubjectX500Principal().toString()); PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore()); RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate); assertEquals(RevocationStatus.NOT_REVOKED, revocationResult.getStatus()); assertEquals(null, revocationResult.getReason()); RevocationDetail[] detail = revocationResult.getDetails(); assertEquals(detail.length, 2); assertEquals(RevocationStatus.NOT_REVOKED, detail[0].getStatus()); assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus()); }
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testBuildPathRootNotFound() throws Exception { // root store cannot be empty so we just load something addCertificates("dod-mega-crl.cer", rootStoreParams.getCertStore()); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); addCRL("test-ca.crl", certStoreParams.getCRLStore()); addCRL("test-root-ca-not-revoked.crl", certStoreParams.getCRLStore()); trustAnchors = getTrustAnchors();/* w ww.j a v a2s . c o m*/ X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("115FCD741088707366E9727452C9770")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.setTrustAnchors(trustAnchors); builder.addCertStore(certStore); try { builder.buildPath(selector); fail(); } catch (CertPathBuilderException e) { assertEquals("No issuer certificate for certificate in certification path found.", e.getMessage()); } }
From source file:mitm.common.security.crl.PKITSTest.java
@Test public void test_4_4_8_Invalid_Unknown_CRL_Entry_Extension_Test8() throws Exception { // add certificates addCertificates(new File(testBase, "certs/UnknownCRLEntryExtensionCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/InvalidUnknownCRLEntryExtensionTest8EE.crt"), certStoreParams.getCertStore()); // add crls//from w w w .j a va 2s. c o m addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/UnknownCRLEntryExtensionCACRL.crl"), certStoreParams.getCRLStore()); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("1")); selector.setIssuer("CN=Unknown CRL Entry Extension CA, O=Test Certificates, C=US"); PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector); CertPath certPath = result.getCertPath(); TrustAnchor trustAnchor = result.getTrustAnchor(); assertNotNull(trustAnchor); assertEquals("CN=Trust Anchor, O=Test Certificates, C=US", trustAnchor.getTrustedCert().getSubjectX500Principal().toString()); PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore()); RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate); assertEquals(RevocationStatus.REVOKED, revocationResult.getStatus()); assertEquals(RevocationReason.KEY_COMPROMISE, revocationResult.getReason()); RevocationDetail[] detail = revocationResult.getDetails(); assertEquals(detail.length, 2); assertEquals(RevocationStatus.REVOKED, detail[0].getStatus()); assertEquals(RevocationStatus.UNKNOWN, detail[1].getStatus()); }
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testBuildPathTargetNotFound() throws Exception { // add roots//from ww w . j av a2s. c o m addCertificates("mitm-test-root.cer", rootStoreParams.getCertStore()); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); addCRL("test-ca.crl", certStoreParams.getCRLStore()); addCRL("test-root-ca-not-revoked.crl", certStoreParams.getCRLStore()); trustAnchors = getTrustAnchors(); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("123")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.setTrustAnchors(trustAnchors); builder.addCertStore(certStore); try { builder.buildPath(selector); fail(); } catch (CertPathBuilderException e) { assertEquals("No certificate found matching targetContraints.", e.getMessage()); } }
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testBuildPathEndCertRevoked() throws Exception { // add roots/*from w ww . j a v a 2s.co m*/ addCertificates("mitm-test-root.cer", rootStoreParams.getCertStore()); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); addCRL("test-ca.crl", certStoreParams.getCRLStore()); addCRL("test-root-ca-not-revoked.crl", certStoreParams.getCRLStore()); trustAnchors = getTrustAnchors(); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("115FCD741088707366E9727452C9770")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.setTrustAnchors(trustAnchors); builder.addCertPathChecker(new SMIMEExtendedKeyUsageCertPathChecker()); builder.addCertStore(certStore); builder.setRevocationEnabled(true); try { builder.buildPath(selector); fail(); } catch (CertPathBuilderException e) { // CertPathValidatorException should have been thrown because the certificate is revoked Throwable cause = ExceptionUtils.getCause(e); assertTrue(cause.getMessage().startsWith("Certificate revocation after Fri Nov 30")); assertTrue(cause.getMessage().endsWith("2007, reason: privilegeWithdrawn")); } }
From source file:mitm.common.security.crl.PKITSTest.java
@Test public void test_4_4_9_Invalid_Unknown_CRL_Extension_Test9() throws Exception { // add certificates addCertificates(new File(testBase, "certs/UnknownCRLExtensionCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/InvalidUnknownCRLExtensionTest9EE.crt"), certStoreParams.getCertStore()); // add crls//from w w w. j a v a 2s . co m addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/UnknownCRLExtensionCACRL.crl"), certStoreParams.getCRLStore()); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("1")); selector.setIssuer("CN=Unknown CRL Extension CA, O=Test Certificates, C=US"); PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector); CertPath certPath = result.getCertPath(); TrustAnchor trustAnchor = result.getTrustAnchor(); assertNotNull(trustAnchor); assertEquals("CN=Trust Anchor, O=Test Certificates, C=US", trustAnchor.getTrustedCert().getSubjectX500Principal().toString()); PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore()); RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate); assertEquals(RevocationStatus.REVOKED, revocationResult.getStatus()); assertEquals(RevocationReason.KEY_COMPROMISE, revocationResult.getReason()); RevocationDetail[] detail = revocationResult.getDetails(); assertEquals(detail.length, 2); assertEquals(RevocationStatus.REVOKED, detail[0].getStatus()); assertEquals(RevocationStatus.UNKNOWN, detail[1].getStatus()); }