List of usage examples for java.security.cert X509CRL getRevokedCertificates
public abstract Set<? extends X509CRLEntry> getRevokedCertificates();
From source file:org.candlepin.util.X509CRLStreamWriterTest.java
@Test public void testHandlesExtensions() throws Exception { File crlToChange = writeCRL(createCRL()); X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic()); stream.preScan(crlToChange).lock();//from www. jav a 2 s .com OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile)); stream.write(o); o.close(); X509CRL changedCrl = readCRL(); Set<BigInteger> discoveredSerials = new HashSet<BigInteger>(); for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) { discoveredSerials.add(entry.getSerialNumber()); } Set<BigInteger> expected = new HashSet<BigInteger>(); expected.add(new BigInteger("100")); assertEquals(expected, discoveredSerials); }
From source file:org.candlepin.util.X509CRLStreamWriterTest.java
@Test public void testAddEntryToCRL() throws Exception { File crlToChange = writeCRL(createCRL()); File outfile = new File(folder.getRoot(), "new.crl"); X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic()); Set<BigInteger> expected = new HashSet<BigInteger>(); expected.add(new BigInteger("100")); // Add enough items to cause the number of length bytes to change Set<BigInteger> newSerials = new HashSet<BigInteger>(Arrays.asList(new BigInteger("2358215310"), new BigInteger("7231352433"), new BigInteger("8233181205"), new BigInteger("1455615868"), new BigInteger("4323487764"), new BigInteger("6673256679"))); for (BigInteger i : newSerials) { stream.add(i, new Date(), CRLReason.privilegeWithdrawn); expected.add(i);/*from w w w .ja v a 2 s .co m*/ } stream.preScan(crlToChange).lock(); OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile)); stream.write(o); o.close(); X509CRL changedCrl = readCRL(); Set<BigInteger> discoveredSerials = new HashSet<BigInteger>(); for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) { discoveredSerials.add(entry.getSerialNumber()); } assertEquals(expected, discoveredSerials); }
From source file:org.candlepin.util.X509CRLStreamWriterTest.java
@Test public void testAddEntryToCRLWithNoExtensions() throws Exception { X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuer, new Date()); crlBuilder.addCRLEntry(new BigInteger("100"), new Date(), CRLReason.unspecified); X509CRLHolder holder = crlBuilder.build(signer); File crlToChange = writeCRL(holder); File outfile = new File(folder.getRoot(), "new.crl"); X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic()); Set<BigInteger> expected = new HashSet<BigInteger>(); expected.add(new BigInteger("100")); // Add enough items to cause the number of length bytes to change Set<BigInteger> newSerials = new HashSet<BigInteger>(Arrays.asList(new BigInteger("2358215310"), new BigInteger("7231352433"), new BigInteger("8233181205"), new BigInteger("1455615868"), new BigInteger("4323487764"), new BigInteger("6673256679"))); for (BigInteger i : newSerials) { stream.add(i, new Date(), CRLReason.privilegeWithdrawn); expected.add(i);//from ww w. jav a2 s . c o m } stream.preScan(crlToChange).lock(); OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile)); stream.write(o); o.close(); X509CRL changedCrl = readCRL(); Set<BigInteger> discoveredSerials = new HashSet<BigInteger>(); for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) { discoveredSerials.add(entry.getSerialNumber()); } assertEquals(expected, discoveredSerials); }
From source file:org.candlepin.util.X509CRLStreamWriterTest.java
@Test public void testAddEntryToEmptyCRL() throws Exception { Date oneHourAgo = new Date(new Date().getTime() - 60L * 60L * 1000L); Date oneHourHence = new Date(new Date().getTime() + 60L * 60L * 1000L); X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuer, oneHourAgo); crlBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(keyPair.getPublic())); /* With a CRL number of 127, incrementing it should cause the number of bytes in the length * portion of the TLV to increase by one.*/ crlBuilder.addExtension(X509Extension.cRLNumber, false, new CRLNumber(new BigInteger("127"))); crlBuilder.setNextUpdate(oneHourHence); X509CRLHolder holder = crlBuilder.build(signer); File crlToChange = writeCRL(holder); File outfile = new File(folder.getRoot(), "new.crl"); X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic()); // Add enough items to cause the number of length bytes to change Set<BigInteger> newSerials = new HashSet<BigInteger>(Arrays.asList(new BigInteger("2358215310"), new BigInteger("7231352433"), new BigInteger("8233181205"), new BigInteger("1455615868"), new BigInteger("4323487764"), new BigInteger("6673256679"))); for (BigInteger i : newSerials) { stream.add(i, new Date(), CRLReason.privilegeWithdrawn); }/*w w w . j av a 2 s . c o m*/ stream.preScan(crlToChange).lock(); OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile)); stream.write(o); o.close(); X509CRL changedCrl = readCRL(); Set<BigInteger> discoveredSerials = new HashSet<BigInteger>(); for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) { discoveredSerials.add(entry.getSerialNumber()); } X509CRL originalCrl = new JcaX509CRLConverter().setProvider(BC).getCRL(holder); assertNotNull(changedCrl.getNextUpdate()); long changedCrlUpdateDelta = changedCrl.getNextUpdate().getTime() - changedCrl.getThisUpdate().getTime(); // We're allowing a tolerance of a few milliseconds to deal with minor timing issues long deltaTolerance = 3; long deltaDiff = changedCrlUpdateDelta - (oneHourHence.getTime() - oneHourAgo.getTime()); assertTrue(Math.abs(deltaDiff) <= deltaTolerance); assertThat(changedCrl.getThisUpdate(), greaterThan(originalCrl.getThisUpdate())); assertEquals(newSerials, discoveredSerials); assertEquals(originalCrl.getIssuerX500Principal(), changedCrl.getIssuerX500Principal()); ASN1ObjectIdentifier crlNumberOID = X509Extension.cRLNumber; byte[] oldCrlNumberBytes = originalCrl.getExtensionValue(crlNumberOID.getId()); byte[] newCrlNumberBytes = changedCrl.getExtensionValue(crlNumberOID.getId()); DEROctetString oldOctet = (DEROctetString) DERTaggedObject.fromByteArray(oldCrlNumberBytes); DEROctetString newOctet = (DEROctetString) DERTaggedObject.fromByteArray(newCrlNumberBytes); DERInteger oldNumber = (DERInteger) DERTaggedObject.fromByteArray(oldOctet.getOctets()); DERInteger newNumber = (DERInteger) DERTaggedObject.fromByteArray(newOctet.getOctets()); assertEquals(oldNumber.getValue().add(BigInteger.ONE), newNumber.getValue()); ASN1ObjectIdentifier authorityKeyOID = X509Extension.authorityKeyIdentifier; byte[] oldAuthorityKeyId = originalCrl.getExtensionValue(authorityKeyOID.getId()); byte[] newAuthorityKeyId = changedCrl.getExtensionValue(authorityKeyOID.getId()); assertArrayEquals(oldAuthorityKeyId, newAuthorityKeyId); }
From source file:org.candlepin.util.X509CRLStreamWriterTest.java
@Test public void testKeySizeChange() throws Exception { int[] sizes = { 1024, 4096 }; for (int size : sizes) { X509CRLHolder holder = createCRL(); File crlToChange = writeCRL(holder); generator.initialize(size);//from www. j a v a 2s.c om KeyPair differentKeyPair = generator.generateKeyPair(); X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) differentKeyPair.getPrivate(), (RSAPublicKey) differentKeyPair.getPublic()); stream.preScan(crlToChange).lock(); OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile)); stream.write(o); o.close(); X509CRL originalCrl = new JcaX509CRLConverter().setProvider(BC).getCRL(holder); X509CRL changedCrl = readCRL(differentKeyPair.getPublic()); Set<BigInteger> discoveredSerials = new HashSet<BigInteger>(); for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) { discoveredSerials.add(entry.getSerialNumber()); } Set<BigInteger> expected = new HashSet<BigInteger>(); expected.add(new BigInteger("100")); assertEquals(expected, discoveredSerials); // Since the key changed, the authorityKeyIdentifier must change byte[] oldAkiBytes = originalCrl.getExtensionValue(X509Extension.authorityKeyIdentifier.getId()); byte[] newAkiBytes = changedCrl.getExtensionValue(X509Extension.authorityKeyIdentifier.getId()); AuthorityKeyIdentifierStructure oldAki = new AuthorityKeyIdentifierStructure(oldAkiBytes); AuthorityKeyIdentifierStructure newAki = new AuthorityKeyIdentifierStructure(newAkiBytes); assertArrayEquals(oldAki.getKeyIdentifier(), new AuthorityKeyIdentifierStructure(keyPair.getPublic()).getKeyIdentifier()); assertArrayEquals(newAki.getKeyIdentifier(), new AuthorityKeyIdentifierStructure(differentKeyPair.getPublic()).getKeyIdentifier()); } }
From source file:org.candlepin.util.X509CRLStreamWriterTest.java
@Test public void testDeleteEntryFromCRL() throws Exception { X509v2CRLBuilder crlBuilder = createCRLBuilder(); crlBuilder.addCRLEntry(new BigInteger("101"), new Date(), CRLReason.unspecified); X509CRLHolder holder = crlBuilder.build(signer); File crlToChange = writeCRL(holder); CRLEntryValidator validator = new CRLEntryValidator() { @Override// w ww. ja v a 2s .co m public boolean shouldDelete(X509CRLEntryObject entry) { return entry.getSerialNumber().equals(new BigInteger("101")); } }; X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic()); stream.add(new BigInteger("9000"), new Date(), 0); stream.preScan(crlToChange, validator).lock(); OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile)); stream.write(o); o.close(); X509CRL changedCrl = readCRL(); Set<BigInteger> discoveredSerials = new HashSet<BigInteger>(); for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) { discoveredSerials.add(entry.getSerialNumber()); } Set<BigInteger> expected = new HashSet<BigInteger>(); expected.add(new BigInteger("100")); expected.add(new BigInteger("9000")); assertEquals(expected, discoveredSerials); }
From source file:org.candlepin.util.X509CRLStreamWriterTest.java
@Test public void testSha1Signature() throws Exception { X509v2CRLBuilder crlBuilder = createCRLBuilder(); String signingAlg = "SHA1WithRSAEncryption"; ContentSigner sha1Signer = new JcaContentSignerBuilder(signingAlg).setProvider(BC) .build(keyPair.getPrivate()); X509CRLHolder holder = crlBuilder.build(sha1Signer); File crlToChange = writeCRL(holder); X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic()); stream.add(new BigInteger("9000"), new Date(), 0); stream.preScan(crlToChange).lock();//from w ww. j a va 2 s . com OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile)); stream.write(o); o.close(); X509CRL changedCrl = readCRL(); Set<BigInteger> discoveredSerials = new HashSet<BigInteger>(); for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) { discoveredSerials.add(entry.getSerialNumber()); } Set<BigInteger> expected = new HashSet<BigInteger>(); expected.add(new BigInteger("100")); expected.add(new BigInteger("9000")); assertEquals(expected, discoveredSerials); }
From source file:test.integ.be.fedict.performance.TestHarvestEid.java
@Test public void testHarvestEid() throws Exception { // Operate: fetch CRL urls HttpClient httpClient = new HttpClient(); GetMethod getMethod = new GetMethod(BEID_URI); httpClient.executeMethod(getMethod); String content = getMethod.getResponseBodyAsString(); List<String> crlPaths = new LinkedList<String>(); int start = content.indexOf(URL_START); int end = content.indexOf(URL_STOP); while (-1 != start) { String ahref = content.substring(start + URL_START.length(), end); String path = ahref.substring(0, ahref.indexOf("\">")); if (path.contains(".crl")) { crlPaths.add(path);/* w w w.ja v a 2 s . c o m*/ } content = content.substring(end + URL_STOP.length()); start = content.indexOf(URL_START); end = content.indexOf(URL_STOP); } // Setup OnlineCrlRepository onlineCrlRepository = new OnlineCrlRepository(); // Operate: harvest List<CrlInfo> crlInfos = new LinkedList<CrlInfo>(); for (String path : crlPaths) { URI crlURI = new URI(BEID_URI + "/" + path); X509CRL crl = onlineCrlRepository.findCrl(crlURI, null, null); int entries = 0; Set<? extends X509CRLEntry> crlEntries = crl.getRevokedCertificates(); if (null != crlEntries) { entries = crlEntries.size(); } crlInfos.add(new CrlInfo(crlURI.toString(), crl.getIssuerDN().toString(), entries)); } // Verify: output Random random = new Random(); for (CrlInfo crlInfo : crlInfos) { LOG.debug(crlInfo.getUrl() + " : " + "TestPKI.get().addSaveCa(\"" + crlInfo.getIssuer() + "\", \"CN=root" + random.nextInt(2) + "\", " + crlInfo.getEntries() + ", 0);"); } }