List of usage examples for org.bouncycastle.tsp TimeStampResponse getStatus
public int getStatus()
From source file:org.signserver.module.tsa.TimeStampSignerTest.java
License:Open Source License
private void assertTimeNotAvailable(int worker) throws Exception { final int reqid = random.nextInt(); final TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator(); final TimeStampRequest timeStampRequest = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(114)); final byte[] requestBytes = timeStampRequest.getEncoded(); final GenericSignRequest signRequest = new GenericSignRequest(reqid, requestBytes); final GenericSignResponse res = (GenericSignResponse) workerSession.process(worker, signRequest, new RequestContext()); assertTrue(reqid == res.getRequestID()); final TimeStampResponse timeStampResponse = new TimeStampResponse((byte[]) res.getProcessedData()); timeStampResponse.validate(timeStampRequest); LOG.info("Response: " + timeStampResponse.getStatusString()); assertEquals("Token not granted", PKIStatus.REJECTION, timeStampResponse.getStatus()); assertEquals("PKIFailureInfo.timeNotAvailable", new PKIFailureInfo(PKIFailureInfo.timeNotAvailable), timeStampResponse.getFailInfo()); assertNull("No timestamp token", timeStampResponse.getTimeStampToken()); }
From source file:org.signserver.module.tsa.TimeStampSignerTest.java
License:Open Source License
/** * Check that we either include the signer certificate if it is missing or * otherwise fails the request.//from ww w .ja v a 2 s . c o m * * In addition Health check should also report an error for this. * * RFC#3161 2.4.1: * "If the certReq field is present and set to true, the TSA's public key * certificate that is referenced by the ESSCertID identifier inside a * SigningCertificate attribute in the response MUST be provided by the * TSA in the certificates field from the SignedData structure in that * response. That field may also contain other certificates." */ @Test public void test09SignerCertificateMustBeIncluded() throws Exception { List<Certificate> chain = workerSession.getSignerCertificateChain(WORKER2); final X509Certificate subject = (X509Certificate) chain.get(0); X509Certificate issuer = (X509Certificate) chain.get(1); // Now, don't include the signer certificate in the chain // For some reason we need to upload the signer certificate again :S workerSession.uploadSignerCertificate(WORKER2, subject.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(WORKER2, Arrays.asList(issuer.getEncoded()), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(WORKER2); if (!subject.equals(workerSession.getSignerCertificate(WORKER2))) { LOG.info("Subject: " + subject); LOG.info("Signer: " + workerSession.getSignerCertificate(WORKER2)); throw new Exception("Something is fishy. Test assumed the signer certificate to be present"); } // Test the status of the worker WorkerStatus actualStatus = workerSession.getStatus(WORKER2); assertEquals("should be error as signer certificate is not included in chain", 1, actualStatus.getFatalErrors().size()); assertTrue("error should talk about missing signer certificate: " + actualStatus.getFatalErrors(), actualStatus.getFatalErrors().get(0).contains("ertificate")); // Send a request including certificates TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator(); timeStampRequestGenerator.setCertReq(true); TimeStampRequest timeStampRequest = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); byte[] requestBytes = timeStampRequest.getEncoded(); GenericSignRequest signRequest = new GenericSignRequest(123124, requestBytes); try { final GenericSignResponse res = (GenericSignResponse) workerSession.process(WORKER2, signRequest, new RequestContext()); final TimeStampResponse timeStampResponse = new TimeStampResponse((byte[]) res.getProcessedData()); timeStampResponse.validate(timeStampRequest); if (PKIStatus.GRANTED == timeStampResponse.getStatus()) { fail("Should have failed as the signer is miss-configured"); } } catch (CryptoTokenOfflineException ex) { assertTrue("message should talk about missing signer certificate", ex.getMessage().contains("igner certificate")); } finally { // Restore workerSession.uploadSignerCertificate(WORKER2, subject.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(WORKER2, asListOfByteArrays(chain), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(WORKER2); } }
From source file:org.signserver.module.tsa.TimeStampSignerTest.java
License:Open Source License
/** * Tests that status is not OK and that an failure is generated when trying * to sign when the right signer certificate is not configured. * *//*from w ww . ja va 2s.co m*/ @Test public void test10WrongSignerCertificate() throws Exception { final List<Certificate> chain = workerSession.getSignerCertificateChain(WORKER2); final X509Certificate subject = (X509Certificate) workerSession.getSignerCertificate(WORKER2); // Any other certificate that will no match the key-pair final X509Certificate other = new JcaX509CertificateConverter() .getCertificate(new CertBuilder().setSubject("CN=Other") .addExtension(new CertExt(org.bouncycastle.asn1.x509.X509Extension.extendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_timeStamping))) .build()); try { // Use the other certificate which will not match the key + the right cert in chain workerSession.uploadSignerCertificate(WORKER2, other.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(WORKER2, Arrays.asList(subject.getEncoded()), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(WORKER2); // Test the status of the worker WorkerStatus actualStatus = workerSession.getStatus(WORKER2); assertEquals("should be error as the right signer certificate is not configured", 2, actualStatus.getFatalErrors().size()); assertTrue("error should talk about incorrect signer certificate: " + actualStatus.getFatalErrors(), actualStatus.getFatalErrors().get(0).contains("ertificate")); // Send a request including certificates TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator(); timeStampRequestGenerator.setCertReq(true); TimeStampRequest timeStampRequest = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); byte[] requestBytes = timeStampRequest.getEncoded(); GenericSignRequest signRequest = new GenericSignRequest(123124, requestBytes); try { final GenericSignResponse res = (GenericSignResponse) workerSession.process(WORKER2, signRequest, new RequestContext()); final TimeStampResponse timeStampResponse = new TimeStampResponse((byte[]) res.getProcessedData()); timeStampResponse.validate(timeStampRequest); if (PKIStatus.GRANTED == timeStampResponse.getStatus()) { fail("Should have failed as the signer is miss-configured"); } } catch (CryptoTokenOfflineException ex) { assertTrue("message should talk about incorrect signer certificate", ex.getMessage().contains("igner certificate")); } } finally { // Restore workerSession.uploadSignerCertificate(WORKER2, subject.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(WORKER2, asListOfByteArrays(chain), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(WORKER2); } }
From source file:org.signserver.module.tsa.TimeStampSignerTest.java
License:Open Source License
/** * Tests that status is not OK and that an failure is generated when trying * to sign when the right signer certificate is not configured in the * certificate chain property./*from ww w. ja va 2s . c o m*/ * */ @Test public void test10WrongSignerCertificate_InChain() throws Exception { final List<Certificate> chain = workerSession.getSignerCertificateChain(WORKER2); final X509Certificate subject = (X509Certificate) workerSession.getSignerCertificate(WORKER2); // Any other certificate that will no match the key-pair final X509Certificate other = new JcaX509CertificateConverter() .getCertificate(new CertBuilder().setSubject("CN=Other").build()); try { // Use the right certificate but the other in the certificate chain workerSession.uploadSignerCertificate(WORKER2, subject.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(WORKER2, Arrays.asList(other.getEncoded()), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(WORKER2); // Test the status of the worker WorkerStatus actualStatus = workerSession.getStatus(WORKER2); assertEquals("should be error as the right signer certificate is not configured", 1, actualStatus.getFatalErrors().size()); assertTrue("error should talk about incorrect signer certificate: " + actualStatus.getFatalErrors(), actualStatus.getFatalErrors().get(0).contains("ertificate")); // Send a request including certificates TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator(); timeStampRequestGenerator.setCertReq(true); TimeStampRequest timeStampRequest = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); byte[] requestBytes = timeStampRequest.getEncoded(); GenericSignRequest signRequest = new GenericSignRequest(123124, requestBytes); try { final GenericSignResponse res = (GenericSignResponse) workerSession.process(WORKER2, signRequest, new RequestContext()); final TimeStampResponse timeStampResponse = new TimeStampResponse((byte[]) res.getProcessedData()); timeStampResponse.validate(timeStampRequest); if (PKIStatus.GRANTED == timeStampResponse.getStatus()) { fail("Should have failed as the signer is miss-configured"); } } catch (CryptoTokenOfflineException ex) { assertTrue("message should talk about incorrect signer certificate", ex.getMessage().contains("igner certificate")); } } finally { // Restore workerSession.uploadSignerCertificate(WORKER2, subject.getEncoded(), GlobalConfiguration.SCOPE_GLOBAL); workerSession.uploadSignerCertificateChain(WORKER2, asListOfByteArrays(chain), GlobalConfiguration.SCOPE_GLOBAL); workerSession.reloadConfiguration(WORKER2); } }
From source file:org.signserver.module.tsa.TimeStampSignerTest.java
License:Open Source License
private void assertTokenGranted(int workerId) throws Exception { TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator(); timeStampRequestGenerator.setCertReq(true); TimeStampRequest timeStampRequest = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); byte[] requestBytes = timeStampRequest.getEncoded(); GenericSignRequest signRequest = new GenericSignRequest(123124, requestBytes); try {//from www. j a v a 2 s. c om final GenericSignResponse res = (GenericSignResponse) workerSession.process(workerId, signRequest, new RequestContext()); final TimeStampResponse timeStampResponse = new TimeStampResponse((byte[]) res.getProcessedData()); timeStampResponse.validate(timeStampRequest); assertEquals(PKIStatus.GRANTED, timeStampResponse.getStatus()); } catch (CryptoTokenOfflineException ex) { fail(ex.getMessage()); } }
From source file:org.signserver.module.tsa.TimeStampSignerTest.java
License:Open Source License
private void assertTokenNotGranted(int workerId) throws Exception { TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator(); timeStampRequestGenerator.setCertReq(true); TimeStampRequest timeStampRequest = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); byte[] requestBytes = timeStampRequest.getEncoded(); GenericSignRequest signRequest = new GenericSignRequest(123124, requestBytes); try {/* ww w .j ava2 s . com*/ final GenericSignResponse res = (GenericSignResponse) workerSession.process(workerId, signRequest, new RequestContext()); final TimeStampResponse timeStampResponse = new TimeStampResponse((byte[]) res.getProcessedData()); timeStampResponse.validate(timeStampRequest); assertFalse(PKIStatus.GRANTED == timeStampResponse.getStatus()); } catch (CryptoTokenOfflineException ignored) { //NOPMD // OK } }
From source file:org.signserver.module.tsa.TimeStampSignerUnitTest.java
License:Open Source License
/** * Tests that a request including an extension not listed will cause a * rejection.// w w w . j a va 2 s . c om * @throws Exception */ @Test public void testNotAcceptedExtensionPrevented() throws Exception { LOG.info("testNotAcceptedExtensionPrevented"); TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator(); timeStampRequestGenerator.addExtension(new ASN1ObjectIdentifier("1.2.7.9"), false, new DEROctetString("Value".getBytes("UTF-8"))); TimeStampRequest timeStampRequest = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); byte[] requestBytes = timeStampRequest.getEncoded(); GenericSignRequest signRequest = new GenericSignRequest(100, requestBytes); final RequestContext requestContext = new RequestContext(); final GenericSignResponse res = (GenericSignResponse) workerSession.process(WORKER2, signRequest, requestContext); final TimeStampResponse timeStampResponse = new TimeStampResponse((byte[]) res.getProcessedData()); timeStampResponse.validate(timeStampRequest); assertEquals("rejection", PKIStatus.REJECTION, timeStampResponse.getStatus()); assertEquals("unacceptedExtension", PKIFailureInfo.unacceptedExtension, timeStampResponse.getFailInfo().intValue()); }
From source file:org.signserver.module.tsa.TimeStampSignerUnitTest.java
License:Open Source License
/** * Tests that a request including an extension listed will accept * the extension.// w w w .ja v a2 s. c o m * @throws Exception */ @Test public void testAcceptedExtensions() throws Exception { LOG.info("testAcceptedExtensions"); TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator(); timeStampRequestGenerator.addExtension(new ASN1ObjectIdentifier("1.2.7.2"), false, new DEROctetString("Value".getBytes("UTF-8"))); TimeStampRequest timeStampRequest = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); byte[] requestBytes = timeStampRequest.getEncoded(); GenericSignRequest signRequest = new GenericSignRequest(100, requestBytes); final RequestContext requestContext = new RequestContext(); final GenericSignResponse res = (GenericSignResponse) workerSession.process(WORKER2, signRequest, requestContext); final TimeStampResponse timeStampResponse = new TimeStampResponse((byte[]) res.getProcessedData()); timeStampResponse.validate(timeStampRequest); assertEquals("granted", PKIStatus.GRANTED, timeStampResponse.getStatus()); assertEquals("extensions in token", Arrays.toString(new ASN1ObjectIdentifier[] { new ASN1ObjectIdentifier("1.2.7.2") }), Arrays.toString(timeStampResponse.getTimeStampToken().getTimeStampInfo().toASN1Structure() .getExtensions().getExtensionOIDs())); }
From source file:org.signserver.module.tsa.TimeStampSignerUnitTest.java
License:Open Source License
/** * Tests that a request including an extension listed will accept * the extension also when ACCEPTEDEXTENSIONS contains spaces. * @throws Exception//from w w w . j a v a 2s .c o m */ @Test public void testAcceptedExtensionsWithSpaces() throws Exception { LOG.info("testAcceptedExtensionsWithSpaces"); TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator(); timeStampRequestGenerator.addExtension(new ASN1ObjectIdentifier("1.2.7.2"), false, new DEROctetString("Value".getBytes("UTF-8"))); TimeStampRequest timeStampRequest = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); byte[] requestBytes = timeStampRequest.getEncoded(); GenericSignRequest signRequest = new GenericSignRequest(100, requestBytes); final RequestContext requestContext = new RequestContext(); final GenericSignResponse res = (GenericSignResponse) workerSession.process(WORKER4, signRequest, requestContext); final TimeStampResponse timeStampResponse = new TimeStampResponse((byte[]) res.getProcessedData()); timeStampResponse.validate(timeStampRequest); assertEquals("granted", PKIStatus.GRANTED, timeStampResponse.getStatus()); assertEquals("extensions in token", Arrays.toString(new ASN1ObjectIdentifier[] { new ASN1ObjectIdentifier("1.2.7.2") }), Arrays.toString(timeStampResponse.getTimeStampToken().getTimeStampInfo().toASN1Structure() .getExtensions().getExtensionOIDs())); }
From source file:org.signserver.module.tsa.TimeStampSignerUnitTest.java
License:Open Source License
/** * Tests that a request without extension is accepted also when the list of * extensions is empty./* ww w . j av a2 s . c o m*/ * @throws Exception */ @Test public void testEmptyAcceptedExtensionsOk() throws Exception { LOG.info("testEmptyAcceptedExtensions"); TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator(); TimeStampRequest timeStampRequest = timeStampRequestGenerator.generate(TSPAlgorithms.SHA1, new byte[20], BigInteger.valueOf(100)); byte[] requestBytes = timeStampRequest.getEncoded(); GenericSignRequest signRequest = new GenericSignRequest(100, requestBytes); final RequestContext requestContext = new RequestContext(); final GenericSignResponse res = (GenericSignResponse) workerSession.process(WORKER3, signRequest, requestContext); final TimeStampResponse timeStampResponse = new TimeStampResponse((byte[]) res.getProcessedData()); timeStampResponse.validate(timeStampRequest); assertEquals("granted", PKIStatus.GRANTED, timeStampResponse.getStatus()); assertNull("extensions in token", timeStampResponse.getTimeStampToken().getTimeStampInfo().toASN1Structure().getExtensions()); }