org.apache.synapse.transport.certificatevalidation.Utils.java Source code

Java tutorial

  1. HOME
  2. Java
  3. org.apache.synapse.transport.certificatevalidation.Utils.java

Introduction

Here is the source code for org.apache.synapse.transport.certificatevalidation.Utils.java

Source

/*
 *  Licensed to the Apache Software Foundation (ASF) under one
 *  or more contributor license agreements.  See the NOTICE file
 *  distributed with this work for additional information
 *  regarding copyright ownership.  The ASF licenses this file
 *  to you under the Apache License, Version 2.0 (the
 *  "License"); you may not use this file except in compliance
 *  with the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing,
 *  software distributed under the License is distributed on an
 *   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 *  KIND, either express or implied.  See the License for the
 *  specific language governing permissions and limitations
 *  under the License.
 */
package org.apache.synapse.transport.certificatevalidation;

import org.bouncycastle.x509.X509V1CertificateGenerator;
import org.bouncycastle.x509.X509V3CertificateGenerator;

import javax.security.auth.x500.X500Principal;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.*;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;

/**
 * Contains utility methods used by the test classes.
 */
public class Utils {

    public X509Certificate generateFakeRootCert(KeyPair pair) throws Exception {

        X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
        certGen.setSerialNumber(BigInteger.valueOf(1));
        certGen.setIssuerDN(new X500Principal("CN=Test CA Certificate"));
        certGen.setNotBefore(new Date(System.currentTimeMillis()));
        certGen.setNotAfter(new Date(System.currentTimeMillis() + TestConstants.VALIDITY_PERIOD));
        certGen.setSubjectDN(new X500Principal("CN=Test CA Certificate"));
        certGen.setPublicKey(pair.getPublic());
        certGen.setSignatureAlgorithm("SHA1WithRSAEncryption");

        return certGen.generateX509Certificate(pair.getPrivate(), "BC");
    }

    public KeyPair generateRSAKeyPair() throws Exception {

        KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
        kpGen.initialize(1024, new SecureRandom());
        return kpGen.generateKeyPair();
    }

    /**
     * CRLVerifierTest and OCSPVerifierTest both will use this method. This has common code for both test classes
     * in creating fake peer certificates.
     * @param caCert Certificate of CA which signs the peer certificate which will be generated.
     * @param peerPublicKey public key of the peer certificate which will be generated.
     * @param serialNumber  serial number of the peer certificate.
     * @return
     */
    public X509V3CertificateGenerator getUsableCertificateGenerator(X509Certificate caCert, PublicKey peerPublicKey,
            BigInteger serialNumber) {
        X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();

        certGen.setSerialNumber(serialNumber);
        certGen.setIssuerDN(caCert.getSubjectX500Principal());
        certGen.setNotBefore(new Date(System.currentTimeMillis()));
        certGen.setNotAfter(new Date(System.currentTimeMillis() + TestConstants.VALIDITY_PERIOD));
        certGen.setSubjectDN(new X500Principal("CN=Test End Certificate"));
        certGen.setPublicKey(peerPublicKey);
        certGen.setSignatureAlgorithm("SHA1WithRSAEncryption");

        return certGen;
    }

    /**
     * Generate X509Certificate object from the peer certificate file in resources directory.
     * @return the created certificate object.
     * @throws Exception
     */
    public X509Certificate getRealPeerCertificate() throws Exception {
        return createCertificateFromResourceFile(TestConstants.REAL_PEER_CERT);
    }

    /**
     * Create a certificate chain from the certificates in the resources directory.
     * @return created array of certificates.
     * @throws Exception
     */
    public X509Certificate[] getRealCertificateChain() throws Exception {

        X509Certificate peerCert = createCertificateFromResourceFile(TestConstants.REAL_PEER_CERT);
        X509Certificate intermediateCert = createCertificateFromResourceFile(TestConstants.INTERMEDIATE_CERT);
        X509Certificate rootCert = createCertificateFromResourceFile(TestConstants.ROOT_CERT);

        return new X509Certificate[] { peerCert, intermediateCert, rootCert };
    }

    /**
     * Generates a fake certificate chain. The array will contain two certificates, the root and the peer.
     * @return the created array of certificates.
     * @throws Exception
     */
    public X509Certificate[] getFakeCertificateChain() throws Exception {

        KeyPair rootKeyPair = generateRSAKeyPair();
        X509Certificate rootCert = generateFakeRootCert(rootKeyPair);
        KeyPair entityKeyPair = generateRSAKeyPair();
        BigInteger entitySerialNum = BigInteger.valueOf(111);
        X509V3CertificateGenerator certGen = getUsableCertificateGenerator(rootCert, entityKeyPair.getPublic(),
                entitySerialNum);
        X509Certificate entityCert = certGen.generateX509Certificate(rootKeyPair.getPrivate(), "BC");
        return new X509Certificate[] { entityCert, rootCert };
    }

    private X509Certificate createCertificateFromResourceFile(String resourcePath) throws Exception {

        CertificateFactory certFactory = CertificateFactory.getInstance("X.509", "BC");
        File faceBookCertificateFile = new File(this.getClass().getResource(resourcePath).toURI());
        InputStream in = new FileInputStream(faceBookCertificateFile);
        X509Certificate certificate = (X509Certificate) certFactory.generateCertificate(in);
        return certificate;
    }
}