Example usage for java.security.cert PKIXCertPathBuilderResult getTrustAnchor

List of usage examples for java.security.cert PKIXCertPathBuilderResult getTrustAnchor

Introduction

In this page you can find the example usage for java.security.cert PKIXCertPathBuilderResult getTrustAnchor.

Prototype

public TrustAnchor getTrustAnchor() 

Source Link

Document

Returns the TrustAnchor describing the CA that served as a trust anchor for the certification path.

Usage

From source file:mitm.common.security.crl.PKITSTest.java

@Test
public void test_4_14_20_Invalid_onlySomeReasons_Test20() throws Exception {
    // add certificates
    addCertificates(new File(testBase, "certs/onlySomeReasonsCA4Cert.crt"), certStoreParams.getCertStore());
    addCertificates(new File(testBase, "certs/InvalidonlySomeReasonsTest20EE.crt"),
            certStoreParams.getCertStore());

    // add crls/*from w  w  w.j av  a2s  . c  o m*/
    addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore());
    addCRL(new File(testBase, "crls/onlySomeReasonsCA4compromiseCRL.crl"), certStoreParams.getCRLStore());
    addCRL(new File(testBase, "crls/onlySomeReasonsCA4otherreasonsCRL.crl"), certStoreParams.getCRLStore());

    X509CertSelector selector = new X509CertSelector();

    selector.setSerialNumber(BigIntegerUtils.hexDecode("2"));
    selector.setIssuer("OU=onlySomeReasons CA4, O=Test Certificates, C=US");

    PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector);

    CertPath certPath = result.getCertPath();

    TrustAnchor trustAnchor = result.getTrustAnchor();

    assertNotNull(trustAnchor);

    PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore());

    RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate);

    assertEquals(RevocationStatus.REVOKED, revocationResult.getStatus());
    assertEquals(RevocationReason.KEY_COMPROMISE, revocationResult.getReason());

    RevocationDetail[] detail = revocationResult.getDetails();

    assertEquals(detail.length, 2);
    assertEquals(RevocationStatus.REVOKED, detail[0].getStatus());
    assertEquals(RevocationStatus.UNKNOWN, detail[1].getStatus());
}

From source file:mitm.common.security.crl.PKITSTest.java

@Test
public void test_4_14_21_Invalid_onlySomeReasons_Test21() throws Exception {
    // add certificates
    addCertificates(new File(testBase, "certs/onlySomeReasonsCA4Cert.crt"), certStoreParams.getCertStore());
    addCertificates(new File(testBase, "certs/InvalidonlySomeReasonsTest21EE.crt"),
            certStoreParams.getCertStore());

    // add crls// ww w.  j av  a 2s. c o m
    addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore());
    addCRL(new File(testBase, "crls/onlySomeReasonsCA4compromiseCRL.crl"), certStoreParams.getCRLStore());
    addCRL(new File(testBase, "crls/onlySomeReasonsCA4otherreasonsCRL.crl"), certStoreParams.getCRLStore());

    X509CertSelector selector = new X509CertSelector();

    selector.setSerialNumber(BigIntegerUtils.hexDecode("3"));
    selector.setIssuer("OU=onlySomeReasons CA4, O=Test Certificates, C=US");

    PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector);

    CertPath certPath = result.getCertPath();

    TrustAnchor trustAnchor = result.getTrustAnchor();

    assertNotNull(trustAnchor);

    PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore());

    RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate);

    assertEquals(RevocationStatus.REVOKED, revocationResult.getStatus());
    assertEquals(RevocationReason.AFFILIATION_CHANGED, revocationResult.getReason());

    RevocationDetail[] detail = revocationResult.getDetails();

    assertEquals(detail.length, 2);
    assertEquals(RevocationStatus.REVOKED, detail[0].getStatus());
    assertEquals(RevocationStatus.UNKNOWN, detail[1].getStatus());
}

From source file:mitm.common.security.crl.PKITSTest.java

@Test
public void test_4_4_5_Invalid_Bad_CRL_Issuer_Name_Test5() throws Exception {
    // add certificates
    addCertificates(new File(testBase, "certs/BadCRLIssuerNameCACert.crt"), certStoreParams.getCertStore());
    addCertificates(new File(testBase, "certs/InvalidBadCRLIssuerNameTest5EE.crt"),
            certStoreParams.getCertStore());

    // add crls/*from  w ww.  j  av  a  2s .c o  m*/
    addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore());
    addCRL(new File(testBase, "crls/BadCRLIssuerNameCACRL.crl"), certStoreParams.getCRLStore());

    X509CertSelector selector = new X509CertSelector();

    selector.setSerialNumber(BigIntegerUtils.hexDecode("1"));
    selector.setIssuer("CN=Bad CRL Issuer Name CA, O=Test Certificates, C=US");

    PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector);

    CertPath certPath = result.getCertPath();

    TrustAnchor trustAnchor = result.getTrustAnchor();

    assertNotNull(trustAnchor);
    assertEquals("CN=Trust Anchor, O=Test Certificates, C=US",
            trustAnchor.getTrustedCert().getSubjectX500Principal().toString());

    PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore());

    RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate);

    assertEquals(RevocationStatus.UNKNOWN, revocationResult.getStatus());
    assertEquals(null, revocationResult.getReason());

    RevocationDetail[] detail = revocationResult.getDetails();

    assertEquals(detail.length, 2);
    assertEquals(RevocationStatus.UNKNOWN, detail[0].getStatus());
    assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus());
}

From source file:mitm.common.security.crl.PKITSTest.java

@Test
public void test_4_4_6_Invalid_Wrong_CRL_Test6() throws Exception {
    // add certificates
    addCertificates(new File(testBase, "certs/WrongCRLCACert.crt"), certStoreParams.getCertStore());
    addCertificates(new File(testBase, "certs/InvalidWrongCRLTest6EE.crt"), certStoreParams.getCertStore());

    // add crls/*from  www  . ja  v  a  2  s  .c om*/
    addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore());
    // This test wants us to add "WrongCRLCACRL.crl" but it's the exact same crl as "TrustAnchorRootCRL.crl"
    // so we will not add it again because we can only add a crl just once (thumbprint must be unique)

    X509CertSelector selector = new X509CertSelector();

    selector.setSerialNumber(BigIntegerUtils.hexDecode("1"));
    selector.setIssuer("CN=Wrong CRL CA, O=Test Certificates, C=US");

    PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector);

    CertPath certPath = result.getCertPath();

    TrustAnchor trustAnchor = result.getTrustAnchor();

    assertNotNull(trustAnchor);
    assertEquals("CN=Trust Anchor, O=Test Certificates, C=US",
            trustAnchor.getTrustedCert().getSubjectX500Principal().toString());

    PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore());

    RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate);

    assertEquals(RevocationStatus.UNKNOWN, revocationResult.getStatus());
    assertEquals(null, revocationResult.getReason());

    RevocationDetail[] detail = revocationResult.getDetails();

    assertEquals(detail.length, 2);
    assertEquals(RevocationStatus.UNKNOWN, detail[0].getStatus());
    assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus());
}

From source file:mitm.common.security.crl.PKITSTest.java

@Test
public void test_4_4_7_Valid_Two_CRLs_Test7() throws Exception {
    // add certificates
    addCertificates(new File(testBase, "certs/TwoCRLsCACert.crt"), certStoreParams.getCertStore());
    addCertificates(new File(testBase, "certs/ValidTwoCRLsTest7EE.crt"), certStoreParams.getCertStore());

    // add crls/*from   w  w w  . j  ava2  s . c o  m*/
    addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore());
    addCRL(new File(testBase, "crls/TwoCRLsCAGoodCRL.crl"), certStoreParams.getCRLStore());
    addCRL(new File(testBase, "crls/TwoCRLsCABadCRL.crl"), certStoreParams.getCRLStore());

    X509CertSelector selector = new X509CertSelector();

    selector.setSerialNumber(BigIntegerUtils.hexDecode("1"));
    selector.setIssuer("CN=Two CRLs CA, O=Test Certificates, C=US");

    PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector);

    CertPath certPath = result.getCertPath();

    TrustAnchor trustAnchor = result.getTrustAnchor();

    assertNotNull(trustAnchor);
    assertEquals("CN=Trust Anchor, O=Test Certificates, C=US",
            trustAnchor.getTrustedCert().getSubjectX500Principal().toString());

    PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore());

    RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate);

    assertEquals(RevocationStatus.NOT_REVOKED, revocationResult.getStatus());
    assertEquals(null, revocationResult.getReason());

    RevocationDetail[] detail = revocationResult.getDetails();

    assertEquals(detail.length, 2);
    assertEquals(RevocationStatus.NOT_REVOKED, detail[0].getStatus());
    assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus());
}

From source file:mitm.common.security.crl.PKITSTest.java

@Test
public void test_4_4_9_Invalid_Unknown_CRL_Extension_Test9() throws Exception {
    // add certificates
    addCertificates(new File(testBase, "certs/UnknownCRLExtensionCACert.crt"), certStoreParams.getCertStore());
    addCertificates(new File(testBase, "certs/InvalidUnknownCRLExtensionTest9EE.crt"),
            certStoreParams.getCertStore());

    // add crls// w w w . j a v  a  2  s. c o m
    addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore());
    addCRL(new File(testBase, "crls/UnknownCRLExtensionCACRL.crl"), certStoreParams.getCRLStore());

    X509CertSelector selector = new X509CertSelector();

    selector.setSerialNumber(BigIntegerUtils.hexDecode("1"));
    selector.setIssuer("CN=Unknown CRL Extension CA, O=Test Certificates, C=US");

    PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector);

    CertPath certPath = result.getCertPath();

    TrustAnchor trustAnchor = result.getTrustAnchor();

    assertNotNull(trustAnchor);
    assertEquals("CN=Trust Anchor, O=Test Certificates, C=US",
            trustAnchor.getTrustedCert().getSubjectX500Principal().toString());

    PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore());

    RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate);

    assertEquals(RevocationStatus.REVOKED, revocationResult.getStatus());
    assertEquals(RevocationReason.KEY_COMPROMISE, revocationResult.getReason());

    RevocationDetail[] detail = revocationResult.getDetails();

    assertEquals(detail.length, 2);
    assertEquals(RevocationStatus.REVOKED, detail[0].getStatus());
    assertEquals(RevocationStatus.UNKNOWN, detail[1].getStatus());
}

From source file:mitm.common.security.crl.PKITSTest.java

@Test
public void test_4_4_10_Invalid_Unknown_CRL_Extension_Test10() throws Exception {
    // add certificates
    addCertificates(new File(testBase, "certs/UnknownCRLExtensionCACert.crt"), certStoreParams.getCertStore());
    addCertificates(new File(testBase, "certs/InvalidUnknownCRLExtensionTest10EE.crt"),
            certStoreParams.getCertStore());

    // add crls// w ww.  ja  v a  2  s .  c  o m
    addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore());
    addCRL(new File(testBase, "crls/UnknownCRLExtensionCACRL.crl"), certStoreParams.getCRLStore());

    X509CertSelector selector = new X509CertSelector();

    selector.setSerialNumber(BigIntegerUtils.hexDecode("2"));
    selector.setIssuer("CN=Unknown CRL Extension CA, O=Test Certificates, C=US");

    PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector);

    CertPath certPath = result.getCertPath();

    TrustAnchor trustAnchor = result.getTrustAnchor();

    assertNotNull(trustAnchor);
    assertEquals("CN=Trust Anchor, O=Test Certificates, C=US",
            trustAnchor.getTrustedCert().getSubjectX500Principal().toString());

    PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore());

    RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate);

    assertEquals(RevocationStatus.UNSUPPORTED_CRITICAL_EXTENSION, revocationResult.getStatus());
    assertEquals(null, revocationResult.getReason());

    RevocationDetail[] detail = revocationResult.getDetails();

    assertEquals(detail.length, 2);
    assertEquals(RevocationStatus.UNSUPPORTED_CRITICAL_EXTENSION, detail[0].getStatus());
    assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus());
}

From source file:mitm.common.security.crl.PKITSTest.java

@Test
public void test_4_4_12_Invalid_pre2000_CRL_nextUpdate_Test12() throws Exception {
    // add certificates
    addCertificates(new File(testBase, "certs/pre2000CRLnextUpdateCACert.crt"), certStoreParams.getCertStore());
    addCertificates(new File(testBase, "certs/Invalidpre2000CRLnextUpdateTest12EE.crt"),
            certStoreParams.getCertStore());

    // add crls//w w  w  .j  a v  a 2s.c o m
    addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore());
    addCRL(new File(testBase, "crls/pre2000CRLnextUpdateCACRL.crl"), certStoreParams.getCRLStore());

    X509CertSelector selector = new X509CertSelector();

    selector.setSerialNumber(BigIntegerUtils.hexDecode("1"));
    selector.setIssuer("CN=pre2000 CRL nextUpdate CA, O=Test Certificates, C=US");

    PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector);

    CertPath certPath = result.getCertPath();

    TrustAnchor trustAnchor = result.getTrustAnchor();

    assertNotNull(trustAnchor);
    assertEquals("CN=Trust Anchor, O=Test Certificates, C=US",
            trustAnchor.getTrustedCert().getSubjectX500Principal().toString());

    PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore());

    RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate);

    assertEquals(RevocationStatus.EXPIRED, revocationResult.getStatus());
    assertEquals(null, revocationResult.getReason());

    RevocationDetail[] detail = revocationResult.getDetails();

    assertEquals(detail.length, 2);
    assertEquals(RevocationStatus.EXPIRED, detail[0].getStatus());
    assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus());
}

From source file:mitm.common.security.crl.PKITSTest.java

@Test
public void test_4_4_14_Valid_Negative_Serial_Number_Test14() throws Exception {
    // add certificates
    addCertificates(new File(testBase, "certs/NegativeSerialNumberCACert.crt"), certStoreParams.getCertStore());
    addCertificates(new File(testBase, "certs/ValidNegativeSerialNumberTest14EE.crt"),
            certStoreParams.getCertStore());

    // add crls//from  ww w. j  a  v  a2 s  .c o m
    addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore());
    addCRL(new File(testBase, "crls/NegativeSerialNumberCACRL.crl"), certStoreParams.getCRLStore());

    X509CertSelector selector = new X509CertSelector();

    selector.setSerialNumber(BigIntegerUtils.hexDecode("FF"));
    selector.setIssuer("CN=Negative Serial Number CA, O=Test Certificates, C=US");

    PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector);

    CertPath certPath = result.getCertPath();

    TrustAnchor trustAnchor = result.getTrustAnchor();

    assertNotNull(trustAnchor);
    assertEquals("CN=Trust Anchor, O=Test Certificates, C=US",
            trustAnchor.getTrustedCert().getSubjectX500Principal().toString());

    PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore());

    RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate);

    assertEquals(RevocationStatus.NOT_REVOKED, revocationResult.getStatus());
    assertEquals(null, revocationResult.getReason());

    RevocationDetail[] detail = revocationResult.getDetails();

    assertEquals(detail.length, 2);
    assertEquals(RevocationStatus.NOT_REVOKED, detail[0].getStatus());
    assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus());
}

From source file:mitm.common.security.crl.PKITSTest.java

@Test
public void test_4_4_15_Invalid_Negative_Serial_Number_Test15() throws Exception {
    // add certificates
    addCertificates(new File(testBase, "certs/NegativeSerialNumberCACert.crt"), certStoreParams.getCertStore());
    addCertificates(new File(testBase, "certs/InvalidNegativeSerialNumberTest15EE.crt"),
            certStoreParams.getCertStore());

    // add crls/*w  ww  .  j  a  va 2s .c om*/
    addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore());
    addCRL(new File(testBase, "crls/NegativeSerialNumberCACRL.crl"), certStoreParams.getCRLStore());

    X509CertSelector selector = new X509CertSelector();

    selector.setSerialNumber(new BigInteger("-1"));
    selector.setIssuer("CN=Negative Serial Number CA, O=Test Certificates, C=US");

    PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector);

    CertPath certPath = result.getCertPath();

    TrustAnchor trustAnchor = result.getTrustAnchor();

    assertNotNull(trustAnchor);
    assertEquals("CN=Trust Anchor, O=Test Certificates, C=US",
            trustAnchor.getTrustedCert().getSubjectX500Principal().toString());

    PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore());

    RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate);

    assertEquals(RevocationStatus.REVOKED, revocationResult.getStatus());
    assertEquals(RevocationReason.KEY_COMPROMISE, revocationResult.getReason());

    RevocationDetail[] detail = revocationResult.getDetails();

    assertEquals(detail.length, 2);
    assertEquals(RevocationStatus.REVOKED, detail[0].getStatus());
    assertEquals(RevocationStatus.UNKNOWN, detail[1].getStatus());
}