Example usage for java.security.cert PKIXCertPathBuilderResult getTrustAnchor

List of usage examples for java.security.cert PKIXCertPathBuilderResult getTrustAnchor

Introduction

In this page you can find the example usage for java.security.cert PKIXCertPathBuilderResult getTrustAnchor.

Prototype

public TrustAnchor getTrustAnchor() 

Source Link

Document

Returns the TrustAnchor describing the CA that served as a trust anchor for the certification path.

Usage

From source file:mitm.common.security.crl.PKITSTest.java

@Test
public void test_4_14_13_Valid_onlyContainsCACerts_CRL_Test13() throws Exception {
    // add certificates
    addCertificates(new File(testBase, "certs/onlyContainsCACertsCACert.crt"), certStoreParams.getCertStore());
    addCertificates(new File(testBase, "certs/ValidonlyContainsCACertsTest13EE.crt"),
            certStoreParams.getCertStore());

    // add crls//from  w  w w  .  ja v  a 2 s. com
    addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore());
    addCRL(new File(testBase, "crls/onlyContainsCACertsCACRL.crl"), certStoreParams.getCRLStore());

    X509CertSelector selector = new X509CertSelector();

    selector.setSerialNumber(BigIntegerUtils.hexDecode("2"));
    selector.setIssuer("CN=onlyContainsCACerts CA, O=Test Certificates, C=US");

    PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector);

    CertPath certPath = result.getCertPath();

    TrustAnchor trustAnchor = result.getTrustAnchor();

    assertNotNull(trustAnchor);
    assertEquals("CN=Trust Anchor, O=Test Certificates, C=US",
            trustAnchor.getTrustedCert().getSubjectX500Principal().toString());

    PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore());

    RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate);

    assertEquals(RevocationStatus.NOT_REVOKED, revocationResult.getStatus());
    assertEquals(null, revocationResult.getReason());

    RevocationDetail[] detail = revocationResult.getDetails();

    assertEquals(detail.length, 2);
    assertEquals(RevocationStatus.NOT_REVOKED, detail[0].getStatus());
    assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus());
}

From source file:mitm.common.security.crl.PKITSTest.java

@Test
public void test_4_4_4_Invalid_Bad_CRL_Signature_Test4() throws Exception {
    // add certificates
    addCertificates(new File(testBase, "certs/BadCRLSignatureCACert.crt"), certStoreParams.getCertStore());
    addCertificates(new File(testBase, "certs/InvalidBadCRLSignatureTest4EE.crt"),
            certStoreParams.getCertStore());

    // add crls//from  w w  w . j av  a2 s . c  o  m
    addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore());
    addCRL(new File(testBase, "crls/BadCRLSignatureCACRL.crl"), certStoreParams.getCRLStore());

    X509CertSelector selector = new X509CertSelector();

    selector.setSerialNumber(BigIntegerUtils.hexDecode("1"));
    selector.setIssuer("CN=Bad CRL Signature CA, O=Test Certificates, C=US");

    PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector);

    CertPath certPath = result.getCertPath();

    TrustAnchor trustAnchor = result.getTrustAnchor();

    assertNotNull(trustAnchor);
    assertEquals("CN=Trust Anchor, O=Test Certificates, C=US",
            trustAnchor.getTrustedCert().getSubjectX500Principal().toString());

    PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore());

    RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate);

    assertEquals(RevocationStatus.UNKNOWN, revocationResult.getStatus());
    assertEquals(null, revocationResult.getReason());

    RevocationDetail[] detail = revocationResult.getDetails();

    assertEquals(detail.length, 2);
    // unknown because the CRLs signature was invalid and therefore not included in the search
    assertEquals(RevocationStatus.UNKNOWN, detail[0].getStatus());
    assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus());
}

From source file:mitm.common.security.crl.PKITSTest.java

@Test
public void test_4_4_8_Invalid_Unknown_CRL_Entry_Extension_Test8() throws Exception {
    // add certificates
    addCertificates(new File(testBase, "certs/UnknownCRLEntryExtensionCACert.crt"),
            certStoreParams.getCertStore());
    addCertificates(new File(testBase, "certs/InvalidUnknownCRLEntryExtensionTest8EE.crt"),
            certStoreParams.getCertStore());

    // add crls/* ww  w.ja  va 2s.  c  o  m*/
    addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore());
    addCRL(new File(testBase, "crls/UnknownCRLEntryExtensionCACRL.crl"), certStoreParams.getCRLStore());

    X509CertSelector selector = new X509CertSelector();

    selector.setSerialNumber(BigIntegerUtils.hexDecode("1"));
    selector.setIssuer("CN=Unknown CRL Entry Extension CA, O=Test Certificates, C=US");

    PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector);

    CertPath certPath = result.getCertPath();

    TrustAnchor trustAnchor = result.getTrustAnchor();

    assertNotNull(trustAnchor);
    assertEquals("CN=Trust Anchor, O=Test Certificates, C=US",
            trustAnchor.getTrustedCert().getSubjectX500Principal().toString());

    PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore());

    RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate);

    assertEquals(RevocationStatus.REVOKED, revocationResult.getStatus());
    assertEquals(RevocationReason.KEY_COMPROMISE, revocationResult.getReason());

    RevocationDetail[] detail = revocationResult.getDetails();

    assertEquals(detail.length, 2);
    assertEquals(RevocationStatus.REVOKED, detail[0].getStatus());
    assertEquals(RevocationStatus.UNKNOWN, detail[1].getStatus());
}

From source file:mitm.common.security.crl.PKITSTest.java

@Test
public void test_4_4_13_Valid_GeneralizedTime_CRL_nextUpdate_Test13() throws Exception {
    // add certificates
    addCertificates(new File(testBase, "certs/GeneralizedTimeCRLnextUpdateCACert.crt"),
            certStoreParams.getCertStore());
    addCertificates(new File(testBase, "certs/ValidGeneralizedTimeCRLnextUpdateTest13EE.crt"),
            certStoreParams.getCertStore());

    // add crls/*  w w  w .  j  a  v  a2s .  c om*/
    addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore());
    addCRL(new File(testBase, "crls/GeneralizedTimeCRLnextUpdateCACRL.crl"), certStoreParams.getCRLStore());

    X509CertSelector selector = new X509CertSelector();

    selector.setSerialNumber(BigIntegerUtils.hexDecode("1"));
    selector.setIssuer("CN=GenerizedTime CRL nextUpdate CA, O=Test Certificates, C=US");

    PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector);

    CertPath certPath = result.getCertPath();

    TrustAnchor trustAnchor = result.getTrustAnchor();

    assertNotNull(trustAnchor);
    assertEquals("CN=Trust Anchor, O=Test Certificates, C=US",
            trustAnchor.getTrustedCert().getSubjectX500Principal().toString());

    PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore());

    RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate);

    assertEquals(RevocationStatus.NOT_REVOKED, revocationResult.getStatus());
    assertEquals(null, revocationResult.getReason());

    RevocationDetail[] detail = revocationResult.getDetails();

    assertEquals(detail.length, 2);
    assertEquals(RevocationStatus.NOT_REVOKED, detail[0].getStatus());
    assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus());
}

From source file:mitm.common.security.crl.PKITSTest.java

@Test
public void test_4_15_1_Invalid_deltaCRLIndicator_No_Base_Test1() throws Exception {
    // add certificates
    addCertificates(new File(testBase, "certs/deltaCRLIndicatorNoBaseCACert.crt"),
            certStoreParams.getCertStore());
    addCertificates(new File(testBase, "certs/InvaliddeltaCRLIndicatorNoBaseTest1EE.crt"),
            certStoreParams.getCertStore());

    // add crls//from w w  w. j a  va2  s  .  com
    addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore());
    addCRL(new File(testBase, "crls/deltaCRLIndicatorNoBaseCACRL.crl"), certStoreParams.getCRLStore());

    X509CertSelector selector = new X509CertSelector();

    selector.setSerialNumber(BigIntegerUtils.hexDecode("1"));
    selector.setIssuer("CN=deltaCRLIndicator No Base CA, O=Test Certificates, C=US");

    PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector);

    CertPath certPath = result.getCertPath();

    TrustAnchor trustAnchor = result.getTrustAnchor();

    assertNotNull(trustAnchor);
    assertEquals("CN=Trust Anchor, O=Test Certificates, C=US",
            trustAnchor.getTrustedCert().getSubjectX500Principal().toString());

    PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore());

    RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate);

    assertEquals(RevocationStatus.UNKNOWN, revocationResult.getStatus());
    assertEquals(null, revocationResult.getReason());

    RevocationDetail[] detail = revocationResult.getDetails();

    assertEquals(detail.length, 2);
    assertEquals(RevocationStatus.UNKNOWN, detail[0].getStatus());
    assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus());
}

From source file:mitm.common.security.crl.PKITSTest.java

@Test
public void test_4_14_10_Valid_No_issuingDistributionPoint_Test10() throws Exception {
    // add certificates
    addCertificates(new File(testBase, "certs/NoissuingDistributionPointCACert.crt"),
            certStoreParams.getCertStore());
    addCertificates(new File(testBase, "certs/ValidNoissuingDistributionPointTest10EE.crt"),
            certStoreParams.getCertStore());

    // add crls/*from  w w  w . ja  v a2s.c  o  m*/
    addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore());
    addCRL(new File(testBase, "crls/NoissuingDistributionPointCACRL.crl"), certStoreParams.getCRLStore());

    X509CertSelector selector = new X509CertSelector();

    selector.setSerialNumber(BigIntegerUtils.hexDecode("1"));
    selector.setIssuer("OU=No issuingDistributionPoint CA, O=Test Certificates, C=US");

    PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector);

    CertPath certPath = result.getCertPath();

    TrustAnchor trustAnchor = result.getTrustAnchor();

    assertNotNull(trustAnchor);
    assertEquals("CN=Trust Anchor, O=Test Certificates, C=US",
            trustAnchor.getTrustedCert().getSubjectX500Principal().toString());

    PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore());

    RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate);

    assertEquals(RevocationStatus.NOT_REVOKED, revocationResult.getStatus());
    assertEquals(null, revocationResult.getReason());

    RevocationDetail[] detail = revocationResult.getDetails();

    assertEquals(detail.length, 2);
    assertEquals(RevocationStatus.NOT_REVOKED, detail[0].getStatus());
    assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus());
}

From source file:mitm.common.security.crl.PKITSTest.java

@Test
public void test_4_14_11_Invalid_onlyContainsUserCerts_CRL_Test11() throws Exception {
    // add certificates
    addCertificates(new File(testBase, "certs/onlyContainsUserCertsCACert.crt"),
            certStoreParams.getCertStore());
    addCertificates(new File(testBase, "certs/InvalidonlyContainsUserCertsTest11EE.crt"),
            certStoreParams.getCertStore());

    // add crls//  ww w  .  j  a  va 2  s.c  o  m
    addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore());
    addCRL(new File(testBase, "crls/onlyContainsUserCertsCACRL.crl"), certStoreParams.getCRLStore());

    X509CertSelector selector = new X509CertSelector();

    selector.setSerialNumber(BigIntegerUtils.hexDecode("1"));
    selector.setIssuer("CN=onlyContainsUserCerts CA, O=Test Certificates, C=US");

    PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector);

    CertPath certPath = result.getCertPath();

    TrustAnchor trustAnchor = result.getTrustAnchor();

    assertNotNull(trustAnchor);
    assertEquals("CN=Trust Anchor, O=Test Certificates, C=US",
            trustAnchor.getTrustedCert().getSubjectX500Principal().toString());

    PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore());

    RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate);

    assertEquals(RevocationStatus.UNKNOWN, revocationResult.getStatus());
    assertEquals(null, revocationResult.getReason());

    RevocationDetail[] detail = revocationResult.getDetails();

    assertEquals(detail.length, 2);
    assertEquals(RevocationStatus.UNKNOWN, detail[0].getStatus());
    assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus());
}

From source file:mitm.common.security.crl.PKITSTest.java

@Test
public void test_4_14_14_Invalid_onlyContainsAttributeCerts_Test14() throws Exception {
    // add certificates
    addCertificates(new File(testBase, "certs/onlyContainsAttributeCertsCACert.crt"),
            certStoreParams.getCertStore());
    addCertificates(new File(testBase, "certs/InvalidonlyContainsAttributeCertsTest14EE.crt"),
            certStoreParams.getCertStore());

    // add crls//  www.j  a  v a  2 s . co  m
    addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore());
    addCRL(new File(testBase, "crls/onlyContainsAttributeCertsCACRL.crl"), certStoreParams.getCRLStore());

    X509CertSelector selector = new X509CertSelector();

    selector.setSerialNumber(BigIntegerUtils.hexDecode("1"));
    selector.setIssuer("CN=onlyContainsAttributeCerts CA, O=Test Certificates, C=US");

    PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector);

    CertPath certPath = result.getCertPath();

    TrustAnchor trustAnchor = result.getTrustAnchor();

    assertNotNull(trustAnchor);
    assertEquals("CN=Trust Anchor, O=Test Certificates, C=US",
            trustAnchor.getTrustedCert().getSubjectX500Principal().toString());

    PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore());

    RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate);

    assertEquals(RevocationStatus.UNKNOWN, revocationResult.getStatus());
    assertEquals(null, revocationResult.getReason());

    RevocationDetail[] detail = revocationResult.getDetails();

    assertEquals(detail.length, 2);
    assertEquals(RevocationStatus.UNKNOWN, detail[0].getStatus());
    assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus());
}

From source file:mitm.common.security.crl.PKITSTest.java

@Test
public void test_4_4_2_Invalid_Revoked_CA_Test2() throws Exception {
    // add certificates
    addCertificates(new File(testBase, "certs/GoodCACert.crt"), certStoreParams.getCertStore());
    addCertificates(new File(testBase, "certs/RevokedsubCACert.crt"), certStoreParams.getCertStore());
    addCertificates(new File(testBase, "certs/InvalidRevokedCATest2EE.crt"), certStoreParams.getCertStore());

    // add crls//from   w w w .j  av  a  2 s.  c o m
    addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore());
    addCRL(new File(testBase, "crls/GoodCACRL.crl"), certStoreParams.getCRLStore());
    addCRL(new File(testBase, "crls/RevokedsubCACRL.crl"), certStoreParams.getCRLStore());

    X509CertSelector selector = new X509CertSelector();

    selector.setSerialNumber(new BigInteger("1"));
    selector.setIssuer("CN=Revoked subCA, O=Test Certificates, C=US");

    PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector);

    CertPath certPath = result.getCertPath();

    TrustAnchor trustAnchor = result.getTrustAnchor();

    assertNotNull(trustAnchor);
    assertEquals("CN=Trust Anchor, O=Test Certificates, C=US",
            trustAnchor.getTrustedCert().getSubjectX500Principal().toString());

    PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore());

    RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate);

    assertEquals(RevocationStatus.REVOKED, revocationResult.getStatus());
    assertEquals(RevocationReason.KEY_COMPROMISE, revocationResult.getReason());

    RevocationDetail[] detail = revocationResult.getDetails();

    assertEquals(detail.length, 3);
    assertEquals(RevocationStatus.NOT_REVOKED, detail[0].getStatus());
    assertEquals(RevocationStatus.REVOKED, detail[1].getStatus());
    assertEquals(RevocationStatus.UNKNOWN, detail[2].getStatus());
}

From source file:mitm.common.security.crl.PKITSTest.java

@Test
public void test_4_4_11_Invalid_Old_CRL_nextUpdate_Test11() throws Exception {
    // add certificates
    addCertificates(new File(testBase, "certs/OldCRLnextUpdateCACert.crt"), certStoreParams.getCertStore());
    addCertificates(new File(testBase, "certs/InvalidOldCRLnextUpdateTest11EE.crt"),
            certStoreParams.getCertStore());

    // add crls/*from w  w w . j a  v a  2 s  . c o m*/
    addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore());
    addCRL(new File(testBase, "crls/OldCRLnextUpdateCACRL.crl"), certStoreParams.getCRLStore());

    X509CertSelector selector = new X509CertSelector();

    selector.setSerialNumber(BigIntegerUtils.hexDecode("1"));
    selector.setIssuer("CN=Old CRL nextUpdate CA, O=Test Certificates, C=US");

    PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector);

    CertPath certPath = result.getCertPath();

    TrustAnchor trustAnchor = result.getTrustAnchor();

    assertNotNull(trustAnchor);
    assertEquals("CN=Trust Anchor, O=Test Certificates, C=US",
            trustAnchor.getTrustedCert().getSubjectX500Principal().toString());

    PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore());

    Date now = TestUtils.parseDate("02-Jan-2002 16:38:35 GMT");

    RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, now);

    assertEquals(RevocationStatus.EXPIRED, revocationResult.getStatus());
    assertEquals(null, revocationResult.getReason());

    RevocationDetail[] detail = revocationResult.getDetails();

    assertEquals(detail.length, 2);
    assertEquals(RevocationStatus.EXPIRED, detail[0].getStatus());
    assertTrue(DateUtils.addDays(detail[0].getNextUpdate(), 2).after(now));
    assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus());
}