List of usage examples for java.security.cert PKIXCertPathBuilderResult getTrustAnchor
public TrustAnchor getTrustAnchor()
From source file:mitm.common.security.crl.PKITSTest.java
@Test public void test_4_14_13_Valid_onlyContainsCACerts_CRL_Test13() throws Exception { // add certificates addCertificates(new File(testBase, "certs/onlyContainsCACertsCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/ValidonlyContainsCACertsTest13EE.crt"), certStoreParams.getCertStore()); // add crls//from w w w . ja v a 2 s. com addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/onlyContainsCACertsCACRL.crl"), certStoreParams.getCRLStore()); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("2")); selector.setIssuer("CN=onlyContainsCACerts CA, O=Test Certificates, C=US"); PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector); CertPath certPath = result.getCertPath(); TrustAnchor trustAnchor = result.getTrustAnchor(); assertNotNull(trustAnchor); assertEquals("CN=Trust Anchor, O=Test Certificates, C=US", trustAnchor.getTrustedCert().getSubjectX500Principal().toString()); PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore()); RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate); assertEquals(RevocationStatus.NOT_REVOKED, revocationResult.getStatus()); assertEquals(null, revocationResult.getReason()); RevocationDetail[] detail = revocationResult.getDetails(); assertEquals(detail.length, 2); assertEquals(RevocationStatus.NOT_REVOKED, detail[0].getStatus()); assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus()); }
From source file:mitm.common.security.crl.PKITSTest.java
@Test public void test_4_4_4_Invalid_Bad_CRL_Signature_Test4() throws Exception { // add certificates addCertificates(new File(testBase, "certs/BadCRLSignatureCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/InvalidBadCRLSignatureTest4EE.crt"), certStoreParams.getCertStore()); // add crls//from w w w . j av a2 s . c o m addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/BadCRLSignatureCACRL.crl"), certStoreParams.getCRLStore()); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("1")); selector.setIssuer("CN=Bad CRL Signature CA, O=Test Certificates, C=US"); PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector); CertPath certPath = result.getCertPath(); TrustAnchor trustAnchor = result.getTrustAnchor(); assertNotNull(trustAnchor); assertEquals("CN=Trust Anchor, O=Test Certificates, C=US", trustAnchor.getTrustedCert().getSubjectX500Principal().toString()); PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore()); RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate); assertEquals(RevocationStatus.UNKNOWN, revocationResult.getStatus()); assertEquals(null, revocationResult.getReason()); RevocationDetail[] detail = revocationResult.getDetails(); assertEquals(detail.length, 2); // unknown because the CRLs signature was invalid and therefore not included in the search assertEquals(RevocationStatus.UNKNOWN, detail[0].getStatus()); assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus()); }
From source file:mitm.common.security.crl.PKITSTest.java
@Test public void test_4_4_8_Invalid_Unknown_CRL_Entry_Extension_Test8() throws Exception { // add certificates addCertificates(new File(testBase, "certs/UnknownCRLEntryExtensionCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/InvalidUnknownCRLEntryExtensionTest8EE.crt"), certStoreParams.getCertStore()); // add crls/* ww w.ja va 2s. c o m*/ addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/UnknownCRLEntryExtensionCACRL.crl"), certStoreParams.getCRLStore()); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("1")); selector.setIssuer("CN=Unknown CRL Entry Extension CA, O=Test Certificates, C=US"); PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector); CertPath certPath = result.getCertPath(); TrustAnchor trustAnchor = result.getTrustAnchor(); assertNotNull(trustAnchor); assertEquals("CN=Trust Anchor, O=Test Certificates, C=US", trustAnchor.getTrustedCert().getSubjectX500Principal().toString()); PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore()); RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate); assertEquals(RevocationStatus.REVOKED, revocationResult.getStatus()); assertEquals(RevocationReason.KEY_COMPROMISE, revocationResult.getReason()); RevocationDetail[] detail = revocationResult.getDetails(); assertEquals(detail.length, 2); assertEquals(RevocationStatus.REVOKED, detail[0].getStatus()); assertEquals(RevocationStatus.UNKNOWN, detail[1].getStatus()); }
From source file:mitm.common.security.crl.PKITSTest.java
@Test public void test_4_4_13_Valid_GeneralizedTime_CRL_nextUpdate_Test13() throws Exception { // add certificates addCertificates(new File(testBase, "certs/GeneralizedTimeCRLnextUpdateCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/ValidGeneralizedTimeCRLnextUpdateTest13EE.crt"), certStoreParams.getCertStore()); // add crls/* w w w . j a v a2s . c om*/ addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/GeneralizedTimeCRLnextUpdateCACRL.crl"), certStoreParams.getCRLStore()); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("1")); selector.setIssuer("CN=GenerizedTime CRL nextUpdate CA, O=Test Certificates, C=US"); PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector); CertPath certPath = result.getCertPath(); TrustAnchor trustAnchor = result.getTrustAnchor(); assertNotNull(trustAnchor); assertEquals("CN=Trust Anchor, O=Test Certificates, C=US", trustAnchor.getTrustedCert().getSubjectX500Principal().toString()); PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore()); RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate); assertEquals(RevocationStatus.NOT_REVOKED, revocationResult.getStatus()); assertEquals(null, revocationResult.getReason()); RevocationDetail[] detail = revocationResult.getDetails(); assertEquals(detail.length, 2); assertEquals(RevocationStatus.NOT_REVOKED, detail[0].getStatus()); assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus()); }
From source file:mitm.common.security.crl.PKITSTest.java
@Test public void test_4_15_1_Invalid_deltaCRLIndicator_No_Base_Test1() throws Exception { // add certificates addCertificates(new File(testBase, "certs/deltaCRLIndicatorNoBaseCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/InvaliddeltaCRLIndicatorNoBaseTest1EE.crt"), certStoreParams.getCertStore()); // add crls//from w w w. j a va2 s . com addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/deltaCRLIndicatorNoBaseCACRL.crl"), certStoreParams.getCRLStore()); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("1")); selector.setIssuer("CN=deltaCRLIndicator No Base CA, O=Test Certificates, C=US"); PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector); CertPath certPath = result.getCertPath(); TrustAnchor trustAnchor = result.getTrustAnchor(); assertNotNull(trustAnchor); assertEquals("CN=Trust Anchor, O=Test Certificates, C=US", trustAnchor.getTrustedCert().getSubjectX500Principal().toString()); PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore()); RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate); assertEquals(RevocationStatus.UNKNOWN, revocationResult.getStatus()); assertEquals(null, revocationResult.getReason()); RevocationDetail[] detail = revocationResult.getDetails(); assertEquals(detail.length, 2); assertEquals(RevocationStatus.UNKNOWN, detail[0].getStatus()); assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus()); }
From source file:mitm.common.security.crl.PKITSTest.java
@Test public void test_4_14_10_Valid_No_issuingDistributionPoint_Test10() throws Exception { // add certificates addCertificates(new File(testBase, "certs/NoissuingDistributionPointCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/ValidNoissuingDistributionPointTest10EE.crt"), certStoreParams.getCertStore()); // add crls/*from w w w . ja v a2s.c o m*/ addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/NoissuingDistributionPointCACRL.crl"), certStoreParams.getCRLStore()); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("1")); selector.setIssuer("OU=No issuingDistributionPoint CA, O=Test Certificates, C=US"); PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector); CertPath certPath = result.getCertPath(); TrustAnchor trustAnchor = result.getTrustAnchor(); assertNotNull(trustAnchor); assertEquals("CN=Trust Anchor, O=Test Certificates, C=US", trustAnchor.getTrustedCert().getSubjectX500Principal().toString()); PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore()); RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate); assertEquals(RevocationStatus.NOT_REVOKED, revocationResult.getStatus()); assertEquals(null, revocationResult.getReason()); RevocationDetail[] detail = revocationResult.getDetails(); assertEquals(detail.length, 2); assertEquals(RevocationStatus.NOT_REVOKED, detail[0].getStatus()); assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus()); }
From source file:mitm.common.security.crl.PKITSTest.java
@Test public void test_4_14_11_Invalid_onlyContainsUserCerts_CRL_Test11() throws Exception { // add certificates addCertificates(new File(testBase, "certs/onlyContainsUserCertsCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/InvalidonlyContainsUserCertsTest11EE.crt"), certStoreParams.getCertStore()); // add crls// ww w . j a va 2 s.c o m addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/onlyContainsUserCertsCACRL.crl"), certStoreParams.getCRLStore()); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("1")); selector.setIssuer("CN=onlyContainsUserCerts CA, O=Test Certificates, C=US"); PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector); CertPath certPath = result.getCertPath(); TrustAnchor trustAnchor = result.getTrustAnchor(); assertNotNull(trustAnchor); assertEquals("CN=Trust Anchor, O=Test Certificates, C=US", trustAnchor.getTrustedCert().getSubjectX500Principal().toString()); PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore()); RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate); assertEquals(RevocationStatus.UNKNOWN, revocationResult.getStatus()); assertEquals(null, revocationResult.getReason()); RevocationDetail[] detail = revocationResult.getDetails(); assertEquals(detail.length, 2); assertEquals(RevocationStatus.UNKNOWN, detail[0].getStatus()); assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus()); }
From source file:mitm.common.security.crl.PKITSTest.java
@Test public void test_4_14_14_Invalid_onlyContainsAttributeCerts_Test14() throws Exception { // add certificates addCertificates(new File(testBase, "certs/onlyContainsAttributeCertsCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/InvalidonlyContainsAttributeCertsTest14EE.crt"), certStoreParams.getCertStore()); // add crls// www.j a v a 2 s . co m addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/onlyContainsAttributeCertsCACRL.crl"), certStoreParams.getCRLStore()); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("1")); selector.setIssuer("CN=onlyContainsAttributeCerts CA, O=Test Certificates, C=US"); PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector); CertPath certPath = result.getCertPath(); TrustAnchor trustAnchor = result.getTrustAnchor(); assertNotNull(trustAnchor); assertEquals("CN=Trust Anchor, O=Test Certificates, C=US", trustAnchor.getTrustedCert().getSubjectX500Principal().toString()); PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore()); RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate); assertEquals(RevocationStatus.UNKNOWN, revocationResult.getStatus()); assertEquals(null, revocationResult.getReason()); RevocationDetail[] detail = revocationResult.getDetails(); assertEquals(detail.length, 2); assertEquals(RevocationStatus.UNKNOWN, detail[0].getStatus()); assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus()); }
From source file:mitm.common.security.crl.PKITSTest.java
@Test public void test_4_4_2_Invalid_Revoked_CA_Test2() throws Exception { // add certificates addCertificates(new File(testBase, "certs/GoodCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/RevokedsubCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/InvalidRevokedCATest2EE.crt"), certStoreParams.getCertStore()); // add crls//from w w w .j av a 2 s. c o m addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/GoodCACRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/RevokedsubCACRL.crl"), certStoreParams.getCRLStore()); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(new BigInteger("1")); selector.setIssuer("CN=Revoked subCA, O=Test Certificates, C=US"); PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector); CertPath certPath = result.getCertPath(); TrustAnchor trustAnchor = result.getTrustAnchor(); assertNotNull(trustAnchor); assertEquals("CN=Trust Anchor, O=Test Certificates, C=US", trustAnchor.getTrustedCert().getSubjectX500Principal().toString()); PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore()); RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate); assertEquals(RevocationStatus.REVOKED, revocationResult.getStatus()); assertEquals(RevocationReason.KEY_COMPROMISE, revocationResult.getReason()); RevocationDetail[] detail = revocationResult.getDetails(); assertEquals(detail.length, 3); assertEquals(RevocationStatus.NOT_REVOKED, detail[0].getStatus()); assertEquals(RevocationStatus.REVOKED, detail[1].getStatus()); assertEquals(RevocationStatus.UNKNOWN, detail[2].getStatus()); }
From source file:mitm.common.security.crl.PKITSTest.java
@Test public void test_4_4_11_Invalid_Old_CRL_nextUpdate_Test11() throws Exception { // add certificates addCertificates(new File(testBase, "certs/OldCRLnextUpdateCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/InvalidOldCRLnextUpdateTest11EE.crt"), certStoreParams.getCertStore()); // add crls/*from w w w . j a v a 2 s . c o m*/ addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/OldCRLnextUpdateCACRL.crl"), certStoreParams.getCRLStore()); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("1")); selector.setIssuer("CN=Old CRL nextUpdate CA, O=Test Certificates, C=US"); PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector); CertPath certPath = result.getCertPath(); TrustAnchor trustAnchor = result.getTrustAnchor(); assertNotNull(trustAnchor); assertEquals("CN=Trust Anchor, O=Test Certificates, C=US", trustAnchor.getTrustedCert().getSubjectX500Principal().toString()); PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore()); Date now = TestUtils.parseDate("02-Jan-2002 16:38:35 GMT"); RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, now); assertEquals(RevocationStatus.EXPIRED, revocationResult.getStatus()); assertEquals(null, revocationResult.getReason()); RevocationDetail[] detail = revocationResult.getDetails(); assertEquals(detail.length, 2); assertEquals(RevocationStatus.EXPIRED, detail[0].getStatus()); assertTrue(DateUtils.addDays(detail[0].getNextUpdate(), 2).after(now)); assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus()); }