List of usage examples for java.security.cert X509CertSelector setSerialNumber
public void setSerialNumber(BigInteger serial)
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testBuildPathCRLUnavailableButCRLCheckOff() throws Exception { // add roots/*ww w.jav a 2 s . c o m*/ addCertificates("windows-xp-all-roots.p7b", rootStoreParams.getCertStore()); addCertificates("mitm-test-root.cer", rootStoreParams.getCertStore()); addCertificates("windows-xp-all-intermediates.p7b", certStoreParams.getCertStore()); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); trustAnchors = getTrustAnchors(); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("115FD110A82F742D0AE14A71B651962")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.setTrustAnchors(trustAnchors); builder.addCertPathChecker(new SMIMEExtendedKeyUsageCertPathChecker()); builder.addCertStore(certStore); builder.setRevocationEnabled(false); CertPathBuilderResult result = builder.buildPath(selector); List<? extends Certificate> certificates = result.getCertPath().getCertificates(); assertEquals(2, certificates.size()); CertStore store = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certificates)); Collection<? extends Certificate> foundCertificates = store.getCertificates(selector); assertEquals(1, foundCertificates.size()); }
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testBuildPathEndCertRevoked() throws Exception { // add roots/*from www . j a v a 2s . c o m*/ addCertificates("mitm-test-root.cer", rootStoreParams.getCertStore()); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); addCRL("test-ca.crl", certStoreParams.getCRLStore()); addCRL("test-root-ca-not-revoked.crl", certStoreParams.getCRLStore()); trustAnchors = getTrustAnchors(); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("115FCD741088707366E9727452C9770")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.setTrustAnchors(trustAnchors); builder.addCertPathChecker(new SMIMEExtendedKeyUsageCertPathChecker()); builder.addCertStore(certStore); builder.setRevocationEnabled(true); try { builder.buildPath(selector); fail(); } catch (CertPathBuilderException e) { // CertPathValidatorException should have been thrown because the certificate is revoked Throwable cause = ExceptionUtils.getCause(e); assertTrue(cause.getMessage().startsWith("Certificate revocation after Fri Nov 30")); assertTrue(cause.getMessage().endsWith("2007, reason: privilegeWithdrawn")); } }
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testBuildPathCRLSignedByIncorrectKey() throws Exception { // add roots//ww w. j a v a2s .c o m addCertificates("windows-xp-all-roots.p7b", rootStoreParams.getCertStore()); addCertificates("mitm-test-root.cer", rootStoreParams.getCertStore()); addCertificates("windows-xp-all-intermediates.p7b", certStoreParams.getCertStore()); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); addCRL("test-root-ca-not-revoked.crl", certStoreParams.getCRLStore()); addCRL("test-ca-signed-incorrect-key.crl", certStoreParams.getCRLStore()); trustAnchors = getTrustAnchors(); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("115FD110A82F742D0AE14A71B651962")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.setTrustAnchors(trustAnchors); builder.addCertPathChecker(new SMIMEExtendedKeyUsageCertPathChecker()); builder.addCertStore(certStore); builder.setRevocationEnabled(true); try { builder.buildPath(selector); fail(); } catch (CertPathBuilderException e) { // should be thrown because the crl was not signed by the CA but the issuer is the CA Throwable rootCause = ExceptionUtils.getRootCause(e); assertEquals("CRL does not verify with supplied public key.", rootCause.getMessage()); } }
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testBuildPathCACertRevoked() throws Exception { // add roots/*from w ww .j av a2s. c o m*/ addCertificates("mitm-test-root.cer", rootStoreParams.getCertStore()); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); addCRL("test-ca.crl", certStoreParams.getCRLStore()); addCRL("test-root-ca-revoked.crl", certStoreParams.getCRLStore()); trustAnchors = getTrustAnchors(); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("115FD110A82F742D0AE14A71B651962")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.setTrustAnchors(trustAnchors); builder.addCertPathChecker(new SMIMEExtendedKeyUsageCertPathChecker()); builder.addCertStore(certStore); builder.setRevocationEnabled(true); try { builder.buildPath(selector); fail(); } catch (CertPathBuilderException e) { // CertPathValidatorException should have been thrown because the certificate has a // key usage extension that is critical. Throwable cause = ExceptionUtils.getCause(e); assertTrue(cause.getMessage().startsWith("Certificate revocation after Fri Nov 30")); assertTrue(cause.getMessage().endsWith("2007, reason: cACompromise")); } }
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testBuildPathEKUCriticalNoEmailProtection() throws Exception { // add roots/*from w w w . j av a2s .c o m*/ addCertificates("mitm-test-root.cer", rootStoreParams.getCertStore()); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); addCRL("test-ca.crl", certStoreParams.getCRLStore()); addCRL("test-root-ca-not-revoked.crl", certStoreParams.getCRLStore()); trustAnchors = getTrustAnchors(); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("116A448F117FF69FE4F2D4D38F689D7")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.setTrustAnchors(trustAnchors); builder.addCertStore(certStore); builder.setRevocationEnabled(true); try { builder.buildPath(selector); fail(); } catch (CertPathBuilderException e) { // CertPathValidatorException should have been thrown because the certificate has a // key usage extension that is critical. Throwable cause = ExceptionUtils.getCause(e); assertTrue(cause instanceof CertPathValidatorException); assertNotNull(cause); assertEquals("Certificate has unsupported critical extension", cause.getMessage()); } }
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testBuildPathEKUCriticalNoEmailProtectionCertPathCheckerAdded() throws Exception { // add roots/*from www .ja v a 2 s . c om*/ addCertificates("mitm-test-root.cer", rootStoreParams.getCertStore()); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); addCRL("test-ca.crl", certStoreParams.getCRLStore()); addCRL("test-root-ca-not-revoked.crl", certStoreParams.getCRLStore()); trustAnchors = getTrustAnchors(); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("115FD035BA042503BCC6CA44680F9F8")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.setTrustAnchors(trustAnchors); builder.addCertPathChecker(new SMIMEExtendedKeyUsageCertPathChecker()); builder.addCertStore(certStore); builder.setRevocationEnabled(true); try { builder.buildPath(selector); fail(); } catch (CertPathBuilderException e) { // CertPathValidatorException should have been thrown because the certificate has a // key usage extension that is critical. Throwable cause = ExceptionUtils.getRootCause(e); assertTrue(cause instanceof CertPathValidatorException); assertEquals(SMIMEExtendedKeyUsageCertPathChecker.MISSING_SMIME_EXTENDED_KEY_USAGE, cause.getMessage()); } }
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testBuildPath() throws Exception { // add roots//from w ww.j av a 2 s. c o m addCertificates("windows-xp-all-roots.p7b", rootStoreParams.getCertStore()); addCertificates("mitm-test-root.cer", rootStoreParams.getCertStore()); addCertificates("windows-xp-all-intermediates.p7b", certStoreParams.getCertStore()); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); addCRL("intel-basic-enterprise-issuing-CA.crl", certStoreParams.getCRLStore()); addCRL("itrus.com.cn.crl", certStoreParams.getCRLStore()); addCRL("test-ca.crl", certStoreParams.getCRLStore()); addCRL("test-root-ca-not-revoked.crl", certStoreParams.getCRLStore()); addCRL("ThawteSGCCA.crl", certStoreParams.getCRLStore()); final int tries = 5; long start = System.currentTimeMillis(); for (int i = 0; i < tries; i++) { trustAnchors = getTrustAnchors(); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("115FD110A82F742D0AE14A71B651962")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.setTrustAnchors(trustAnchors); builder.addCertPathChecker(new SMIMEExtendedKeyUsageCertPathChecker()); builder.addCertStore(certStore); builder.setRevocationEnabled(true); CertPathBuilderResult result = builder.buildPath(selector); List<? extends Certificate> certificates = result.getCertPath().getCertificates(); assertEquals(2, certificates.size()); assertEquals("115FD110A82F742D0AE14A71B651962", X509CertificateInspector.getSerialNumberHex((X509Certificate) certificates.get(0))); assertEquals("115FCAD6B536FD8D49E72922CD1F0DA", X509CertificateInspector.getSerialNumberHex((X509Certificate) certificates.get(1))); } System.out.println("testBuildPath. Seconds / try: " + (System.currentTimeMillis() - start) * 0.001 / tries); }
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testBuildPathManyCertificates() throws Exception { // add roots/*from ww w. j a v a2 s.co m*/ addCertificates("windows-xp-all-roots.p7b", rootStoreParams.getCertStore()); addCertificates("mitm-test-root.cer", rootStoreParams.getCertStore()); long start = System.currentTimeMillis(); addCertificatesBulk("random-self-signed-1000.p7b"); //addCertificatesBulk("random-self-signed-10000.p7b"); //addCertificatesBulk("random-self-signed-40000.p7b"); System.out.println("Seconds : " + (System.currentTimeMillis() - start) * 0.001); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); addCRL("test-ca.crl", certStoreParams.getCRLStore()); addCRL("test-root-ca-not-revoked.crl", certStoreParams.getCRLStore()); int tries = 100; start = System.currentTimeMillis(); TrustAnchorBuilder trustAnchorBuilder = new CertStoreTrustAnchorBuilder(rootStoreParams.getCertStore(), 0 /* milliseconds */); for (int i = 0; i < tries; i++) { X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("116A448F117FF69FE4F2D4D38F689D7")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.setTrustAnchors(trustAnchorBuilder.getTrustAnchors()); builder.addCertPathChecker(new SMIMEExtendedKeyUsageCertPathChecker()); builder.addCertStore(certStore); builder.setRevocationEnabled(true); CertPathBuilderResult result = builder.buildPath(selector); assertEquals(2, result.getCertPath().getCertificates().size()); } double end = (System.currentTimeMillis() - start) * 0.001 / tries; System.out.println("Seconds / build: " + end); start = System.currentTimeMillis(); Collection<? extends Certificate> certificates = certStore.getCertificates(new X509CertSelector()); end = (System.currentTimeMillis() - start) * 0.001 / certificates.size(); System.out.println("Seconds / certificate: " + end); }
From source file:mitm.application.djigzo.james.mailets.SMIMESignTest.java
@Test public void testSignBuildPath() throws Exception { AutoTransactDelegator proxy = AutoTransactDelegator.createProxy(); /*/*from w ww. ja v a 2 s .c om*/ * Find a certificate with critical EMAILPROTECTION extension */ X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("1178C3B653829E895ACB7100EB1F627")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); List<KeyAndCertificate> keyAndCertificates = proxy.getKeyAndCertificates(selector); assertEquals(1, keyAndCertificates.size()); proxy.setUserSigningKeyAndCertificate("test@example.com", keyAndCertificates.get(0)); MockMailetConfig mailetConfig = new MockMailetConfig("test"); SMIMESign mailet = new SMIMESign(); mailet.init(mailetConfig); MockMail mail = new MockMail(); MimeMessage message = MailUtils.loadMessage(new File(testBase, "mail/simple-text-message.eml")); mail.setMessage(message); Set<MailAddress> recipients = new HashSet<MailAddress>(); recipients.add(new MailAddress("recipient@example.com")); mail.setRecipients(recipients); mail.setSender(new MailAddress("test@example.com")); mailet.service(mail); MailUtils.validateMessage(mail.getMessage()); MailUtils.writeMessage(mail.getMessage(), new File(tempDir, "testDefaultSettings.eml")); assertEquals(SMIMEHeader.DETACHED_SIGNATURE_TYPE, SMIMEUtils.dissectSigned((Multipart) mail.getMessage().getContent())[1].getContentType()); SMIMEInspector inspector = new SMIMEInspectorImpl(mail.getMessage(), null, "BC"); assertEquals(SMIMEType.SIGNED, inspector.getSMIMEType()); assertEquals(SMIMEHeader.Type.CLEAR_SIGNED, SMIMEHeader.getSMIMEContentType(mail.getMessage())); assertEquals(3, inspector.getSignedInspector().getCertificates().size()); assertEquals("F18CC8973F9AB82A6C47448282849A72416B6DAB", X509CertificateInspector .getThumbprint(inspector.getSignedInspector().getCertificates().get(0), Digest.SHA1)); assertEquals("D8F8E5B92E651B1E3EF93B5493EACDE4C13AFEE0", X509CertificateInspector .getThumbprint(inspector.getSignedInspector().getCertificates().get(1), Digest.SHA1)); assertEquals("69D7FFAF26BD5E9E4F42083BCA077BFAA8398593", X509CertificateInspector .getThumbprint(inspector.getSignedInspector().getCertificates().get(2), Digest.SHA1)); assertEquals(1, inspector.getSignedInspector().getSigners().size()); assertEquals(Digest.SHA1.getOID(), inspector.getSignedInspector().getSigners().get(0).getDigestAlgorithmOID()); // check that no headers are signed. Only a content-type header should be added to the part Multipart mp = (Multipart) mail.getMessage().getContent(); assertEquals(2, mp.getCount()); BodyPart part = mp.getBodyPart(0); Enumeration<?> e = part.getNonMatchingHeaders(new String[] { "content-type" }); assertFalse(e.hasMoreElements()); }
From source file:mitm.common.security.crl.PKITSTest.java
@Test public void test_4_7_4_Invalid_keyUsage_Critical_cRLSign_False_Test4() throws Exception { // add certificates addCertificates(new File(testBase, "certs/keyUsageCriticalcRLSignFalseCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt"), certStoreParams.getCertStore()); // add crls//from w w w . j av a2s.c om addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/keyUsageCriticalcRLSignFalseCACRL.crl"), certStoreParams.getCRLStore()); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("1")); selector.setIssuer("CN=keyUsage Critical cRLSign False CA, O=Test Certificates, C=US"); PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector); CertPath certPath = result.getCertPath(); TrustAnchor trustAnchor = result.getTrustAnchor(); assertNotNull(trustAnchor); assertEquals("CN=Trust Anchor, O=Test Certificates, C=US", trustAnchor.getTrustedCert().getSubjectX500Principal().toString()); PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore()); RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate); assertEquals(RevocationStatus.UNKNOWN, revocationResult.getStatus()); }