List of usage examples for java.security.cert X509CertSelector X509CertSelector
public X509CertSelector()
From source file:mitm.common.security.certpath.CertPathBuilderSpeedTest.java
@Test public void testBuildPathManyCertificates() throws Exception { int tries = 1000; TrustAnchorBuilder trustAnchorBuilder = new CertStoreTrustAnchorBuilder(rootStoreParams.getCertStore(), 10 * DateUtils.MILLIS_PER_SECOND); long start = System.currentTimeMillis(); Set<TrustAnchor> trustAnchors = trustAnchorBuilder.getTrustAnchors(); for (int i = 0; i < tries; i++) { X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("116A448F117FF69FE4F2D4D38F689D7")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); //Set<TrustAnchor> trustAnchors = trustAnchorBuilder.getTrustAnchors(); trustAnchors = trustAnchorBuilder.getTrustAnchors(); builder.setTrustAnchors(trustAnchors); builder.addCertPathChecker(new SMIMEExtendedKeyUsageCertPathChecker()); builder.addCertStore(certStore); builder.setRevocationEnabled(false); CertPathBuilderResult result = builder.buildPath(selector); assertEquals(2, result.getCertPath().getCertificates().size()); }// www . ja v a 2s . co m long diff = System.currentTimeMillis() - start; double secondsPerBuild = diff * 0.001 / tries; System.out.println("Seconds / build: " + secondsPerBuild); if (secondsPerBuild > 0.03) { /*************************************************** * Note: This might fail on slower systems!! ***************************************************/ fail("Seconds / build too slow. Note: This might fail on slower systems!!!"); } }
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testAlgorithmIdentifierComparisonFailed() throws Exception { addCertificates("AC_MINEFI_DPMA.cer", certStoreParams.getCertStore()); addCertificates("MINEFI_AUTORITE_DE_CERTIFICATION_RACINE.cer", rootStoreParams.getCertStore()); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.addCertStore(certStore);//from w ww . jav a 2 s . c o m builder.setTrustAnchors(getTrustAnchors()); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("30303031303935373731383130383135")); selector.setIssuer("CN=MINEFI-AUTORITE DE CERTIFICATION RACINE, OU=AGENCE AUTORITE, O=MINEFI, C=FR"); CertPathBuilderResult results = builder.buildPath(selector); assertNotNull(results.getCertPath()); assertEquals(1, results.getCertPath().getCertificates().size()); }
From source file:mitm.common.security.crl.PKITSTest.java
@Test public void test_4_4_2_Invalid_Revoked_CA_Test2() throws Exception { // add certificates addCertificates(new File(testBase, "certs/GoodCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/RevokedsubCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/InvalidRevokedCATest2EE.crt"), certStoreParams.getCertStore()); // add crls//from w w w .j a v a 2s . co m addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/GoodCACRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/RevokedsubCACRL.crl"), certStoreParams.getCRLStore()); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(new BigInteger("1")); selector.setIssuer("CN=Revoked subCA, O=Test Certificates, C=US"); PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector); CertPath certPath = result.getCertPath(); TrustAnchor trustAnchor = result.getTrustAnchor(); assertNotNull(trustAnchor); assertEquals("CN=Trust Anchor, O=Test Certificates, C=US", trustAnchor.getTrustedCert().getSubjectX500Principal().toString()); PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore()); RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate); assertEquals(RevocationStatus.REVOKED, revocationResult.getStatus()); assertEquals(RevocationReason.KEY_COMPROMISE, revocationResult.getReason()); RevocationDetail[] detail = revocationResult.getDetails(); assertEquals(detail.length, 3); assertEquals(RevocationStatus.NOT_REVOKED, detail[0].getStatus()); assertEquals(RevocationStatus.REVOKED, detail[1].getStatus()); assertEquals(RevocationStatus.UNKNOWN, detail[2].getStatus()); }
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testNoTrustAnchors() throws Exception { addCertificates("windows-xp-all-intermediates.p7b", certStoreParams.getCertStore()); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.addCertStore(certStore);//from w ww . j av a 2 s . c o m X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("115FD110A82F742D0AE14A71B651962")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); try { builder.buildPath(selector); fail("Should have failed"); } catch (CertPathBuilderException e) { assertEquals(PKIXCertificatePathBuilder.NO_ROOTS_ERROR_MESSAGE, e.getMessage()); } }
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testBuildPathCRLSignedByIncorrectKey() throws Exception { // add roots/*w ww . jav a 2 s. c om*/ addCertificates("windows-xp-all-roots.p7b", rootStoreParams.getCertStore()); addCertificates("mitm-test-root.cer", rootStoreParams.getCertStore()); addCertificates("windows-xp-all-intermediates.p7b", certStoreParams.getCertStore()); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); addCRL("test-root-ca-not-revoked.crl", certStoreParams.getCRLStore()); addCRL("test-ca-signed-incorrect-key.crl", certStoreParams.getCRLStore()); trustAnchors = getTrustAnchors(); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("115FD110A82F742D0AE14A71B651962")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.setTrustAnchors(trustAnchors); builder.addCertPathChecker(new SMIMEExtendedKeyUsageCertPathChecker()); builder.addCertStore(certStore); builder.setRevocationEnabled(true); try { builder.buildPath(selector); fail(); } catch (CertPathBuilderException e) { // should be thrown because the crl was not signed by the CA but the issuer is the CA Throwable rootCause = ExceptionUtils.getRootCause(e); assertEquals("CRL does not verify with supplied public key.", rootCause.getMessage()); } }
From source file:mitm.common.security.crl.PKITSTest.java
@Test public void test_4_4_3_Invalid_Revoked_EE_Test3() throws Exception { // add certificates addCertificates(new File(testBase, "certs/GoodCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/InvalidRevokedEETest3EE.crt"), certStoreParams.getCertStore()); // add crls/*w w w . j a va2 s . com*/ addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/GoodCACRL.crl"), certStoreParams.getCRLStore()); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("F")); selector.setIssuer("CN=Good CA, O=Test Certificates, C=US"); PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector); CertPath certPath = result.getCertPath(); TrustAnchor trustAnchor = result.getTrustAnchor(); assertNotNull(trustAnchor); assertEquals("CN=Trust Anchor, O=Test Certificates, C=US", trustAnchor.getTrustedCert().getSubjectX500Principal().toString()); PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore()); RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate); assertEquals(RevocationStatus.REVOKED, revocationResult.getStatus()); assertEquals(RevocationReason.KEY_COMPROMISE, revocationResult.getReason()); RevocationDetail[] detail = revocationResult.getDetails(); assertEquals(detail.length, 2); assertEquals(RevocationStatus.REVOKED, detail[0].getStatus()); assertEquals(RevocationStatus.UNKNOWN, detail[1].getStatus()); }
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testBuildPathCRLSignedByIncorrectKeyAndCorrectKey() throws Exception { // add roots// ww w. jav a 2s . c om addCertificates("windows-xp-all-roots.p7b", rootStoreParams.getCertStore()); addCertificates("mitm-test-root.cer", rootStoreParams.getCertStore()); addCertificates("windows-xp-all-intermediates.p7b", certStoreParams.getCertStore()); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); addCRL("test-root-ca-not-revoked.crl", certStoreParams.getCRLStore()); addCRL("test-ca.crl", certStoreParams.getCRLStore()); addCRL("test-ca-signed-incorrect-key.crl", certStoreParams.getCRLStore()); trustAnchors = getTrustAnchors(); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("115FD110A82F742D0AE14A71B651962")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.setTrustAnchors(trustAnchors); builder.addCertPathChecker(new SMIMEExtendedKeyUsageCertPathChecker()); builder.addCertStore(certStore); builder.setRevocationEnabled(true); CertPathBuilderResult result = builder.buildPath(selector); assertEquals(2, result.getCertPath().getCertificates().size()); }
From source file:mitm.common.security.crl.PKITSTest.java
@Test public void test_4_4_4_Invalid_Bad_CRL_Signature_Test4() throws Exception { // add certificates addCertificates(new File(testBase, "certs/BadCRLSignatureCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/InvalidBadCRLSignatureTest4EE.crt"), certStoreParams.getCertStore()); // add crls/*from ww w .j a v a 2s. c o m*/ addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/BadCRLSignatureCACRL.crl"), certStoreParams.getCRLStore()); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("1")); selector.setIssuer("CN=Bad CRL Signature CA, O=Test Certificates, C=US"); PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector); CertPath certPath = result.getCertPath(); TrustAnchor trustAnchor = result.getTrustAnchor(); assertNotNull(trustAnchor); assertEquals("CN=Trust Anchor, O=Test Certificates, C=US", trustAnchor.getTrustedCert().getSubjectX500Principal().toString()); PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore()); RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate); assertEquals(RevocationStatus.UNKNOWN, revocationResult.getStatus()); assertEquals(null, revocationResult.getReason()); RevocationDetail[] detail = revocationResult.getDetails(); assertEquals(detail.length, 2); // unknown because the CRLs signature was invalid and therefore not included in the search assertEquals(RevocationStatus.UNKNOWN, detail[0].getStatus()); assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus()); }
From source file:mitm.application.djigzo.ws.impl.X509CertStoreWSImpl.java
private List<X509CertificateDTO> getCertificatesAction(Expired expired, MissingKeyAlias missingKeyAlias, Integer firstResult, Integer maxResults) throws WebServiceCheckedException { List<X509CertificateDTO> certificates = new LinkedList<X509CertificateDTO>(); try {/* w ww .j av a2s.co m*/ X509CertSelector certSelector = new X509CertSelector(); if (expired == Expired.NOT_ALLOWED) { certSelector.setCertificateValid(new Date()); } CloseableIterator<? extends X509CertStoreEntry> iterator = certStore.getCertStoreIterator(certSelector, missingKeyAlias, firstResult, maxResults); try { while (iterator.hasNext()) { X509CertStoreEntry certStoreEntry = iterator.next(); certificates.add(certificateDTOBuilder.buildCertificateDTO(certStoreEntry.getCertificate(), certStoreEntry.getKeyAlias())); } } finally { iterator.close(); } return certificates; } catch (CertStoreException e) { throw new WebServiceCheckedException(e); } catch (CloseableIteratorException e) { throw new WebServiceCheckedException(e); } }
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testBuildPathManyCertificates() throws Exception { // add roots/*from www . j ava2s. c om*/ addCertificates("windows-xp-all-roots.p7b", rootStoreParams.getCertStore()); addCertificates("mitm-test-root.cer", rootStoreParams.getCertStore()); long start = System.currentTimeMillis(); addCertificatesBulk("random-self-signed-1000.p7b"); //addCertificatesBulk("random-self-signed-10000.p7b"); //addCertificatesBulk("random-self-signed-40000.p7b"); System.out.println("Seconds : " + (System.currentTimeMillis() - start) * 0.001); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); addCRL("test-ca.crl", certStoreParams.getCRLStore()); addCRL("test-root-ca-not-revoked.crl", certStoreParams.getCRLStore()); int tries = 100; start = System.currentTimeMillis(); TrustAnchorBuilder trustAnchorBuilder = new CertStoreTrustAnchorBuilder(rootStoreParams.getCertStore(), 0 /* milliseconds */); for (int i = 0; i < tries; i++) { X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("116A448F117FF69FE4F2D4D38F689D7")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.setTrustAnchors(trustAnchorBuilder.getTrustAnchors()); builder.addCertPathChecker(new SMIMEExtendedKeyUsageCertPathChecker()); builder.addCertStore(certStore); builder.setRevocationEnabled(true); CertPathBuilderResult result = builder.buildPath(selector); assertEquals(2, result.getCertPath().getCertificates().size()); } double end = (System.currentTimeMillis() - start) * 0.001 / tries; System.out.println("Seconds / build: " + end); start = System.currentTimeMillis(); Collection<? extends Certificate> certificates = certStore.getCertificates(new X509CertSelector()); end = (System.currentTimeMillis() - start) * 0.001 / certificates.size(); System.out.println("Seconds / certificate: " + end); }