List of usage examples for java.security.cert X509CertSelector X509CertSelector
public X509CertSelector()
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testBuildPathCACertRevoked() throws Exception { // add roots// w w w . ja va2s .co m addCertificates("mitm-test-root.cer", rootStoreParams.getCertStore()); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); addCRL("test-ca.crl", certStoreParams.getCRLStore()); addCRL("test-root-ca-revoked.crl", certStoreParams.getCRLStore()); trustAnchors = getTrustAnchors(); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("115FD110A82F742D0AE14A71B651962")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.setTrustAnchors(trustAnchors); builder.addCertPathChecker(new SMIMEExtendedKeyUsageCertPathChecker()); builder.addCertStore(certStore); builder.setRevocationEnabled(true); try { builder.buildPath(selector); fail(); } catch (CertPathBuilderException e) { // CertPathValidatorException should have been thrown because the certificate has a // key usage extension that is critical. Throwable cause = ExceptionUtils.getCause(e); assertTrue(cause.getMessage().startsWith("Certificate revocation after Fri Nov 30")); assertTrue(cause.getMessage().endsWith("2007, reason: cACompromise")); } }
From source file:mitm.common.security.crl.PKITSTest.java
@Test public void test_4_4_10_Invalid_Unknown_CRL_Extension_Test10() throws Exception { // add certificates addCertificates(new File(testBase, "certs/UnknownCRLExtensionCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/InvalidUnknownCRLExtensionTest10EE.crt"), certStoreParams.getCertStore()); // add crls/*from w w w .jav a2s. com*/ addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/UnknownCRLExtensionCACRL.crl"), certStoreParams.getCRLStore()); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("2")); selector.setIssuer("CN=Unknown CRL Extension CA, O=Test Certificates, C=US"); PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector); CertPath certPath = result.getCertPath(); TrustAnchor trustAnchor = result.getTrustAnchor(); assertNotNull(trustAnchor); assertEquals("CN=Trust Anchor, O=Test Certificates, C=US", trustAnchor.getTrustedCert().getSubjectX500Principal().toString()); PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore()); RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate); assertEquals(RevocationStatus.UNSUPPORTED_CRITICAL_EXTENSION, revocationResult.getStatus()); assertEquals(null, revocationResult.getReason()); RevocationDetail[] detail = revocationResult.getDetails(); assertEquals(detail.length, 2); assertEquals(RevocationStatus.UNSUPPORTED_CRITICAL_EXTENSION, detail[0].getStatus()); assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus()); }
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testBuildPath() throws Exception { // add roots//from w w w. j av a2s. com addCertificates("windows-xp-all-roots.p7b", rootStoreParams.getCertStore()); addCertificates("mitm-test-root.cer", rootStoreParams.getCertStore()); addCertificates("windows-xp-all-intermediates.p7b", certStoreParams.getCertStore()); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); addCRL("intel-basic-enterprise-issuing-CA.crl", certStoreParams.getCRLStore()); addCRL("itrus.com.cn.crl", certStoreParams.getCRLStore()); addCRL("test-ca.crl", certStoreParams.getCRLStore()); addCRL("test-root-ca-not-revoked.crl", certStoreParams.getCRLStore()); addCRL("ThawteSGCCA.crl", certStoreParams.getCRLStore()); final int tries = 5; long start = System.currentTimeMillis(); for (int i = 0; i < tries; i++) { trustAnchors = getTrustAnchors(); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("115FD110A82F742D0AE14A71B651962")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.setTrustAnchors(trustAnchors); builder.addCertPathChecker(new SMIMEExtendedKeyUsageCertPathChecker()); builder.addCertStore(certStore); builder.setRevocationEnabled(true); CertPathBuilderResult result = builder.buildPath(selector); List<? extends Certificate> certificates = result.getCertPath().getCertificates(); assertEquals(2, certificates.size()); assertEquals("115FD110A82F742D0AE14A71B651962", X509CertificateInspector.getSerialNumberHex((X509Certificate) certificates.get(0))); assertEquals("115FCAD6B536FD8D49E72922CD1F0DA", X509CertificateInspector.getSerialNumberHex((X509Certificate) certificates.get(1))); } System.out.println("testBuildPath. Seconds / try: " + (System.currentTimeMillis() - start) * 0.001 / tries); }
From source file:mitm.common.security.crl.PKITSTest.java
@Test public void test_4_4_11_Invalid_Old_CRL_nextUpdate_Test11() throws Exception { // add certificates addCertificates(new File(testBase, "certs/OldCRLnextUpdateCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/InvalidOldCRLnextUpdateTest11EE.crt"), certStoreParams.getCertStore()); // add crls//from w ww . ja v a 2 s . c o m addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/OldCRLnextUpdateCACRL.crl"), certStoreParams.getCRLStore()); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("1")); selector.setIssuer("CN=Old CRL nextUpdate CA, O=Test Certificates, C=US"); PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector); CertPath certPath = result.getCertPath(); TrustAnchor trustAnchor = result.getTrustAnchor(); assertNotNull(trustAnchor); assertEquals("CN=Trust Anchor, O=Test Certificates, C=US", trustAnchor.getTrustedCert().getSubjectX500Principal().toString()); PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore()); Date now = TestUtils.parseDate("02-Jan-2002 16:38:35 GMT"); RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, now); assertEquals(RevocationStatus.EXPIRED, revocationResult.getStatus()); assertEquals(null, revocationResult.getReason()); RevocationDetail[] detail = revocationResult.getDetails(); assertEquals(detail.length, 2); assertEquals(RevocationStatus.EXPIRED, detail[0].getStatus()); assertTrue(DateUtils.addDays(detail[0].getNextUpdate(), 2).after(now)); assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus()); }
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testBuildPathEKUCriticalNoEmailProtection() throws Exception { // add roots/*w w w .j a v a 2s .c om*/ addCertificates("mitm-test-root.cer", rootStoreParams.getCertStore()); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); addCRL("test-ca.crl", certStoreParams.getCRLStore()); addCRL("test-root-ca-not-revoked.crl", certStoreParams.getCRLStore()); trustAnchors = getTrustAnchors(); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("116A448F117FF69FE4F2D4D38F689D7")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.setTrustAnchors(trustAnchors); builder.addCertStore(certStore); builder.setRevocationEnabled(true); try { builder.buildPath(selector); fail(); } catch (CertPathBuilderException e) { // CertPathValidatorException should have been thrown because the certificate has a // key usage extension that is critical. Throwable cause = ExceptionUtils.getCause(e); assertTrue(cause instanceof CertPathValidatorException); assertNotNull(cause); assertEquals("Certificate has unsupported critical extension", cause.getMessage()); } }
From source file:mitm.common.security.crl.PKITSTest.java
@Test public void test_4_4_12_Invalid_pre2000_CRL_nextUpdate_Test12() throws Exception { // add certificates addCertificates(new File(testBase, "certs/pre2000CRLnextUpdateCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/Invalidpre2000CRLnextUpdateTest12EE.crt"), certStoreParams.getCertStore()); // add crls// www .j a v a 2s . c om addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/pre2000CRLnextUpdateCACRL.crl"), certStoreParams.getCRLStore()); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("1")); selector.setIssuer("CN=pre2000 CRL nextUpdate CA, O=Test Certificates, C=US"); PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector); CertPath certPath = result.getCertPath(); TrustAnchor trustAnchor = result.getTrustAnchor(); assertNotNull(trustAnchor); assertEquals("CN=Trust Anchor, O=Test Certificates, C=US", trustAnchor.getTrustedCert().getSubjectX500Principal().toString()); PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore()); RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate); assertEquals(RevocationStatus.EXPIRED, revocationResult.getStatus()); assertEquals(null, revocationResult.getReason()); RevocationDetail[] detail = revocationResult.getDetails(); assertEquals(detail.length, 2); assertEquals(RevocationStatus.EXPIRED, detail[0].getStatus()); assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus()); }
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testBuildPathEKUCriticalCertPathCheckerAdded() throws Exception { // add roots/* w ww. ja va2 s. c om*/ addCertificates("mitm-test-root.cer", rootStoreParams.getCertStore()); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); addCRL("test-ca.crl", certStoreParams.getCRLStore()); addCRL("test-root-ca-not-revoked.crl", certStoreParams.getCRLStore()); trustAnchors = getTrustAnchors(); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("116A448F117FF69FE4F2D4D38F689D7")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.setTrustAnchors(trustAnchors); builder.addCertPathChecker(new SMIMEExtendedKeyUsageCertPathChecker()); builder.addCertStore(certStore); builder.setRevocationEnabled(true); CertPathBuilderResult result = builder.buildPath(selector); assertEquals(2, result.getCertPath().getCertificates().size()); }
From source file:mitm.common.security.crl.PKITSTest.java
@Test public void test_4_4_13_Valid_GeneralizedTime_CRL_nextUpdate_Test13() throws Exception { // add certificates addCertificates(new File(testBase, "certs/GeneralizedTimeCRLnextUpdateCACert.crt"), certStoreParams.getCertStore()); addCertificates(new File(testBase, "certs/ValidGeneralizedTimeCRLnextUpdateTest13EE.crt"), certStoreParams.getCertStore()); // add crls/*from w w w . j a va 2 s .c o m*/ addCRL(new File(testBase, "crls/TrustAnchorRootCRL.crl"), certStoreParams.getCRLStore()); addCRL(new File(testBase, "crls/GeneralizedTimeCRLnextUpdateCACRL.crl"), certStoreParams.getCRLStore()); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("1")); selector.setIssuer("CN=GenerizedTime CRL nextUpdate CA, O=Test Certificates, C=US"); PKIXCertPathBuilderResult result = getCertPathBuilderResult(selector); CertPath certPath = result.getCertPath(); TrustAnchor trustAnchor = result.getTrustAnchor(); assertNotNull(trustAnchor); assertEquals("CN=Trust Anchor, O=Test Certificates, C=US", trustAnchor.getTrustedCert().getSubjectX500Principal().toString()); PKIXRevocationChecker revocationChecker = new PKIXRevocationChecker(certStoreParams.getCRLStore()); RevocationResult revocationResult = revocationChecker.getRevocationStatus(certPath, trustAnchor, testDate); assertEquals(RevocationStatus.NOT_REVOKED, revocationResult.getStatus()); assertEquals(null, revocationResult.getReason()); RevocationDetail[] detail = revocationResult.getDetails(); assertEquals(detail.length, 2); assertEquals(RevocationStatus.NOT_REVOKED, detail[0].getStatus()); assertEquals(RevocationStatus.NOT_REVOKED, detail[1].getStatus()); }
From source file:mitm.application.djigzo.james.mailets.SMIMESignTest.java
@Test public void testSignBuildPath() throws Exception { AutoTransactDelegator proxy = AutoTransactDelegator.createProxy(); /*//from www .j av a2 s . c o m * Find a certificate with critical EMAILPROTECTION extension */ X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("1178C3B653829E895ACB7100EB1F627")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); List<KeyAndCertificate> keyAndCertificates = proxy.getKeyAndCertificates(selector); assertEquals(1, keyAndCertificates.size()); proxy.setUserSigningKeyAndCertificate("test@example.com", keyAndCertificates.get(0)); MockMailetConfig mailetConfig = new MockMailetConfig("test"); SMIMESign mailet = new SMIMESign(); mailet.init(mailetConfig); MockMail mail = new MockMail(); MimeMessage message = MailUtils.loadMessage(new File(testBase, "mail/simple-text-message.eml")); mail.setMessage(message); Set<MailAddress> recipients = new HashSet<MailAddress>(); recipients.add(new MailAddress("recipient@example.com")); mail.setRecipients(recipients); mail.setSender(new MailAddress("test@example.com")); mailet.service(mail); MailUtils.validateMessage(mail.getMessage()); MailUtils.writeMessage(mail.getMessage(), new File(tempDir, "testDefaultSettings.eml")); assertEquals(SMIMEHeader.DETACHED_SIGNATURE_TYPE, SMIMEUtils.dissectSigned((Multipart) mail.getMessage().getContent())[1].getContentType()); SMIMEInspector inspector = new SMIMEInspectorImpl(mail.getMessage(), null, "BC"); assertEquals(SMIMEType.SIGNED, inspector.getSMIMEType()); assertEquals(SMIMEHeader.Type.CLEAR_SIGNED, SMIMEHeader.getSMIMEContentType(mail.getMessage())); assertEquals(3, inspector.getSignedInspector().getCertificates().size()); assertEquals("F18CC8973F9AB82A6C47448282849A72416B6DAB", X509CertificateInspector .getThumbprint(inspector.getSignedInspector().getCertificates().get(0), Digest.SHA1)); assertEquals("D8F8E5B92E651B1E3EF93B5493EACDE4C13AFEE0", X509CertificateInspector .getThumbprint(inspector.getSignedInspector().getCertificates().get(1), Digest.SHA1)); assertEquals("69D7FFAF26BD5E9E4F42083BCA077BFAA8398593", X509CertificateInspector .getThumbprint(inspector.getSignedInspector().getCertificates().get(2), Digest.SHA1)); assertEquals(1, inspector.getSignedInspector().getSigners().size()); assertEquals(Digest.SHA1.getOID(), inspector.getSignedInspector().getSigners().get(0).getDigestAlgorithmOID()); // check that no headers are signed. Only a content-type header should be added to the part Multipart mp = (Multipart) mail.getMessage().getContent(); assertEquals(2, mp.getCount()); BodyPart part = mp.getBodyPart(0); Enumeration<?> e = part.getNonMatchingHeaders(new String[] { "content-type" }); assertFalse(e.hasMoreElements()); }
From source file:mitm.common.security.certpath.CertPathBuilderTest.java
@Test public void testBuildPathEKUCriticalNoEmailProtectionCertPathCheckerAdded() throws Exception { // add roots//from ww w . java 2 s . c om addCertificates("mitm-test-root.cer", rootStoreParams.getCertStore()); addCertificates("mitm-test-ca.cer", certStoreParams.getCertStore()); addCertificates("testCertificates.p7b", certStoreParams.getCertStore()); addCRL("test-ca.crl", certStoreParams.getCRLStore()); addCRL("test-root-ca-not-revoked.crl", certStoreParams.getCRLStore()); trustAnchors = getTrustAnchors(); X509CertSelector selector = new X509CertSelector(); selector.setSerialNumber(BigIntegerUtils.hexDecode("115FD035BA042503BCC6CA44680F9F8")); selector.setIssuer("EMAILADDRESS=ca@example.com, CN=MITM Test CA, L=Amsterdam, ST=NH, C=NL"); CertificatePathBuilder builder = new PKIXCertificatePathBuilder(); builder.setTrustAnchors(trustAnchors); builder.addCertPathChecker(new SMIMEExtendedKeyUsageCertPathChecker()); builder.addCertStore(certStore); builder.setRevocationEnabled(true); try { builder.buildPath(selector); fail(); } catch (CertPathBuilderException e) { // CertPathValidatorException should have been thrown because the certificate has a // key usage extension that is critical. Throwable cause = ExceptionUtils.getRootCause(e); assertTrue(cause instanceof CertPathValidatorException); assertEquals(SMIMEExtendedKeyUsageCertPathChecker.MISSING_SMIME_EXTENDED_KEY_USAGE, cause.getMessage()); } }