List of usage examples for java.security.cert X509CRLEntry getSerialNumber
public abstract BigInteger getSerialNumber();
From source file:org.candlepin.util.X509CRLStreamWriterTest.java
@Test public void testAddEntryToCRLWithNoExtensions() throws Exception { X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuer, new Date()); crlBuilder.addCRLEntry(new BigInteger("100"), new Date(), CRLReason.unspecified); X509CRLHolder holder = crlBuilder.build(signer); File crlToChange = writeCRL(holder); File outfile = new File(folder.getRoot(), "new.crl"); X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic()); Set<BigInteger> expected = new HashSet<BigInteger>(); expected.add(new BigInteger("100")); // Add enough items to cause the number of length bytes to change Set<BigInteger> newSerials = new HashSet<BigInteger>(Arrays.asList(new BigInteger("2358215310"), new BigInteger("7231352433"), new BigInteger("8233181205"), new BigInteger("1455615868"), new BigInteger("4323487764"), new BigInteger("6673256679"))); for (BigInteger i : newSerials) { stream.add(i, new Date(), CRLReason.privilegeWithdrawn); expected.add(i);//from ww w . j a v a 2 s. com } stream.preScan(crlToChange).lock(); OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile)); stream.write(o); o.close(); X509CRL changedCrl = readCRL(); Set<BigInteger> discoveredSerials = new HashSet<BigInteger>(); for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) { discoveredSerials.add(entry.getSerialNumber()); } assertEquals(expected, discoveredSerials); }
From source file:org.candlepin.util.X509CRLStreamWriterTest.java
@Test public void testAddEntryToEmptyCRL() throws Exception { Date oneHourAgo = new Date(new Date().getTime() - 60L * 60L * 1000L); Date oneHourHence = new Date(new Date().getTime() + 60L * 60L * 1000L); X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuer, oneHourAgo); crlBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(keyPair.getPublic())); /* With a CRL number of 127, incrementing it should cause the number of bytes in the length * portion of the TLV to increase by one.*/ crlBuilder.addExtension(X509Extension.cRLNumber, false, new CRLNumber(new BigInteger("127"))); crlBuilder.setNextUpdate(oneHourHence); X509CRLHolder holder = crlBuilder.build(signer); File crlToChange = writeCRL(holder); File outfile = new File(folder.getRoot(), "new.crl"); X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic()); // Add enough items to cause the number of length bytes to change Set<BigInteger> newSerials = new HashSet<BigInteger>(Arrays.asList(new BigInteger("2358215310"), new BigInteger("7231352433"), new BigInteger("8233181205"), new BigInteger("1455615868"), new BigInteger("4323487764"), new BigInteger("6673256679"))); for (BigInteger i : newSerials) { stream.add(i, new Date(), CRLReason.privilegeWithdrawn); }/*ww w.j a va 2 s . co m*/ stream.preScan(crlToChange).lock(); OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile)); stream.write(o); o.close(); X509CRL changedCrl = readCRL(); Set<BigInteger> discoveredSerials = new HashSet<BigInteger>(); for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) { discoveredSerials.add(entry.getSerialNumber()); } X509CRL originalCrl = new JcaX509CRLConverter().setProvider(BC).getCRL(holder); assertNotNull(changedCrl.getNextUpdate()); long changedCrlUpdateDelta = changedCrl.getNextUpdate().getTime() - changedCrl.getThisUpdate().getTime(); // We're allowing a tolerance of a few milliseconds to deal with minor timing issues long deltaTolerance = 3; long deltaDiff = changedCrlUpdateDelta - (oneHourHence.getTime() - oneHourAgo.getTime()); assertTrue(Math.abs(deltaDiff) <= deltaTolerance); assertThat(changedCrl.getThisUpdate(), greaterThan(originalCrl.getThisUpdate())); assertEquals(newSerials, discoveredSerials); assertEquals(originalCrl.getIssuerX500Principal(), changedCrl.getIssuerX500Principal()); ASN1ObjectIdentifier crlNumberOID = X509Extension.cRLNumber; byte[] oldCrlNumberBytes = originalCrl.getExtensionValue(crlNumberOID.getId()); byte[] newCrlNumberBytes = changedCrl.getExtensionValue(crlNumberOID.getId()); DEROctetString oldOctet = (DEROctetString) DERTaggedObject.fromByteArray(oldCrlNumberBytes); DEROctetString newOctet = (DEROctetString) DERTaggedObject.fromByteArray(newCrlNumberBytes); DERInteger oldNumber = (DERInteger) DERTaggedObject.fromByteArray(oldOctet.getOctets()); DERInteger newNumber = (DERInteger) DERTaggedObject.fromByteArray(newOctet.getOctets()); assertEquals(oldNumber.getValue().add(BigInteger.ONE), newNumber.getValue()); ASN1ObjectIdentifier authorityKeyOID = X509Extension.authorityKeyIdentifier; byte[] oldAuthorityKeyId = originalCrl.getExtensionValue(authorityKeyOID.getId()); byte[] newAuthorityKeyId = changedCrl.getExtensionValue(authorityKeyOID.getId()); assertArrayEquals(oldAuthorityKeyId, newAuthorityKeyId); }
From source file:org.candlepin.util.X509CRLStreamWriterTest.java
@Test public void testKeySizeChange() throws Exception { int[] sizes = { 1024, 4096 }; for (int size : sizes) { X509CRLHolder holder = createCRL(); File crlToChange = writeCRL(holder); generator.initialize(size);/*from ww w. java 2 s. co m*/ KeyPair differentKeyPair = generator.generateKeyPair(); X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) differentKeyPair.getPrivate(), (RSAPublicKey) differentKeyPair.getPublic()); stream.preScan(crlToChange).lock(); OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile)); stream.write(o); o.close(); X509CRL originalCrl = new JcaX509CRLConverter().setProvider(BC).getCRL(holder); X509CRL changedCrl = readCRL(differentKeyPair.getPublic()); Set<BigInteger> discoveredSerials = new HashSet<BigInteger>(); for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) { discoveredSerials.add(entry.getSerialNumber()); } Set<BigInteger> expected = new HashSet<BigInteger>(); expected.add(new BigInteger("100")); assertEquals(expected, discoveredSerials); // Since the key changed, the authorityKeyIdentifier must change byte[] oldAkiBytes = originalCrl.getExtensionValue(X509Extension.authorityKeyIdentifier.getId()); byte[] newAkiBytes = changedCrl.getExtensionValue(X509Extension.authorityKeyIdentifier.getId()); AuthorityKeyIdentifierStructure oldAki = new AuthorityKeyIdentifierStructure(oldAkiBytes); AuthorityKeyIdentifierStructure newAki = new AuthorityKeyIdentifierStructure(newAkiBytes); assertArrayEquals(oldAki.getKeyIdentifier(), new AuthorityKeyIdentifierStructure(keyPair.getPublic()).getKeyIdentifier()); assertArrayEquals(newAki.getKeyIdentifier(), new AuthorityKeyIdentifierStructure(differentKeyPair.getPublic()).getKeyIdentifier()); } }
From source file:org.candlepin.util.X509CRLStreamWriterTest.java
@Test public void testSha1Signature() throws Exception { X509v2CRLBuilder crlBuilder = createCRLBuilder(); String signingAlg = "SHA1WithRSAEncryption"; ContentSigner sha1Signer = new JcaContentSignerBuilder(signingAlg).setProvider(BC) .build(keyPair.getPrivate()); X509CRLHolder holder = crlBuilder.build(sha1Signer); File crlToChange = writeCRL(holder); X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic()); stream.add(new BigInteger("9000"), new Date(), 0); stream.preScan(crlToChange).lock();/*from ww w. j a va 2 s.co m*/ OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile)); stream.write(o); o.close(); X509CRL changedCrl = readCRL(); Set<BigInteger> discoveredSerials = new HashSet<BigInteger>(); for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) { discoveredSerials.add(entry.getSerialNumber()); } Set<BigInteger> expected = new HashSet<BigInteger>(); expected.add(new BigInteger("100")); expected.add(new BigInteger("9000")); assertEquals(expected, discoveredSerials); }