List of usage examples for java.text DateFormat getDateTimeInstance
public static final DateFormat getDateTimeInstance(int dateStyle, int timeStyle, Locale aLocale)
From source file:mitm.common.security.certificate.GenerateTestCertificates.java
/** * Generates a certificate without S/MIME extended key usage extension * /*from ww w . ja v a 2 s .c o m*/ * @throws Exception */ private void generateCertificateNoSMIMEExtKeyUsage() throws Exception { X509CertificateBuilder certificateBuilder = securityFactory.createX509CertificateBuilder(); String encodedPublicKey = "30819f300d06092a864886f70d010101050003818d00308189028181008e" + "702f7941ce945a10c965ddd2113331506fb868c59760548bf8cedc35589e" + "9233e3552f518ce72e75fd22b01add0662502ade276d07f12cadfaeea440" + "edc01b0f7c01babad5ade01a759a908f5c3279c3fd02aae54940798d56a4" + "b8d3a8f3472ffa0fbad9a8d1348ec8b24cb0fc3283aac33f9bfd97b0a338" + "75b7fdea432f7b0203010001"; String encodedPrivateKey = "30820275020100300d06092a864886f70d01010105000482025f3082025b" + "020100028181008e702f7941ce945a10c965ddd2113331506fb868c59760" + "548bf8cedc35589e9233e3552f518ce72e75fd22b01add0662502ade276d" + "07f12cadfaeea440edc01b0f7c01babad5ade01a759a908f5c3279c3fd02" + "aae54940798d56a4b8d3a8f3472ffa0fbad9a8d1348ec8b24cb0fc3283aa" + "c33f9bfd97b0a33875b7fdea432f7b02030100010281807b8e43100b0e78" + "4f7c3a477bd86a051f24e8146e05e05eb65848b69ffc426822e891ad6603" + "76975f0d084cdbb821bc14f1f78d8763a3bd0805cf22cd266955f6972ba6" + "10280e6751a3219a4f89ef87faab1d4170b5d0af820844782f7317b025d2" + "9de7dcd271776d7c45da37ac5c190e9698ad84129f424d1df6bdd14c1027" + "59024100ccb868a0fe755d4327c8a02ef0a80306ee6a31726075748d04ef" + "713da09050931c0604bf2c93cca29afd65f7a56d5d501e80eac8775c5701" + "2a0ed48be3726af5024100b21df7637604312e4c80ebf2b4c04112b22938" + "611755f579d205e2c5826b32039d200cd37d1171639ee503748ac963d71c" + "f65df92a65bf6965764b7465548aaf0240388d5899e0b11b2a49fb2a04cd" + "861c0ff61c6fbc60d911714343c1cc7c66615bc20a0795a802cc2cbf13f0" + "ef104bbdd33c19f0c19ff76a317024d8a22c1a976102405ff2627c126ba9" + "ae7e098890422bba21ff14d34901d00d1ea53304784e8bbdf252669c6224" + "620c0994e35a9c21d2e0545546a5527e33370be85af3c46c7d410302401f" + "86906b598370b2fc4bc60be15521decaf16cd81d047242dc0dd316ba2902" + "baf93db44acf00d07c7762ccce97de2841fd565a9c8fee6e70da8e2779af" + "248bf1"; PrivateKey privateKey = decodePrivateKey(encodedPrivateKey); PublicKey publicKey = decodePublicKey(encodedPublicKey); X500PrincipalBuilder subjectBuilder = new X500PrincipalBuilder(); String email = "test@example.com"; subjectBuilder.setCommonName("No S/MIME extended key usage"); subjectBuilder.setEmail(email); subjectBuilder.setCountryCode("NL"); subjectBuilder.setLocality("Amsterdam"); subjectBuilder.setState("NH"); AltNamesBuilder altNamesBuider = new AltNamesBuilder(); altNamesBuider.setRFC822Names(email); X500Principal subject = subjectBuilder.buildPrincipal(); GeneralNames altNames = altNamesBuider.buildAltNames(); Set<KeyUsageType> keyUsage = new TreeSet<KeyUsageType>(); keyUsage.add(KeyUsageType.DIGITALSIGNATURE); keyUsage.add(KeyUsageType.KEYENCIPHERMENT); keyUsage.add(KeyUsageType.NONREPUDIATION); Set<ExtendedKeyUsageType> extendedKeyUsage = new TreeSet<ExtendedKeyUsageType>(); extendedKeyUsage.add(ExtendedKeyUsageType.CLIENTAUTH); BigInteger serialNumber = new BigInteger("115fd035ba042503bcc6ca44680f9f8", 16); Date now = DateFormat.getDateTimeInstance(DateFormat.MEDIUM, DateFormat.MEDIUM, Locale.UK) .parse("21-November-2007 11:46:35"); certificateBuilder.setSubject(subject); certificateBuilder.setAltNames(altNames, true); certificateBuilder.setKeyUsage(keyUsage, true); // make extended key usage critical certificateBuilder.setExtendedKeyUsage(extendedKeyUsage, true); certificateBuilder.setNotBefore(DateUtils.addDays(now, -20)); certificateBuilder.setNotAfter(DateUtils.addYears(now, 20)); certificateBuilder.setPublicKey(publicKey); certificateBuilder.setSerialNumber(serialNumber); certificateBuilder.setSignatureAlgorithm("SHA1WithRSAEncryption"); X509Certificate certificate = certificateBuilder.generateCertificate(caPrivateKey, caCertificate); assertNotNull(certificate); certificates.add(certificate); Certificate[] chain = new Certificate[] { certificate, caCertificate, rootCertificate }; keyStore.setKeyEntry("NoSMIMEExtKeyUsage", privateKey, null, chain); }
From source file:org.ejbca.core.model.ra.raadmin.UserFullfillEndEntityProfileTest.java
/** * Test the profile fulfilling rutines/*from w w w . ja va2 s . c om*/ * * @throws Exception error */ @Test public void testfulfillEndEntityProfiles() throws Exception { log.trace(">test01fulfillEndEntityProfiles()"); // Dummy caids final int testca2 = 3; int currentSubTest = 1; { final EndEntityProfile profile = new EndEntityProfile(); // Set so CN=modifyable required, OU0={DEP1_1,DEP1_2} required, OU1={DEP2_1,DEP2_2} required, C=OU1={SE,DK} not required profile.addField(DnComponents.ORGANIZATIONALUNIT); profile.addField(DnComponents.ORGANIZATIONALUNIT); profile.addField(DnComponents.COUNTRY); profile.setRequired(DnComponents.ORGANIZATIONALUNIT, 0, true); profile.setRequired(DnComponents.ORGANIZATIONALUNIT, 1, true); profile.setModifyable(DnComponents.ORGANIZATIONALUNIT, 0, false); profile.setModifyable(DnComponents.ORGANIZATIONALUNIT, 1, false); profile.setModifyable(DnComponents.COUNTRY, 0, false); profile.setValue(DnComponents.ORGANIZATIONALUNIT, 0, "DEP1_1;DEP1_2"); profile.setValue(DnComponents.ORGANIZATIONALUNIT, 1, "DEP2_1;DEP2_2"); profile.setValue(DnComponents.COUNTRY, 0, "SE;DK"); profile.setValue(EndEntityProfile.AVAILCAS, 0, "" + TEST_CA_1); // Test completly erronious DN try { profile.doesUserFullfillEndEntityProfile("username", "password", "blabla", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Profile does not check DN at all."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + " = OK"); } // Test correct DN try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Profile Fulfill Test " + (currentSubTest++) + " " + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail(e.getMessage()); } // Test no username even though is required try { profile.doesUserFullfillEndEntityProfile("", "password", STANDARD_DN, "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("UserName is not checked even though it's required"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Profile Fulfill Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test no password even though is required try { profile.doesUserFullfillEndEntityProfile("username", "", STANDARD_DN, "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Password is not checked even though it's required"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Profile Test Fulfill " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test with no CN (required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "OU=DEP1_1,OU=DEP2_1,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Required CN field wasn't checked"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test with only one OU (2 required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP2_1,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Required OU field wasn't checked"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test were second OU have the wrong value (Dep2_1 or Dep2_2) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP1_1,OU=DEP2_3,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error value of second OU field wasn't checked"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test without C (not required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP1_1,OU=DEP2_2", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail(e.getMessage()); } // Test illegal value of C (SE or DK) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP1_1,OU=DEP2_2, C=NO", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Inproper check of C value."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Add some subject altname fields profile.addField(DnComponents.RFC822NAME); profile.addField(DnComponents.DNSNAME); profile.addField(DnComponents.UPN); profile.addField(DnComponents.IPADDRESS); profile.setRequired(DnComponents.RFC822NAME, 0, true); profile.setRequired(DnComponents.DNSNAME, 0, true); profile.setRequired(DnComponents.UPN, 0, true); profile.setRequired(DnComponents.IPADDRESS, 0, true); profile.setModifyable(DnComponents.RFC822NAME, 0, false); profile.setModifyable(DnComponents.DNSNAME, 0, false); profile.setModifyable(DnComponents.UPN, 0, false); profile.setModifyable(DnComponents.IPADDRESS, 0, true); profile.setValue(DnComponents.RFC822NAME, 0, "test.com"); profile.setValue(DnComponents.DNSNAME, 0, "test.primekey.se"); profile.setValue(DnComponents.UPN, 0, "test.com;primekey.se"); profile.setValue(DnComponents.IPADDRESS, 0, "11.11.1.1"); profile.setRequired(EndEntityProfile.EMAIL, 0, true); profile.setModifyable(EndEntityProfile.EMAIL, 0, false); profile.setValue(EndEntityProfile.EMAIL, 0, "test.com;primekey.se"); // Test completly erronious Alt Name try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "blabla", "", "test@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Profile does not check altname at all."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + " = OK"); } // Test correct Alt Name try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "RFC822NAME=test@test.com, dnsname=test.primekey.se, Upn=test@primekey.se, ipaddress=11.11.1.2", "", "test@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Profile Fulfill Test " + (currentSubTest++) + " " + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail(e.getMessage()); } // Test with no RFC822NAME (required) try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "dnsname=test.primekey.se, Upn=test@primekey.se, ipaddress=11.11.1.2", "", "test@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Required RFC822NAME field wasn't checked"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test with one RFC822NAME to many try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test@test.com, rfc822name=test@primekey.se, dnsname=test.primekey.se, Upn=test@primekey.se, ipaddress=11.11.1.2", "", "test@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("To many RFC822 names fields wasn't checked"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test that only domain is checked for RFC822name and UPN try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test@test.com, dnsname=test.primekey.se, Upn=test12@primekey.se, ipaddress=11.11.1.2", "", "test@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Not only domains of RFC822NAME and UPN where checked: " + e.getMessage()); } // Test were DNS have illegal value try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test@test.com, dnsname=test2.primekey.se, Upn=test12@primekey.se, ipaddress=11.11.1.2", "", "test@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error value of DNS not checked."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test without IPADDRESS (required) try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test@test.com, dnsname=test.primekey.se, Upn=test12@primekey.se", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error not checking number of IPADDRESS properly."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + " = OK"); } // Test without email field (required) 1 try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test@test.com, dnsname=test.primekey.se, Upn=test12@primekey.se, ipaddress=11.11.1.1", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Inproper check of email field."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test without email field (required) 2 try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test@test.com, dnsname=test.primekey.se, Upn=test12@primekey.se, ipaddress=11.11.1.1", "", "null", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Inproper check of email field."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test without email field (required) 3 try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test@test.com, dnsname=test.primekey.se, Upn=test12@primekey.se,ipaddress=11.11.1.1", "", null, CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Inproper check of email field."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test illegal value of email field (test.com or primekey.se) 1 try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test11@test1.com, dnsname=test.primekey.se, Upn=test12@primekey.se,ipaddress=11.11.1.1", "", "test11@test1.com", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Inproper check of email field values."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } profile.setValue(EndEntityProfile.AVAILCERTPROFILES, 0, CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER + ";" + CertificateProfileConstants.CERTPROFILE_FIXED_SUBCA); // Test illegal value of Certificate Profile try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test11@test.com, dnsname=test.primekey.se, Upn=test12@primekey.se,ipaddress=11.11.1.1", "", "test11@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_ROOTCA, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Inproper check of certificate profile values."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test Wrong CA try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test11@test.com, dnsname=test.primekey.se, Upn=test12@primekey.se,ipaddress=11.11.1.1", "", "test11@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_SUBCA, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, testca2, null); fail("Inproper check of available ca's."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " " + e.getMessage() + " = OK"); } // Test with a mix of several rfc822name fields //profile.addField(DnComponents.RFC822NAME); already set profile.addField(DnComponents.RFC822NAME); profile.addField(DnComponents.RFC822NAME); profile.addField(DnComponents.RFC822NAME); //profile.setRequired(DnComponents.RFC822NAME,0,true); already set profile.setRequired(DnComponents.RFC822NAME, 1, false); profile.setRequired(DnComponents.RFC822NAME, 2, true); profile.setRequired(DnComponents.RFC822NAME, 3, true); //profile.setUse(DnComponents.RFC822NAME, 0, true); already set profile.setUse(DnComponents.RFC822NAME, 1, false); profile.setUse(DnComponents.RFC822NAME, 2, false); profile.setUse(DnComponents.RFC822NAME, 3, false); //profile.setModifyable(DnComponents.RFC822NAME,0,false); already set profile.setModifyable(DnComponents.RFC822NAME, 1, true); profile.setModifyable(DnComponents.RFC822NAME, 2, false); profile.setModifyable(DnComponents.RFC822NAME, 3, true); //profile.setValue(DnComponents.RFC822NAME,0,"test.com"); not used profile.setValue(DnComponents.RFC822NAME, 1, "foobar.com"); profile.setValue(DnComponents.RFC822NAME, 2, "test@somefoo.com"); profile.setValue(DnComponents.RFC822NAME, 3, "somebar.com"); // Make sure normal usage works /* * Normal usage test moved down to testProfileWithRfc822Name() */ // Test missing required rfc822name field try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test@test.com, rfc822name=test@somefoo.com, " + "dnsname=test.primekey.se, Upn=test12@primekey.se, ipaddress=11.11.1.2", "", "test@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Did not notice missing RFC822Name."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK (" + e.getMessage() + ")"); } // Try non-existing required "use end entity e-mail" try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test@nodomain.com, rfc822name=test@anything.com, rfc822name=test@somefoo.com, " + "dnsname=test.primekey.se, Upn=test12@primekey.se, ipaddress=11.11.1.2", "", "test@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Did not check RFC822Name against e-mail field."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK (" + e.getMessage() + ")"); } // Try to ignore a required non-modifyable domain try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test@test.com, rfc822name=test@anything.com, rfc822name=test@somebar.com, " + "dnsname=test.primekey.se, Upn=test12@primekey.se, ipaddress=11.11.1.2", "", "test@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Did not check RFC822Name against profile."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK (" + e.getMessage() + ")"); } // Use same as required non-mod field in non-req field try { profile.doesUserFullfillEndEntityProfile("username", "password", STANDARD_DN, "rfc822name=test@test.com, rfc822name=test@anything.com, rfc822name=test@somefoo.com, rfc822name=test@somefoo.com, " + "dnsname=test.primekey.se, Upn=test12@primekey.se, ipaddress=11.11.1.2", "", "test@test.com", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Did not check RFC822Name against profile." + e.getMessage()); } } {// New profile final EndEntityProfile profile = new EndEntityProfile(); // Set so CN=modifyable required, OU0={DEP1_1,DEP1_2} required, OU1={DEP2_1,DEP2_2} required, OU3=Optional, C=O{SE,DK} not required profile.addField(DnComponents.ORGANIZATIONALUNIT); profile.addField(DnComponents.ORGANIZATIONALUNIT); profile.addField(DnComponents.ORGANIZATIONALUNIT); profile.addField(DnComponents.ORGANIZATIONALUNIT); profile.addField(DnComponents.ORGANIZATIONALUNIT); profile.addField(DnComponents.COUNTRY); profile.setRequired(DnComponents.ORGANIZATIONALUNIT, 0, false); profile.setRequired(DnComponents.ORGANIZATIONALUNIT, 1, true); profile.setRequired(DnComponents.ORGANIZATIONALUNIT, 2, false); profile.setRequired(DnComponents.ORGANIZATIONALUNIT, 3, true); profile.setRequired(DnComponents.ORGANIZATIONALUNIT, 4, false); profile.setModifyable(DnComponents.ORGANIZATIONALUNIT, 1, false); profile.setModifyable(DnComponents.ORGANIZATIONALUNIT, 3, false); profile.setModifyable(DnComponents.ORGANIZATIONALUNIT, 4, true); profile.setModifyable(DnComponents.COUNTRY, 0, false); profile.setValue(DnComponents.ORGANIZATIONALUNIT, 1, "DEP1_1;DEP1_2"); profile.setValue(DnComponents.ORGANIZATIONALUNIT, 3, "DEP2_1;DEP2_2"); profile.setValue(DnComponents.ORGANIZATIONALUNIT, 4, "DEP3_1;DEP3_2"); profile.setValue(DnComponents.COUNTRY, 0, "SE;DK"); profile.setValue(EndEntityProfile.AVAILCAS, 0, "" + TEST_CA_1); // Test with two OU (2 required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=,OU=DEP1_1,OU=,OU=DEP2_2,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Required OU fields wasn't checked propertly: " + e.getMessage()); } // Test with tree OU (2 required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=,OU=DEP1_1,OU=,OU=DEP2_2,OU=DEP3_3,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Required OU fields wasn't checked propertly: " + e.getMessage()); } profile.setModifyable(DnComponents.ORGANIZATIONALUNIT, 4, false); // Test with tree OU (2 required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=,OU=DEP1_1,OU=,OU=DEP2_2,OU=DEP3_1,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Required OU fields wasn't checked propertly: " + e.getMessage()); } // Test with tree OU (2 required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=,OU=DEP1_1,OU=,OU=DEP2_2,OU=DEP3_3,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Required OU fields wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } } { // Test Reverse Checks // New profile final EndEntityProfile profile = new EndEntityProfile(); profile.setReverseFieldChecks(true); // Set so CN=modifyable required, OU0=Modifyable not required, OU1=Modifyable not required, OU3=required {hard,soft}, C=O{SE,DK} not required profile.addField(DnComponents.ORGANIZATIONALUNIT); profile.addField(DnComponents.ORGANIZATIONALUNIT); profile.addField(DnComponents.ORGANIZATIONALUNIT); profile.addField(DnComponents.COUNTRY); profile.setRequired(DnComponents.ORGANIZATIONALUNIT, 0, false); profile.setRequired(DnComponents.ORGANIZATIONALUNIT, 1, false); profile.setRequired(DnComponents.ORGANIZATIONALUNIT, 2, true); profile.setModifyable(DnComponents.ORGANIZATIONALUNIT, 0, true); profile.setModifyable(DnComponents.ORGANIZATIONALUNIT, 1, true); profile.setModifyable(DnComponents.ORGANIZATIONALUNIT, 2, false); profile.setModifyable(DnComponents.COUNTRY, 0, false); profile.setValue(DnComponents.ORGANIZATIONALUNIT, 0, ""); profile.setValue(DnComponents.ORGANIZATIONALUNIT, 1, ""); profile.setValue(DnComponents.ORGANIZATIONALUNIT, 2, "HARD;SOFT"); profile.setValue(DnComponents.COUNTRY, 0, "SE;DK"); profile.setValue(EndEntityProfile.AVAILCAS, 0, "" + TEST_CA_1); // Test with one OU (1 required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Reverse OU fields wasn't checked propertly: " + e.getMessage()); } // Test with two OU (1 required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP2_1,OU=HARD,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Reverse OU fields wasn't checked propertly: " + e.getMessage()); } // Test with three OU (1 required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP1_1,OU=DEP2_1,OU=HARD,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Reverse OU fields wasn't checked propertly: " + e.getMessage()); } // Test with four OU (3 allowed) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP0_1,OU=DEP1_1,OU=DEP2_1,OU=HARD,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Reverse OU fields wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Test with wrong data in nonmodifiable field try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP1_1,OU=DEP2_1,OU=HARD2,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Reverse OU fields wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Test that the right data is checked when a lesser number of field is used try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Reverse OU fields wasn't checked propertly: " + e.getMessage()); } // Test with wrong data in nonmodifiable field when having only one ou try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD2,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Reverse OU fields wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Test with no ou try { profile.doesUserFullfillEndEntityProfile("username", "passworCerd", "CN=John Smith,C=SE", "null", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Reverse OU fields wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Test Reverse checks of subject alt names // Set so CN=modifyable required, OU=Modifyable not required, OU1=Modifyable not required, OU3=required {hard,soft}, C=O{SE,DK} not required profile.addField(DnComponents.IPADDRESS); profile.addField(DnComponents.IPADDRESS); profile.addField(DnComponents.IPADDRESS); profile.addField(DnComponents.DNSNAME); profile.setRequired(DnComponents.IPADDRESS, 0, false); profile.setRequired(DnComponents.IPADDRESS, 1, false); profile.setRequired(DnComponents.IPADDRESS, 2, true); profile.setModifyable(DnComponents.IPADDRESS, 0, true); profile.setModifyable(DnComponents.IPADDRESS, 1, true); profile.setModifyable(DnComponents.IPADDRESS, 2, false); profile.setModifyable(DnComponents.DNSNAME, 0, false); profile.setValue(DnComponents.IPADDRESS, 0, ""); profile.setValue(DnComponents.IPADDRESS, 1, ""); profile.setValue(DnComponents.IPADDRESS, 2, "10.1.1.1;10.2.2.2"); profile.setValue(DnComponents.DNSNAME, 0, "test1.se;test2.se"); // Test with one IPAddress (1 required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=10.1.1.1", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Reverse IPADDRESS fields wasn't checked propertly: " + e.getMessage()); } // Test with two IPAddress (1 required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP2_1,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=11.1.1.1,ipaddress=10.1.1.1", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Reverse IPADDRESS fields wasn't checked propertly: " + e.getMessage()); } // Test with three IPAddress (1 required) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP1_1,OU=DEP2_1,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=12.1.1.1,ipaddress=11.1.1.1,ipaddress=10.1.1.1", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Reverse IPADDRESS fields wasn't checked propertly: " + e.getMessage()); } // Test with four IPAddress (3 allowed) try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP0_1,OU=DEP1_1,OU=DEP2_1,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=12.1.1.1,ipaddress=12.1.1.1,ipaddress=11.1.1.1,ipaddress=10.1.1.1", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Reverse IPADDRESS fields wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Test with wrong data in nonmodifiable field try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=DEP1_1,OU=DEP2_1,OU=HARD2,C=SE", "dnsname=test1.se,ipaddress=12.1.1.1,ipaddress=11.1.1.1,ipaddress=10.1.1.2", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Reverse IPADDRESS fields wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Test that the right data is checked when a lesser number of field is used try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=10.1.1.1", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Reverse IPADDRESS fields wasn't checked propertly: " + e.getMessage()); } // Test with wrong data in nonmodifiable field when having only one ou try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD2,C=SE", "dnsname=test1.se,ipaddress=11.1.1.1", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Reverse IPADDRESS fields wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Test with no ou try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,C=SE", "dnsname=test1.se", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error Reverse IPADDRESS fields wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Test adding required fields for Subject Directory Attributes // Set so CN=modifyable required, OU=Modifyable not required, OU1=Modifyable not required, OU3=required {hard,soft}, C=O{SE,DK} not required profile.addField(DnComponents.DATEOFBIRTH); profile.addField(DnComponents.PLACEOFBIRTH); profile.addField(DnComponents.GENDER); profile.addField(DnComponents.COUNTRYOFCITIZENSHIP); profile.addField(DnComponents.COUNTRYOFRESIDENCE); profile.setRequired(DnComponents.DATEOFBIRTH, 0, false); profile.setRequired(DnComponents.PLACEOFBIRTH, 0, false); profile.setRequired(DnComponents.GENDER, 0, false); profile.setRequired(DnComponents.COUNTRYOFCITIZENSHIP, 0, false); profile.setRequired(DnComponents.COUNTRYOFRESIDENCE, 0, false); profile.setModifyable(DnComponents.DATEOFBIRTH, 0, true); profile.setModifyable(DnComponents.PLACEOFBIRTH, 0, true); profile.setModifyable(DnComponents.GENDER, 0, true); profile.setModifyable(DnComponents.COUNTRYOFCITIZENSHIP, 0, true); profile.setModifyable(DnComponents.COUNTRYOFRESIDENCE, 0, false); profile.setValue(DnComponents.DATEOFBIRTH, 0, ""); profile.setValue(DnComponents.PLACEOFBIRTH, 0, ""); profile.setValue(DnComponents.GENDER, 0, ""); profile.setValue(DnComponents.COUNTRYOFCITIZENSHIP, 0, ""); profile.setValue(DnComponents.COUNTRYOFRESIDENCE, 0, "SE"); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=10.1.1.1", "CountryOfCitizenship=FOO", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error CountryOfCitizenship wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { assertEquals("Invalid COUNTRYOFCITIZENSHIP. Must be of length two.", e.getMessage()); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=10.1.1.1", "CountryOfCitizenship=SE, CountryOfResidence=Foo", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error CountryOfCitizenship wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { assertEquals("Invalid COUNTRYOFRESIDENCE. Must be of length two.", e.getMessage()); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=10.1.1.1", "CountryOfCitizenship=SE, CountryOfResidence=TR", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error CountryOfCitizenship wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { assertEquals("Field COUNTRYOFRESIDENCE data didn't match requirement of end entity profile.", e.getMessage()); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=10.1.1.1", "CountryOfCitizenship=SE, CountryOfResidence=SE, Gender=M, PlaceOfBirth=Stockholm", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error Subject Dir Attributes wasn't checked propertly"); } try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=10.1.1.1", "DateOfBirth=189901, CountryOfCitizenship=SE, CountryOfResidence=SE", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error DateOfBirth wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { assertEquals("Invalid DATEOFBIRTH. Must be of length eight.", e.getMessage()); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=10.1.1.1", "DateOfBirth=189901AA, CountryOfCitizenship=SE, CountryOfResidence=SE", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); fail("Error DateOfBirth wasn't checked propertly"); } catch (UserDoesntFullfillEndEntityProfile e) { assertEquals("Invalid DATEOFBIRTH. Must be only numbers.", e.getMessage()); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith,OU=HARD,C=SE", "dnsname=test1.se,ipaddress=10.1.1.1", "DateOfBirth=18990101, CountryOfCitizenship=SE, CountryOfResidence=SE", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, null); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error DateOfBirth wasn't checked propertly"); } } { // Test time constraints final EndEntityProfile profile = new EndEntityProfile(); Date now = new Date(); Date endOfTime = new Date(Long.MAX_VALUE); FastDateFormat sm = FastDateFormat.getInstance("yyyy-MM-dd HH:mm"); String staticNow = sm.format(now); String relativeNow = "0:00:00"; String staticEndOfTime = sm.format(endOfTime); String relativeEndOfTime = "33000:00:00"; // ~100 years String staticInvalid = "XXXX-XX-XX XX:XX PM"; String relativeInvalid = "XXXXX:XXX:XXX"; String relativeNegative = "-10:00:00"; ExtendedInformation ei = new ExtendedInformation(); // Use empty, should fail profile.setValue(EndEntityProfile.AVAILCAS, 0, "" + TEST_CA_1); profile.setUse(EndEntityProfile.STARTTIME, 0, true); profile.setUse(EndEntityProfile.ENDTIME, 0, false); profile.setValue(EndEntityProfile.STARTTIME, 0, ""); profile.setValue(EndEntityProfile.ENDTIME, 0, ""); ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, ""); try { // Custom starttime can be empty or null profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error: Empty start time was not checked correctly."); } profile.setUse(EndEntityProfile.STARTTIME, 0, false); profile.setUse(EndEntityProfile.ENDTIME, 0, true); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, ""); try { // Custom endtime can be empty or null profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error: Empty end time was not checked correctly."); } // Static times work? profile.setUse(EndEntityProfile.STARTTIME, 0, true); profile.setUse(EndEntityProfile.ENDTIME, 0, true); ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, staticNow); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, staticEndOfTime); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error: Static times does not work. (" + e.getMessage() + ")"); } // Relative times work? ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, relativeNow); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, relativeEndOfTime); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error: Relative times does not work."); } // Static start, rel end work? ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, staticNow); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, relativeEndOfTime); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error: Static start time w relative end time does not work."); } // Rel start, static end work? ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, relativeNow); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, staticEndOfTime); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error: Relative start time w static end time does not work."); } // Negative relative start times work? ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, relativeNegative); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, staticEndOfTime); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); fail("Error: Possible to use negative start time."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Negative relative end times work? ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, staticNow); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, relativeNegative); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); fail("Error: Possible to use negative end time."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Static end before start ok? ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, staticEndOfTime); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, staticNow); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); fail("Error: Static end time before static start time allowed."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Relative end before start ok? ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, relativeEndOfTime); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, relativeNow); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); fail("Error: Relative end time before relative start time allowed."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Invalid static start ok? ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, staticInvalid); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, staticEndOfTime); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); fail("Error: Invalid static start time allowed."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Invalid static end ok? ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, staticNow); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, staticInvalid); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); fail("Error: Invalid static start time allowed."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Invalid relative start ok? ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, relativeInvalid); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, staticEndOfTime); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); fail("Error: Invalid relative start time allowed."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Invalid relative end ok? ei.setCustomData(ExtendedInformation.CUSTOM_STARTTIME, relativeNow); ei.setCustomData(ExtendedInformation.CUSTOM_ENDTIME, staticInvalid); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); fail("Error: Invalid relative start time allowed."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } // Is this Java-version parsing dates correctly? long magicDateTime = 1181040300000L; // "12:45 PM" in US Locale String value1 = DateFormat.getDateTimeInstance(DateFormat.SHORT, DateFormat.SHORT, Locale.US) .format(new Date(magicDateTime)); String value2 = DateFormat.getDateTimeInstance(DateFormat.MEDIUM, DateFormat.SHORT, Locale.US).format( DateFormat.getDateTimeInstance(DateFormat.SHORT, DateFormat.SHORT, Locale.US).parse(value1)); long magicDateTime2 = DateFormat.getDateTimeInstance(DateFormat.MEDIUM, DateFormat.SHORT, Locale.US) .parse(value2).getTime(); if (magicDateTime != magicDateTime2) { fail("Error: Java does not parse dates correctly. " + magicDateTime + " " + magicDateTime2 + " " + value1 + " " + value2); } } { // Test allow multiple requests final EndEntityProfile profile = new EndEntityProfile(); final ExtendedInformation ei = new ExtendedInformation(); // Use empty, should fail profile.setValue(EndEntityProfile.AVAILCAS, 0, "" + TEST_CA_1); profile.setUse(EndEntityProfile.ALLOWEDREQUESTS, 0, false); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error: Allowedrequests not checked correctly, should be allowed."); } ei.setCustomData(ExtendedInformationFields.CUSTOM_REQUESTCOUNTER, "2"); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); fail("Error: Allowed requests was not checked correctly, should not be allowed."); } catch (UserDoesntFullfillEndEntityProfile e) { log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } profile.setUse(EndEntityProfile.ALLOWEDREQUESTS, 0, true); try { profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); log.debug("End Entity Fulfill Profile Test " + (currentSubTest++) + " = OK"); } catch (UserDoesntFullfillEndEntityProfile e) { fail("Error: Allowedrequests not checked correctly, should be allowed."); } } { // New profile final EndEntityProfile profile = new EndEntityProfile(); // Set so maxFailedLogins=non-modifyable required profile.addField(EndEntityProfile.MAXFAILEDLOGINS); profile.setUse(EndEntityProfile.MAXFAILEDLOGINS, 0, true); profile.setRequired(EndEntityProfile.MAXFAILEDLOGINS, 0, true); profile.setModifyable(EndEntityProfile.MAXFAILEDLOGINS, 0, false); profile.setValue(EndEntityProfile.MAXFAILEDLOGINS, 0, "7"); profile.setValue(EndEntityProfile.AVAILCAS, 0, "" + TEST_CA_1); try { final ExtendedInformation ei = new ExtendedInformation(); ei.setMaxLoginAttempts(1234); profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); fail("Error: maxFailedLogins was not checked correctly, should not be allowed."); } catch (UserDoesntFullfillEndEntityProfile e) { // OK } try { final ExtendedInformation ei = new ExtendedInformation(); ei.setMaxLoginAttempts(7); profile.doesUserFullfillEndEntityProfile("username", "password", "CN=John Smith", "", "", "", CertificateProfileConstants.CERTPROFILE_FIXED_ENDUSER, false, false, false, SecConst.TOKEN_SOFT_BROWSERGEN, 0, TEST_CA_1, ei); } catch (UserDoesntFullfillEndEntityProfile e) { log.error(e.getMessage(), e); fail("Error: maxFailedLogins was not checked correctly, should be allowed."); } log.trace("<test01fulfillEndEntityProfiles()"); } }
From source file:mitm.common.security.certificate.GenerateTestCertificates.java
/** * Generates a certificate without S/MIME extended key usage extension and ext key usage non critical * //from w w w.j ava 2 s . c o m * @throws Exception */ private void generateCertificateNoSMIMEExtKeyUsageNonCritical() throws Exception { X509CertificateBuilder certificateBuilder = securityFactory.createX509CertificateBuilder(); String encodedPublicKey = "30819f300d06092a864886f70d010101050003818d0030818902818100b3" + "98c84b2a2649ab19bf1c38d057b1f43429291b4f9d6bbc6172da71b1dd82" + "a253f31e4e295db6e6025f3bd09adbfd741557198b17e3f8a4ab9e13b617" + "b3e560e16f8f8d72fb95ad3a82c2c9e2baf7efa6e93b5a9bd1e6a9d39277" + "c0c9fae99ce7b66d1bbf238a4749a45f40ef5ce02106664ecff54cd64d99" + "03f2e8f949d2f70203010001"; String encodedPrivateKey = "30820275020100300d06092a864886f70d01010105000482025f3082025b" + "02010002818100b398c84b2a2649ab19bf1c38d057b1f43429291b4f9d6b" + "bc6172da71b1dd82a253f31e4e295db6e6025f3bd09adbfd741557198b17" + "e3f8a4ab9e13b617b3e560e16f8f8d72fb95ad3a82c2c9e2baf7efa6e93b" + "5a9bd1e6a9d39277c0c9fae99ce7b66d1bbf238a4749a45f40ef5ce02106" + "664ecff54cd64d9903f2e8f949d2f7020301000102818041056c66822110" + "84c8b27f16369fb946af67c38126c6d88d803e63c5cbde65803da2847349" + "d8aaf20523d37507cbe3ac1659cd5ea54c9ce5895896cc533287357b390d" + "0390da3b02ddae5dcd13527526664a127a2f3104ced7d6114020dd527d81" + "79a07e36705b29fb4256036e4c6912ca769bada9eb6083134c5f99ada34c" + "41024100e94021d2682b169f4aef370060793f28dafcbd375b92dc420368" + "402469952a9563df82001b910ceb38441e5d57790392aef97bf0e57c0203" + "06daa47850e53b97024100c51d0232655f3dd219e690b3cc99c79d0ef6c9" + "cfcf315952164ec81428c06d608723c0018d09af36bb64517146bbe4c3bb" + "80d362e415fc112157b3afec9a8fa1024012940d1d99367562d2b1230c60" + "a2c7a91568341a08ad35e5fc277d9468e47cb3d174a802222ff77b74cbd8" + "2f4f1c50708a874c9bef6b652da08a21b78399fe990240757619ef0a35bd" + "534c97f7370dffbdd23c2e9888bbc17ea6ca205c5e970244abb71c78b8f3" + "e10786a818d9e794ed371fe4c69a315e1633c5c986c7cf5841aac1024013" + "f17fd383e24562c322d2ef1780b93a4452c07dcda48db73f0e9aac9d42a5" + "ddfa9e1ffdbe4e8ba33891246e3f153f135bbd7da646dc04cb6b7755b92f" + "9dfe6b"; PrivateKey privateKey = decodePrivateKey(encodedPrivateKey); PublicKey publicKey = decodePublicKey(encodedPublicKey); X500PrincipalBuilder subjectBuilder = new X500PrincipalBuilder(); String email = "test@example.com"; subjectBuilder.setCommonName("No S/MIME extended key usage non critical"); subjectBuilder.setEmail(email); subjectBuilder.setCountryCode("NL"); subjectBuilder.setLocality("Amsterdam"); subjectBuilder.setState("NH"); AltNamesBuilder altNamesBuider = new AltNamesBuilder(); altNamesBuider.setRFC822Names(email); X500Principal subject = subjectBuilder.buildPrincipal(); GeneralNames altNames = altNamesBuider.buildAltNames(); Set<KeyUsageType> keyUsage = new TreeSet<KeyUsageType>(); keyUsage.add(KeyUsageType.DIGITALSIGNATURE); keyUsage.add(KeyUsageType.KEYENCIPHERMENT); keyUsage.add(KeyUsageType.NONREPUDIATION); Set<ExtendedKeyUsageType> extendedKeyUsage = new TreeSet<ExtendedKeyUsageType>(); extendedKeyUsage.add(ExtendedKeyUsageType.CLIENTAUTH); BigInteger serialNumber = new BigInteger("1178c30016df6384363585b394c6ca6", 16); Date now = DateFormat.getDateTimeInstance(DateFormat.MEDIUM, DateFormat.MEDIUM, Locale.UK) .parse("21-November-2007 11:46:35"); certificateBuilder.setSubject(subject); certificateBuilder.setAltNames(altNames, true); certificateBuilder.setKeyUsage(keyUsage, true); // make extended key usage critical certificateBuilder.setExtendedKeyUsage(extendedKeyUsage, false); certificateBuilder.setNotBefore(DateUtils.addDays(now, -20)); certificateBuilder.setNotAfter(DateUtils.addYears(now, 20)); certificateBuilder.setPublicKey(publicKey); certificateBuilder.setSerialNumber(serialNumber); certificateBuilder.setSignatureAlgorithm("SHA1WithRSAEncryption"); X509Certificate certificate = certificateBuilder.generateCertificate(caPrivateKey, caCertificate); assertNotNull(certificate); certificates.add(certificate); Certificate[] chain = new Certificate[] { certificate, caCertificate, rootCertificate }; keyStore.setKeyEntry("NoSMIMEExtKeyUsageNonCritical", privateKey, null, chain); }
From source file:mitm.common.security.certificate.GenerateTestCertificates.java
/** * Generates a certificate that is valid after 2027 * /*from w ww. ja v a 2s .c om*/ * @throws Exception */ private void generateCertificateNoYetValid() throws Exception { X509CertificateBuilder certificateBuilder = securityFactory.createX509CertificateBuilder(); String encodedPublicKey = "30819f300d06092a864886f70d010101050003818d00308189028181009f" + "b353317a507e1ce39272bc304111f8558ee76c16200464a98c6737c74059" + "5bfc72f5647799641da2bc7a629c1ac00da10f26da0f8a83c84e09eb68cc" + "d666e92f04f953722956c5f0cc2263c1d8c78c792aa91d53ad5df8616372" + "5db07065eb043fd4587dafdab1aff5bb21854525b49ece5eda2bb7c37d8b" + "b06c4e559efb230203010001"; String encodedPrivateKey = "30820277020100300d06092a864886f70d0101010500048202613082025d" + "020100028181009fb353317a507e1ce39272bc304111f8558ee76c162004" + "64a98c6737c740595bfc72f5647799641da2bc7a629c1ac00da10f26da0f" + "8a83c84e09eb68ccd666e92f04f953722956c5f0cc2263c1d8c78c792aa9" + "1d53ad5df86163725db07065eb043fd4587dafdab1aff5bb21854525b49e" + "ce5eda2bb7c37d8bb06c4e559efb2302030100010281806c96b090ca0c85" + "53fb618ee66b2133a8d9f44b63713fdffcda547fb2aba7139bba72286d61" + "ed48e7e5c9a6a5fa632e0796660912e8d2547d14a32610a2877e7d28925c" + "5f36025ef20c920ea380fe07fc44ffa3648991e511b6185a4105c229cde1" + "2be13929826bf4c55600dff4ce9a57df7422d0849f8c99ebd208dff3ce52" + "41024100d438b326a633789279d133fe742c91973879d652804ba1bbbd95" + "aa72beef2082a109e5ee4426cece04ae0d9091e36e0afbe02489f98d86f5" + "b39d4fcaea795491024100c0a5052b52e885e6a5e4444b686f4697def8dc" + "6b6913d211c3f38e87de4f7d395adedf4cd4827458947509aacaec6fb643" + "c31820bf41cb6b210ba0adac651e73024003a0746f54a7cc87b44d3ef63a" + "4608b6ece0282980c7ca1bcb41a388127b43b2f7cd93805ee9cadefa757f" + "05d97869890684ee1aed88dda5954c3af0dcd0f601024100be1e9df961bb" + "44da9a01ab3cd876692edcc8b18ff785ae1e064ac9f160ff05d0a2d3ad80" + "bf81779d2bf64d72170e3c399eaa5d9783e944fe1700c8b45d9cf5ed0241" + "00a1152fdcaa1f14bdd0c26c14feeb9e3e3627db371a4bb00afceb8ccebd" + "21a6e27f45fce087da5c029e1be352bbdd7ffbec8e511ea254df76a7ff19" + "4e262c16c0"; PrivateKey privateKey = decodePrivateKey(encodedPrivateKey); PublicKey publicKey = decodePublicKey(encodedPublicKey); X500PrincipalBuilder subjectBuilder = new X500PrincipalBuilder(); String email = "test@example.com"; subjectBuilder.setCommonName("Not yet valid"); subjectBuilder.setEmail(email); subjectBuilder.setCountryCode("NL"); subjectBuilder.setLocality("Amsterdam"); subjectBuilder.setState("NH"); AltNamesBuilder altNamesBuider = new AltNamesBuilder(); altNamesBuider.setRFC822Names(email); X500Principal subject = subjectBuilder.buildPrincipal(); GeneralNames altNames = altNamesBuider.buildAltNames(); Set<KeyUsageType> keyUsage = new TreeSet<KeyUsageType>(); keyUsage.add(KeyUsageType.DIGITALSIGNATURE); keyUsage.add(KeyUsageType.KEYENCIPHERMENT); keyUsage.add(KeyUsageType.NONREPUDIATION); Set<ExtendedKeyUsageType> extendedKeyUsage = new TreeSet<ExtendedKeyUsageType>(); extendedKeyUsage.add(ExtendedKeyUsageType.CLIENTAUTH); extendedKeyUsage.add(ExtendedKeyUsageType.EMAILPROTECTION); BigInteger serialNumber = new BigInteger("115fd064f8eac4ed5dd5e8728b36fd6", 16); Date now = DateFormat.getDateTimeInstance(DateFormat.MEDIUM, DateFormat.MEDIUM, Locale.UK) .parse("21-Nov-2007 11:49:35"); certificateBuilder.setSubject(subject); certificateBuilder.setAltNames(altNames, true); certificateBuilder.setKeyUsage(keyUsage, true); certificateBuilder.setExtendedKeyUsage(extendedKeyUsage, false); certificateBuilder.setNotBefore(DateUtils.addYears(now, 20)); certificateBuilder.setNotAfter(DateUtils.addYears(now, 30)); certificateBuilder.setPublicKey(publicKey); certificateBuilder.setSerialNumber(serialNumber); certificateBuilder.setSignatureAlgorithm("SHA1WithRSAEncryption"); X509Certificate certificate = certificateBuilder.generateCertificate(caPrivateKey, caCertificate); assertNotNull(certificate); certificates.add(certificate); Certificate[] chain = new Certificate[] { certificate, caCertificate, rootCertificate }; keyStore.setKeyEntry("NotYetValid", privateKey, null, chain); }
From source file:com.sonicle.webtop.mail.Service.java
private String getForwardBody(Message msg, String body, int format, boolean isHtml, String fromtitle, String totitle, String cctitle, String datetitle, String subjecttitle) throws MessagingException { UserProfile profile = environment.getProfile(); Locale locale = profile.getLocale(); String msgSubject = msg.getSubject(); if (msgSubject == null) { msgSubject = ""; }/*from www . j av a 2 s.c o m*/ msgSubject = MailUtils.htmlescape(msgSubject); Address ad[] = msg.getFrom(); String msgFrom = ""; if (ad != null) { msgFrom = isHtml ? getHTMLDecodedAddress(ad[0]) : getDecodedAddress(ad[0]); } java.util.Date dt = msg.getSentDate(); String msgDate = ""; if (dt != null) { msgDate = DateFormat.getDateTimeInstance(java.text.DateFormat.LONG, java.text.DateFormat.LONG, locale) .format(dt); } ad = msg.getRecipients(Message.RecipientType.TO); String msgTo = null; if (ad != null) { msgTo = ""; for (int j = 0; j < ad.length; ++j) { msgTo += isHtml ? getHTMLDecodedAddress(ad[j]) : getDecodedAddress(ad[j]) + " "; } } ad = msg.getRecipients(Message.RecipientType.CC); String msgCc = null; if (ad != null) { msgCc = ""; for (int j = 0; j < ad.length; ++j) { msgCc += isHtml ? getHTMLDecodedAddress(ad[j]) : getDecodedAddress(ad[j]) + " "; } } StringBuffer sb = new StringBuffer(); String cr = "\n"; if (format != SimpleMessage.FORMAT_TEXT) { cr = "<BR>"; } if (format != SimpleMessage.FORMAT_HTML) { if (format == SimpleMessage.FORMAT_PREFORMATTED) { sb.append("<TT>"); } sb.append(cr + cr + cr + "----------------------------------------------------------------------------------" + cr + cr); sb.append(fromtitle + ": " + msgFrom + cr); if (msgTo != null) { sb.append(totitle + ": " + msgTo + cr); } if (msgCc != null) { sb.append(cctitle + ": " + msgCc + cr); } sb.append(datetitle + ": " + msgDate + cr); sb.append(subjecttitle + ": " + msgSubject + cr + cr); if (format == SimpleMessage.FORMAT_PREFORMATTED) { sb.append("</TT>"); } } else { sb.append(cr + "<HR>" + cr + cr); sb.append("<font face='Arial, Helvetica, sans-serif' size=2>"); sb.append("<B>" + fromtitle + ":</B> " + msgFrom + "<BR>"); if (msgTo != null) { sb.append("<B>" + totitle + ":</B> " + msgTo + "<BR>"); } if (msgCc != null) { sb.append("<B>" + cctitle + ":</B> " + msgCc + "<BR>"); } sb.append("<B>" + datetitle + ":</B> " + msgDate + "<BR>"); sb.append("<B>" + subjecttitle + ":</B> " + msgSubject + "<BR>"); sb.append("</font><br>" + cr); } // Prepend "> " for each line in the body // if (body != null) { if (format == SimpleMessage.FORMAT_HTML) { // sb.append("<TABLE border=0 width='100%'><TR><td width=2 bgcolor=#000088></td><td width=2></td><td>"); // sb.append("<BLOCKQUOTE style='BORDER-LEFT: #000080 2px solid; MARGIN-LEFT: 5px; PADDING-LEFT: 5px'>"); } if (!isHtml) { if (format == SimpleMessage.FORMAT_PREFORMATTED) { // sb.append("<BLOCKQUOTE style='BORDER-LEFT: #000080 2px solid; MARGIN-LEFT: 5px; PADDING-LEFT: 5px'>"); sb.append("<tt>"); } StringTokenizer st = new StringTokenizer(body, "\n", true); while (st.hasMoreTokens()) { String token = st.nextToken(); if (token.equals("\n")) { sb.append(cr); } else { if (format == SimpleMessage.FORMAT_TEXT) { sb.append("> "); } //sb.append(MailUtils.htmlescape(token)); sb.append(token); } } if (format == SimpleMessage.FORMAT_PREFORMATTED) { sb.append("</tt>"); // sb.append("</BLOCKQUOTE>"); } } else { //sb.append(getBodyInnerHtml(body)); sb.append(body); } if (format == SimpleMessage.FORMAT_HTML) { // sb.append("</td></tr></table>"); // sb.append("</BLOCKQUOTE>"); } } return sb.toString(); }
From source file:mitm.common.security.certificate.GenerateTestCertificates.java
/** * Generates a certificate without extended key usage * /*from w w w. j av a 2 s .c om*/ * @throws Exception */ private void generateCertificateNoExtendedKeyUsage() throws Exception { X509CertificateBuilder certificateBuilder = securityFactory.createX509CertificateBuilder(); String encodedPublicKey = "30819f300d06092a864886f70d010101050003818d003081890281810080" + "5fea5eb9bb34314acd0569a985b89bbf79caca577bd186edf7d92be0d1a5" + "200d8b321ec3c5ea31bf71715c1744658f86ab65c4bf4e311179da255427" + "57b88052c4c9f73c7e288e5f2d17bc6624e39f7b53d07b21b7aca38592be" + "291510767ef112d10c9cf0bf39d5f6507a604e6fb128a10abb2bbe09a765" + "4001f93dd93f690203010001"; String encodedPrivateKey = "30820275020100300d06092a864886f70d01010105000482025f3082025b" + "02010002818100805fea5eb9bb34314acd0569a985b89bbf79caca577bd1" + "86edf7d92be0d1a5200d8b321ec3c5ea31bf71715c1744658f86ab65c4bf" + "4e311179da25542757b88052c4c9f73c7e288e5f2d17bc6624e39f7b53d0" + "7b21b7aca38592be291510767ef112d10c9cf0bf39d5f6507a604e6fb128" + "a10abb2bbe09a7654001f93dd93f690203010001028180456896a584b24c" + "f3e1c79c07971aafc7b5ed39d1d11f2718570dcca3c6b853195379512e05" + "17bb1a0eb25d62374a49c7223f05952d022fd18d1a7f5852b541118962de" + "41d5c15725f6ee7a36936883a24f8eb60b740252897779175b86762f5cca" + "37d5f0f2119abf720acebccf2395167bd1d651cb28511e893fec3c9526d9" + "21024100d984779af9de3816e02b90fa274af4e8fc6d8ff07d6a514bdd08" + "7b1de1ab114a89ee3bd2786b4297a816ff80103da18d7e7f2cb6dc654a9c" + "007775855c5cc21502410097161a6840cf62768e6b9756cd71cd7576fcfb" + "e078895c7892f2dae70904a104a6923cfe5273bcb1cec76d032bcf2ca700" + "c8740fe33ffa5e1970df9741e1e105024049fe6c09863277f6202ff1d387" + "0652a5e729062c131dd5a5eefcf194caadbce61461bc6bee96de4264e5dd" + "e89c9dba953d90d98f230e3a01338f6fa4fc3479b9024041152564f95e1c" + "75239e973fae1a32be41f6726ddc9e9735dd5f3e0abde8bf8fe84d207711" + "7f87ae347bd5aac309689bbc0b9d6b66a21db0c156cd0a3438201d024068" + "6d5cbd6457d3cb83eaa111a540b5878129d5e6abc3d219eaa0446d9afc54" + "3a113148957cc1e6c6da5d1a0ddb18af723f01f30fd0241bfe9541a8f691" + "4895e7"; PrivateKey privateKey = decodePrivateKey(encodedPrivateKey); PublicKey publicKey = decodePublicKey(encodedPublicKey); X500PrincipalBuilder subjectBuilder = new X500PrincipalBuilder(); String email = "test@example.com"; subjectBuilder.setCommonName("No extended key usage"); subjectBuilder.setEmail(email); subjectBuilder.setCountryCode("NL"); subjectBuilder.setLocality("Amsterdam"); subjectBuilder.setState("NH"); AltNamesBuilder altNamesBuider = new AltNamesBuilder(); altNamesBuider.setRFC822Names(email); X500Principal subject = subjectBuilder.buildPrincipal(); GeneralNames altNames = altNamesBuider.buildAltNames(); Set<KeyUsageType> keyUsage = new TreeSet<KeyUsageType>(); keyUsage.add(KeyUsageType.DIGITALSIGNATURE); keyUsage.add(KeyUsageType.KEYENCIPHERMENT); keyUsage.add(KeyUsageType.NONREPUDIATION); BigInteger serialNumber = new BigInteger("115fd08d3f0e6159746aea96a50c5d6", 16); Date now = DateFormat.getDateTimeInstance(DateFormat.MEDIUM, DateFormat.MEDIUM, Locale.UK) .parse("21-Nov-2007 11:50:35"); certificateBuilder.setSubject(subject); certificateBuilder.setAltNames(altNames, true); certificateBuilder.setKeyUsage(keyUsage, true); certificateBuilder.setNotBefore(DateUtils.addDays(now, -20)); certificateBuilder.setNotAfter(DateUtils.addYears(now, 20)); certificateBuilder.setPublicKey(publicKey); certificateBuilder.setSerialNumber(serialNumber); certificateBuilder.setSignatureAlgorithm("SHA1WithRSAEncryption"); X509Certificate certificate = certificateBuilder.generateCertificate(caPrivateKey, caCertificate); assertNotNull(certificate); certificates.add(certificate); Certificate[] chain = new Certificate[] { certificate, caCertificate, rootCertificate }; keyStore.setKeyEntry("NoExtendedKeyUsage", privateKey, null, chain); }
From source file:hudson.model.Run.java
/** * Returns the build time stamp in the body. *///from w w w. ja v a 2 s . c o m public void doBuildTimestamp(StaplerRequest req, StaplerResponse rsp, @QueryParameter String format) throws IOException { rsp.setContentType("text/plain"); rsp.setCharacterEncoding("US-ASCII"); rsp.setStatus(HttpServletResponse.SC_OK); DateFormat df = format == null ? DateFormat.getDateTimeInstance(DateFormat.SHORT, DateFormat.SHORT, Locale.ENGLISH) : new SimpleDateFormat(format, req.getLocale()); rsp.getWriter().print(df.format(getTime())); }
From source file:mitm.common.security.certificate.GenerateTestCertificates.java
/** * Generates a certificate without key usage * /*from w w w. j a v a 2 s . c o m*/ * @throws Exception */ private void generateCertificateNoKeyUsage() throws Exception { X509CertificateBuilder certificateBuilder = securityFactory.createX509CertificateBuilder(); String encodedPublicKey = "30819f300d06092a864886f70d010101050003818d0030818902818100b2" + "0e2afe37e1235b93919e2c30207b3c52547a7ca4b5929d3ac63984b5d951" + "244d6ee103a1cf5fd1e57f67a4becd0cb1be3c5cfe884130c412c46fdc13" + "cb175b51b3d6707130a57063e6e98c92ec5ec274cbb3c53d29be5b02383a" + "ab5f26581a84b2a32e20c84a84d182720737ccd53d7b1331b7db0d816e9c" + "b85927158c288f0203010001"; String encodedPrivateKey = "30820276020100300d06092a864886f70d0101010500048202603082025c" + "02010002818100b20e2afe37e1235b93919e2c30207b3c52547a7ca4b592" + "9d3ac63984b5d951244d6ee103a1cf5fd1e57f67a4becd0cb1be3c5cfe88" + "4130c412c46fdc13cb175b51b3d6707130a57063e6e98c92ec5ec274cbb3" + "c53d29be5b02383aab5f26581a84b2a32e20c84a84d182720737ccd53d7b" + "1331b7db0d816e9cb85927158c288f020301000102818076054e1a138ff7" + "8fcbd0c9b7206f674024923a5e440ed68fc15582eaa45ed799e879864c92" + "0492cede000502fe358c2484a41e3fd8b0dd5219de7b06b557f8b242eb9a" + "0c7650dc8a9d68b20ab32aca5fbff4a01a15a2a3e90930d4040540e695ef" + "90c21fc7383364cb111f509aa559889830a9b3846777a9b8b755152482f8" + "81024100e8dfecea5ee39b456a552eed6c51f917c191dda274edbe2ea550" + "d1360bd531aed9a5e740ab9468fde289dbdb8d8b2cf57eea3317cf0b0a7f" + "89e6b8b17e6d2b7d024100c3bca3e3b3457ac7280902a3d5ab4a2a7f6f34" + "6f37e4e9f233d4498f336aea8169c2cccd702880e58432e43bbae9301283" + "093519c9a888bf744f3c3fb191a9fb0240361eec919f91e8211ed04342bc" + "7ce49627cf7da1e6e8e5dd33606feece9b329bbf4b764e2a52288070a8b7" + "66f42357448ac565307056d18ec87ecd87baa926850240130977cf1f9274" + "5c86524a05713495a4087ce256a6d306c5ddb099eee98b4e7f83afc4877e" + "8f11ea40af4a6f5cc06d427fa81798087af1c1dd280fae0a31269d024100" + "98982a55da07b7d2ed807e3f960265180ae755edd5cb8df393c7dfdc70ec" + "db9ce973f9aa9f14834c6bf92f9e36de5163b5e27a998a0935645f2f4ec2" + "d3e685c7"; PrivateKey privateKey = decodePrivateKey(encodedPrivateKey); PublicKey publicKey = decodePublicKey(encodedPublicKey); X500PrincipalBuilder subjectBuilder = new X500PrincipalBuilder(); String email = "test@example.com"; subjectBuilder.setCommonName("No key usage"); subjectBuilder.setEmail(email); subjectBuilder.setCountryCode("NL"); subjectBuilder.setLocality("Amsterdam"); subjectBuilder.setState("NH"); AltNamesBuilder altNamesBuider = new AltNamesBuilder(); altNamesBuider.setRFC822Names(email); X500Principal subject = subjectBuilder.buildPrincipal(); GeneralNames altNames = altNamesBuider.buildAltNames(); Set<ExtendedKeyUsageType> extendedKeyUsage = new TreeSet<ExtendedKeyUsageType>(); extendedKeyUsage.add(ExtendedKeyUsageType.CLIENTAUTH); extendedKeyUsage.add(ExtendedKeyUsageType.EMAILPROTECTION); BigInteger serialNumber = new BigInteger("115fd0bd417e7a6f347eeacb7ff3f38", 16); Date now = DateFormat.getDateTimeInstance(DateFormat.MEDIUM, DateFormat.MEDIUM, Locale.UK) .parse("21-Nov-2007 11:51:35"); certificateBuilder.setSubject(subject); certificateBuilder.setAltNames(altNames, true); certificateBuilder.setExtendedKeyUsage(extendedKeyUsage, false); certificateBuilder.setNotBefore(DateUtils.addDays(now, -20)); certificateBuilder.setNotAfter(DateUtils.addYears(now, 20)); certificateBuilder.setPublicKey(publicKey); certificateBuilder.setSerialNumber(serialNumber); certificateBuilder.setSignatureAlgorithm("SHA1WithRSAEncryption"); X509Certificate certificate = certificateBuilder.generateCertificate(caPrivateKey, caCertificate); assertNotNull(certificate); certificates.add(certificate); Certificate[] chain = new Certificate[] { certificate, caCertificate, rootCertificate }; keyStore.setKeyEntry("NoKeyUsage", privateKey, null, chain); }
From source file:org.ejbca.core.model.ra.raadmin.EndEntityProfile.java
/** Implementation of UpgradableDataHashMap function upgrade. */ public void upgrade() { log.trace(">upgrade"); if (Float.compare(LATEST_VERSION, getVersion()) != 0) { String msg = intres.getLocalizedMessage("ra.eeprofileupgrade", new Float(getVersion())); log.info(msg);/*from w w w . java2 s . c om*/ // New version of the class, upgrade if (getVersion() < 1) { @SuppressWarnings("unchecked") ArrayList<Integer> numberarray = (ArrayList<Integer>) data.get(NUMBERARRAY); while (numberarray.size() < 37) { numberarray.add(Integer.valueOf(0)); } data.put(NUMBERARRAY, numberarray); } if (getVersion() < 2) { @SuppressWarnings("unchecked") ArrayList<Integer> numberarray = (ArrayList<Integer>) data.get(NUMBERARRAY); while (numberarray.size() < 39) { numberarray.add(Integer.valueOf(0)); } data.put(NUMBERARRAY, numberarray); addField(AVAILCAS); addField(DEFAULTCA); setRequired(AVAILCAS, 0, true); setRequired(DEFAULTCA, 0, true); } if (getVersion() < 3) { // These fields have been removed in version 8, no need for this upgrade //setNotificationSubject(""); //setNotificationSender(""); //setNotificationMessage(""); } if (getVersion() < 4) { @SuppressWarnings("unchecked") ArrayList<Integer> numberoffields = (ArrayList<Integer>) data.get(NUMBERARRAY); for (int i = numberoffields.size(); i < dataConstants.size(); i++) { numberoffields.add(Integer.valueOf(0)); } data.put(NUMBERARRAY, numberoffields); } // Support for DirectoryName altname field in profile version 5 if (getVersion() < 5) { addField(DnComponents.DIRECTORYNAME); setValue(DnComponents.DIRECTORYNAME, 0, ""); setRequired(DnComponents.DIRECTORYNAME, 0, false); setUse(DnComponents.DIRECTORYNAME, 0, true); setModifyable(DnComponents.DIRECTORYNAME, 0, true); } // Support for Subject Directory Attributes field in profile version 6 if (getVersion() < 6) { @SuppressWarnings("unchecked") ArrayList<Integer> numberoffields = (ArrayList<Integer>) data.get(NUMBERARRAY); for (int i = numberoffields.size(); i < dataConstants.size(); i++) { numberoffields.add(Integer.valueOf(0)); } data.put(NUMBERARRAY, numberoffields); data.put(SUBJECTDIRATTRFIELDORDER, new ArrayList<Integer>()); for (int i = getParameterNumber(DnComponents.DATEOFBIRTH); i <= getParameterNumber( DnComponents.COUNTRYOFRESIDENCE); i++) { addField(getParameter(i)); setValue(getParameter(i), 0, ""); setRequired(getParameter(i), 0, false); setUse(getParameter(i), 0, false); setModifyable(getParameter(i), 0, true); } } // Support for Start Time and End Time field in profile version 7 if (getVersion() < 7) { @SuppressWarnings("unchecked") ArrayList<Integer> numberoffields = (ArrayList<Integer>) data.get(NUMBERARRAY); for (int i = numberoffields.size(); i < dataConstants.size(); i++) { numberoffields.add(Integer.valueOf(0)); } data.put(NUMBERARRAY, numberoffields); addField(STARTTIME); setValue(STARTTIME, 0, ""); setRequired(STARTTIME, 0, false); setUse(STARTTIME, 0, false); setModifyable(STARTTIME, 0, true); addField(ENDTIME); setValue(ENDTIME, 0, ""); setRequired(ENDTIME, 0, false); setUse(ENDTIME, 0, false); setModifyable(ENDTIME, 0, true); } // Notifications is now a more general mechanism in version 8 if (getVersion() < 8) { log.debug("Upgrading User Notifications"); if (data.get(UserNotification.NOTIFICATIONSENDER) != null) { UserNotification not = new UserNotification(); not.setNotificationSender((String) data.get(UserNotification.NOTIFICATIONSENDER)); if (data.get(UserNotification.NOTIFICATIONSUBJECT) != null) { not.setNotificationSubject((String) data.get(UserNotification.NOTIFICATIONSUBJECT)); } if (data.get(UserNotification.NOTIFICATIONMESSAGE) != null) { not.setNotificationMessage((String) data.get(UserNotification.NOTIFICATIONMESSAGE)); } // Add the statuschanges we used to send notifications about String events = UserNotification.EVENTS_EDITUSER; not.setNotificationEvents(events); // The old recipients where always the user not.setNotificationRecipient(UserNotification.RCPT_USER); addUserNotification(not); } } // Support for allowed requests in profile version 9 if (getVersion() < 9) { @SuppressWarnings("unchecked") ArrayList<Integer> numberoffields = (ArrayList<Integer>) data.get(NUMBERARRAY); for (int i = numberoffields.size(); i < dataConstants.size(); i++) { numberoffields.add(Integer.valueOf(0)); } data.put(NUMBERARRAY, numberoffields); addField(ALLOWEDREQUESTS); setValue(ALLOWEDREQUESTS, 0, ""); setRequired(ALLOWEDREQUESTS, 0, false); setUse(ALLOWEDREQUESTS, 0, false); setModifyable(ALLOWEDREQUESTS, 0, true); } // Support for merging DN from WS-API with default values in profile, in profile version 10 if (getVersion() < 10) { setAllowMergeDnWebServices(false); } // Support for issuance revocation status in profile version 11 if (getVersion() < 11) { setRequired(ISSUANCEREVOCATIONREASON, 0, false); setUse(ISSUANCEREVOCATIONREASON, 0, false); setModifyable(ISSUANCEREVOCATIONREASON, 0, true); setValue(ISSUANCEREVOCATIONREASON, 0, "" + RevokedCertInfo.NOT_REVOKED); setRequired(CARDNUMBER, 0, false); setUse(CARDNUMBER, 0, false); setModifyable(CARDNUMBER, 0, true); } // Support for maximum number of failed login attempts in profile version 12 if (getVersion() < 12) { setRequired(MAXFAILEDLOGINS, 0, false); setUse(MAXFAILEDLOGINS, 0, false); setModifyable(MAXFAILEDLOGINS, 0, true); setValue(MAXFAILEDLOGINS, 0, Integer.toString(ExtendedInformation.DEFAULT_MAXLOGINATTEMPTS)); } /* In EJBCA 4.0.0 we changed the date format to ISO 8601. * In the Admin GUI the example was: * DateFormat.getDateTimeInstance(DateFormat.SHORT, DateFormat.SHORT, ejbcawebbean.getLocale()) * but the only absolute format that could have worked is the same enforced by the * doesUserFullfillEndEntityProfile check and this is what need to upgrade from: * DateFormat.getDateTimeInstance(DateFormat.MEDIUM, DateFormat.SHORT, Locale.US) */ if (getVersion() < 13) { final DateFormat oldDateFormat = DateFormat.getDateTimeInstance(DateFormat.MEDIUM, DateFormat.SHORT, Locale.US); final FastDateFormat newDateFormat = FastDateFormat.getInstance("yyyy-MM-dd HH:mm"); try { final String oldStartTime = getValue(STARTTIME, 0); if (!isEmptyOrRelative(oldStartTime)) { // We use an absolute time format, so we need to upgrade final String newStartTime = newDateFormat.format(oldDateFormat.parse(oldStartTime)); setValue(STARTTIME, 0, newStartTime); if (log.isDebugEnabled()) { log.debug("Upgraded " + STARTTIME + " from \"" + oldStartTime + "\" to \"" + newStartTime + "\" in EndEntityProfile."); } } } catch (ParseException e) { log.error("Unable to upgrade " + STARTTIME + " in EndEntityProfile! Manual interaction is required (edit and verify).", e); } try { final String oldEndTime = getValue(ENDTIME, 0); if (!isEmptyOrRelative(oldEndTime)) { // We use an absolute time format, so we need to upgrade final String newEndTime = newDateFormat.format(oldDateFormat.parse(oldEndTime)); setValue(ENDTIME, 0, newEndTime); if (log.isDebugEnabled()) { log.debug("Upgraded " + ENDTIME + " from \"" + oldEndTime + "\" to \"" + newEndTime + "\" in EndEntityProfile."); } } } catch (ParseException e) { log.error("Unable to upgrade " + ENDTIME + " in EndEntityProfile! Manual interaction is required (edit and verify).", e); } } /* * In version 13 we converted some dates to the "yyyy-MM-dd HH:mm" format using default Locale. * These needs to be converted to the same format but should be stored in UTC, so we always know what the times are. */ if (getVersion() < 14) { final String[] timePatterns = { "yyyy-MM-dd HH:mm" }; final String oldStartTime = getValue(STARTTIME, 0); if (!isEmptyOrRelative(oldStartTime)) { try { final String newStartTime = ValidityDate .formatAsUTC(DateUtils.parseDateStrictly(oldStartTime, timePatterns)); setValue(STARTTIME, 0, newStartTime); if (log.isDebugEnabled()) { log.debug("Upgraded " + STARTTIME + " from \"" + oldStartTime + "\" to \"" + newStartTime + "\" in EndEntityProfile."); } } catch (ParseException e) { log.error("Unable to upgrade " + STARTTIME + " to UTC in EndEntityProfile! Manual interaction is required (edit and verify).", e); } } final String oldEndTime = getValue(ENDTIME, 0); if (!isEmptyOrRelative(oldEndTime)) { // We use an absolute time format, so we need to upgrade try { final String newEndTime = ValidityDate .formatAsUTC(DateUtils.parseDateStrictly(oldEndTime, timePatterns)); setValue(ENDTIME, 0, newEndTime); if (log.isDebugEnabled()) { log.debug("Upgraded " + ENDTIME + " from \"" + oldEndTime + "\" to \"" + newEndTime + "\" in EndEntityProfile."); } } catch (ParseException e) { log.error("Unable to upgrade " + ENDTIME + " to UTC in EndEntityProfile! Manual interaction is required (edit and verify).", e); } } } // Finally, update the version stored in the map to the current version data.put(VERSION, new Float(LATEST_VERSION)); } log.trace("<upgrade"); }
From source file:mitm.common.security.certificate.GenerateTestCertificates.java
/** * Generates a certificate without a CN/*from ww w . j a va 2 s. c om*/ * * @throws Exception */ private void generateCertificateNoCN() throws Exception { X509CertificateBuilder certificateBuilder = securityFactory.createX509CertificateBuilder(); String encodedPublicKey = "30819f300d06092a864886f70d010101050003818d00308189028181008c" + "853445a83b7993183d8ed24a1eb8448bde884755c51341a20168343d2a9b" + "ab59477e643a5717e5bbea935dac51caa3a3fbff89059be9d6bf6af8d739" + "5bde8c8c45f89aeb4530805387f3402491defcd523031f2ef7085c63db71" + "bfe9e25378929f5b3c0b53e0e073e5ed7321de1ed6564e387250cef278dd" + "15a7727824620f0203010001"; String encodedPrivateKey = "30820275020100300d06092a864886f70d01010105000482025f3082025b" + "020100028181008c853445a83b7993183d8ed24a1eb8448bde884755c513" + "41a20168343d2a9bab59477e643a5717e5bbea935dac51caa3a3fbff8905" + "9be9d6bf6af8d7395bde8c8c45f89aeb4530805387f3402491defcd52303" + "1f2ef7085c63db71bfe9e25378929f5b3c0b53e0e073e5ed7321de1ed656" + "4e387250cef278dd15a7727824620f02030100010281806efedcde54d7bd" + "dd71dd560e479be263cab3d9a3b75d372bb5c334c366b95c4349ff4e17ef" + "795218168a612331f55d824b0ac7bb3d21fde0b24cd60873775cdf2db306" + "a899f7733d36c11064b76efab7c1b9ab8a897737a5d0b4f05378a033ff71" + "a150ed772f1cdbba4cbf8d41025081c960072c07c1f62d7f20a76b6d549f" + "61024100cad28338a54224d1a56c32c9f1ad7e0f721e7059dd1bb0310d2b" + "04ecc900f57b8f58d773f908a8870ba8676b4363c6087fc44f516d21c9c7" + "ea761e07ac77363f024100b15cf740a7162c3bc998fbf57c2d5335e4426d" + "5085ed295a432084c1f4311da996a8d40768d3e064e2615e0b2660faf023" + "86ed0cbce55a1b4ef0aa6583ed003102402ea29ad3828423ed24892d606b" + "b6859ecd919c29bd82694fce044f3c96b726bac36a1d182871ca364b02ec" + "cca8111feec25a0416e7edf5f486bfa40605acdf87024064abff0fec8732" + "5e51448ba7406fbdae763c9a2dbd86eb14f7cb2a6fa8ba843ab1706cc133" + "e827933bc7c6888fa5366a3dd0251738d4f9fb4c28609fb46d3ed1024007" + "49ec34b3aa1be30efcc2bc5a18b7ed51ed7b670b9a215c05725ea5dea6da" + "6a71aa14e33ab2c8c5d05f4d8e33ed09e83b1df5cdeaf73571f87e67a412" + "864bde"; PrivateKey privateKey = decodePrivateKey(encodedPrivateKey); PublicKey publicKey = decodePublicKey(encodedPublicKey); X500PrincipalBuilder subjectBuilder = new X500PrincipalBuilder(); String email = "test@example.com"; subjectBuilder.setEmail(email); subjectBuilder.setCountryCode("NL"); subjectBuilder.setLocality("Amsterdam"); subjectBuilder.setState("NH"); AltNamesBuilder altNamesBuider = new AltNamesBuilder(); altNamesBuider.setRFC822Names(email); X500Principal subject = subjectBuilder.buildPrincipal(); GeneralNames altNames = altNamesBuider.buildAltNames(); Set<KeyUsageType> keyUsage = new TreeSet<KeyUsageType>(); keyUsage.add(KeyUsageType.DIGITALSIGNATURE); keyUsage.add(KeyUsageType.KEYENCIPHERMENT); keyUsage.add(KeyUsageType.NONREPUDIATION); Set<ExtendedKeyUsageType> extendedKeyUsage = new TreeSet<ExtendedKeyUsageType>(); extendedKeyUsage.add(ExtendedKeyUsageType.CLIENTAUTH); extendedKeyUsage.add(ExtendedKeyUsageType.EMAILPROTECTION); BigInteger serialNumber = new BigInteger("115fd0e5ee990d9426c93dea720e970", 16); Date now = DateFormat.getDateTimeInstance(DateFormat.MEDIUM, DateFormat.MEDIUM, Locale.UK) .parse("21-Nov-2007 11:52:35"); certificateBuilder.setSubject(subject); certificateBuilder.setAltNames(altNames, true); certificateBuilder.setKeyUsage(keyUsage, true); certificateBuilder.setExtendedKeyUsage(extendedKeyUsage, false); certificateBuilder.setNotBefore(DateUtils.addDays(now, -20)); certificateBuilder.setNotAfter(DateUtils.addYears(now, 20)); certificateBuilder.setPublicKey(publicKey); certificateBuilder.setSerialNumber(serialNumber); certificateBuilder.setSignatureAlgorithm("SHA1WithRSAEncryption"); X509Certificate certificate = certificateBuilder.generateCertificate(caPrivateKey, caCertificate); assertNotNull(certificate); certificates.add(certificate); Certificate[] chain = new Certificate[] { certificate, caCertificate, rootCertificate }; keyStore.setKeyEntry("NoCN", privateKey, null, chain); }