List of usage examples for org.bouncycastle.cert.jcajce JcaX509CertificateConverter JcaX509CertificateConverter
public JcaX509CertificateConverter()
From source file:org.signserver.module.xades.validator.XAdESValidator2UnitTest.java
License:Open Source License
/** * Test validation of document signed by signer2 with CRL where no * cert is revoked.//from w w w .j a v a2 s .co m */ @Test public void testSigner2_crlNoRevoked() throws Exception { LOG.info("testSigner2_crlNoRevoked"); XAdESValidator instance = new XAdESValidator(); WorkerConfig config = new WorkerConfig(); config.setProperty("TRUSTANCHORS", new String(CertTools.getPEMFromCerts( Arrays.<Certificate>asList(new JcaX509CertificateConverter().getCertificate(rootcaCert))))); config.setProperty("REVOCATION_CHECKING", "true"); // We need to configure intermediate certificate as XAdES4j does not seem to include intermediate certificates in the signed document config.setProperty("CERTIFICATES", new String(CertTools.getPEMFromCerts( Arrays.<Certificate>asList(new JcaX509CertificateConverter().getCertificate(subca1Cert))))); updateCRLs(rootcaCRLEmpty, subca1CRLEmpty); instance.init(4714, config, null, null); RequestContext requestContext = new RequestContext(); requestContext.put(RequestContext.TRANSACTION_ID, "0000-304-1"); GenericValidationRequest request = new GenericValidationRequest(304, signedXml2.getBytes("UTF-8")); GenericValidationResponse response = (GenericValidationResponse) instance.processData(request, requestContext); assertTrue("valid document", response.isValid()); assertNotNull("returned signer cert", response.getSignerCertificate()); assertEquals("cert validation status", Validation.Status.VALID, response.getCertificateValidation().getStatus()); }
From source file:org.signserver.module.xades.validator.XAdESValidator2UnitTest.java
License:Open Source License
/** * Test validation of document signed by signer2 with CRL where the signer * certificate is revoked.//from w w w .j av a 2 s. com */ @Test public void testSigner2_crlSignerRevoked() throws Exception { LOG.info("testSigner2_crlSignerRevoked"); XAdESValidator instance = new XAdESValidator(); WorkerConfig config = new WorkerConfig(); config.setProperty("TRUSTANCHORS", new String(CertTools.getPEMFromCerts( Arrays.<Certificate>asList(new JcaX509CertificateConverter().getCertificate(rootcaCert))))); config.setProperty("REVOCATION_CHECKING", "true"); // We need to configure intermediate certificate as XAdES4j does not seem to include intermediate certificates in the signed document config.setProperty("CERTIFICATES", new String(CertTools.getPEMFromCerts( Arrays.<Certificate>asList(new JcaX509CertificateConverter().getCertificate(subca1Cert))))); updateCRLs(rootcaCRLEmpty, subca1CRLSigner2Revoked); instance.init(4714, config, null, null); RequestContext requestContext = new RequestContext(); requestContext.put(RequestContext.TRANSACTION_ID, "0000-305-1"); GenericValidationRequest request = new GenericValidationRequest(305, signedXml2.getBytes("UTF-8")); GenericValidationResponse response = (GenericValidationResponse) instance.processData(request, requestContext); assertFalse("valid document", response.isValid()); assertNotEquals("cert validation status", Validation.Status.VALID, response.getCertificateValidation().getStatus()); }
From source file:org.signserver.module.xades.validator.XAdESValidator2UnitTest.java
License:Open Source License
/** * Test validation of document signed by signer2 with CRL where the sub CA * certificate is revoked.// w w w .j ava 2 s.c o m */ @Test public void testSigner2_crlCARevoked() throws Exception { LOG.info("testSigner2_crlCARevoked"); XAdESValidator instance = new XAdESValidator(); WorkerConfig config = new WorkerConfig(); config.setProperty("TRUSTANCHORS", new String(CertTools.getPEMFromCerts( Arrays.<Certificate>asList(new JcaX509CertificateConverter().getCertificate(rootcaCert))))); config.setProperty("REVOCATION_CHECKING", "true"); // We need to configure intermediate certificate as XAdES4j does not seem to include intermediate certificates in the signed document config.setProperty("CERTIFICATES", new String(CertTools.getPEMFromCerts( Arrays.<Certificate>asList(new JcaX509CertificateConverter().getCertificate(subca1Cert))))); updateCRLs(rootcaCRLSubCAAndSigner1Revoked, subca1CRLEmpty); instance.init(4714, config, null, null); RequestContext requestContext = new RequestContext(); requestContext.put(RequestContext.TRANSACTION_ID, "0000-305-1"); GenericValidationRequest request = new GenericValidationRequest(305, signedXml2.getBytes("UTF-8")); GenericValidationResponse response = (GenericValidationResponse) instance.processData(request, requestContext); assertFalse("valid document", response.isValid()); assertNotEquals("cert validation status", Validation.Status.VALID, response.getCertificateValidation().getStatus()); }
From source file:org.signserver.module.xades.validator.XAdESValidator2UnitTest.java
License:Open Source License
/** * Test validation of document signed by signer2 where the sub CA CRL is * signed by an other CA and thus not trusted. *//*from ww w . j a va2s .c om*/ @Test public void testSigner2_badCRL() throws Exception { LOG.info("testSigner2_badCRL"); XAdESValidator instance = new XAdESValidator(); WorkerConfig config = new WorkerConfig(); config.setProperty("TRUSTANCHORS", new String(CertTools.getPEMFromCerts( Arrays.<Certificate>asList(new JcaX509CertificateConverter().getCertificate(rootcaCert))))); config.setProperty("REVOCATION_CHECKING", "true"); // We need to configure intermediate certificate as XAdES4j does not seem to include intermediate certificates in the signed document config.setProperty("CERTIFICATES", new String(CertTools.getPEMFromCerts( Arrays.<Certificate>asList(new JcaX509CertificateConverter().getCertificate(subca1Cert))))); updateCRLs(rootcaCRLEmpty, otherCRL); instance.init(4714, config, null, null); RequestContext requestContext = new RequestContext(); requestContext.put(RequestContext.TRANSACTION_ID, "0000-306-1"); GenericValidationRequest request = new GenericValidationRequest(306, signedXml2.getBytes("UTF-8")); GenericValidationResponse response = (GenericValidationResponse) instance.processData(request, requestContext); assertFalse("valid document", response.isValid()); assertNotEquals("cert validation status", Validation.Status.VALID, response.getCertificateValidation().getStatus()); }
From source file:org.signserver.module.xades.validator.XAdESValidator2UnitTest.java
License:Open Source License
/** * Positive test for signer 3 were an OCSP response is signed by the CA * and returns the status GOOD for the signer 3 certificate. *///from w w w . j a v a2s . co m @Test public void testSigner3_withOnlyOCSP_ca_ok() throws Exception { LOG.info("testSigner3_withOnlyOCSP_ca_ok"); final ArrayList<OCSPReq> requests = new ArrayList<OCSPReq>(); XAdESValidator instance = new XAdESValidator() { @Override protected OCSPResponse doQueryOCSPResponder(URL url, OCSPReq request) throws IOException, OCSPException { try { requests.add(request); // Create response signed by the CA return convert( new OCSPResponseBuilder() .addResponse(new OcspRespObject( new CertificateID( new BcDigestCalculatorProvider().get( new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)), rootcaCert, signer3Cert.getSerialNumber()), CertificateStatus.GOOD)) .setResponseSignerCertificate( new JcaX509CertificateConverter().getCertificate(rootcaCert)) .setIssuerPrivateKey(rootcaKeyPair.getPrivate()) .setChain(new X509CertificateHolder[] { rootcaCert }).build()); } catch (Exception ex) { throw new RuntimeException(ex); } } }; WorkerConfig config = new WorkerConfig(); config.setProperty("TRUSTANCHORS", new String(CertTools.getPEMFromCerts( Arrays.<Certificate>asList(new JcaX509CertificateConverter().getCertificate(rootcaCert))))); config.setProperty("REVOCATION_CHECKING", "true"); instance.init(4715, config, null, null); RequestContext requestContext = new RequestContext(); requestContext.put(RequestContext.TRANSACTION_ID, "0000-307-1"); GenericValidationRequest request = new GenericValidationRequest(307, signedXml3.getBytes("UTF-8")); GenericValidationResponse response = (GenericValidationResponse) instance.processData(request, requestContext); assertEquals("OCSP calls", 1, requests.size()); assertTrue("valid document", response.isValid()); assertEquals("cert validation status", Validation.Status.VALID, response.getCertificateValidation().getStatus()); }
From source file:org.signserver.module.xades.validator.XAdESValidator2UnitTest.java
License:Open Source License
/** * Positive test for signer 3 were an OCSP response is signed by external * responder and returns the status GOOD for the signer 3 certificate. */// w w w . ja v a 2 s. co m @Test public void testSigner3_withOnlyOCSP_responder_ok() throws Exception { LOG.info("testSigner3_withOnlyOCSP_responder_ok"); final ArrayList<OCSPReq> requests = new ArrayList<OCSPReq>(); XAdESValidator instance = new XAdESValidator() { @Override protected OCSPResponse doQueryOCSPResponder(URL url, OCSPReq request) throws IOException, OCSPException { try { requests.add(request); // Create response signed by the CA return convert( new OCSPResponseBuilder() .addResponse(new OcspRespObject( new CertificateID( new BcDigestCalculatorProvider().get( new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)), rootcaCert, signer3Cert.getSerialNumber()), CertificateStatus.GOOD)) .setResponseSignerCertificate( new JcaX509CertificateConverter().getCertificate(ocspSigner1Cert)) .setIssuerPrivateKey(ocspSigner1KeyPair.getPrivate()) .setChain(new X509CertificateHolder[] { ocspSigner1Cert }).build()); } catch (Exception ex) { throw new RuntimeException(ex); } } }; WorkerConfig config = new WorkerConfig(); config.setProperty("TRUSTANCHORS", new String(CertTools.getPEMFromCerts( Arrays.<Certificate>asList(new JcaX509CertificateConverter().getCertificate(rootcaCert))))); config.setProperty("REVOCATION_CHECKING", "true"); instance.init(4715, config, null, null); RequestContext requestContext = new RequestContext(); requestContext.put(RequestContext.TRANSACTION_ID, "0000-307-1"); GenericValidationRequest request = new GenericValidationRequest(307, signedXml3.getBytes("UTF-8")); GenericValidationResponse response = (GenericValidationResponse) instance.processData(request, requestContext); assertEquals("OCSP calls", 1, requests.size()); assertTrue("valid document", response.isValid()); assertEquals("cert validation status", Validation.Status.VALID, response.getCertificateValidation().getStatus()); }
From source file:org.signserver.module.xades.validator.XAdESValidator2UnitTest.java
License:Open Source License
/** * Negative test for signer 3 were an OCSP response is signed by an un matching private key * and returns the status GOOD for the signer 3 certificate. *//* w w w . ja v a 2s . c o m*/ @Test public void testSigner3_withOnlyOCSP_anotherKey() throws Exception { LOG.info("testSigner3_withOnlyOCSP_anotherKey"); final ArrayList<OCSPReq> requests = new ArrayList<OCSPReq>(); XAdESValidator instance = new XAdESValidator() { @Override protected OCSPResponse doQueryOCSPResponder(URL url, OCSPReq request) throws IOException, OCSPException { try { requests.add(request); // Create response signed by anotherKeyPair but including the rootcaCert return convert( new OCSPResponseBuilder() .addResponse(new OcspRespObject( new CertificateID( new BcDigestCalculatorProvider().get( new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)), rootcaCert, signer3Cert.getSerialNumber()), CertificateStatus.GOOD)) .setResponseSignerCertificate( new JcaX509CertificateConverter().getCertificate(rootcaCert)) .setIssuerPrivateKey(anotherKeyPair.getPrivate()) .setChain(new X509CertificateHolder[] { rootcaCert }).build()); } catch (Exception ex) { throw new RuntimeException(ex); } } }; WorkerConfig config = new WorkerConfig(); config.setProperty("TRUSTANCHORS", new String(CertTools.getPEMFromCerts( Arrays.<Certificate>asList(new JcaX509CertificateConverter().getCertificate(rootcaCert))))); config.setProperty("REVOCATION_CHECKING", "true"); instance.init(4715, config, null, null); RequestContext requestContext = new RequestContext(); requestContext.put(RequestContext.TRANSACTION_ID, "0000-307-1"); GenericValidationRequest request = new GenericValidationRequest(307, signedXml3.getBytes("UTF-8")); GenericValidationResponse response = (GenericValidationResponse) instance.processData(request, requestContext); assertEquals("OCSP calls", 1, requests.size()); assertNotEquals("cert validation status", Validation.Status.VALID, response.getCertificateValidation().getStatus()); assertFalse("valid document", response.isValid()); }
From source file:org.signserver.module.xades.validator.XAdESValidator2UnitTest.java
License:Open Source License
/** * Negative test for signer 3 were querying the OCSP responder fails. *//*from w w w.j a va 2 s. c o m*/ @Test public void testSigner3_withOnlyOCSP_unavailable() throws Exception { LOG.info("testSigner3_withOnlyOCSP_unavailable"); final ArrayList<OCSPReq> requests = new ArrayList<OCSPReq>(); XAdESValidator instance = new XAdESValidator() { @Override protected OCSPResponse doQueryOCSPResponder(URL url, OCSPReq request) throws IOException, OCSPException { requests.add(request); // The default implementation will fail as http://ocsp.example.com can not be reached return super.doQueryOCSPResponder(url, request); } }; WorkerConfig config = new WorkerConfig(); config.setProperty("TRUSTANCHORS", new String(CertTools.getPEMFromCerts( Arrays.<Certificate>asList(new JcaX509CertificateConverter().getCertificate(rootcaCert))))); config.setProperty("REVOCATION_CHECKING", "true"); instance.init(4715, config, null, null); RequestContext requestContext = new RequestContext(); requestContext.put(RequestContext.TRANSACTION_ID, "0000-307-1"); GenericValidationRequest request = new GenericValidationRequest(307, signedXml3.getBytes("UTF-8")); GenericValidationResponse response = (GenericValidationResponse) instance.processData(request, requestContext); assertEquals("OCSP calls", 1, requests.size()); assertFalse("valid document", response.isValid()); assertNotEquals("cert validation status", Validation.Status.VALID, response.getCertificateValidation().getStatus()); }
From source file:org.signserver.module.xades.validator.XAdESValidator2UnitTest.java
License:Open Source License
/** * Negative test for signer 3 were an OCSP response is signed by the CA * and returns the status REVOKED for the signer 3 certificate. *//* w w w . j a va 2 s . c o m*/ @Test public void testSigner3_withOnlyOCSP_revoked() throws Exception { LOG.info("testSigner3_withOnlyOCSP_revoked"); final ArrayList<OCSPReq> requests = new ArrayList<OCSPReq>(); XAdESValidator instance = new XAdESValidator() { @Override protected OCSPResponse doQueryOCSPResponder(URL url, OCSPReq request) throws IOException, OCSPException { try { requests.add(request); // Create response signed by the CA and with REVOKED status return convert( new OCSPResponseBuilder() .addResponse(new OcspRespObject( new CertificateID( new BcDigestCalculatorProvider().get( new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)), rootcaCert, signer3Cert.getSerialNumber()), new RevokedStatus(new Date(1389884758000l), 1))) .setResponseSignerCertificate( new JcaX509CertificateConverter().getCertificate(rootcaCert)) .setIssuerPrivateKey(rootcaKeyPair.getPrivate()) .setChain(new X509CertificateHolder[] { rootcaCert }).build()); } catch (Exception ex) { throw new RuntimeException(ex); } } }; WorkerConfig config = new WorkerConfig(); config.setProperty("TRUSTANCHORS", new String(CertTools.getPEMFromCerts( Arrays.<Certificate>asList(new JcaX509CertificateConverter().getCertificate(rootcaCert))))); config.setProperty("REVOCATION_CHECKING", "true"); instance.init(4715, config, null, null); RequestContext requestContext = new RequestContext(); requestContext.put(RequestContext.TRANSACTION_ID, "0000-307-1"); GenericValidationRequest request = new GenericValidationRequest(307, signedXml3.getBytes("UTF-8")); GenericValidationResponse response = (GenericValidationResponse) instance.processData(request, requestContext); assertEquals("OCSP calls", 1, requests.size()); assertFalse("valid document", response.isValid()); assertNotEquals("cert validation status", Validation.Status.VALID, response.getCertificateValidation().getStatus()); }
From source file:org.signserver.module.xades.validator.XAdESValidator2UnitTest.java
License:Open Source License
/** * Positive test for signer 3 were an OCSP response is signed by the CA * and returns the status GOOD for the signer 3 certificate. *//*from w w w. j a v a 2 s. c o m*/ @Test public void testSigner4_withOnlyOCSP_ca_ok() throws Exception { LOG.info("testSigner4_withOnlyOCSP_ca_ok"); final ArrayList<OCSPReq> requests = new ArrayList<OCSPReq>(); XAdESValidator instance = new XAdESValidator() { @Override protected OCSPResponse doQueryOCSPResponder(URL url, OCSPReq request) throws IOException, OCSPException { try { requests.add(request); // Create response signed by the sub CA2 or Root CA if (request.getRequestList()[0].getCertID().matchesIssuer(subca2Cert, new BcDigestCalculatorProvider())) { return convert( new OCSPResponseBuilder() .addResponse( new OcspRespObject( new CertificateID( new BcDigestCalculatorProvider() .get(new AlgorithmIdentifier( OIWObjectIdentifiers.idSHA1)), subca2Cert, signer4Cert.getSerialNumber()), CertificateStatus.GOOD)) .setResponseSignerCertificate( new JcaX509CertificateConverter().getCertificate(subca2Cert)) .setIssuerPrivateKey(subca2KeyPair.getPrivate()) .setChain(new X509CertificateHolder[] { subca2Cert }).build()); } else { return convert( new OCSPResponseBuilder() .addResponse( new OcspRespObject( new CertificateID( new BcDigestCalculatorProvider() .get(new AlgorithmIdentifier( OIWObjectIdentifiers.idSHA1)), rootcaCert, subca2Cert.getSerialNumber()), CertificateStatus.GOOD)) .setResponseSignerCertificate( new JcaX509CertificateConverter().getCertificate(rootcaCert)) .setIssuerPrivateKey(rootcaKeyPair.getPrivate()) .setChain(new X509CertificateHolder[] { rootcaCert }).build()); } } catch (Exception ex) { throw new RuntimeException(ex); } } }; WorkerConfig config = new WorkerConfig(); config.setProperty("TRUSTANCHORS", new String(CertTools.getPEMFromCerts( Arrays.<Certificate>asList(new JcaX509CertificateConverter().getCertificate(rootcaCert))))); config.setProperty("CERTIFICATES", new String(CertTools.getPEMFromCerts( Arrays.<Certificate>asList(new JcaX509CertificateConverter().getCertificate(subca2Cert))))); config.setProperty("REVOCATION_CHECKING", "true"); instance.init(4716, config, null, null); RequestContext requestContext = new RequestContext(); requestContext.put(RequestContext.TRANSACTION_ID, "0000-407-1"); GenericValidationRequest request = new GenericValidationRequest(407, signedXml4.getBytes("UTF-8")); GenericValidationResponse response = (GenericValidationResponse) instance.processData(request, requestContext); assertEquals("OCSP calls", 2, requests.size()); assertTrue("valid document", response.isValid()); assertEquals("cert validation status", Validation.Status.VALID, response.getCertificateValidation().getStatus()); }