Search in sources :

Example 36 with CertificateList

use of com.github.zhenwei.core.asn1.x509.CertificateList in project kubernetes-client by fabric8io.

the class V1alpha3CertificateCrudTest method shouldListAndGetCertificate.

@Test
void shouldListAndGetCertificate() {
    Certificate certificate2 = new CertificateBuilder().withNewMetadata().withName("cert2").endMetadata().build();
    client.v1alpha3().certificates().inNamespace("ns2").create(certificate2);
    CertificateList certificateList = client.v1alpha3().certificates().inNamespace("ns2").list();
    assertNotNull(certificateList);
    assertEquals(1, certificateList.getItems().size());
}
Also used : CertificateBuilder(io.fabric8.certmanager.api.model.v1alpha3.CertificateBuilder) CertificateList(io.fabric8.certmanager.api.model.v1alpha3.CertificateList) Certificate(io.fabric8.certmanager.api.model.v1alpha3.Certificate) Test(org.junit.jupiter.api.Test)

Example 37 with CertificateList

use of com.github.zhenwei.core.asn1.x509.CertificateList in project kubernetes-client by fabric8io.

the class V1beta1CertificateCrudTest method shouldListAndGetCertificate.

@Test
void shouldListAndGetCertificate() {
    Certificate certificate2 = new CertificateBuilder().withNewMetadata().withName("cert2").endMetadata().build();
    client.v1beta1().certificates().inNamespace("ns2").create(certificate2);
    CertificateList certificateList = client.v1beta1().certificates().inNamespace("ns2").list();
    assertNotNull(certificateList);
    assertEquals(1, certificateList.getItems().size());
}
Also used : CertificateBuilder(io.fabric8.certmanager.api.model.v1beta1.CertificateBuilder) CertificateList(io.fabric8.certmanager.api.model.v1beta1.CertificateList) Certificate(io.fabric8.certmanager.api.model.v1beta1.Certificate) Test(org.junit.jupiter.api.Test)

Example 38 with CertificateList

use of com.github.zhenwei.core.asn1.x509.CertificateList in project pri by secure-device-onboard.

the class OnDieSignatureValidator method checkRevocations.

private static boolean checkRevocations(List<Certificate> certificateList, OnDieCache onDieCache) {
    // Check revocations first.
    try {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
        for (Certificate cert : certificateList) {
            X509Certificate x509cert = (X509Certificate) cert;
            X509CertificateHolder certHolder = new X509CertificateHolder(x509cert.getEncoded());
            CRLDistPoint cdp = CRLDistPoint.fromExtensions(certHolder.getExtensions());
            if (cdp != null) {
                DistributionPoint[] distPoints = cdp.getDistributionPoints();
                for (DistributionPoint dp : distPoints) {
                    GeneralName[] generalNames = GeneralNames.getInstance(dp.getDistributionPoint().getName()).getNames();
                    for (GeneralName generalName : generalNames) {
                        byte[] crlBytes = onDieCache.getCrl(generalName.getName().toString());
                        if (crlBytes == null) {
                            LoggerFactory.getLogger(OnDieSignatureValidator.class).warn("CRL not found in cache for: " + generalName.getName().toString());
                            return false;
                        } else {
                            CRL crl = certificateFactory.generateCRL(new ByteArrayInputStream(crlBytes));
                            if (crl.isRevoked(cert)) {
                                return false;
                            }
                        }
                    }
                }
            }
        }
    } catch (IOException | CertificateException | CRLException ex) {
        return false;
    }
    return true;
}
Also used : CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(java.security.cert.X509Certificate) ByteArrayInputStream(java.io.ByteArrayInputStream) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) GeneralName(org.bouncycastle.asn1.x509.GeneralName) CRL(java.security.cert.CRL) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) CRLException(java.security.cert.CRLException) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Aggregations

IOException (java.io.IOException)13 CertificateList (org.bouncycastle.asn1.x509.CertificateList)13 CRLException (java.security.cert.CRLException)10 Test (org.junit.jupiter.api.Test)8 CRL (java.security.cert.CRL)5 X509CRL (java.security.cert.X509CRL)5 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)5 X509CRLHolder (org.bouncycastle.cert.X509CRLHolder)5 OperationException (org.xipki.ca.api.OperationException)5 DefaultCertManagerClient (io.fabric8.certmanager.client.DefaultCertManagerClient)4 NamespacedCertManagerClient (io.fabric8.certmanager.client.NamespacedCertManagerClient)4 GeneralName (org.bouncycastle.asn1.x509.GeneralName)4 CertificateList (io.fabric8.certmanager.api.model.v1.CertificateList)3 CertificateList (io.fabric8.certmanager.api.model.v1alpha2.CertificateList)3 CertificateList (io.fabric8.certmanager.api.model.v1alpha3.CertificateList)3 ByteArrayInputStream (java.io.ByteArrayInputStream)3 BigInteger (java.math.BigInteger)3 CertificateException (java.security.cert.CertificateException)3 X509Certificate (java.security.cert.X509Certificate)3 CertificateList (com.beanit.asn1bean.compiler.pkix1explicit88.CertificateList)2