Examples with CertificateAttribute de.trustable.ca3s.core.domain.CertificateAttribute used on opensource projects

Example 6 with CertificateAttribute

use of de.trustable.ca3s.core.domain.CertificateAttribute in project ca3sCore by kuehne-trustable-de.

the class CertExpiryScheduler method checkAllCRLsForCertificate.

CRLUpdateInfo checkAllCRLsForCertificate(Certificate cert, X509Certificate x509Cert, HashSet<String> brokenCrlUrlList) {
    CRLUpdateInfo info = new CRLUpdateInfo();
    long maxNextUpdate = System.currentTimeMillis() + 1000L * preferenceUtil.getMaxNextUpdatePeriodCRLSec();
    for (CertificateAttribute certAtt : cert.getCertificateAttributes()) {
        // iterate all CRL URLs
        if (CertificateAttribute.ATTRIBUTE_CRL_URL.equals(certAtt.getName())) {
            String crlUrl = certAtt.getValue();
            if (brokenCrlUrlList.contains(crlUrl)) {
                LOG.debug("CRL URL'{}' already marked as broken / inaccessible", crlUrl);
                continue;
            }
            info.incUrlCount();
            try {
                LOG.debug("downloading CRL '{}'", crlUrl);
                X509CRL crl = crlUtil.downloadCRL(crlUrl);
                if (crl == null) {
                    LOG.debug("downloaded CRL == null ");
                    continue;
                }
                long nextUpdate = crl.getNextUpdate().getTime();
                if (nextUpdate > maxNextUpdate) {
                    LOG.debug("nextUpdate {} from CRL limited to {}", crl.getNextUpdate(), new Date(maxNextUpdate));
                    nextUpdate = maxNextUpdate;
                }
                // set the crl's 'next update' timestamp to the certificate
                certUtil.setCertAttribute(cert, CertificateAttribute.ATTRIBUTE_CRL_NEXT_UPDATE, Long.toString(nextUpdate), false);
                X509CRLEntry crlItem = crl.getRevokedCertificate(new BigInteger(cert.getSerial()));
                if ((crlItem != null) && (crl.isRevoked(x509Cert))) {
                    String revocationReason = "unspecified";
                    if (crlItem.getRevocationReason() != null) {
                        if (cryptoUtil.crlReasonAsString(CRLReason.lookup(crlItem.getRevocationReason().ordinal())) != null) {
                            revocationReason = cryptoUtil.crlReasonAsString(CRLReason.lookup(crlItem.getRevocationReason().ordinal()));
                        }
                    }
                    Date revocationDate = new Date();
                    if (crlItem.getRevocationDate() != null) {
                        revocationDate = crlItem.getRevocationDate();
                    } else {
                        LOG.debug("Checking certificate {}: no RevocationDate present for reason {}!", cert.getId(), revocationReason);
                    }
                    certUtil.setRevocationStatus(cert, revocationReason, revocationDate);
                    auditService.saveAuditTrace(auditService.createAuditTraceCertificate(AuditService.AUDIT_CERTIFICATE_REVOKED_BY_CRL, cert));
                }
                info.setSuccess();
                break;
            } catch (CertificateException | CRLException | IOException | NamingException e2) {
                LOG.info("Problem retrieving CRL for certificate " + cert.getId());
                LOG.debug("CRL retrieval for certificate " + cert.getId() + " failed", e2);
                brokenCrlUrlList.add(crlUrl);
            }
        }
    }
    return info;
}

Example 7 with CertificateAttribute

use of de.trustable.ca3s.core.domain.CertificateAttribute in project ca3sCore by kuehne-trustable-de.

the class CertificateAttributeResourceIT method updateCertificateAttribute.

@Test
@Transactional
public void updateCertificateAttribute() throws Exception {
    // Initialize the database
    certificateAttributeRepository.saveAndFlush(certificateAttribute);
    int databaseSizeBeforeUpdate = certificateAttributeRepository.findAll().size();
    // Update the certificateAttribute
    CertificateAttribute updatedCertificateAttribute = certificateAttributeRepository.findById(certificateAttribute.getId()).get();
    // Disconnect from session so that the updates on updatedCertificateAttribute are not directly saved in db
    em.detach(updatedCertificateAttribute);
    updatedCertificateAttribute.name(UPDATED_NAME).value(UPDATED_VALUE);
    restCertificateAttributeMockMvc.perform(put("/api/certificate-attributes").contentType(TestUtil.APPLICATION_JSON_UTF8).content(TestUtil.convertObjectToJsonBytes(updatedCertificateAttribute))).andExpect(status().isOk());
    // Validate the CertificateAttribute in the database
    List<CertificateAttribute> certificateAttributeList = certificateAttributeRepository.findAll();
    assertThat(certificateAttributeList).hasSize(databaseSizeBeforeUpdate);
    CertificateAttribute testCertificateAttribute = certificateAttributeList.get(certificateAttributeList.size() - 1);
    assertThat(testCertificateAttribute.getName()).isEqualTo(UPDATED_NAME);
    assertThat(testCertificateAttribute.getValue()).isEqualTo(UPDATED_VALUE);
}

Example 8 with CertificateAttribute

use of de.trustable.ca3s.core.domain.CertificateAttribute in project ca3sCore by kuehne-trustable-de.

the class CertificateAttributeResource method createCertificateAttribute.

/**
 * {@code POST  /certificate-attributes} : Create a new certificateAttribute.
 *
 * @param certificateAttribute the certificateAttribute to create.
 * @return the {@link ResponseEntity} with status {@code 201 (Created)} and with body the new certificateAttribute, or with status {@code 400 (Bad Request)} if the certificateAttribute has already an ID.
 * @throws URISyntaxException if the Location URI syntax is incorrect.
 */
@PostMapping("/certificate-attributes")
public ResponseEntity<CertificateAttribute> createCertificateAttribute(@Valid @RequestBody CertificateAttribute certificateAttribute) throws URISyntaxException {
    log.debug("REST request to save CertificateAttribute : {}", certificateAttribute);
    if (certificateAttribute.getId() != null) {
        throw new BadRequestAlertException("A new certificateAttribute cannot already have an ID", ENTITY_NAME, "idexists");
    }
    CertificateAttribute result = certificateAttributeRepository.save(certificateAttribute);
    return ResponseEntity.created(new URI("/api/certificate-attributes/" + result.getId())).headers(HeaderUtil.createEntityCreationAlert(applicationName, true, ENTITY_NAME, result.getId().toString())).body(result);
}

Example 9 with CertificateAttribute

use of de.trustable.ca3s.core.domain.CertificateAttribute in project ca3sCore by kuehne-trustable-de.

the class CertificateUtilIntTest method testBuildCertificatetestCertWithNullKeyLength.

@Test
public void testBuildCertificatetestCertWithNullKeyLength() throws GeneralSecurityException, IOException {
    String executionId = "";
    Certificate cert = certificateUtil.createCertificate(testCertWithNullKeyLength, null, executionId);
    assertNotNull(cert);
    int sanCount = 0;
    for (CertificateAttribute certAtt : cert.getCertificateAttributes()) {
        if (CertificateAttribute.ATTRIBUTE_SAN.equals(certAtt.getName())) {
            sanCount++;
        }
        if (CertificateAttribute.ATTRIBUTE_CRL_URL.equals(certAtt.getName())) {
            System.out.println("ATTRIBUTE_CRL_URL" + certAtt.getValue());
        }
    }
    assertEquals(2, sanCount);
    assertEquals("rsa", cert.getKeyAlgorithm());
    assertEquals("rsa", cert.getSigningAlgorithm());
    assertEquals("sha256", cert.getHashingAlgorithm());
    assertEquals("2048", cert.getKeyLength().toString());
    assertEquals("pkcs1", cert.getPaddingAlgorithm());
}

Example 10 with CertificateAttribute

use of de.trustable.ca3s.core.domain.CertificateAttribute in project ca3sCore by kuehne-trustable-de.

the class CertificateUtilIntTest method testBuildCertificatetestCertECCWithManySANs.

@Test
public void testBuildCertificatetestCertECCWithManySANs() throws GeneralSecurityException, IOException {
    String executionId = "";
    Certificate cert = certificateUtil.createCertificate(testCertECCWithManySANs, null, executionId);
    assertNotNull(cert);
    assertFalse(cert.getSans().isEmpty());
    assertEquals("*.google.com;*.android.com;*.appengine.google.com;*.cloud.google.com;*.google-analytics.com;*.google.ca;*.google.cl;*.google.co.in;*.google.co.jp;*.google.co.uk;*.google.com.ar;*.google.com.au;*.google.com.br;*.google.com.co;*.google.com.mx;*.google.", cert.getSans());
    int sanCount = 0;
    for (CertificateAttribute certAtt : cert.getCertificateAttributes()) {
        if (CertificateAttribute.ATTRIBUTE_SAN.equals(certAtt.getName())) {
            sanCount++;
        }
    }
    assertEquals(45, sanCount);
    assertEquals("ec", cert.getKeyAlgorithm());
    assertEquals("rsa", cert.getSigningAlgorithm());
    assertEquals("sha1", cert.getHashingAlgorithm());
    assertEquals("prime256v1", cert.getCurveName());
    assertEquals("256", cert.getKeyLength().toString());
    assertEquals("pkcs1", cert.getPaddingAlgorithm());
}