Examples with CertificateInfo ee.ria.xroad.signer.protocol.dto.CertificateInfo used on opensource projects

Search in sources :

Example 1 with CertificateInfo

use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.

the class ClientServiceIntegrationTest method createComplexSignCertList.

/**
 * local sign certificates for local clients:
 * - FI:GOV:M1 has a sign cert "cert1" with ocsp status GOOD
 * - FI:GOV:M1 has a sign cert "cert2" with ocsp status REVOKED
 * ---> FI:GOV:M1 has both GOOD and REVOKED certs
 * - FI:GOV:M2 has a sign cert "cert3" with ocsp status UNKNOWN
 * - FI:DUMMY:M2 has a sign cert "cert4" with ocsp status REVOKED
 * - DUMMY:PRO:M2 does not have any sign certs
 *
 * local sign certificates for global-only clients (not local clients of this SS):
 * - EE:PRO:M1 has a sign cert "cert5" with ocsp status GOOD
 * - EE:PRO:M2 has a sign cert "cert6" with ocsp status REVOKED
 * - EE:PRO:M3 does not have any sign certs
 */
private List<CertificateInfo> createComplexSignCertList() {
    // FI:GOV:M1 has a sign cert "cert1" with ocsp status GOOD
    ClientId clientIdFiGovM1 = ClientId.create("FI", "GOV", "M1");
    CertificateInfo cert1 = new CertificateTestUtils.CertificateInfoBuilder().clientId(clientIdFiGovM1).build();
    // FI:GOV:M1 has a sign cert "cert2" with ocsp status REVOKED
    CertificateInfo cert2 = new CertificateTestUtils.CertificateInfoBuilder().clientId(clientIdFiGovM1).ocspStatus(new RevokedStatus(new Date(), CRLReason.certificateHold)).build();
    // FI:GOV:M2 has a sign cert "cert3" with ocsp status UNKNOWN
    CertificateInfo cert3 = new CertificateTestUtils.CertificateInfoBuilder().clientId(ClientId.create("FI", "GOV", "M2")).ocspStatus(new UnknownStatus()).build();
    // FI:DUMMY:M2 has a sign cert "cert4" with ocsp status REVOKED
    CertificateInfo cert4 = new CertificateTestUtils.CertificateInfoBuilder().clientId(ClientId.create("FI", "DUMMY", "M2")).ocspStatus(new RevokedStatus(new Date(), CRLReason.certificateHold)).build();
    // DUMMY:PRO:M2 does not have any sign certs
    // EE:PRO:M1 has a sign cert "cert5" with ocsp status GOOD
    CertificateInfo cert5 = new CertificateTestUtils.CertificateInfoBuilder().clientId(ClientId.create("EE", "PRO", "M1")).build();
    // EE:PRO:M2 has a sign cert "cert6" with ocsp status REVOKED
    CertificateInfo cert6 = new CertificateTestUtils.CertificateInfoBuilder().clientId(ClientId.create("EE", "PRO", "M2")).ocspStatus(new RevokedStatus(new Date(), CRLReason.certificateHold)).build();
    return Arrays.asList(cert1, cert2, cert3, cert4, cert5, cert6);
}
Also used : RevokedStatus(org.bouncycastle.cert.ocsp.RevokedStatus) CertificateTestUtils(org.niis.xroad.securityserver.restapi.util.CertificateTestUtils) ClientId(ee.ria.xroad.common.identifier.ClientId) CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo) Date(java.util.Date) UnknownStatus(org.bouncycastle.cert.ocsp.UnknownStatus)

Example 2 with CertificateInfo

use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.

the class OrphanRemovalServiceTest method isOrphanKey.

@Test
public void isOrphanKey() {
    ClientId orphanMember = TestUtils.getClientId("FI:GOV:ORPHAN");
    ClientId orphanSubsystemDeleted = TestUtils.getClientId("FI:GOV:ORPHAN:DELETED");
    ClientId orphanSubsystemAlive = TestUtils.getClientId("FI:GOV:ORPHAN:ALIVE");
    ClientId aliveMember = TestUtils.getClientId("FI:GOV:ALIVE");
    CertificateInfo orphanMemberCert = new CertificateTestUtils.CertificateInfoBuilder().clientId(orphanMember).build();
    CertRequestInfo orphanMemberCsr = new CertificateTestUtils.CertRequestInfoBuilder().clientId(orphanMember).build();
    CertificateInfo orphanSubstemAliveCert = new CertificateTestUtils.CertificateInfoBuilder().clientId(orphanSubsystemAlive).build();
    CertificateInfo aliveMemberCert = new CertificateTestUtils.CertificateInfoBuilder().clientId(aliveMember).build();
    assertTrue(orphanRemovalService.isOrphanKey(new TokenTestUtils.KeyInfoBuilder().cert(orphanMemberCert).build(), orphanSubsystemDeleted));
    assertFalse(orphanRemovalService.isOrphanKey(new TokenTestUtils.KeyInfoBuilder().cert(orphanMemberCert).build(), aliveMember));
    assertTrue(orphanRemovalService.isOrphanKey(new TokenTestUtils.KeyInfoBuilder().csr(orphanMemberCsr).build(), orphanSubsystemDeleted));
    assertFalse(orphanRemovalService.isOrphanKey(new TokenTestUtils.KeyInfoBuilder().build(), orphanSubsystemDeleted));
    assertTrue(orphanRemovalService.isOrphanKey(new TokenTestUtils.KeyInfoBuilder().cert(orphanMemberCert).cert(orphanSubstemAliveCert).csr(orphanMemberCsr).build(), orphanSubsystemDeleted));
    assertFalse(orphanRemovalService.isOrphanKey(new TokenTestUtils.KeyInfoBuilder().cert(orphanMemberCert).cert(orphanSubstemAliveCert).cert(aliveMemberCert).csr(orphanMemberCsr).build(), orphanSubsystemDeleted));
    assertFalse(orphanRemovalService.isOrphanKey(new TokenTestUtils.KeyInfoBuilder().keyUsageInfo(KeyUsageInfo.AUTHENTICATION).cert(new CertificateTestUtils.CertificateInfoBuilder().clientId(null).build()).build(), orphanSubsystemDeleted));
}
Also used : ClientId(ee.ria.xroad.common.identifier.ClientId) CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo) TokenTestUtils(org.niis.xroad.securityserver.restapi.util.TokenTestUtils) CertRequestInfo(ee.ria.xroad.signer.protocol.dto.CertRequestInfo) Test(org.junit.Test)

Example 3 with CertificateInfo

use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.

the class PossibleActionsRuleEngineTest method createTestToken.

/**
 * Create a specific token-key combination
 */
private TokenInfo createTestToken(boolean tokenSaved, boolean tokenReadOnly, boolean tokenActive, boolean keyNotSupported) {
    CertificateInfo cert = new CertificateTestUtils.CertificateInfoBuilder().savedToConfiguration(tokenSaved).build();
    String tokenId;
    KeyUsageInfo usage;
    if (keyNotSupported) {
        tokenId = PossibleActionsRuleEngine.SOFTWARE_TOKEN_ID + 1;
        usage = KeyUsageInfo.AUTHENTICATION;
    } else {
        tokenId = PossibleActionsRuleEngine.SOFTWARE_TOKEN_ID;
        usage = KeyUsageInfo.AUTHENTICATION;
    }
    KeyInfo key = new TokenTestUtils.KeyInfoBuilder().keyUsageInfo(usage).cert(cert).build();
    TokenInfo tokenInfo = new TokenTestUtils.TokenInfoBuilder().readOnly(tokenReadOnly).active(tokenActive).key(key).id(tokenId).build();
    return tokenInfo;
}
Also used : KeyInfo(ee.ria.xroad.signer.protocol.dto.KeyInfo) CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo) TokenTestUtils(org.niis.xroad.securityserver.restapi.util.TokenTestUtils) TokenInfo(ee.ria.xroad.signer.protocol.dto.TokenInfo) KeyUsageInfo(ee.ria.xroad.signer.protocol.dto.KeyUsageInfo)

Example 4 with CertificateInfo

use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.

the class ClientUtilsTest method hasValidLocalSignCertTest.

@Test
public void hasValidLocalSignCertTest() throws Exception {
    // Valid sign cert found
    ClientId clientId = ClientId.create("FI", "GOV", "M1");
    assertTrue(ClientUtils.hasValidLocalSignCert(clientId, createCertificateInfoList()));
    // No valid sign cert found
    CertificateTestUtils.CertificateInfoBuilder certBuilder = new CertificateTestUtils.CertificateInfoBuilder();
    certBuilder.ocspStatus(new UnknownStatus());
    CertificateInfo cert = certBuilder.build();
    assertFalse(ClientUtils.hasValidLocalSignCert(clientId, Collections.singletonList(cert)));
    // Null ocsp response status – should return false
    CertificateInfo nullCert = certBuilder.clientId(clientId).build();
    ReflectionTestUtils.setField(nullCert, "ocspBytes", null);
    assertFalse(ClientUtils.hasValidLocalSignCert(clientId, Collections.singletonList(nullCert)));
    // No valid sign cert for the client
    clientId = ClientId.create("FI", "GOV", "M2");
    assertFalse(ClientUtils.hasValidLocalSignCert(clientId, createCertificateInfoList()));
}
Also used : ClientId(ee.ria.xroad.common.identifier.ClientId) CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo) UnknownStatus(org.bouncycastle.cert.ocsp.UnknownStatus) Test(org.junit.Test)

Example 5 with CertificateInfo

use of ee.ria.xroad.signer.protocol.dto.CertificateInfo in project X-Road by nordic-institute.

the class ClientUtilsTest method createCertificateInfoList.

private List<CertificateInfo> createCertificateInfoList() {
    List<CertificateInfo> certificateInfos = new ArrayList<>();
    CertificateTestUtils.CertificateInfoBuilder certificateInfoBuilder = new CertificateTestUtils.CertificateInfoBuilder();
    // Create cert with good ocsp response status
    ClientId clientId1 = ClientId.create("FI", "GOV", "M1");
    certificateInfoBuilder.clientId(clientId1);
    CertificateInfo cert1 = certificateInfoBuilder.build();
    // Create cert with revoked ocsp response status
    certificateInfoBuilder.ocspStatus(new RevokedStatus(new Date(), CRLReason.certificateHold));
    CertificateInfo cert2 = certificateInfoBuilder.build();
    // Create cert with unknown ocsp response status
    certificateInfoBuilder.ocspStatus(new UnknownStatus());
    CertificateInfo cert3 = certificateInfoBuilder.build();
    certificateInfos.addAll(Arrays.asList(cert2, cert3, cert1));
    return certificateInfos;
}
Also used : RevokedStatus(org.bouncycastle.cert.ocsp.RevokedStatus) ArrayList(java.util.ArrayList) CertificateInfo(ee.ria.xroad.signer.protocol.dto.CertificateInfo) ClientId(ee.ria.xroad.common.identifier.ClientId) Date(java.util.Date) UnknownStatus(org.bouncycastle.cert.ocsp.UnknownStatus)

Aggregations

CertificateInfo (ee.ria.xroad.signer.protocol.dto.CertificateInfo)39 KeyInfo (ee.ria.xroad.signer.protocol.dto.KeyInfo)16 Test (org.junit.Test)12 TokenInfo (ee.ria.xroad.signer.protocol.dto.TokenInfo)11 TokenCertificate (org.niis.xroad.securityserver.restapi.openapi.model.TokenCertificate)9 X509Certificate (java.security.cert.X509Certificate)8 CertificateTestUtils (org.niis.xroad.securityserver.restapi.util.CertificateTestUtils)8 ClientId (ee.ria.xroad.common.identifier.ClientId)7 CodedException (ee.ria.xroad.common.CodedException)6 SignerNotReachableException (org.niis.xroad.restapi.service.SignerNotReachableException)5 CertRequestInfo (ee.ria.xroad.signer.protocol.dto.CertRequestInfo)4 KeyUsageInfo (ee.ria.xroad.signer.protocol.dto.KeyUsageInfo)4 ArrayList (java.util.ArrayList)4 Date (java.util.Date)4 HashSet (java.util.HashSet)4 RevokedStatus (org.bouncycastle.cert.ocsp.RevokedStatus)4 DeviationAwareRuntimeException (org.niis.xroad.restapi.exceptions.DeviationAwareRuntimeException)4 ServiceException (org.niis.xroad.restapi.service.ServiceException)4 InternalServerErrorException (org.niis.xroad.securityserver.restapi.openapi.InternalServerErrorException)4 TokenTestUtils (org.niis.xroad.securityserver.restapi.util.TokenTestUtils)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial