Examples with X509CRLEntry java.security.cert.X509CRLEntry used on opensource projects

Search in sources :

Example 31 with X509CRLEntry

use of java.security.cert.X509CRLEntry in project candlepin by candlepin.

the class X509CRLStreamWriterTest method testAddEntryToEmptyCRL.

@Test
public void testAddEntryToEmptyCRL() throws Exception {
    Date oneHourAgo = new Date(new Date().getTime() - 60L * 60L * 1000L);
    Date oneHourHence = new Date(new Date().getTime() + 60L * 60L * 1000L);
    X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuer, oneHourAgo);
    AuthorityKeyIdentifier identifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(keyPair.getPublic());
    crlBuilder.addExtension(Extension.authorityKeyIdentifier, false, identifier);
    /* With a CRL number of 127, incrementing it should cause the number of bytes in the length
         * portion of the TLV to increase by one.*/
    crlBuilder.addExtension(Extension.cRLNumber, false, new CRLNumber(new BigInteger("127")));
    crlBuilder.setNextUpdate(oneHourHence);
    X509CRLHolder holder = crlBuilder.build(signer);
    File crlToChange = writeCRL(holder);
    File outfile = new File(folder.getRoot(), "new.crl");
    X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic());
    // Add enough items to cause the number of length bytes to change
    Set<BigInteger> newSerials = new HashSet<>(Arrays.asList(new BigInteger("2358215310"), new BigInteger("7231352433"), new BigInteger("8233181205"), new BigInteger("1455615868"), new BigInteger("4323487764"), new BigInteger("6673256679")));
    for (BigInteger i : newSerials) {
        stream.add(i, new Date(), CRLReason.privilegeWithdrawn);
    }
    stream.preScan(crlToChange).lock();
    OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile));
    stream.write(o);
    o.close();
    X509CRL changedCrl = readCRL();
    Set<BigInteger> discoveredSerials = new HashSet<>();
    for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) {
        discoveredSerials.add(entry.getSerialNumber());
    }
    X509CRL originalCrl = new JcaX509CRLConverter().setProvider(BC_PROVIDER).getCRL(holder);
    assertNotNull(changedCrl.getNextUpdate());
    long changedCrlUpdateDelta = changedCrl.getNextUpdate().getTime() - changedCrl.getThisUpdate().getTime();
    assertEquals(changedCrlUpdateDelta, oneHourHence.getTime() - oneHourAgo.getTime());
    assertThat(changedCrl.getThisUpdate(), OrderingComparison.greaterThan(originalCrl.getThisUpdate()));
    assertEquals(newSerials, discoveredSerials);
    assertEquals(originalCrl.getIssuerX500Principal(), changedCrl.getIssuerX500Principal());
    ASN1ObjectIdentifier crlNumberOID = Extension.cRLNumber;
    byte[] oldCrlNumberBytes = originalCrl.getExtensionValue(crlNumberOID.getId());
    byte[] newCrlNumberBytes = changedCrl.getExtensionValue(crlNumberOID.getId());
    DEROctetString oldOctet = (DEROctetString) DERTaggedObject.fromByteArray(oldCrlNumberBytes);
    DEROctetString newOctet = (DEROctetString) DERTaggedObject.fromByteArray(newCrlNumberBytes);
    ASN1Integer oldNumber = (ASN1Integer) DERTaggedObject.fromByteArray(oldOctet.getOctets());
    ASN1Integer newNumber = (ASN1Integer) DERTaggedObject.fromByteArray(newOctet.getOctets());
    assertEquals(oldNumber.getValue().add(BigInteger.ONE), newNumber.getValue());
    ASN1ObjectIdentifier authorityKeyOID = Extension.authorityKeyIdentifier;
    byte[] oldAuthorityKeyId = originalCrl.getExtensionValue(authorityKeyOID.getId());
    byte[] newAuthorityKeyId = changedCrl.getExtensionValue(authorityKeyOID.getId());
    assertArrayEquals(oldAuthorityKeyId, newAuthorityKeyId);
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) X509CRL(java.security.cert.X509CRL) CRLNumber(org.bouncycastle.asn1.x509.CRLNumber) BufferedOutputStream(java.io.BufferedOutputStream) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) Date(java.util.Date) DEROctetString(org.bouncycastle.asn1.DEROctetString) X509CRLEntry(java.security.cert.X509CRLEntry) JcaX509CRLConverter(org.bouncycastle.cert.jcajce.JcaX509CRLConverter) FileOutputStream(java.io.FileOutputStream) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) File(java.io.File) BufferedOutputStream(java.io.BufferedOutputStream) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 32 with X509CRLEntry

use of java.security.cert.X509CRLEntry in project candlepin by candlepin.

the class X509CRLStreamWriterTest method testAddEntryToActualCRL.

@Test
public void testAddEntryToActualCRL() throws Exception {
    ClassLoader classLoader = this.getClass().getClassLoader();
    InputStream crl = classLoader.getResourceAsStream("real-crl.der");
    InputStream keyStream = classLoader.getResourceAsStream("real.key");
    InputStreamReader keyReader = new InputStreamReader(keyStream);
    PEMParser reader = null;
    try {
        reader = new PEMParser(keyReader);
        Object pemObj = reader.readObject();
        if (pemObj == null) {
            crl.close();
            throw new RuntimeException("Reading CA private key failed");
        }
        if (pemObj instanceof PEMKeyPair) {
            keyPair = new JcaPEMKeyConverter().getKeyPair((PEMKeyPair) pemObj);
        } else {
            crl.close();
            throw new RuntimeException("Unexpected CA key object: " + pemObj.getClass().getName());
        }
    } finally {
        if (reader != null) {
            reader.close();
        }
    }
    File outfile = new File(folder.getRoot(), "new.crl");
    X509CRLStreamWriter stream = new X509CRLStreamWriter(crl, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic());
    // Add enough items to cause the number of length bytes to change
    Set<BigInteger> newSerials = new HashSet<>(Arrays.asList(new BigInteger("2358215310"), new BigInteger("7231352433"), new BigInteger("8233181205"), new BigInteger("1455615868"), new BigInteger("4323487764"), new BigInteger("6673256679")));
    for (BigInteger i : newSerials) {
        stream.add(i, new Date(), CRLReason.privilegeWithdrawn);
    }
    // Since we have to walk the stream twice, we need two streams!
    stream.preScan(classLoader.getResourceAsStream("real-crl.der")).lock();
    OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile));
    stream.write(o);
    o.close();
    X509CRL changedCrl = readCRL();
    Set<BigInteger> discoveredSerials = new HashSet<>();
    for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) {
        discoveredSerials.add(entry.getSerialNumber());
    }
    assertTrue(discoveredSerials.containsAll(newSerials));
}
Also used : X509CRL(java.security.cert.X509CRL) InputStreamReader(java.io.InputStreamReader) BufferedInputStream(java.io.BufferedInputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) BufferedOutputStream(java.io.BufferedOutputStream) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) Date(java.util.Date) X509CRLEntry(java.security.cert.X509CRLEntry) PEMParser(org.bouncycastle.openssl.PEMParser) FileOutputStream(java.io.FileOutputStream) BigInteger(java.math.BigInteger) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) File(java.io.File) BufferedOutputStream(java.io.BufferedOutputStream) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 33 with X509CRLEntry

use of java.security.cert.X509CRLEntry in project candlepin by candlepin.

the class X509CRLStreamWriterTest method testAddEntryToCRLWithNoExtensions.

@Test
public void testAddEntryToCRLWithNoExtensions() throws Exception {
    X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuer, new Date());
    crlBuilder.addCRLEntry(new BigInteger("100"), new Date(), CRLReason.unspecified);
    X509CRLHolder holder = crlBuilder.build(signer);
    File crlToChange = writeCRL(holder);
    File outfile = new File(folder.getRoot(), "new.crl");
    X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic());
    Set<BigInteger> expected = new HashSet<>();
    expected.add(new BigInteger("100"));
    // Add enough items to cause the number of length bytes to change
    Set<BigInteger> newSerials = new HashSet<>(Arrays.asList(new BigInteger("2358215310"), new BigInteger("7231352433"), new BigInteger("8233181205"), new BigInteger("1455615868"), new BigInteger("4323487764"), new BigInteger("6673256679")));
    for (BigInteger i : newSerials) {
        stream.add(i, new Date(), CRLReason.privilegeWithdrawn);
        expected.add(i);
    }
    stream.preScan(crlToChange).lock();
    OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile));
    stream.write(o);
    o.close();
    X509CRL changedCrl = readCRL();
    Set<BigInteger> discoveredSerials = new HashSet<>();
    for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) {
        discoveredSerials.add(entry.getSerialNumber());
    }
    assertEquals(expected, discoveredSerials);
}
Also used : X509CRL(java.security.cert.X509CRL) BufferedOutputStream(java.io.BufferedOutputStream) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) Date(java.util.Date) X509CRLEntry(java.security.cert.X509CRLEntry) FileOutputStream(java.io.FileOutputStream) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) File(java.io.File) BufferedOutputStream(java.io.BufferedOutputStream) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 34 with X509CRLEntry

use of java.security.cert.X509CRLEntry in project candlepin by candlepin.

the class X509CRLStreamWriterTest method testKeySizeChange.

@Test
public void testKeySizeChange() throws Exception {
    int[] sizes = { 1024, 4096 };
    for (int size : sizes) {
        X509CRLHolder holder = createCRL();
        File crlToChange = writeCRL(holder);
        generator.initialize(size);
        KeyPair differentKeyPair = generator.generateKeyPair();
        X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) differentKeyPair.getPrivate(), (RSAPublicKey) differentKeyPair.getPublic());
        stream.preScan(crlToChange).lock();
        OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile));
        stream.write(o);
        o.close();
        X509CRL originalCrl = new JcaX509CRLConverter().setProvider(BC_PROVIDER).getCRL(holder);
        X509CRL changedCrl = readCRL(differentKeyPair.getPublic());
        Set<BigInteger> discoveredSerials = new HashSet<>();
        for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) {
            discoveredSerials.add(entry.getSerialNumber());
        }
        Set<BigInteger> expected = new HashSet<>();
        expected.add(new BigInteger("100"));
        assertEquals(expected, discoveredSerials);
        // Since the key changed, the authorityKeyIdentifier must change
        byte[] oldAkiBytes = originalCrl.getExtensionValue(Extension.authorityKeyIdentifier.getId());
        byte[] newAkiBytes = changedCrl.getExtensionValue(Extension.authorityKeyIdentifier.getId());
        oldAkiBytes = ASN1OctetString.getInstance(oldAkiBytes).getOctets();
        newAkiBytes = ASN1OctetString.getInstance(newAkiBytes).getOctets();
        AuthorityKeyIdentifier oldAki = AuthorityKeyIdentifier.getInstance(oldAkiBytes);
        AuthorityKeyIdentifier newAki = AuthorityKeyIdentifier.getInstance(newAkiBytes);
        AuthorityKeyIdentifier identifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(keyPair.getPublic());
        assertEquals(oldAki, identifier);
        AuthorityKeyIdentifier differentIdentifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(differentKeyPair.getPublic());
        assertEquals(newAki, differentIdentifier);
    }
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) KeyPair(java.security.KeyPair) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) X509CRL(java.security.cert.X509CRL) BufferedOutputStream(java.io.BufferedOutputStream) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) X509CRLEntry(java.security.cert.X509CRLEntry) JcaX509CRLConverter(org.bouncycastle.cert.jcajce.JcaX509CRLConverter) FileOutputStream(java.io.FileOutputStream) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger) File(java.io.File) BufferedOutputStream(java.io.BufferedOutputStream) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 35 with X509CRLEntry

use of java.security.cert.X509CRLEntry in project candlepin by candlepin.

the class X509CRLStreamWriterTest method testAddEntryToCRL.

@Test
public void testAddEntryToCRL() throws Exception {
    File crlToChange = writeCRL(createCRL());
    File outfile = new File(folder.getRoot(), "new.crl");
    X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic());
    Set<BigInteger> expected = new HashSet<>();
    expected.add(new BigInteger("100"));
    // Add enough items to cause the number of length bytes to change
    Set<BigInteger> newSerials = new HashSet<>(Arrays.asList(new BigInteger("2358215310"), new BigInteger("7231352433"), new BigInteger("8233181205"), new BigInteger("1455615868"), new BigInteger("4323487764"), new BigInteger("6673256679")));
    for (BigInteger i : newSerials) {
        stream.add(i, new Date(), CRLReason.privilegeWithdrawn);
        expected.add(i);
    }
    stream.preScan(crlToChange).lock();
    OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile));
    stream.write(o);
    o.close();
    X509CRL changedCrl = readCRL();
    Set<BigInteger> discoveredSerials = new HashSet<>();
    for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) {
        discoveredSerials.add(entry.getSerialNumber());
    }
    assertEquals(expected, discoveredSerials);
}
Also used : X509CRLEntry(java.security.cert.X509CRLEntry) X509CRL(java.security.cert.X509CRL) BufferedOutputStream(java.io.BufferedOutputStream) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) FileOutputStream(java.io.FileOutputStream) BigInteger(java.math.BigInteger) File(java.io.File) BufferedOutputStream(java.io.BufferedOutputStream) Date(java.util.Date) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

X509CRLEntry (java.security.cert.X509CRLEntry)40 BigInteger (java.math.BigInteger)20 X509CRL (java.security.cert.X509CRL)18 IOException (java.io.IOException)13 Date (java.util.Date)13 CRLException (java.security.cert.CRLException)11 HashSet (java.util.HashSet)11 Test (org.junit.Test)11 File (java.io.File)10 BufferedOutputStream (java.io.BufferedOutputStream)9 FileOutputStream (java.io.FileOutputStream)9 OutputStream (java.io.OutputStream)9 CertificateException (java.security.cert.CertificateException)6 CertificateFactory (java.security.cert.CertificateFactory)6 X509Certificate (java.security.cert.X509Certificate)6 X509CRLHolder (org.bouncycastle.cert.X509CRLHolder)6 NoSuchProviderException (java.security.NoSuchProviderException)5 X509v2CRLBuilder (org.bouncycastle.cert.X509v2CRLBuilder)5 FileInputStream (java.io.FileInputStream)4 InputStream (java.io.InputStream)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial