Example 1 with PrivateKeyEntry
use of org.apache.qpid.test.utils.tls.PrivateKeyEntry in project qpid-broker-j by apache.
the class AuthenticationTest method buildTlsResources.
private static void buildTlsResources() throws Exception {
final String crlUri = String.format(CRL_TEMPLATE, crlHttpPort, _crlFile.toFile().getName());
final String emptyCrlUri = String.format(CRL_TEMPLATE, crlHttpPort, _emptyCrlFile.toFile().getName());
final String intermediateCrlUri = String.format(CRL_TEMPLATE, crlHttpPort, _intermediateCrlFile.toFile().getName());
final String nonExistingCrlUri = String.format(CRL_TEMPLATE, crlHttpPort, "not/a/crl");
final KeyCertificatePair caPair = TlsResourceBuilder.createKeyPairAndRootCA(DN_CA);
final KeyPair brokerKeyPair = TlsResourceBuilder.createRSAKeyPair();
final X509Certificate brokerCertificate = TlsResourceBuilder.createCertificateForServerAuthorization(brokerKeyPair, caPair, DN_BROKER);
_brokerKeyStore = TLS_RESOURCE.createKeyStore(new PrivateKeyEntry("java-broker", brokerKeyPair.getPrivate(), brokerCertificate, caPair.getCertificate()), new CertificateEntry(CERT_ALIAS_ROOT_CA, caPair.getCertificate())).toFile().getAbsolutePath();
_brokerTrustStore = TLS_RESOURCE.createKeyStore(new CertificateEntry(CERT_ALIAS_ROOT_CA, caPair.getCertificate())).toFile().getAbsolutePath();
final KeyPair clientApp1KeyPair = TlsResourceBuilder.createRSAKeyPair();
final X509Certificate clientApp1Certificate = TlsResourceBuilder.createCertificateForClientAuthorization(clientApp1KeyPair, caPair, DN_CLIENT_APP1);
_brokerPeerStore = TLS_RESOURCE.createKeyStore(new CertificateEntry(DN_CLIENT_APP1, clientApp1Certificate)).toFile().getAbsolutePath();
final KeyPair clientApp2KeyPair = TlsResourceBuilder.createRSAKeyPair();
final X509Certificate clientApp2Certificate = TlsResourceBuilder.createCertificateForClientAuthorization(clientApp2KeyPair, caPair, DN_CLIENT_APP2);
final KeyPair clientAllowedKeyPair = TlsResourceBuilder.createRSAKeyPair();
final X509Certificate clientAllowedCertificate = TlsResourceBuilder.createCertificateWithCrlDistributionPoint(clientAllowedKeyPair, caPair, DN_CLIENT_ALLOWED, crlUri);
final KeyPair clientRevokedKeyPair = TlsResourceBuilder.createRSAKeyPair();
final X509Certificate clientRevokedCertificate = TlsResourceBuilder.createCertificateWithCrlDistributionPoint(clientRevokedKeyPair, caPair, DN_CLIENT_REVOKED, crlUri);
final KeyPair clientKeyPairRevokedByEmpty = TlsResourceBuilder.createRSAKeyPair();
final X509Certificate clientCertificateRevokedByEmpty = TlsResourceBuilder.createCertificateWithCrlDistributionPoint(clientKeyPairRevokedByEmpty, caPair, DN_CLIENT_REVOKED_BY_EMPTY, emptyCrlUri);
final KeyPair clientKeyPairInvalidClr = TlsResourceBuilder.createRSAKeyPair();
final X509Certificate clientCertificateInvalidClr = TlsResourceBuilder.createCertificateWithCrlDistributionPoint(clientKeyPairInvalidClr, caPair, DN_CLIENT_REVOKED_INVALID_CRL, nonExistingCrlUri);
final KeyCertificatePair intermediateCA = TlsResourceBuilder.createKeyPairAndIntermediateCA(DN_INTERMEDIATE, caPair, crlUri);
final KeyPair clientKeyPairIntermediate = TlsResourceBuilder.createRSAKeyPair();
final X509Certificate clientCertificateIntermediate = TlsResourceBuilder.createCertificateWithCrlDistributionPoint(clientKeyPairIntermediate, intermediateCA, DN_CLIENT_INT, intermediateCrlUri);
final KeyPair clientKeyPairExpired = TlsResourceBuilder.createRSAKeyPair();
final Instant from = Instant.now().minus(10, ChronoUnit.DAYS);
final Instant to = Instant.now().minus(5, ChronoUnit.DAYS);
final X509Certificate clientCertificateExpired = TlsResourceBuilder.createCertificate(clientKeyPairExpired, caPair, "CN=user1", from, to);
_clientExpiredKeyStore = TLS_RESOURCE.createKeyStore(new PrivateKeyEntry("user1", clientKeyPairExpired.getPrivate(), clientCertificateExpired, caPair.getCertificate())).toFile().getAbsolutePath();
_clientKeyStore = TLS_RESOURCE.createKeyStore(new PrivateKeyEntry(CERT_ALIAS_APP1, clientApp1KeyPair.getPrivate(), clientApp1Certificate, caPair.getCertificate()), new PrivateKeyEntry(CERT_ALIAS_APP2, clientApp2KeyPair.getPrivate(), clientApp2Certificate, caPair.getCertificate()), new PrivateKeyEntry(CERT_ALIAS_ALLOWED, clientAllowedKeyPair.getPrivate(), clientAllowedCertificate, caPair.getCertificate()), new PrivateKeyEntry(CERT_ALIAS_REVOKED, clientRevokedKeyPair.getPrivate(), clientRevokedCertificate, caPair.getCertificate()), new PrivateKeyEntry(CERT_ALIAS_REVOKED_EMPTY_CRL, clientKeyPairRevokedByEmpty.getPrivate(), clientCertificateRevokedByEmpty, caPair.getCertificate()), new PrivateKeyEntry(CERT_ALIAS_REVOKED_INVALID_CRL_PATH, clientKeyPairInvalidClr.getPrivate(), clientCertificateInvalidClr, caPair.getCertificate()), new PrivateKeyEntry(CERT_ALIAS_ALLOWED_WITH_INTERMEDIATE, clientKeyPairIntermediate.getPrivate(), clientCertificateIntermediate, intermediateCA.getCertificate(), caPair.getCertificate()), new CertificateEntry(CERT_ALIAS_ROOT_CA, caPair.getCertificate())).toFile().getAbsolutePath();
_clientTrustStore = TLS_RESOURCE.createKeyStore(new CertificateEntry(CERT_ALIAS_ROOT_CA, caPair.getCertificate())).toFile().getAbsolutePath();
final Path crl = TLS_RESOURCE.createCrlAsDer(caPair, clientRevokedCertificate, intermediateCA.getCertificate());
Files.copy(crl, _crlFile, StandardCopyOption.REPLACE_EXISTING);
final Path emptyCrl = TLS_RESOURCE.createCrlAsDer(caPair);
Files.copy(emptyCrl, _emptyCrlFile, StandardCopyOption.REPLACE_EXISTING);
final Path intermediateCrl = TLS_RESOURCE.createCrlAsDer(caPair);
Files.copy(intermediateCrl, _intermediateCrlFile, StandardCopyOption.REPLACE_EXISTING);
final KeyCertificatePair clientKeyPairUntrusted = TlsResourceBuilder.createSelfSigned(DN_CLIENT_UNTRUSTED);
_clientUntrustedKeyStore = TLS_RESOURCE.createKeyStore(new PrivateKeyEntry(CERT_ALIAS_APP1, clientKeyPairUntrusted.getPrivateKey(), clientKeyPairUntrusted.getCertificate())).toFile().getAbsolutePath();
}
Also used :
KeyCertificatePair(org.apache.qpid.test.utils.tls.KeyCertificatePair)
Path(java.nio.file.Path)
KeyPair(java.security.KeyPair)
Instant(java.time.Instant)
CertificateEntry(org.apache.qpid.test.utils.tls.CertificateEntry)
PrivateKeyEntry(org.apache.qpid.test.utils.tls.PrivateKeyEntry)
X509Certificate(java.security.cert.X509Certificate)
Example 2 with PrivateKeyEntry
use of org.apache.qpid.test.utils.tls.PrivateKeyEntry in project qpid-broker-j by apache.
the class SNITest method setUp.
@Before
public void setUp() throws Exception {
final Instant yesterday = Instant.now().minus(1, ChronoUnit.DAYS);
final Instant inOneHour = Instant.now().plus(1, ChronoUnit.HOURS);
_fooValid = TlsResourceBuilder.createSelfSigned("CN=foo", yesterday, yesterday.plus(365, ChronoUnit.DAYS));
_fooInvalid = TlsResourceBuilder.createSelfSigned("CN=foo", inOneHour, inOneHour.plus(365, ChronoUnit.DAYS));
_barInvalid = TlsResourceBuilder.createSelfSigned("CN=Qpid", inOneHour, inOneHour.plus(365, ChronoUnit.DAYS), new AlternativeName(AltNameType.DNS_NAME, "bar"));
_keyStoreFile = TLS_RESOURCE.createKeyStore(new PrivateKeyEntry("foovalid", _fooValid.getPrivateKey(), _fooValid.getCertificate()), new PrivateKeyEntry("fooinvalid", _fooInvalid.getPrivateKey(), _fooInvalid.getCertificate()), new PrivateKeyEntry("barinvalid", _barInvalid.getPrivateKey(), _barInvalid.getCertificate())).toFile();
}
Also used :
Instant(java.time.Instant)
PrivateKeyEntry(org.apache.qpid.test.utils.tls.PrivateKeyEntry)
AlternativeName(org.apache.qpid.test.utils.tls.AlternativeName)
Before(org.junit.Before)
Aggregations
Instant (java.time.Instant)2
PrivateKeyEntry (org.apache.qpid.test.utils.tls.PrivateKeyEntry)2
Path (java.nio.file.Path)1
KeyPair (java.security.KeyPair)1
X509Certificate (java.security.cert.X509Certificate)1
AlternativeName (org.apache.qpid.test.utils.tls.AlternativeName)1
CertificateEntry (org.apache.qpid.test.utils.tls.CertificateEntry)1
KeyCertificatePair (org.apache.qpid.test.utils.tls.KeyCertificatePair)1
Before (org.junit.Before)1
