Examples with X509CRLHolder org.bouncycastle.cert.X509CRLHolder used on opensource projects

Search in sources :

Example 21 with X509CRLHolder

use of org.bouncycastle.cert.X509CRLHolder in project candlepin by candlepin.

the class X509CRLStreamWriterTest method testAddEntryToEmptyCRL.

@Test
public void testAddEntryToEmptyCRL() throws Exception {
    Date oneHourAgo = new Date(new Date().getTime() - 60L * 60L * 1000L);
    Date oneHourHence = new Date(new Date().getTime() + 60L * 60L * 1000L);
    X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuer, oneHourAgo);
    AuthorityKeyIdentifier identifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(keyPair.getPublic());
    crlBuilder.addExtension(Extension.authorityKeyIdentifier, false, identifier);
    /* With a CRL number of 127, incrementing it should cause the number of bytes in the length
         * portion of the TLV to increase by one.*/
    crlBuilder.addExtension(Extension.cRLNumber, false, new CRLNumber(new BigInteger("127")));
    crlBuilder.setNextUpdate(oneHourHence);
    X509CRLHolder holder = crlBuilder.build(signer);
    File crlToChange = writeCRL(holder);
    File outfile = new File(folder.getRoot(), "new.crl");
    X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic());
    // Add enough items to cause the number of length bytes to change
    Set<BigInteger> newSerials = new HashSet<>(Arrays.asList(new BigInteger("2358215310"), new BigInteger("7231352433"), new BigInteger("8233181205"), new BigInteger("1455615868"), new BigInteger("4323487764"), new BigInteger("6673256679")));
    for (BigInteger i : newSerials) {
        stream.add(i, new Date(), CRLReason.privilegeWithdrawn);
    }
    stream.preScan(crlToChange).lock();
    OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile));
    stream.write(o);
    o.close();
    X509CRL changedCrl = readCRL();
    Set<BigInteger> discoveredSerials = new HashSet<>();
    for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) {
        discoveredSerials.add(entry.getSerialNumber());
    }
    X509CRL originalCrl = new JcaX509CRLConverter().setProvider(BC_PROVIDER).getCRL(holder);
    assertNotNull(changedCrl.getNextUpdate());
    long changedCrlUpdateDelta = changedCrl.getNextUpdate().getTime() - changedCrl.getThisUpdate().getTime();
    assertEquals(changedCrlUpdateDelta, oneHourHence.getTime() - oneHourAgo.getTime());
    assertThat(changedCrl.getThisUpdate(), OrderingComparison.greaterThan(originalCrl.getThisUpdate()));
    assertEquals(newSerials, discoveredSerials);
    assertEquals(originalCrl.getIssuerX500Principal(), changedCrl.getIssuerX500Principal());
    ASN1ObjectIdentifier crlNumberOID = Extension.cRLNumber;
    byte[] oldCrlNumberBytes = originalCrl.getExtensionValue(crlNumberOID.getId());
    byte[] newCrlNumberBytes = changedCrl.getExtensionValue(crlNumberOID.getId());
    DEROctetString oldOctet = (DEROctetString) DERTaggedObject.fromByteArray(oldCrlNumberBytes);
    DEROctetString newOctet = (DEROctetString) DERTaggedObject.fromByteArray(newCrlNumberBytes);
    ASN1Integer oldNumber = (ASN1Integer) DERTaggedObject.fromByteArray(oldOctet.getOctets());
    ASN1Integer newNumber = (ASN1Integer) DERTaggedObject.fromByteArray(newOctet.getOctets());
    assertEquals(oldNumber.getValue().add(BigInteger.ONE), newNumber.getValue());
    ASN1ObjectIdentifier authorityKeyOID = Extension.authorityKeyIdentifier;
    byte[] oldAuthorityKeyId = originalCrl.getExtensionValue(authorityKeyOID.getId());
    byte[] newAuthorityKeyId = changedCrl.getExtensionValue(authorityKeyOID.getId());
    assertArrayEquals(oldAuthorityKeyId, newAuthorityKeyId);
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) X509CRL(java.security.cert.X509CRL) CRLNumber(org.bouncycastle.asn1.x509.CRLNumber) BufferedOutputStream(java.io.BufferedOutputStream) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) ASN1Integer(org.bouncycastle.asn1.ASN1Integer) Date(java.util.Date) DEROctetString(org.bouncycastle.asn1.DEROctetString) X509CRLEntry(java.security.cert.X509CRLEntry) JcaX509CRLConverter(org.bouncycastle.cert.jcajce.JcaX509CRLConverter) FileOutputStream(java.io.FileOutputStream) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) File(java.io.File) BufferedOutputStream(java.io.BufferedOutputStream) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 22 with X509CRLHolder

use of org.bouncycastle.cert.X509CRLHolder in project candlepin by candlepin.

the class X509CRLStreamWriterTest method testModifyNextUpdateTime.

@Test
public void testModifyNextUpdateTime() throws Exception {
    Calendar c = Calendar.getInstance();
    c.add(Calendar.DATE, 1);
    Date nextUpdate = c.getTime();
    X509v2CRLBuilder crlBuilder = createCRLBuilder();
    crlBuilder.setNextUpdate(nextUpdate);
    X509CRLHolder holder = crlBuilder.build(signer);
    File crlToChange = writeCRL(holder);
    Thread.sleep(1000);
    X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic());
    stream.preScan(crlToChange).lock();
    OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile));
    stream.write(o);
    o.close();
    X509CRL changedCrl = readCRL();
    X509CRL originalCrl = new JcaX509CRLConverter().setProvider(BC_PROVIDER).getCRL(holder);
    assertTrue("Error: CRL nextUpdate field unmodified", originalCrl.getNextUpdate().before(changedCrl.getNextUpdate()));
}
Also used : X509CRL(java.security.cert.X509CRL) JcaX509CRLConverter(org.bouncycastle.cert.jcajce.JcaX509CRLConverter) Calendar(java.util.Calendar) BufferedOutputStream(java.io.BufferedOutputStream) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) FileOutputStream(java.io.FileOutputStream) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) File(java.io.File) BufferedOutputStream(java.io.BufferedOutputStream) Date(java.util.Date) Test(org.junit.Test)

Example 23 with X509CRLHolder

use of org.bouncycastle.cert.X509CRLHolder in project candlepin by candlepin.

the class X509CRLStreamWriterTest method testAddEntryToCRLWithNoExtensions.

@Test
public void testAddEntryToCRLWithNoExtensions() throws Exception {
    X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuer, new Date());
    crlBuilder.addCRLEntry(new BigInteger("100"), new Date(), CRLReason.unspecified);
    X509CRLHolder holder = crlBuilder.build(signer);
    File crlToChange = writeCRL(holder);
    File outfile = new File(folder.getRoot(), "new.crl");
    X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic());
    Set<BigInteger> expected = new HashSet<>();
    expected.add(new BigInteger("100"));
    // Add enough items to cause the number of length bytes to change
    Set<BigInteger> newSerials = new HashSet<>(Arrays.asList(new BigInteger("2358215310"), new BigInteger("7231352433"), new BigInteger("8233181205"), new BigInteger("1455615868"), new BigInteger("4323487764"), new BigInteger("6673256679")));
    for (BigInteger i : newSerials) {
        stream.add(i, new Date(), CRLReason.privilegeWithdrawn);
        expected.add(i);
    }
    stream.preScan(crlToChange).lock();
    OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile));
    stream.write(o);
    o.close();
    X509CRL changedCrl = readCRL();
    Set<BigInteger> discoveredSerials = new HashSet<>();
    for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) {
        discoveredSerials.add(entry.getSerialNumber());
    }
    assertEquals(expected, discoveredSerials);
}
Also used : X509CRL(java.security.cert.X509CRL) BufferedOutputStream(java.io.BufferedOutputStream) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) Date(java.util.Date) X509CRLEntry(java.security.cert.X509CRLEntry) FileOutputStream(java.io.FileOutputStream) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) File(java.io.File) BufferedOutputStream(java.io.BufferedOutputStream) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 24 with X509CRLHolder

use of org.bouncycastle.cert.X509CRLHolder in project candlepin by candlepin.

the class X509CRLStreamWriterTest method testKeySizeChange.

@Test
public void testKeySizeChange() throws Exception {
    int[] sizes = { 1024, 4096 };
    for (int size : sizes) {
        X509CRLHolder holder = createCRL();
        File crlToChange = writeCRL(holder);
        generator.initialize(size);
        KeyPair differentKeyPair = generator.generateKeyPair();
        X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) differentKeyPair.getPrivate(), (RSAPublicKey) differentKeyPair.getPublic());
        stream.preScan(crlToChange).lock();
        OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile));
        stream.write(o);
        o.close();
        X509CRL originalCrl = new JcaX509CRLConverter().setProvider(BC_PROVIDER).getCRL(holder);
        X509CRL changedCrl = readCRL(differentKeyPair.getPublic());
        Set<BigInteger> discoveredSerials = new HashSet<>();
        for (X509CRLEntry entry : changedCrl.getRevokedCertificates()) {
            discoveredSerials.add(entry.getSerialNumber());
        }
        Set<BigInteger> expected = new HashSet<>();
        expected.add(new BigInteger("100"));
        assertEquals(expected, discoveredSerials);
        // Since the key changed, the authorityKeyIdentifier must change
        byte[] oldAkiBytes = originalCrl.getExtensionValue(Extension.authorityKeyIdentifier.getId());
        byte[] newAkiBytes = changedCrl.getExtensionValue(Extension.authorityKeyIdentifier.getId());
        oldAkiBytes = ASN1OctetString.getInstance(oldAkiBytes).getOctets();
        newAkiBytes = ASN1OctetString.getInstance(newAkiBytes).getOctets();
        AuthorityKeyIdentifier oldAki = AuthorityKeyIdentifier.getInstance(oldAkiBytes);
        AuthorityKeyIdentifier newAki = AuthorityKeyIdentifier.getInstance(newAkiBytes);
        AuthorityKeyIdentifier identifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(keyPair.getPublic());
        assertEquals(oldAki, identifier);
        AuthorityKeyIdentifier differentIdentifier = new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(differentKeyPair.getPublic());
        assertEquals(newAki, differentIdentifier);
    }
}
Also used : JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils) KeyPair(java.security.KeyPair) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) X509CRL(java.security.cert.X509CRL) BufferedOutputStream(java.io.BufferedOutputStream) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier) X509CRLEntry(java.security.cert.X509CRLEntry) JcaX509CRLConverter(org.bouncycastle.cert.jcajce.JcaX509CRLConverter) FileOutputStream(java.io.FileOutputStream) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger) File(java.io.File) BufferedOutputStream(java.io.BufferedOutputStream) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 25 with X509CRLHolder

use of org.bouncycastle.cert.X509CRLHolder in project candlepin by candlepin.

the class X509CRLStreamWriterTest method testAddEntryToEmptyCRLWithNoExtensions.

@Test
public void testAddEntryToEmptyCRLWithNoExtensions() throws Exception {
    X509v2CRLBuilder crlBuilder = new X509v2CRLBuilder(issuer, new Date());
    X509CRLHolder holder = crlBuilder.build(signer);
    File crlToChange = writeCRL(holder);
    File outfile = new File(folder.getRoot(), "new.crl");
    X509CRLStreamWriter stream = new X509CRLStreamWriter(crlToChange, (RSAPrivateKey) keyPair.getPrivate(), (RSAPublicKey) keyPair.getPublic());
    // Add enough items to cause the number of length bytes to change
    Set<BigInteger> newSerials = new HashSet<>(Arrays.asList(new BigInteger("2358215310"), new BigInteger("7231352433"), new BigInteger("8233181205"), new BigInteger("1455615868"), new BigInteger("4323487764"), new BigInteger("6673256679")));
    for (BigInteger i : newSerials) {
        stream.add(i, new Date(), CRLReason.privilegeWithdrawn);
    }
    thrown.expect(IllegalStateException.class);
    thrown.expectMessage(matchesPattern("v1.*"));
    stream.preScan(crlToChange).lock();
    OutputStream o = new BufferedOutputStream(new FileOutputStream(outfile));
    stream.write(o);
    o.close();
}
Also used : BufferedOutputStream(java.io.BufferedOutputStream) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) FileOutputStream(java.io.FileOutputStream) X509CRLHolder(org.bouncycastle.cert.X509CRLHolder) BigInteger(java.math.BigInteger) X509v2CRLBuilder(org.bouncycastle.cert.X509v2CRLBuilder) File(java.io.File) BufferedOutputStream(java.io.BufferedOutputStream) Date(java.util.Date) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

X509CRLHolder (org.bouncycastle.cert.X509CRLHolder)32 X509v2CRLBuilder (org.bouncycastle.cert.X509v2CRLBuilder)22 Date (java.util.Date)20 File (java.io.File)15 BigInteger (java.math.BigInteger)15 FileOutputStream (java.io.FileOutputStream)14 Test (org.junit.Test)13 BufferedOutputStream (java.io.BufferedOutputStream)10 OutputStream (java.io.OutputStream)10 X509CRL (java.security.cert.X509CRL)9 HashSet (java.util.HashSet)9 JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)9 CRLNumber (org.bouncycastle.asn1.x509.CRLNumber)8 IOException (java.io.IOException)7 ContentSigner (org.bouncycastle.operator.ContentSigner)7 X509CRLEntry (java.security.cert.X509CRLEntry)6 JcaX509CRLConverter (org.bouncycastle.cert.jcajce.JcaX509CRLConverter)6 JcaX509ExtensionUtils (org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)6 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)5 X500Name (org.bouncycastle.asn1.x500.X500Name)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial