Example 31 with PKCS10CertificationRequest
use of org.bouncycastle.pkcs.PKCS10CertificationRequest in project athenz by yahoo.
the class ZTSUtilsTest method testValidateCertReqInstanceId.
@Test
public void testValidateCertReqInstanceId() throws IOException {
Path path = Paths.get("src/test/resources/athenz.instanceid.csr");
String csr = new String(Files.readAllBytes(path));
PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(csr);
boolean result = ZTSUtils.validateCertReqInstanceId(certReq, "1001");
assertTrue(result);
result = ZTSUtils.validateCertReqInstanceId(certReq, "10012");
assertFalse(result);
}
Also used :
Path(java.nio.file.Path)
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
Test(org.testng.annotations.Test)
Example 32 with PKCS10CertificationRequest
use of org.bouncycastle.pkcs.PKCS10CertificationRequest in project athenz by yahoo.
the class ZTSUtilsTest method testVerifyCertificateRequestNoCertRecord.
@Test
public void testVerifyCertificateRequestNoCertRecord() throws IOException {
Path path = Paths.get("src/test/resources/athenz.instanceid.csr");
String csr = new String(Files.readAllBytes(path));
PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(csr);
boolean result = ZTSUtils.verifyCertificateRequest(certReq, "athenz", "production");
assertTrue(result);
result = ZTSUtils.verifyCertificateRequest(certReq, "athenz2", "production");
assertFalse(result);
}
Also used :
Path(java.nio.file.Path)
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
Test(org.testng.annotations.Test)
Example 33 with PKCS10CertificationRequest
use of org.bouncycastle.pkcs.PKCS10CertificationRequest in project athenz by yahoo.
the class ZTSUtilsTest method testValidateCertReqDNSNamesSubdomainInvalid.
@Test
public void testValidateCertReqDNSNamesSubdomainInvalid() throws IOException {
Path path = Paths.get("src/test/resources/subdomain_invalid.csr");
String csr = new String(Files.readAllBytes(path));
PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(csr);
boolean result = ZTSUtils.validateCertReqDNSNames(certReq, "athenz.domain", "production");
assertFalse(result);
}
Also used :
Path(java.nio.file.Path)
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
Test(org.testng.annotations.Test)
Example 34 with PKCS10CertificationRequest
use of org.bouncycastle.pkcs.PKCS10CertificationRequest in project athenz by yahoo.
the class ZTSClientTest method testGenerateInstanceRefreshRequestTopDomain.
@Test
public void testGenerateInstanceRefreshRequestTopDomain() {
File privkey = new File("./src/test/resources/unit_test_private_k0.pem");
PrivateKey privateKey = Crypto.loadPrivateKey(privkey);
InstanceRefreshRequest req = ZTSClient.generateInstanceRefreshRequest("coretech", "test", privateKey, "aws", 3600);
assertNotNull(req);
PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(req.getCsr());
assertEquals("coretech.test", Crypto.extractX509CSRCommonName(certReq));
assertEquals("test.coretech.aws.athenz.cloud", Crypto.extractX509CSRDnsNames(certReq).get(0));
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
PrivateKey(java.security.PrivateKey)
AccessTokenTestFileHelper.setupInvalidTokenFile(com.yahoo.athenz.zts.AccessTokenTestFileHelper.setupInvalidTokenFile)
AccessTokenTestFileHelper.setupTokenFile(com.yahoo.athenz.zts.AccessTokenTestFileHelper.setupTokenFile)
Test(org.testng.annotations.Test)
Example 35 with PKCS10CertificationRequest
use of org.bouncycastle.pkcs.PKCS10CertificationRequest in project athenz by yahoo.
the class ZTSClientTest method testGenerateRoleCertificateRequest.
@Test
public void testGenerateRoleCertificateRequest() {
File privkey = new File("./src/test/resources/unit_test_private_k0.pem");
PrivateKey privateKey = Crypto.loadPrivateKey(privkey);
RoleCertificateRequest req = ZTSClient.generateRoleCertificateRequest("coretech", "test", "sports", "readers", privateKey, "aws", 3600);
assertNotNull(req);
PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(req.getCsr());
assertEquals(Crypto.extractX509CSRCommonName(certReq), "sports:role.readers");
assertEquals(Crypto.extractX509CSREmail(certReq), "coretech.test@aws.athenz.cloud");
List<String> uris = Crypto.extractX509CSRURIs(certReq);
assertEquals(uris.size(), 2);
assertEquals(uris.get(0), "spiffe://sports/ra/readers");
assertEquals(uris.get(1), "athenz://principal/coretech.test");
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
PrivateKey(java.security.PrivateKey)
AccessTokenTestFileHelper.setupInvalidTokenFile(com.yahoo.athenz.zts.AccessTokenTestFileHelper.setupInvalidTokenFile)
AccessTokenTestFileHelper.setupTokenFile(com.yahoo.athenz.zts.AccessTokenTestFileHelper.setupTokenFile)
Test(org.testng.annotations.Test)
Aggregations
PKCS10CertificationRequest (org.bouncycastle.pkcs.PKCS10CertificationRequest)79
Test (org.testng.annotations.Test)39
Path (java.nio.file.Path)34
DERIA5String (org.bouncycastle.asn1.DERIA5String)19
X509Certificate (java.security.cert.X509Certificate)17
IOException (java.io.IOException)14
X500Name (org.bouncycastle.asn1.x500.X500Name)13
PrivateKey (java.security.PrivateKey)12
JcaContentSignerBuilder (org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)11
JcaPKCS10CertificationRequestBuilder (org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder)11
KeyPair (java.security.KeyPair)9
X500Principal (javax.security.auth.x500.X500Principal)9
KeyPairGenerator (java.security.KeyPairGenerator)8
ContentSigner (org.bouncycastle.operator.ContentSigner)8
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)8
File (java.io.File)7
BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)7
JcaPKCS10CertificationRequest (org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest)7
PemObject (org.bouncycastle.util.io.pem.PemObject)6
CryptoException (org.kse.crypto.CryptoException)6
