Search in sources :

Example 1 with CertificateAndKeys

use of org.commonjava.indy.httprox.util.CertificateAndKeys in project indy by Commonjava.

the class CertUtilsTest method testSubjectCertificateSignedByIssuerCertificateWithoutExtensionIsValid.

@Test
public void testSubjectCertificateSignedByIssuerCertificateWithoutExtensionIsValid() throws Exception, CertificateException, OperatorCreationException, CertificateEncodingException, CertException {
    PrivateKey caKey = CertUtils.getPrivateKey("src/test/resources/ca.der");
    X509Certificate caCert = CertUtils.loadX509Certificate(new File("src/test/resources", "ca.crt"));
    String subjectCN = "CN=testcase.org, O=Test Org";
    CertificateAndKeys certificateAndKeys = CertUtils.createSignedCertificateAndKey(subjectCN, caCert, caKey, false);
    PublicKey publicKey = certificateAndKeys.getPublicKey();
    X509CertificateHolder certHolder = new X509CertificateHolder(certificateAndKeys.getCertificate().getEncoded());
    JcaContentVerifierProviderBuilder verifierBuilder = new JcaContentVerifierProviderBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME);
    logger.debug(">>>>>>> caCert >>>>>" + caCert + "<<<<<<<<<<");
    logger.debug(">>>>>>> generated and signed cert >>>>>" + certificateAndKeys.getCertificate() + "<<<<<<<<<<<<<");
    assertTrue(certHolder.isSignatureValid(verifierBuilder.build(caCert)));
    Extension ext = certHolder.getExtension(Extension.basicConstraints);
    assertNull(ext);
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) JcaContentVerifierProviderBuilder(org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder) PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) File(java.io.File) CertificateAndKeys(org.commonjava.indy.httprox.util.CertificateAndKeys) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Example 2 with CertificateAndKeys

use of org.commonjava.indy.httprox.util.CertificateAndKeys in project indy by Commonjava.

the class CertUtilsTest method testIntermediateSignedCertificateWithExtension.

@Test
public void testIntermediateSignedCertificateWithExtension() throws Exception, CertificateException, OperatorCreationException, CertificateEncodingException, CertException {
    PrivateKey caKey = CertUtils.getPrivateKey("src/test/resources/ca.der");
    X509Certificate caCert = CertUtils.loadX509Certificate(new File("src/test/resources", "ca.crt"));
    String subjectCN = "CN=testcase.org, O=Test Org";
    CertificateAndKeys certificateAndKeys = CertUtils.createSignedCertificateAndKey(subjectCN, caCert, caKey, true);
    PublicKey publicKey = certificateAndKeys.getPublicKey();
    X509CertificateHolder certHolder = new X509CertificateHolder(certificateAndKeys.getCertificate().getEncoded());
    Extension ext = certHolder.getExtension(Extension.basicConstraints);
    assertNotNull(ext);
    assertEquals(ext.getExtnId(), Extension.basicConstraints);
    assertEquals(ext.getParsedValue(), new BasicConstraints(-1));
}
Also used : Extension(org.bouncycastle.asn1.x509.Extension) PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) File(java.io.File) CertificateAndKeys(org.commonjava.indy.httprox.util.CertificateAndKeys) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Example 3 with CertificateAndKeys

use of org.commonjava.indy.httprox.util.CertificateAndKeys in project indy by Commonjava.

the class ProxyMITMSSLServer method getKeyStore.

private KeyStore getKeyStore(String host) throws Exception {
    PrivateKey caKey = getPrivateKey(config.getMITMCAKey());
    X509Certificate caCert = loadX509Certificate(new File(config.getMITMCACert()));
    // e.g., "CN=<host>, O=Test Org"
    String dn = config.getMITMDNTemplate().replace("<host>", host);
    CertificateAndKeys certificateAndKeys = createSignedCertificateAndKey(dn, caCert, caKey, false);
    Certificate signedCertificate = certificateAndKeys.getCertificate();
    logger.debug("Create signed cert:\n" + signedCertificate.toString());
    KeyStore ks = createKeyStore();
    String alias = host;
    ks.setKeyEntry(alias, certificateAndKeys.getPrivateKey(), keystorePassword, new Certificate[] { signedCertificate, caCert });
    return ks;
}
Also used : CertUtils.getPrivateKey(org.commonjava.indy.httprox.util.CertUtils.getPrivateKey) PrivateKey(java.security.PrivateKey) File(java.io.File) CertificateAndKeys(org.commonjava.indy.httprox.util.CertificateAndKeys) KeyStore(java.security.KeyStore) CertUtils.createKeyStore(org.commonjava.indy.httprox.util.CertUtils.createKeyStore) X509Certificate(java.security.cert.X509Certificate) CertUtils.loadX509Certificate(org.commonjava.indy.httprox.util.CertUtils.loadX509Certificate) X509Certificate(java.security.cert.X509Certificate) CertUtils.loadX509Certificate(org.commonjava.indy.httprox.util.CertUtils.loadX509Certificate) Certificate(java.security.cert.Certificate)

Aggregations

File (java.io.File)3 PrivateKey (java.security.PrivateKey)3 X509Certificate (java.security.cert.X509Certificate)3 CertificateAndKeys (org.commonjava.indy.httprox.util.CertificateAndKeys)3 PublicKey (java.security.PublicKey)2 Extension (org.bouncycastle.asn1.x509.Extension)2 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)2 Test (org.junit.Test)2 KeyStore (java.security.KeyStore)1 Certificate (java.security.cert.Certificate)1 BasicConstraints (org.bouncycastle.asn1.x509.BasicConstraints)1 JcaContentVerifierProviderBuilder (org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder)1 CertUtils.createKeyStore (org.commonjava.indy.httprox.util.CertUtils.createKeyStore)1 CertUtils.getPrivateKey (org.commonjava.indy.httprox.util.CertUtils.getPrivateKey)1 CertUtils.loadX509Certificate (org.commonjava.indy.httprox.util.CertUtils.loadX509Certificate)1