Examples with CertificateSigningRequest org.mockserver.socket.tls.jdk.CertificateSigningRequest used on opensource projects

Search in sources :

Example 1 with CertificateSigningRequest

use of org.mockserver.socket.tls.jdk.CertificateSigningRequest in project mockserver by mock-server.

the class X509GeneratorTest method shouldCreateClientCertificateWithDomainsComponentsWithNumbersInSANs.

@Test
public void shouldCreateClientCertificateWithDomainsComponentsWithNumbersInSANs() throws Exception {
    // given
    X509Generator x509Generator = new X509Generator(new MockServerLogger());
    String[] domainNames = { "57bob.com", "bob57.com", "localhost.23foo.com", "127.0.0.1" };
    // and - a certificate siging request with SANs
    CertificateSigningRequest csr = new CertificateSigningRequest().setCommonName(ROOT_COMMON_NAME).setKeyPairSize(KEY_SIZE);
    csr.addSubjectAlternativeNames(domainNames);
    // and - and a root keypair
    X509AndPrivateKey pemRootKeyPair = x509Generator.generateRootX509AndPrivateKey(csr);
    // when - a certificate has been successfully generated
    X509AndPrivateKey keyPair = x509Generator.generateLeafX509AndPrivateKey(csr, buildDistinguishedName(ROOT_COMMON_NAME), pemRootKeyPair.getPrivateKey(), x509FromPEM(pemRootKeyPair.getCert()));
    X509Certificate x509Certificate = x509FromPEM(keyPair.getCert());
    // then - the correct number of SANs should be present
    Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
    assertEquals(4, subjectAlternativeNames.size());
    // and - the correct values are contained in the correct order
    List<?> collect = subjectAlternativeNames.stream().map(subjectAlternativeName -> subjectAlternativeName.get(1)).collect(Collectors.toList());
    assertThat(collect, containsInAnyOrder(domainNames));
}
Also used : X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) LocalDateTime(java.time.LocalDateTime) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertificateExpiredException(java.security.cert.CertificateExpiredException) RSAPublicKey(java.security.interfaces.RSAPublicKey) Assert.assertArrayEquals(org.junit.Assert.assertArrayEquals) EMPTY(org.apache.commons.lang3.StringUtils.EMPTY) BigInteger(java.math.BigInteger) TestCase(junit.framework.TestCase) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) IS_CA(sun.security.x509.BasicConstraintsExtension.IS_CA) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) CertificateSigningRequest(org.mockserver.socket.tls.jdk.CertificateSigningRequest) Collection(java.util.Collection) Test(org.junit.Test) X509CertImpl(sun.security.x509.X509CertImpl) Instant(java.time.Instant) Collectors(java.util.stream.Collectors) ZoneId(java.time.ZoneId) Base64(java.util.Base64) List(java.util.List) ChronoUnit(java.time.temporal.ChronoUnit) Matchers.contains(org.hamcrest.Matchers.contains) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) PEMToFile(org.mockserver.socket.tls.PEMToFile) MockServerLogger(org.mockserver.logging.MockServerLogger) MockServerLogger(org.mockserver.logging.MockServerLogger) CertificateSigningRequest(org.mockserver.socket.tls.jdk.CertificateSigningRequest) List(java.util.List) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Example 2 with CertificateSigningRequest

use of org.mockserver.socket.tls.jdk.CertificateSigningRequest in project mockserver by mock-server.

the class X509GeneratorTest method shouldCreateClientCertificateWithEmptySANs.

@Test
public void shouldCreateClientCertificateWithEmptySANs() throws Exception {
    // given
    X509Generator x509Generator = new X509Generator(new MockServerLogger());
    // and - a certificate signing request with SANs
    CertificateSigningRequest csr = new CertificateSigningRequest().setCommonName(ROOT_COMMON_NAME).setKeyPairSize(KEY_SIZE);
    csr.addSubjectAlternativeNames();
    // and - and a root keypair
    X509AndPrivateKey pemRootKeyPair = x509Generator.generateRootX509AndPrivateKey(csr);
    // when - a certificate has been successfully generated
    X509AndPrivateKey keyPair = x509Generator.generateLeafX509AndPrivateKey(csr, buildDistinguishedName(ROOT_COMMON_NAME), pemRootKeyPair.getPrivateKey(), x509FromPEM(pemRootKeyPair.getCert()));
    X509Certificate x509Certificate = x509FromPEM(keyPair.getCert());
    // then - the no SANs should be present
    Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
    assertNull(subjectAlternativeNames);
}
Also used : MockServerLogger(org.mockserver.logging.MockServerLogger) CertificateSigningRequest(org.mockserver.socket.tls.jdk.CertificateSigningRequest) List(java.util.List) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Example 3 with CertificateSigningRequest

use of org.mockserver.socket.tls.jdk.CertificateSigningRequest in project mockserver by mock-server.

the class X509GeneratorTest method shouldCreateClientCertificateWithWildcardSANs.

@Test
public void shouldCreateClientCertificateWithWildcardSANs() throws Exception {
    // given
    X509Generator x509Generator = new X509Generator(new MockServerLogger());
    String[] domainNames = { "*.57bob.com", "*.23foo.com", "127.0.0.1" };
    // and - a certificate siging request with SANs
    CertificateSigningRequest csr = new CertificateSigningRequest().setCommonName(ROOT_COMMON_NAME).setKeyPairSize(KEY_SIZE);
    csr.addSubjectAlternativeNames(domainNames);
    // and - and a root keypair
    X509AndPrivateKey pemRootKeyPair = x509Generator.generateRootX509AndPrivateKey(csr);
    // when - a certificate has been successfully generated
    X509AndPrivateKey keyPair = x509Generator.generateLeafX509AndPrivateKey(csr, buildDistinguishedName(ROOT_COMMON_NAME), pemRootKeyPair.getPrivateKey(), x509FromPEM(pemRootKeyPair.getCert()));
    X509Certificate x509Certificate = x509FromPEM(keyPair.getCert());
    // then - the correct number of SANs should be present
    Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
    assertEquals(3, subjectAlternativeNames.size());
    // and - the correct values are contained in the correct order
    List<?> collect = subjectAlternativeNames.stream().map(subjectAlternativeName -> subjectAlternativeName.get(1)).collect(Collectors.toList());
    assertThat(collect, contains(domainNames));
}
Also used : X509Certificate(java.security.cert.X509Certificate) Date(java.util.Date) LocalDateTime(java.time.LocalDateTime) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertificateExpiredException(java.security.cert.CertificateExpiredException) RSAPublicKey(java.security.interfaces.RSAPublicKey) Assert.assertArrayEquals(org.junit.Assert.assertArrayEquals) EMPTY(org.apache.commons.lang3.StringUtils.EMPTY) BigInteger(java.math.BigInteger) TestCase(junit.framework.TestCase) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) IS_CA(sun.security.x509.BasicConstraintsExtension.IS_CA) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) CertificateSigningRequest(org.mockserver.socket.tls.jdk.CertificateSigningRequest) Collection(java.util.Collection) Test(org.junit.Test) X509CertImpl(sun.security.x509.X509CertImpl) Instant(java.time.Instant) Collectors(java.util.stream.Collectors) ZoneId(java.time.ZoneId) Base64(java.util.Base64) List(java.util.List) ChronoUnit(java.time.temporal.ChronoUnit) Matchers.contains(org.hamcrest.Matchers.contains) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) PEMToFile(org.mockserver.socket.tls.PEMToFile) MockServerLogger(org.mockserver.logging.MockServerLogger) MockServerLogger(org.mockserver.logging.MockServerLogger) CertificateSigningRequest(org.mockserver.socket.tls.jdk.CertificateSigningRequest) List(java.util.List) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Example 4 with CertificateSigningRequest

use of org.mockserver.socket.tls.jdk.CertificateSigningRequest in project mockserver by mock-server.

the class JDKKeyAndCertificateFactory method buildAndSaveCertificateAuthorityPrivateKeyAndX509Certificate.

@Override
public void buildAndSaveCertificateAuthorityPrivateKeyAndX509Certificate() {
    if (dynamicallyUpdateCertificateAuthority() && certificateAuthorityCertificateNotYetCreated()) {
        try {
            X509AndPrivateKey certificateAuthorityX509AndPrivateKey = x509Generator.generateRootX509AndPrivateKey(new CertificateSigningRequest().setKeyPairAlgorithm(KEY_GENERATION_ALGORITHM).setSigningAlgorithm(SIGNING_ALGORITHM).setCommonName(ROOT_COMMON_NAME).setKeyPairSize(ROOT_KEY_SIZE));
            saveAsPEMFile(certificateAuthorityX509AndPrivateKey.getCert(), certificateAuthorityX509CertificatePath(), "Certificate Authority X509 Certificate");
            saveAsPEMFile(certificateAuthorityX509AndPrivateKey.getPrivateKey(), certificateAuthorityPrivateKeyPath(), "Certificate Authority Private Key");
        } catch (Exception e) {
            mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.ERROR).setMessageFormat("exception while generating certificate authority private key and X509 certificate").setThrowable(e));
        }
    }
}
Also used : CertificateSigningRequest(org.mockserver.socket.tls.jdk.CertificateSigningRequest) IOException(java.io.IOException) LogEntry(org.mockserver.log.model.LogEntry)

Example 5 with CertificateSigningRequest

use of org.mockserver.socket.tls.jdk.CertificateSigningRequest in project mockserver by mock-server.

the class JDKKeyAndCertificateFactory method buildAndSavePrivateKeyAndX509Certificate.

@Override
public void buildAndSavePrivateKeyAndX509Certificate() {
    if (customPrivateKeyAndCertificateProvided()) {
        try {
            if (dynamicallyUpdateCertificateAuthority()) {
                buildAndSaveCertificateAuthorityPrivateKeyAndX509Certificate();
            }
            String caPrivateKey = certificateAuthorityPrivateKey();
            X509Certificate certificateAuthorityX509Certificate = certificateAuthorityX509Certificate();
            x509AndPrivateKey = x509Generator.generateLeafX509AndPrivateKey(new CertificateSigningRequest().setKeyPairAlgorithm(KEY_GENERATION_ALGORITHM).setSigningAlgorithm(SIGNING_ALGORITHM).setCommonName(ROOT_COMMON_NAME).setCommonName(configuration.sslCertificateDomainName()).addSubjectAlternativeNames(configuration.sslSubjectAlternativeNameDomains()).addSubjectAlternativeNames(configuration.sslSubjectAlternativeNameIps()).setKeyPairSize(MOCK_KEY_SIZE), certificateAuthorityX509Certificate.getIssuerDN().getName(), caPrivateKey, certificateAuthorityX509Certificate);
            if (MockServerLogger.isEnabled(TRACE)) {
                mockServerLogger.logEvent(new LogEntry().setLogLevel(TRACE).setMessageFormat("created new X509{}with SAN Domain Names{}and IPs{}").setArguments(x509Certificate(), configuration.sslSubjectAlternativeNameDomains(), configuration.sslSubjectAlternativeNameIps()));
            }
            if (configuration.preventCertificateDynamicUpdate()) {
                saveAsPEMFile(x509AndPrivateKey.getCert(), x509CertificatePath(), "X509 Certificate");
                saveAsPEMFile(x509AndPrivateKey.getPrivateKey(), privateKeyPath(), "Private Key");
            }
        } catch (Exception e) {
            mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.ERROR).setMessageFormat("exception while generating private key and X509 certificate").setThrowable(e));
        }
    }
}
Also used : CertificateSigningRequest(org.mockserver.socket.tls.jdk.CertificateSigningRequest) X509Certificate(java.security.cert.X509Certificate) LogEntry(org.mockserver.log.model.LogEntry) IOException(java.io.IOException)

Aggregations

CertificateSigningRequest (org.mockserver.socket.tls.jdk.CertificateSigningRequest)9 X509Certificate (java.security.cert.X509Certificate)8 Test (org.junit.Test)7 MockServerLogger (org.mockserver.logging.MockServerLogger)7 List (java.util.List)5 X509CertImpl (sun.security.x509.X509CertImpl)4 BigInteger (java.math.BigInteger)3 CertificateExpiredException (java.security.cert.CertificateExpiredException)3 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)3 RSAPublicKey (java.security.interfaces.RSAPublicKey)3 Instant (java.time.Instant)3 LocalDateTime (java.time.LocalDateTime)3 ZoneId (java.time.ZoneId)3 ChronoUnit (java.time.temporal.ChronoUnit)3 Base64 (java.util.Base64)3 Collection (java.util.Collection)3 Date (java.util.Date)3 Collectors (java.util.stream.Collectors)3 TestCase (junit.framework.TestCase)3 EMPTY (org.apache.commons.lang3.StringUtils.EMPTY)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial