use of org.mockserver.socket.tls.jdk.CertificateSigningRequest in project mockserver by mock-server.
the class X509GeneratorTest method shouldCreateClientCertificateWithDomainsComponentsWithNumbersInSANs.
@Test
public void shouldCreateClientCertificateWithDomainsComponentsWithNumbersInSANs() throws Exception {
// given
X509Generator x509Generator = new X509Generator(new MockServerLogger());
String[] domainNames = { "57bob.com", "bob57.com", "localhost.23foo.com", "127.0.0.1" };
// and - a certificate siging request with SANs
CertificateSigningRequest csr = new CertificateSigningRequest().setCommonName(ROOT_COMMON_NAME).setKeyPairSize(KEY_SIZE);
csr.addSubjectAlternativeNames(domainNames);
// and - and a root keypair
X509AndPrivateKey pemRootKeyPair = x509Generator.generateRootX509AndPrivateKey(csr);
// when - a certificate has been successfully generated
X509AndPrivateKey keyPair = x509Generator.generateLeafX509AndPrivateKey(csr, buildDistinguishedName(ROOT_COMMON_NAME), pemRootKeyPair.getPrivateKey(), x509FromPEM(pemRootKeyPair.getCert()));
X509Certificate x509Certificate = x509FromPEM(keyPair.getCert());
// then - the correct number of SANs should be present
Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
assertEquals(4, subjectAlternativeNames.size());
// and - the correct values are contained in the correct order
List<?> collect = subjectAlternativeNames.stream().map(subjectAlternativeName -> subjectAlternativeName.get(1)).collect(Collectors.toList());
assertThat(collect, containsInAnyOrder(domainNames));
}
use of org.mockserver.socket.tls.jdk.CertificateSigningRequest in project mockserver by mock-server.
the class X509GeneratorTest method shouldCreateClientCertificateWithEmptySANs.
@Test
public void shouldCreateClientCertificateWithEmptySANs() throws Exception {
// given
X509Generator x509Generator = new X509Generator(new MockServerLogger());
// and - a certificate signing request with SANs
CertificateSigningRequest csr = new CertificateSigningRequest().setCommonName(ROOT_COMMON_NAME).setKeyPairSize(KEY_SIZE);
csr.addSubjectAlternativeNames();
// and - and a root keypair
X509AndPrivateKey pemRootKeyPair = x509Generator.generateRootX509AndPrivateKey(csr);
// when - a certificate has been successfully generated
X509AndPrivateKey keyPair = x509Generator.generateLeafX509AndPrivateKey(csr, buildDistinguishedName(ROOT_COMMON_NAME), pemRootKeyPair.getPrivateKey(), x509FromPEM(pemRootKeyPair.getCert()));
X509Certificate x509Certificate = x509FromPEM(keyPair.getCert());
// then - the no SANs should be present
Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
assertNull(subjectAlternativeNames);
}
use of org.mockserver.socket.tls.jdk.CertificateSigningRequest in project mockserver by mock-server.
the class X509GeneratorTest method shouldCreateClientCertificateWithWildcardSANs.
@Test
public void shouldCreateClientCertificateWithWildcardSANs() throws Exception {
// given
X509Generator x509Generator = new X509Generator(new MockServerLogger());
String[] domainNames = { "*.57bob.com", "*.23foo.com", "127.0.0.1" };
// and - a certificate siging request with SANs
CertificateSigningRequest csr = new CertificateSigningRequest().setCommonName(ROOT_COMMON_NAME).setKeyPairSize(KEY_SIZE);
csr.addSubjectAlternativeNames(domainNames);
// and - and a root keypair
X509AndPrivateKey pemRootKeyPair = x509Generator.generateRootX509AndPrivateKey(csr);
// when - a certificate has been successfully generated
X509AndPrivateKey keyPair = x509Generator.generateLeafX509AndPrivateKey(csr, buildDistinguishedName(ROOT_COMMON_NAME), pemRootKeyPair.getPrivateKey(), x509FromPEM(pemRootKeyPair.getCert()));
X509Certificate x509Certificate = x509FromPEM(keyPair.getCert());
// then - the correct number of SANs should be present
Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
assertEquals(3, subjectAlternativeNames.size());
// and - the correct values are contained in the correct order
List<?> collect = subjectAlternativeNames.stream().map(subjectAlternativeName -> subjectAlternativeName.get(1)).collect(Collectors.toList());
assertThat(collect, contains(domainNames));
}
use of org.mockserver.socket.tls.jdk.CertificateSigningRequest in project mockserver by mock-server.
the class JDKKeyAndCertificateFactory method buildAndSaveCertificateAuthorityPrivateKeyAndX509Certificate.
@Override
public void buildAndSaveCertificateAuthorityPrivateKeyAndX509Certificate() {
if (dynamicallyUpdateCertificateAuthority() && certificateAuthorityCertificateNotYetCreated()) {
try {
X509AndPrivateKey certificateAuthorityX509AndPrivateKey = x509Generator.generateRootX509AndPrivateKey(new CertificateSigningRequest().setKeyPairAlgorithm(KEY_GENERATION_ALGORITHM).setSigningAlgorithm(SIGNING_ALGORITHM).setCommonName(ROOT_COMMON_NAME).setKeyPairSize(ROOT_KEY_SIZE));
saveAsPEMFile(certificateAuthorityX509AndPrivateKey.getCert(), certificateAuthorityX509CertificatePath(), "Certificate Authority X509 Certificate");
saveAsPEMFile(certificateAuthorityX509AndPrivateKey.getPrivateKey(), certificateAuthorityPrivateKeyPath(), "Certificate Authority Private Key");
} catch (Exception e) {
mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.ERROR).setMessageFormat("exception while generating certificate authority private key and X509 certificate").setThrowable(e));
}
}
}
use of org.mockserver.socket.tls.jdk.CertificateSigningRequest in project mockserver by mock-server.
the class JDKKeyAndCertificateFactory method buildAndSavePrivateKeyAndX509Certificate.
@Override
public void buildAndSavePrivateKeyAndX509Certificate() {
if (customPrivateKeyAndCertificateProvided()) {
try {
if (dynamicallyUpdateCertificateAuthority()) {
buildAndSaveCertificateAuthorityPrivateKeyAndX509Certificate();
}
String caPrivateKey = certificateAuthorityPrivateKey();
X509Certificate certificateAuthorityX509Certificate = certificateAuthorityX509Certificate();
x509AndPrivateKey = x509Generator.generateLeafX509AndPrivateKey(new CertificateSigningRequest().setKeyPairAlgorithm(KEY_GENERATION_ALGORITHM).setSigningAlgorithm(SIGNING_ALGORITHM).setCommonName(ROOT_COMMON_NAME).setCommonName(configuration.sslCertificateDomainName()).addSubjectAlternativeNames(configuration.sslSubjectAlternativeNameDomains()).addSubjectAlternativeNames(configuration.sslSubjectAlternativeNameIps()).setKeyPairSize(MOCK_KEY_SIZE), certificateAuthorityX509Certificate.getIssuerDN().getName(), caPrivateKey, certificateAuthorityX509Certificate);
if (MockServerLogger.isEnabled(TRACE)) {
mockServerLogger.logEvent(new LogEntry().setLogLevel(TRACE).setMessageFormat("created new X509{}with SAN Domain Names{}and IPs{}").setArguments(x509Certificate(), configuration.sslSubjectAlternativeNameDomains(), configuration.sslSubjectAlternativeNameIps()));
}
if (configuration.preventCertificateDynamicUpdate()) {
saveAsPEMFile(x509AndPrivateKey.getCert(), x509CertificatePath(), "X509 Certificate");
saveAsPEMFile(x509AndPrivateKey.getPrivateKey(), privateKeyPath(), "Private Key");
}
} catch (Exception e) {
mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.ERROR).setMessageFormat("exception while generating private key and X509 certificate").setThrowable(e));
}
}
}
Aggregations