use of org.nhindirect.stagent.cert.RevocationManager in project nhin-d by DirectProject.
the class CRLManagerTest method testCrlManager.
/**
* Test the CRLManager class with normal and non-normal input.
*/
public void testCrlManager() {
String tmp = this.getClass().getClassLoader().getResource("crl/certs.crl").getPath();
final String workingDir = tmp.substring(0, tmp.lastIndexOf("/") + 1).replaceAll("%20", " ");
String internalKeystoreFile = workingDir + "keystore";
KeyStoreCertificateStore service = new KeyStoreCertificateStore(internalKeystoreFile, KEY_STORE_PASSWORD, PRIVATE_KEY_PASSWORD);
RevocationManager crlManager = new CRLRevocationManager() {
@Override
protected String getNameString(String generalNameString) {
String s = super.getNameString(generalNameString);
return s.replace("http://JUNIT", "file://" + workingDir);
}
};
assertEquals("Output does not match expected", false, crlManager.isRevoked(null));
assertEquals("Output does not match expected", false, crlManager.isRevoked(service.getByAlias("valid")));
assertEquals("Output does not match expected", true, crlManager.isRevoked(service.getByAlias("revoked")));
assertEquals("Output does not match expected", false, crlManager.isRevoked(service.getByAlias("gm2552")));
assertEquals("Output does not match expected", false, crlManager.isRevoked(service.getByAlias("missing")));
// Hit cache
assertEquals("Output does not match expected", false, crlManager.isRevoked(null));
assertEquals("Output does not match expected", false, crlManager.isRevoked(service.getByAlias("valid")));
assertEquals("Output does not match expected", true, crlManager.isRevoked(service.getByAlias("revoked")));
assertEquals("Output does not match expected", false, crlManager.isRevoked(service.getByAlias("gm2552")));
assertEquals("Output does not match expected", false, crlManager.isRevoked(service.getByAlias("missing")));
}
use of org.nhindirect.stagent.cert.RevocationManager in project nhin-d by DirectProject.
the class TrustModel method findTrustedSignature.
protected DefaultMessageSignatureImpl findTrustedSignature(IncomingMessage message, InternetAddress recipient, Collection<X509Certificate> anchors) {
NHINDAddress sender = message.getSender();
Collection<DefaultMessageSignatureImpl> signatures = message.getSenderSignatures();
DefaultMessageSignatureImpl lastTrustedSignature = null;
final RevocationManager revocationManager = CRLRevocationManager.getInstance();
for (DefaultMessageSignatureImpl signature : signatures) {
// before checking for cert chain validation, make sure we aren't dealing with a revoked certificate
if (revocationManager.isRevoked(signature.getSignerCert()))
continue;
boolean certTrustedAndInPolicy = certChainValidator.isTrusted(signature.getSignerCert(), anchors) && signature.checkSignature();
if (certTrustedAndInPolicy && recipient != null) {
certTrustedAndInPolicy = this.isCertPolicyCompliant(recipient, signature.getSignerCert());
}
if (certTrustedAndInPolicy) {
if (!sender.hasCertificates())
// Can't really check thumbprints etc. So, this is about as good as its going to get
return signature;
if (signature.checkThumbprint(sender)) {
return signature;
}
//
// We'll save this guy, but keep looking for a signer whose thumbprint we can verify
// If we can't find one, we'll use the last trusted signer we found.. and just mark the recipient's trust
// enforcement status as Success_ThumbprintMismatch
//
lastTrustedSignature = signature;
}
}
return lastTrustedSignature;
}
Aggregations