use of org.nhindirect.stagent.cert.X509CertificateEx in project nhin-d by DirectProject.
the class SMIMECryptographerImpl_createSignatureEntityTest method testCreateSignatureEntity_hsmSignatureGenerator_assertEntityCreatedAndMatchesControl.
public void testCreateSignatureEntity_hsmSignatureGenerator_assertEntityCreatedAndMatchesControl() throws Exception {
final String installedAlias = "JunitTestKey";
/**
* This test is only run if a specific SafeNet eToken Pro HSM is connected to the testing
* system. This can be modified for another specific machine and/or token.
*/
pkcs11ProvName = TestUtils.setupSafeNetToken();
if (!StringUtils.isEmpty(pkcs11ProvName)) {
// get a certificate from the key store
final KeyStore ks = KeyStore.getInstance("PKCS11");
ks.load(null, "1Kingpuff".toCharArray());
// delete the entry in case it exists
try {
ks.deleteEntry(installedAlias);
} catch (Exception e) {
/*no-op */
}
// add the signing cert and private key into the token
final X509Certificate sigCertBPrivate = (X509CertificateEx) TestUtils.loadCertificate("certCheckB.p12");
try {
ks.setKeyEntry(installedAlias, ((X509CertificateEx) sigCertBPrivate).getPrivateKey(), null, new Certificate[] { sigCertBPrivate });
final KeyStore.PrivateKeyEntry entry = (KeyStore.PrivateKeyEntry) ks.getEntry(installedAlias, null);
final X509Certificate signerCert = X509CertificateEx.fromX509Certificate((X509Certificate) entry.getCertificate(), entry.getPrivateKey());
SplitProviderDirectSignedDataGeneratorFactory factory = new SplitProviderDirectSignedDataGeneratorFactory(pkcs11ProvName, "BC");
final SMIMECryptographerImpl impl = new SMIMECryptographerImpl();
impl.setSignedDataGeneratorFactory(factory);
final String testMessage = TestUtils.readResource("MultipartMimeMessage.txt");
final MimeEntity ent = new Message(new ByteArrayInputStream(testMessage.getBytes())).extractEntityForSignature(true);
byte[] bytesToSign = EntitySerializer.Default.serializeToBytes(ent);
final MimeMultipart mm = impl.createSignatureEntity(bytesToSign, Arrays.asList(signerCert));
assertNotNull(mm);
assertEquals(2, mm.getCount());
validatedSignatureHeaders(mm);
// now create the control
final SMIMECryptographerImpl controllImpl = new SMIMECryptographerImpl();
final MimeMultipart controllmm = controllImpl.createSignatureEntity(bytesToSign, Arrays.asList(sigCertBPrivate));
assertNotNull(controllmm);
assertEquals(2, controllmm.getCount());
// make sure the signatures can be verified
// the actual byte data may not be the same due to
// randomness in the signature
validateSignature(deserializeSignatureEnvelope(mm), sigCertBPrivate);
validateSignature(deserializeSignatureEnvelope(controllmm), sigCertBPrivate);
} finally {
ks.deleteEntry(installedAlias);
}
}
}
use of org.nhindirect.stagent.cert.X509CertificateEx in project nhin-d by DirectProject.
the class LdapCertificateStoreTest method testLdapSearch_PKCS12PrivateKey.
public void testLdapSearch_PKCS12PrivateKey() throws Exception {
addCertificatesToLdap(new String[] { "certs/gm2552encrypted.p12" });
int port = configuration.getLdapPort();
String url = "ldap://localhost:" + port + "/" + "cn=lookupTest";
LdapStoreConfiguration ldapStoreConfiguration = new LdapStoreConfiguration(new String[] { url }, "", "email", "privKeyStore", "PKCS12");
ldapStoreConfiguration.setLdapCertPassphrase("1kingpuff");
LdapCertificateStoreProvider provider = new LdapCertificateStoreProvider(ldapStoreConfiguration, null, null);
LDAPCertificateStore certificateResolver = (LDAPCertificateStore) provider.get();
certificateResolver.flush(true);
Collection<X509Certificate> certs = certificateResolver.getCertificates("gm2552@cerner.com");
assertEquals(1, certs.size());
X509Certificate cert = certs.iterator().next();
assertTrue(cert instanceof X509CertificateEx);
assertTrue(cert.getSubjectX500Principal().toString().contains("gm2552@securehealthemail.com"));
}
use of org.nhindirect.stagent.cert.X509CertificateEx in project nhin-d by DirectProject.
the class CryptographerTest method testEncryptWithSingleCert_decryptWithMutlipeCerts_onlyOneCertCorrect_assertDecrypted.
public void testEncryptWithSingleCert_decryptWithMutlipeCerts_onlyOneCertCorrect_assertDecrypted() throws Exception {
X509Certificate cert = TestUtils.getExternalCert("user1");
SMIMECryptographerImpl cryptographer = new SMIMECryptographerImpl();
MimeEntity entity = new MimeEntity();
entity.setText("Hello world.");
entity.setHeader(MimeStandard.ContentTypeHeader, "text/plain");
entity.setHeader(MimeStandard.ContentTransferEncodingHeader, "7bit");
MimeEntity encEntity = cryptographer.encrypt(entity, cert);
assertNotNull(encEntity);
X509CertificateEx certex1 = TestUtils.getInternalCert("altnameonly");
X509CertificateEx certex2 = TestUtils.getInternalCert("user1");
MimeEntity decryEntity = cryptographer.decrypt(encEntity, Arrays.asList(certex1, certex2));
assertNotNull(decryEntity);
byte[] decryEntityBytes = EntitySerializer.Default.serializeToBytes(decryEntity);
byte[] entityBytes = EntitySerializer.Default.serializeToBytes(entity);
assertTrue(Arrays.equals(decryEntityBytes, entityBytes));
}
use of org.nhindirect.stagent.cert.X509CertificateEx in project nhin-d by DirectProject.
the class CryptographerTest method testSignMimeEntity_MD5Digest_doNotforceStrongDigest_assertValidation.
public void testSignMimeEntity_MD5Digest_doNotforceStrongDigest_assertValidation() throws Exception {
X509CertificateEx certex = TestUtils.getInternalCert("user1");
SMIMECryptographerImpl cryptographer = new SMIMECryptographerImpl();
cryptographer.setDigestAlgorithm(DigestAlgorithm.MD5);
cryptographer.setStrongDigestEnforced(false);
MimeEntity entity = new MimeEntity();
entity.setText("Hello world.");
entity.setHeader(MimeStandard.ContentTypeHeader, "text/plain");
entity.setHeader(MimeStandard.ContentTransferEncodingHeader, "7bit");
SignedEntity signedEnt = cryptographer.sign(entity, certex);
assertNotNull(signedEnt);
byte[] signedEntityBytes = EntitySerializer.Default.serializeToBytes(signedEnt.getContent());
byte[] entityBytes = EntitySerializer.Default.serializeToBytes(entity);
assertTrue(Arrays.equals(signedEntityBytes, entityBytes));
assertNotNull(signedEnt.getSignature());
X509Certificate cert = TestUtils.getExternalCert("user1");
cryptographer.checkSignature(signedEnt, cert, new ArrayList<X509Certificate>());
}
use of org.nhindirect.stagent.cert.X509CertificateEx in project nhin-d by DirectProject.
the class CryptographerTest method testSignMimeEntity.
private void testSignMimeEntity(DigestAlgorithm digAlg) throws Exception {
X509CertificateEx certex = TestUtils.getInternalCert("user1");
SMIMECryptographerImpl cryptographer = new SMIMECryptographerImpl();
cryptographer.setDigestAlgorithm(digAlg);
MimeEntity entity = new MimeEntity();
entity.setText("Hello world.");
entity.setHeader(MimeStandard.ContentTypeHeader, "text/plain");
entity.setHeader(MimeStandard.ContentTransferEncodingHeader, "7bit");
SignedEntity signedEnt = cryptographer.sign(entity, certex);
assertNotNull(signedEnt);
byte[] signedEntityBytes = EntitySerializer.Default.serializeToBytes(signedEnt.getContent());
byte[] entityBytes = EntitySerializer.Default.serializeToBytes(entity);
assertTrue(Arrays.equals(signedEntityBytes, entityBytes));
assertNotNull(signedEnt.getSignature());
X509Certificate cert = TestUtils.getExternalCert("user1");
cryptographer.checkSignature(signedEnt, cert, new ArrayList<X509Certificate>());
}
Aggregations