Search in sources :

Example 16 with X509CertificateEx

use of org.nhindirect.stagent.cert.X509CertificateEx in project nhin-d by DirectProject.

the class SMIMECryptographerImpl_createSignatureEntityTest method testCreateSignatureEntity_hsmSignatureGenerator_assertEntityCreatedAndMatchesControl.

public void testCreateSignatureEntity_hsmSignatureGenerator_assertEntityCreatedAndMatchesControl() throws Exception {
    final String installedAlias = "JunitTestKey";
    /**
         * This test is only run if a specific SafeNet eToken Pro HSM is connected to the testing 
         * system.  This can be modified for another specific machine and/or token.
         */
    pkcs11ProvName = TestUtils.setupSafeNetToken();
    if (!StringUtils.isEmpty(pkcs11ProvName)) {
        // get a certificate from the key store
        final KeyStore ks = KeyStore.getInstance("PKCS11");
        ks.load(null, "1Kingpuff".toCharArray());
        // delete the entry in case it exists
        try {
            ks.deleteEntry(installedAlias);
        } catch (Exception e) {
        /*no-op */
        }
        // add the signing cert and private key into the token
        final X509Certificate sigCertBPrivate = (X509CertificateEx) TestUtils.loadCertificate("certCheckB.p12");
        try {
            ks.setKeyEntry(installedAlias, ((X509CertificateEx) sigCertBPrivate).getPrivateKey(), null, new Certificate[] { sigCertBPrivate });
            final KeyStore.PrivateKeyEntry entry = (KeyStore.PrivateKeyEntry) ks.getEntry(installedAlias, null);
            final X509Certificate signerCert = X509CertificateEx.fromX509Certificate((X509Certificate) entry.getCertificate(), entry.getPrivateKey());
            SplitProviderDirectSignedDataGeneratorFactory factory = new SplitProviderDirectSignedDataGeneratorFactory(pkcs11ProvName, "BC");
            final SMIMECryptographerImpl impl = new SMIMECryptographerImpl();
            impl.setSignedDataGeneratorFactory(factory);
            final String testMessage = TestUtils.readResource("MultipartMimeMessage.txt");
            final MimeEntity ent = new Message(new ByteArrayInputStream(testMessage.getBytes())).extractEntityForSignature(true);
            byte[] bytesToSign = EntitySerializer.Default.serializeToBytes(ent);
            final MimeMultipart mm = impl.createSignatureEntity(bytesToSign, Arrays.asList(signerCert));
            assertNotNull(mm);
            assertEquals(2, mm.getCount());
            validatedSignatureHeaders(mm);
            // now create the control
            final SMIMECryptographerImpl controllImpl = new SMIMECryptographerImpl();
            final MimeMultipart controllmm = controllImpl.createSignatureEntity(bytesToSign, Arrays.asList(sigCertBPrivate));
            assertNotNull(controllmm);
            assertEquals(2, controllmm.getCount());
            // make sure the signatures can be verified
            // the actual byte data may not be the same due to 
            // randomness in the signature
            validateSignature(deserializeSignatureEnvelope(mm), sigCertBPrivate);
            validateSignature(deserializeSignatureEnvelope(controllmm), sigCertBPrivate);
        } finally {
            ks.deleteEntry(installedAlias);
        }
    }
}
Also used : Message(org.nhindirect.stagent.mail.Message) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx) ByteArrayInputStream(java.io.ByteArrayInputStream) MimeMultipart(javax.mail.internet.MimeMultipart) MimeEntity(org.nhindirect.stagent.mail.MimeEntity) SplitProviderDirectSignedDataGeneratorFactory(org.nhindirect.stagent.cryptography.activekeyops.SplitProviderDirectSignedDataGeneratorFactory)

Example 17 with X509CertificateEx

use of org.nhindirect.stagent.cert.X509CertificateEx in project nhin-d by DirectProject.

the class LdapCertificateStoreTest method testLdapSearch_PKCS12PrivateKey.

public void testLdapSearch_PKCS12PrivateKey() throws Exception {
    addCertificatesToLdap(new String[] { "certs/gm2552encrypted.p12" });
    int port = configuration.getLdapPort();
    String url = "ldap://localhost:" + port + "/" + "cn=lookupTest";
    LdapStoreConfiguration ldapStoreConfiguration = new LdapStoreConfiguration(new String[] { url }, "", "email", "privKeyStore", "PKCS12");
    ldapStoreConfiguration.setLdapCertPassphrase("1kingpuff");
    LdapCertificateStoreProvider provider = new LdapCertificateStoreProvider(ldapStoreConfiguration, null, null);
    LDAPCertificateStore certificateResolver = (LDAPCertificateStore) provider.get();
    certificateResolver.flush(true);
    Collection<X509Certificate> certs = certificateResolver.getCertificates("gm2552@cerner.com");
    assertEquals(1, certs.size());
    X509Certificate cert = certs.iterator().next();
    assertTrue(cert instanceof X509CertificateEx);
    assertTrue(cert.getSubjectX500Principal().toString().contains("gm2552@securehealthemail.com"));
}
Also used : X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx) PublicLdapCertificateStoreProvider(org.nhindirect.stagent.cert.impl.provider.PublicLdapCertificateStoreProvider) LdapCertificateStoreProvider(org.nhindirect.stagent.cert.impl.provider.LdapCertificateStoreProvider) X509Certificate(java.security.cert.X509Certificate)

Example 18 with X509CertificateEx

use of org.nhindirect.stagent.cert.X509CertificateEx in project nhin-d by DirectProject.

the class CryptographerTest method testEncryptWithSingleCert_decryptWithMutlipeCerts_onlyOneCertCorrect_assertDecrypted.

public void testEncryptWithSingleCert_decryptWithMutlipeCerts_onlyOneCertCorrect_assertDecrypted() throws Exception {
    X509Certificate cert = TestUtils.getExternalCert("user1");
    SMIMECryptographerImpl cryptographer = new SMIMECryptographerImpl();
    MimeEntity entity = new MimeEntity();
    entity.setText("Hello world.");
    entity.setHeader(MimeStandard.ContentTypeHeader, "text/plain");
    entity.setHeader(MimeStandard.ContentTransferEncodingHeader, "7bit");
    MimeEntity encEntity = cryptographer.encrypt(entity, cert);
    assertNotNull(encEntity);
    X509CertificateEx certex1 = TestUtils.getInternalCert("altnameonly");
    X509CertificateEx certex2 = TestUtils.getInternalCert("user1");
    MimeEntity decryEntity = cryptographer.decrypt(encEntity, Arrays.asList(certex1, certex2));
    assertNotNull(decryEntity);
    byte[] decryEntityBytes = EntitySerializer.Default.serializeToBytes(decryEntity);
    byte[] entityBytes = EntitySerializer.Default.serializeToBytes(entity);
    assertTrue(Arrays.equals(decryEntityBytes, entityBytes));
}
Also used : SMIMECryptographerImpl(org.nhindirect.stagent.cryptography.SMIMECryptographerImpl) X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx) MimeEntity(org.nhindirect.stagent.mail.MimeEntity) X509Certificate(java.security.cert.X509Certificate)

Example 19 with X509CertificateEx

use of org.nhindirect.stagent.cert.X509CertificateEx in project nhin-d by DirectProject.

the class CryptographerTest method testSignMimeEntity_MD5Digest_doNotforceStrongDigest_assertValidation.

public void testSignMimeEntity_MD5Digest_doNotforceStrongDigest_assertValidation() throws Exception {
    X509CertificateEx certex = TestUtils.getInternalCert("user1");
    SMIMECryptographerImpl cryptographer = new SMIMECryptographerImpl();
    cryptographer.setDigestAlgorithm(DigestAlgorithm.MD5);
    cryptographer.setStrongDigestEnforced(false);
    MimeEntity entity = new MimeEntity();
    entity.setText("Hello world.");
    entity.setHeader(MimeStandard.ContentTypeHeader, "text/plain");
    entity.setHeader(MimeStandard.ContentTransferEncodingHeader, "7bit");
    SignedEntity signedEnt = cryptographer.sign(entity, certex);
    assertNotNull(signedEnt);
    byte[] signedEntityBytes = EntitySerializer.Default.serializeToBytes(signedEnt.getContent());
    byte[] entityBytes = EntitySerializer.Default.serializeToBytes(entity);
    assertTrue(Arrays.equals(signedEntityBytes, entityBytes));
    assertNotNull(signedEnt.getSignature());
    X509Certificate cert = TestUtils.getExternalCert("user1");
    cryptographer.checkSignature(signedEnt, cert, new ArrayList<X509Certificate>());
}
Also used : X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx) SMIMECryptographerImpl(org.nhindirect.stagent.cryptography.SMIMECryptographerImpl) MimeEntity(org.nhindirect.stagent.mail.MimeEntity) SignedEntity(org.nhindirect.stagent.cryptography.SignedEntity) X509Certificate(java.security.cert.X509Certificate)

Example 20 with X509CertificateEx

use of org.nhindirect.stagent.cert.X509CertificateEx in project nhin-d by DirectProject.

the class CryptographerTest method testSignMimeEntity.

private void testSignMimeEntity(DigestAlgorithm digAlg) throws Exception {
    X509CertificateEx certex = TestUtils.getInternalCert("user1");
    SMIMECryptographerImpl cryptographer = new SMIMECryptographerImpl();
    cryptographer.setDigestAlgorithm(digAlg);
    MimeEntity entity = new MimeEntity();
    entity.setText("Hello world.");
    entity.setHeader(MimeStandard.ContentTypeHeader, "text/plain");
    entity.setHeader(MimeStandard.ContentTransferEncodingHeader, "7bit");
    SignedEntity signedEnt = cryptographer.sign(entity, certex);
    assertNotNull(signedEnt);
    byte[] signedEntityBytes = EntitySerializer.Default.serializeToBytes(signedEnt.getContent());
    byte[] entityBytes = EntitySerializer.Default.serializeToBytes(entity);
    assertTrue(Arrays.equals(signedEntityBytes, entityBytes));
    assertNotNull(signedEnt.getSignature());
    X509Certificate cert = TestUtils.getExternalCert("user1");
    cryptographer.checkSignature(signedEnt, cert, new ArrayList<X509Certificate>());
}
Also used : X509CertificateEx(org.nhindirect.stagent.cert.X509CertificateEx) SMIMECryptographerImpl(org.nhindirect.stagent.cryptography.SMIMECryptographerImpl) MimeEntity(org.nhindirect.stagent.mail.MimeEntity) SignedEntity(org.nhindirect.stagent.cryptography.SignedEntity) X509Certificate(java.security.cert.X509Certificate)

Aggregations

X509CertificateEx (org.nhindirect.stagent.cert.X509CertificateEx)51 X509Certificate (java.security.cert.X509Certificate)39 MimeEntity (org.nhindirect.stagent.mail.MimeEntity)18 SMIMECryptographerImpl (org.nhindirect.stagent.cryptography.SMIMECryptographerImpl)13 IOException (java.io.IOException)11 KeyStore (java.security.KeyStore)11 NHINDException (org.nhindirect.stagent.NHINDException)9 ByteArrayInputStream (java.io.ByteArrayInputStream)6 ByteArrayOutputStream (java.io.ByteArrayOutputStream)6 Key (java.security.Key)6 PrivateKey (java.security.PrivateKey)6 File (java.io.File)5 Certificate (java.security.cert.Certificate)5 MimeMultipart (javax.mail.internet.MimeMultipart)5 SMIMEEnveloped (org.bouncycastle.mail.smime.SMIMEEnveloped)5 LdapCertificateStoreProvider (org.nhindirect.stagent.cert.impl.provider.LdapCertificateStoreProvider)5 SignedEntity (org.nhindirect.stagent.cryptography.SignedEntity)5 ArrayList (java.util.ArrayList)4 MessagingException (javax.mail.MessagingException)4 RecipientInformation (org.bouncycastle.cms.RecipientInformation)4