Search in sources :

Example 6 with CertifiedPublicKey

use of org.xwiki.crypto.pkix.params.CertifiedPublicKey in project xwiki-platform by xwiki.

the class RSACryptoScriptService method cmsSign.

/**
 * Generate a CMS (Cryptographic Message Syntax) signature for a given byte content. The resulting signature
 * might contains the content itself and the certificate chain of the key used to sign.
 *
 * @param data the data to be signed
 * @param keyPair the certified key pair used for signing
 * @param certificateProvider Optionally, a certificate provider for obtaining the chain of certificate to embed.
 *                            If null, no certificate are embedded with the signature.
 * @param existingSignature if not null, a existing signature on the same data that should be kept.
 * @param embedContent if true, the signed content is embedded with the signature.
 * @return the resulting signature encoded ASN.1 and in accordance with RFC 3852.
 * @throws GeneralSecurityException on error.
 */
public byte[] cmsSign(byte[] data, CertifiedKeyPair keyPair, CertificateProvider certificateProvider, CMSSignedDataVerified existingSignature, boolean embedContent) throws GeneralSecurityException {
    CMSSignedDataGeneratorParameters parameters = new CMSSignedDataGeneratorParameters().addSigner(CertifyingSigner.getInstance(true, keyPair, signerFactory));
    if (existingSignature != null) {
        for (CMSSignerInfo existingSigner : existingSignature.getSignatures()) {
            parameters.addSignature(existingSigner);
        }
    }
    Set<CertifiedPublicKey> certs = new HashSet<CertifiedPublicKey>();
    if (existingSignature != null && existingSignature.getCertificates() != null) {
        certs.addAll(existingSignature.getCertificates());
    }
    if (certificateProvider != null) {
        if (existingSignature != null) {
            for (CMSSignerInfo existingSigner : existingSignature.getSignatures()) {
                if (existingSigner.getSubjectKeyIdentifier() != null) {
                    addCertificateChain(certificateProvider.getCertificate(existingSigner.getSubjectKeyIdentifier()), certificateProvider, certs);
                } else {
                    addCertificateChain(certificateProvider.getCertificate(existingSigner.getIssuer(), existingSigner.getSerialNumber()), certificateProvider, certs);
                }
            }
        }
        addCertificateChain(keyPair.getCertificate(), certificateProvider, certs);
    }
    if (!certs.isEmpty()) {
        parameters.addCertificates(certs);
    }
    return cmsSignedDataGenerator.generate(data, parameters, embedContent);
}
Also used : CMSSignedDataGeneratorParameters(org.xwiki.crypto.signer.param.CMSSignedDataGeneratorParameters) CMSSignerInfo(org.xwiki.crypto.signer.param.CMSSignerInfo) CertifiedPublicKey(org.xwiki.crypto.pkix.params.CertifiedPublicKey) X509CertifiedPublicKey(org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey) HashSet(java.util.HashSet)

Example 7 with CertifiedPublicKey

use of org.xwiki.crypto.pkix.params.CertifiedPublicKey in project xwiki-platform by xwiki.

the class RSACryptoScriptService method checkX509CertificateChainValidity.

/**
 * Check that an X509 certificate chain is complete and is valid on a given date.
 *
 * @param chain the ordered chain of certificate starting from root CA.
 * @param date the date to check the validity for, or null to check for now.
 * @return true if the chain is a X509 certificate chain complete and valid on the given date.
 */
public boolean checkX509CertificateChainValidity(Collection<CertifiedPublicKey> chain, Date date) {
    if (chain == null || chain.isEmpty()) {
        return false;
    }
    Date checkDate = (date != null) ? date : new Date();
    boolean rootExpected = true;
    for (CertifiedPublicKey cert : chain) {
        if (!(cert instanceof X509CertifiedPublicKey)) {
            return false;
        }
        if (rootExpected) {
            if (!((X509CertifiedPublicKey) cert).isRootCA()) {
                return false;
            }
            rootExpected = false;
        }
        if (!((X509CertifiedPublicKey) cert).isValidOn(checkDate)) {
            return false;
        }
    }
    return true;
}
Also used : X509CertifiedPublicKey(org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey) CertifiedPublicKey(org.xwiki.crypto.pkix.params.CertifiedPublicKey) X509CertifiedPublicKey(org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey) Date(java.util.Date)

Example 8 with CertifiedPublicKey

use of org.xwiki.crypto.pkix.params.CertifiedPublicKey in project xwiki-platform by xwiki.

the class X509CertificateWikiStoreTest method testRetrievingCertificateUsingIssueAndSerialFromDocument.

@Test
public void testRetrievingCertificateUsingIssueAndSerialFromDocument() throws Exception {
    CertifiedPublicKey certificate = mockSingleCertQuery();
    assertThat(store.getCertificateProvider(DOC_STORE_REF).getCertificate(new DistinguishedName(ISSUER), SERIAL), equalTo(certificate));
    verify(query).bindValue(BIND_ISSUER, ISSUER);
    verify(query).bindValue(BIND_SERIAL, SERIAL.toString());
    verify(query, times(3)).bindValue(BIND_STORE, FULLNAME);
}
Also used : DistinguishedName(org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName) CertifiedPublicKey(org.xwiki.crypto.pkix.params.CertifiedPublicKey) X509CertifiedPublicKey(org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey) Test(org.junit.Test)

Example 9 with CertifiedPublicKey

use of org.xwiki.crypto.pkix.params.CertifiedPublicKey in project xwiki-platform by xwiki.

the class X509CertificateWikiStoreTest method mockMultiCertsQuery.

private CertifiedPublicKey[] mockMultiCertsQuery() throws Exception {
    CertifiedPublicKey[] certs = new CertifiedPublicKey[2];
    byte[] cert2 = "certificate2".getBytes();
    String encodedCert2 = "encoded_certificate2";
    certs[0] = getMockedCertificate(true);
    certs[1] = getMockedCertificate(false);
    CertificateFactory factory = this.mocker.getInstance(CertificateFactory.class, "X509");
    when(factory.decode(CERTIFICATE)).thenReturn(certs[0]);
    when(factory.decode(cert2)).thenReturn(certs[1]);
    BinaryStringEncoder encoder = this.mocker.getInstance(BinaryStringEncoder.class, "Base64");
    when(encoder.encode(cert2, 64)).thenReturn(encodedCert2);
    when(encoder.decode(encodedCert2)).thenReturn(cert2);
    when(this.query.<String>execute()).thenReturn(Arrays.asList(ENCODED_CERTIFICATE, encodedCert2));
    return certs;
}
Also used : BinaryStringEncoder(org.xwiki.crypto.BinaryStringEncoder) CertifiedPublicKey(org.xwiki.crypto.pkix.params.CertifiedPublicKey) X509CertifiedPublicKey(org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey) CertificateFactory(org.xwiki.crypto.pkix.CertificateFactory)

Example 10 with CertifiedPublicKey

use of org.xwiki.crypto.pkix.params.CertifiedPublicKey in project xwiki-platform by xwiki.

the class X509CertificateWikiStoreTest method testRetrievingCertificateUsingIssueAndSerialFromSpace.

@Test
public void testRetrievingCertificateUsingIssueAndSerialFromSpace() throws Exception {
    CertifiedPublicKey certificate = mockSingleCertQuery();
    assertThat(store.getCertificateProvider(SPACE_STORE_REF).getCertificate(new DistinguishedName(ISSUER), SERIAL), equalTo(certificate));
    verify(query).bindValue(BIND_ISSUER, ISSUER);
    verify(query).bindValue(BIND_SERIAL, SERIAL.toString());
    verify(query, times(3)).bindValue(BIND_STORE, SPACE);
}
Also used : DistinguishedName(org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName) CertifiedPublicKey(org.xwiki.crypto.pkix.params.CertifiedPublicKey) X509CertifiedPublicKey(org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey) Test(org.junit.Test)

Aggregations

CertifiedPublicKey (org.xwiki.crypto.pkix.params.CertifiedPublicKey)12 X509CertifiedPublicKey (org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey)12 Test (org.junit.Test)8 XWikiDocument (com.xpn.xwiki.doc.XWikiDocument)4 BaseObject (com.xpn.xwiki.objects.BaseObject)4 CertifiedKeyPair (org.xwiki.crypto.pkix.params.CertifiedKeyPair)4 DocumentReference (org.xwiki.model.reference.DocumentReference)4 LocalDocumentReference (org.xwiki.model.reference.LocalDocumentReference)4 CertificateFactory (org.xwiki.crypto.pkix.CertificateFactory)2 DistinguishedName (org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName)2 Date (java.util.Date)1 HashSet (java.util.HashSet)1 BinaryStringEncoder (org.xwiki.crypto.BinaryStringEncoder)1 CMSSignedDataGeneratorParameters (org.xwiki.crypto.signer.param.CMSSignedDataGeneratorParameters)1 CMSSignerInfo (org.xwiki.crypto.signer.param.CMSSignerInfo)1