Search in sources :

Example 1 with DistinguishedName

use of org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName in project xwiki-platform by xwiki.

the class X509KeyWikiStoreTest method setUp.

@Before
public void setUp() throws Exception {
    EntityReferenceProvider valueProvider = mock(EntityReferenceProvider.class);
    when(valueProvider.getDefaultReference(EntityType.WIKI)).thenReturn(WIKI_REFERENCE);
    when(valueProvider.getDefaultReference(EntityType.SPACE)).thenReturn(SPACE_REFERENCE);
    when(valueProvider.getDefaultReference(EntityType.DOCUMENT)).thenReturn(DOCUMENT_REFERENCE);
    mocker.registerComponent(EntityReferenceProvider.class, "current", valueProvider);
    Provider<XWikiContext> xcontextProvider = mocker.registerMockComponent(XWikiContext.TYPE_PROVIDER);
    xcontext = mock(XWikiContext.class);
    when(xcontextProvider.get()).thenReturn(xcontext);
    xwiki = mock(com.xpn.xwiki.XWiki.class);
    when(xcontext.getWiki()).thenReturn(xwiki);
    BinaryStringEncoder encoder = mocker.getInstance(BinaryStringEncoder.class, "Base64");
    when(encoder.encode(PRIVATEKEY, 64)).thenReturn(ENCODED_PRIVATEKEY);
    when(encoder.decode(ENCODED_PRIVATEKEY)).thenReturn(PRIVATEKEY);
    when(encoder.encode(ENCRYPTED_PRIVATEKEY, 64)).thenReturn(ENCODED_ENCRYPTED_PRIVATEKEY);
    when(encoder.decode(ENCODED_ENCRYPTED_PRIVATEKEY)).thenReturn(ENCRYPTED_PRIVATEKEY);
    when(encoder.encode(CERTIFICATE, 64)).thenReturn(ENCODED_CERTIFICATE);
    when(encoder.decode(ENCODED_CERTIFICATE)).thenReturn(CERTIFICATE);
    when(encoder.encode(SUBJECT_KEYID)).thenReturn(ENCODED_SUBJECTKEYID);
    when(encoder.decode(ENCODED_SUBJECTKEYID)).thenReturn(SUBJECT_KEYID);
    privateKey = mock(PrivateKeyParameters.class);
    when(privateKey.getEncoded()).thenReturn(PRIVATEKEY);
    AsymmetricKeyFactory keyFactory = mocker.getInstance(AsymmetricKeyFactory.class);
    when(keyFactory.fromPKCS8(PRIVATEKEY)).thenReturn(privateKey);
    PrivateKeyPasswordBasedEncryptor encryptor = mocker.getInstance(PrivateKeyPasswordBasedEncryptor.class);
    when(encryptor.encrypt(PASSWORD, privateKey)).thenReturn(ENCRYPTED_PRIVATEKEY);
    when(encryptor.decrypt(PASSWORD, ENCRYPTED_PRIVATEKEY)).thenReturn(privateKey);
    certificate = mock(X509CertifiedPublicKey.class);
    when(certificate.getSerialNumber()).thenReturn(SERIAL);
    when(certificate.getIssuer()).thenReturn(new DistinguishedName(ISSUER));
    when(certificate.getSubject()).thenReturn(new DistinguishedName(SUBJECT));
    when(certificate.getEncoded()).thenReturn(CERTIFICATE);
    CertificateFactory certificateFactory = mocker.getInstance(CertificateFactory.class, "X509");
    when(certificateFactory.decode(CERTIFICATE)).thenReturn(certificate);
    X509Extensions extensions = mock(X509Extensions.class);
    when(certificate.getExtensions()).thenReturn(extensions);
    when(extensions.getSubjectKeyIdentifier()).thenReturn(SUBJECT_KEYID);
    when(certificate.getSubjectKeyIdentifier()).thenReturn(SUBJECT_KEYID);
    keyPair = new CertifiedKeyPair(privateKey, certificate);
    QueryManager queryManager = mocker.getInstance(QueryManager.class);
    query = mock(Query.class);
    when(query.bindValue(any(String.class), any())).thenReturn(query);
    when(query.setWiki(WIKI)).thenReturn(query);
    when(queryManager.createQuery(any(String.class), any(String.class))).thenReturn(query);
    store = mocker.getComponentUnderTest();
}
Also used : BinaryStringEncoder(org.xwiki.crypto.BinaryStringEncoder) Query(org.xwiki.query.Query) DistinguishedName(org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName) PrivateKeyParameters(org.xwiki.crypto.params.cipher.asymmetric.PrivateKeyParameters) XWikiContext(com.xpn.xwiki.XWikiContext) XWiki(com.xpn.xwiki.XWiki) X509Extensions(org.xwiki.crypto.pkix.params.x509certificate.extension.X509Extensions) CertificateFactory(org.xwiki.crypto.pkix.CertificateFactory) AsymmetricKeyFactory(org.xwiki.crypto.AsymmetricKeyFactory) EntityReferenceProvider(org.xwiki.model.reference.EntityReferenceProvider) X509CertifiedPublicKey(org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey) QueryManager(org.xwiki.query.QueryManager) PrivateKeyPasswordBasedEncryptor(org.xwiki.crypto.password.PrivateKeyPasswordBasedEncryptor) CertifiedKeyPair(org.xwiki.crypto.pkix.params.CertifiedKeyPair) Before(org.junit.Before)

Example 2 with DistinguishedName

use of org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName in project xwiki-platform by xwiki.

the class RSACryptoScriptService method issueCertificate.

/**
 * Create an end entity certificate. By default, the key can be used for encryption and signing. If the end entity
 * contains some alternate subject names of type X509Rfc822Name a extended email protection usage is added. If the
 * end entity contains some alternate subject names of type X509DnsName or X509IpAddress extended server and client
 * authentication usages are added.
 *
 * @param issuer the keypair for issuing the certificate
 * @param publicKey the public key to certify
 * @param dn the distinguished name for the new the certificate.
 * @param validity the validity of the certificate from now in days.
 * @param subjectAltName the alternative names for the certificate
 * @return a certified public key.
 * @throws IOException in case on error while reading the public key.
 * @throws GeneralSecurityException in case of error.
 */
public CertifiedPublicKey issueCertificate(CertifiedKeyPair issuer, PublicKeyParameters publicKey, String dn, int validity, List<X509GeneralName> subjectAltName) throws IOException, GeneralSecurityException {
    X509CertificateParameters params;
    X509ExtensionBuilder builder = extensionBuilder.get().addKeyUsage(EnumSet.of(KeyUsage.digitalSignature, KeyUsage.dataEncipherment));
    if (subjectAltName != null) {
        params = new X509CertificateParameters(extensionBuilder.get().addSubjectAltName(false, subjectAltName.toArray(new X509GeneralName[] {})).build());
        Set<String> extUsage = new HashSet<String>();
        for (X509GeneralName genName : subjectAltName) {
            if (genName instanceof X509Rfc822Name) {
                extUsage.add(ExtendedKeyUsages.EMAIL_PROTECTION);
            } else if (genName instanceof X509DnsName || genName instanceof X509IpAddress) {
                extUsage.add(ExtendedKeyUsages.SERVER_AUTH);
                extUsage.add(ExtendedKeyUsages.CLIENT_AUTH);
            }
            builder.addExtendedKeyUsage(false, new ExtendedKeyUsages(extUsage));
        }
    } else {
        params = new X509CertificateParameters();
    }
    return certificateGeneratorFactory.getInstance(CertifyingSigner.getInstance(true, issuer, signerFactory), new X509CertificateGenerationParameters(validity, builder.build())).generate(new DistinguishedName(dn), publicKey, params);
}
Also used : X509DnsName(org.xwiki.crypto.pkix.params.x509certificate.extension.X509DnsName) X509GeneralName(org.xwiki.crypto.pkix.params.x509certificate.extension.X509GeneralName) X509IpAddress(org.xwiki.crypto.pkix.params.x509certificate.extension.X509IpAddress) DistinguishedName(org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName) X509Rfc822Name(org.xwiki.crypto.pkix.params.x509certificate.extension.X509Rfc822Name) X509CertificateGenerationParameters(org.xwiki.crypto.pkix.params.x509certificate.X509CertificateGenerationParameters) X509ExtensionBuilder(org.xwiki.crypto.pkix.X509ExtensionBuilder) X509CertificateParameters(org.xwiki.crypto.pkix.params.x509certificate.X509CertificateParameters) ExtendedKeyUsages(org.xwiki.crypto.pkix.params.x509certificate.extension.ExtendedKeyUsages) HashSet(java.util.HashSet)

Example 3 with DistinguishedName

use of org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName in project xwiki-platform by xwiki.

the class X509CertificateWikiStoreTest method testRetrievingCertificateUsingIssueAndSerialFromDocument.

@Test
public void testRetrievingCertificateUsingIssueAndSerialFromDocument() throws Exception {
    CertifiedPublicKey certificate = mockSingleCertQuery();
    assertThat(store.getCertificateProvider(DOC_STORE_REF).getCertificate(new DistinguishedName(ISSUER), SERIAL), equalTo(certificate));
    verify(query).bindValue(BIND_ISSUER, ISSUER);
    verify(query).bindValue(BIND_SERIAL, SERIAL.toString());
    verify(query, times(3)).bindValue(BIND_STORE, FULLNAME);
}
Also used : DistinguishedName(org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName) CertifiedPublicKey(org.xwiki.crypto.pkix.params.CertifiedPublicKey) X509CertifiedPublicKey(org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey) Test(org.junit.Test)

Example 4 with DistinguishedName

use of org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName in project xwiki-platform by xwiki.

the class X509CertificateWikiStoreTest method testRetrievingCertificateUsingIssueAndSerialFromSpace.

@Test
public void testRetrievingCertificateUsingIssueAndSerialFromSpace() throws Exception {
    CertifiedPublicKey certificate = mockSingleCertQuery();
    assertThat(store.getCertificateProvider(SPACE_STORE_REF).getCertificate(new DistinguishedName(ISSUER), SERIAL), equalTo(certificate));
    verify(query).bindValue(BIND_ISSUER, ISSUER);
    verify(query).bindValue(BIND_SERIAL, SERIAL.toString());
    verify(query, times(3)).bindValue(BIND_STORE, SPACE);
}
Also used : DistinguishedName(org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName) CertifiedPublicKey(org.xwiki.crypto.pkix.params.CertifiedPublicKey) X509CertifiedPublicKey(org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey) Test(org.junit.Test)

Example 5 with DistinguishedName

use of org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName in project xwiki-platform by xwiki.

the class X509CertificateWikiStoreTest method getMockedCertificate.

private CertifiedPublicKey getMockedCertificate(boolean hasKeyId) throws Exception {
    X509CertifiedPublicKey certificate = mock(X509CertifiedPublicKey.class);
    when(certificate.getSerialNumber()).thenReturn(SERIAL);
    when(certificate.getIssuer()).thenReturn(new DistinguishedName(ISSUER));
    when(certificate.getSubject()).thenReturn(new DistinguishedName(SUBJECT));
    when(certificate.getEncoded()).thenReturn(CERTIFICATE);
    if (hasKeyId) {
        X509Extensions extensions = mock(X509Extensions.class);
        when(certificate.getExtensions()).thenReturn(extensions);
        when(extensions.getSubjectKeyIdentifier()).thenReturn(SUBJECT_KEYID);
        when(certificate.getSubjectKeyIdentifier()).thenReturn(SUBJECT_KEYID);
    }
    return certificate;
}
Also used : DistinguishedName(org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName) X509CertifiedPublicKey(org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey) X509Extensions(org.xwiki.crypto.pkix.params.x509certificate.extension.X509Extensions)

Aggregations

DistinguishedName (org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName)5 X509CertifiedPublicKey (org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey)4 Test (org.junit.Test)2 CertifiedPublicKey (org.xwiki.crypto.pkix.params.CertifiedPublicKey)2 X509Extensions (org.xwiki.crypto.pkix.params.x509certificate.extension.X509Extensions)2 XWiki (com.xpn.xwiki.XWiki)1 XWikiContext (com.xpn.xwiki.XWikiContext)1 HashSet (java.util.HashSet)1 Before (org.junit.Before)1 AsymmetricKeyFactory (org.xwiki.crypto.AsymmetricKeyFactory)1 BinaryStringEncoder (org.xwiki.crypto.BinaryStringEncoder)1 PrivateKeyParameters (org.xwiki.crypto.params.cipher.asymmetric.PrivateKeyParameters)1 PrivateKeyPasswordBasedEncryptor (org.xwiki.crypto.password.PrivateKeyPasswordBasedEncryptor)1 CertificateFactory (org.xwiki.crypto.pkix.CertificateFactory)1 X509ExtensionBuilder (org.xwiki.crypto.pkix.X509ExtensionBuilder)1 CertifiedKeyPair (org.xwiki.crypto.pkix.params.CertifiedKeyPair)1 X509CertificateGenerationParameters (org.xwiki.crypto.pkix.params.x509certificate.X509CertificateGenerationParameters)1 X509CertificateParameters (org.xwiki.crypto.pkix.params.x509certificate.X509CertificateParameters)1 ExtendedKeyUsages (org.xwiki.crypto.pkix.params.x509certificate.extension.ExtendedKeyUsages)1 X509DnsName (org.xwiki.crypto.pkix.params.x509certificate.extension.X509DnsName)1