Example 1 with DistinguishedName
use of org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName in project xwiki-platform by xwiki.
the class X509KeyWikiStoreTest method setUp.
@Before
public void setUp() throws Exception {
EntityReferenceProvider valueProvider = mock(EntityReferenceProvider.class);
when(valueProvider.getDefaultReference(EntityType.WIKI)).thenReturn(WIKI_REFERENCE);
when(valueProvider.getDefaultReference(EntityType.SPACE)).thenReturn(SPACE_REFERENCE);
when(valueProvider.getDefaultReference(EntityType.DOCUMENT)).thenReturn(DOCUMENT_REFERENCE);
mocker.registerComponent(EntityReferenceProvider.class, "current", valueProvider);
Provider<XWikiContext> xcontextProvider = mocker.registerMockComponent(XWikiContext.TYPE_PROVIDER);
xcontext = mock(XWikiContext.class);
when(xcontextProvider.get()).thenReturn(xcontext);
xwiki = mock(com.xpn.xwiki.XWiki.class);
when(xcontext.getWiki()).thenReturn(xwiki);
BinaryStringEncoder encoder = mocker.getInstance(BinaryStringEncoder.class, "Base64");
when(encoder.encode(PRIVATEKEY, 64)).thenReturn(ENCODED_PRIVATEKEY);
when(encoder.decode(ENCODED_PRIVATEKEY)).thenReturn(PRIVATEKEY);
when(encoder.encode(ENCRYPTED_PRIVATEKEY, 64)).thenReturn(ENCODED_ENCRYPTED_PRIVATEKEY);
when(encoder.decode(ENCODED_ENCRYPTED_PRIVATEKEY)).thenReturn(ENCRYPTED_PRIVATEKEY);
when(encoder.encode(CERTIFICATE, 64)).thenReturn(ENCODED_CERTIFICATE);
when(encoder.decode(ENCODED_CERTIFICATE)).thenReturn(CERTIFICATE);
when(encoder.encode(SUBJECT_KEYID)).thenReturn(ENCODED_SUBJECTKEYID);
when(encoder.decode(ENCODED_SUBJECTKEYID)).thenReturn(SUBJECT_KEYID);
privateKey = mock(PrivateKeyParameters.class);
when(privateKey.getEncoded()).thenReturn(PRIVATEKEY);
AsymmetricKeyFactory keyFactory = mocker.getInstance(AsymmetricKeyFactory.class);
when(keyFactory.fromPKCS8(PRIVATEKEY)).thenReturn(privateKey);
PrivateKeyPasswordBasedEncryptor encryptor = mocker.getInstance(PrivateKeyPasswordBasedEncryptor.class);
when(encryptor.encrypt(PASSWORD, privateKey)).thenReturn(ENCRYPTED_PRIVATEKEY);
when(encryptor.decrypt(PASSWORD, ENCRYPTED_PRIVATEKEY)).thenReturn(privateKey);
certificate = mock(X509CertifiedPublicKey.class);
when(certificate.getSerialNumber()).thenReturn(SERIAL);
when(certificate.getIssuer()).thenReturn(new DistinguishedName(ISSUER));
when(certificate.getSubject()).thenReturn(new DistinguishedName(SUBJECT));
when(certificate.getEncoded()).thenReturn(CERTIFICATE);
CertificateFactory certificateFactory = mocker.getInstance(CertificateFactory.class, "X509");
when(certificateFactory.decode(CERTIFICATE)).thenReturn(certificate);
X509Extensions extensions = mock(X509Extensions.class);
when(certificate.getExtensions()).thenReturn(extensions);
when(extensions.getSubjectKeyIdentifier()).thenReturn(SUBJECT_KEYID);
when(certificate.getSubjectKeyIdentifier()).thenReturn(SUBJECT_KEYID);
keyPair = new CertifiedKeyPair(privateKey, certificate);
QueryManager queryManager = mocker.getInstance(QueryManager.class);
query = mock(Query.class);
when(query.bindValue(any(String.class), any())).thenReturn(query);
when(query.setWiki(WIKI)).thenReturn(query);
when(queryManager.createQuery(any(String.class), any(String.class))).thenReturn(query);
store = mocker.getComponentUnderTest();
}
Also used :
BinaryStringEncoder(org.xwiki.crypto.BinaryStringEncoder)
Query(org.xwiki.query.Query)
DistinguishedName(org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName)
PrivateKeyParameters(org.xwiki.crypto.params.cipher.asymmetric.PrivateKeyParameters)
XWikiContext(com.xpn.xwiki.XWikiContext)
XWiki(com.xpn.xwiki.XWiki)
X509Extensions(org.xwiki.crypto.pkix.params.x509certificate.extension.X509Extensions)
CertificateFactory(org.xwiki.crypto.pkix.CertificateFactory)
AsymmetricKeyFactory(org.xwiki.crypto.AsymmetricKeyFactory)
EntityReferenceProvider(org.xwiki.model.reference.EntityReferenceProvider)
X509CertifiedPublicKey(org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey)
QueryManager(org.xwiki.query.QueryManager)
PrivateKeyPasswordBasedEncryptor(org.xwiki.crypto.password.PrivateKeyPasswordBasedEncryptor)
CertifiedKeyPair(org.xwiki.crypto.pkix.params.CertifiedKeyPair)
Before(org.junit.Before)
Example 2 with DistinguishedName
use of org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName in project xwiki-platform by xwiki.
the class RSACryptoScriptService method issueCertificate.
/**
* Create an end entity certificate. By default, the key can be used for encryption and signing. If the end entity
* contains some alternate subject names of type X509Rfc822Name a extended email protection usage is added. If the
* end entity contains some alternate subject names of type X509DnsName or X509IpAddress extended server and client
* authentication usages are added.
*
* @param issuer the keypair for issuing the certificate
* @param publicKey the public key to certify
* @param dn the distinguished name for the new the certificate.
* @param validity the validity of the certificate from now in days.
* @param subjectAltName the alternative names for the certificate
* @return a certified public key.
* @throws IOException in case on error while reading the public key.
* @throws GeneralSecurityException in case of error.
*/
public CertifiedPublicKey issueCertificate(CertifiedKeyPair issuer, PublicKeyParameters publicKey, String dn, int validity, List<X509GeneralName> subjectAltName) throws IOException, GeneralSecurityException {
X509CertificateParameters params;
X509ExtensionBuilder builder = extensionBuilder.get().addKeyUsage(EnumSet.of(KeyUsage.digitalSignature, KeyUsage.dataEncipherment));
if (subjectAltName != null) {
params = new X509CertificateParameters(extensionBuilder.get().addSubjectAltName(false, subjectAltName.toArray(new X509GeneralName[] {})).build());
Set<String> extUsage = new HashSet<String>();
for (X509GeneralName genName : subjectAltName) {
if (genName instanceof X509Rfc822Name) {
extUsage.add(ExtendedKeyUsages.EMAIL_PROTECTION);
} else if (genName instanceof X509DnsName || genName instanceof X509IpAddress) {
extUsage.add(ExtendedKeyUsages.SERVER_AUTH);
extUsage.add(ExtendedKeyUsages.CLIENT_AUTH);
}
builder.addExtendedKeyUsage(false, new ExtendedKeyUsages(extUsage));
}
} else {
params = new X509CertificateParameters();
}
return certificateGeneratorFactory.getInstance(CertifyingSigner.getInstance(true, issuer, signerFactory), new X509CertificateGenerationParameters(validity, builder.build())).generate(new DistinguishedName(dn), publicKey, params);
}
Also used :
X509DnsName(org.xwiki.crypto.pkix.params.x509certificate.extension.X509DnsName)
X509GeneralName(org.xwiki.crypto.pkix.params.x509certificate.extension.X509GeneralName)
X509IpAddress(org.xwiki.crypto.pkix.params.x509certificate.extension.X509IpAddress)
DistinguishedName(org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName)
X509Rfc822Name(org.xwiki.crypto.pkix.params.x509certificate.extension.X509Rfc822Name)
X509CertificateGenerationParameters(org.xwiki.crypto.pkix.params.x509certificate.X509CertificateGenerationParameters)
X509ExtensionBuilder(org.xwiki.crypto.pkix.X509ExtensionBuilder)
X509CertificateParameters(org.xwiki.crypto.pkix.params.x509certificate.X509CertificateParameters)
ExtendedKeyUsages(org.xwiki.crypto.pkix.params.x509certificate.extension.ExtendedKeyUsages)
HashSet(java.util.HashSet)
Example 3 with DistinguishedName
use of org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName in project xwiki-platform by xwiki.
the class X509CertificateWikiStoreTest method testRetrievingCertificateUsingIssueAndSerialFromDocument.
@Test
public void testRetrievingCertificateUsingIssueAndSerialFromDocument() throws Exception {
CertifiedPublicKey certificate = mockSingleCertQuery();
assertThat(store.getCertificateProvider(DOC_STORE_REF).getCertificate(new DistinguishedName(ISSUER), SERIAL), equalTo(certificate));
verify(query).bindValue(BIND_ISSUER, ISSUER);
verify(query).bindValue(BIND_SERIAL, SERIAL.toString());
verify(query, times(3)).bindValue(BIND_STORE, FULLNAME);
}
Also used :
DistinguishedName(org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName)
CertifiedPublicKey(org.xwiki.crypto.pkix.params.CertifiedPublicKey)
X509CertifiedPublicKey(org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey)
Test(org.junit.Test)
Example 4 with DistinguishedName
use of org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName in project xwiki-platform by xwiki.
the class X509CertificateWikiStoreTest method testRetrievingCertificateUsingIssueAndSerialFromSpace.
@Test
public void testRetrievingCertificateUsingIssueAndSerialFromSpace() throws Exception {
CertifiedPublicKey certificate = mockSingleCertQuery();
assertThat(store.getCertificateProvider(SPACE_STORE_REF).getCertificate(new DistinguishedName(ISSUER), SERIAL), equalTo(certificate));
verify(query).bindValue(BIND_ISSUER, ISSUER);
verify(query).bindValue(BIND_SERIAL, SERIAL.toString());
verify(query, times(3)).bindValue(BIND_STORE, SPACE);
}
Also used :
DistinguishedName(org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName)
CertifiedPublicKey(org.xwiki.crypto.pkix.params.CertifiedPublicKey)
X509CertifiedPublicKey(org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey)
Test(org.junit.Test)
Example 5 with DistinguishedName
use of org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName in project xwiki-platform by xwiki.
the class X509CertificateWikiStoreTest method getMockedCertificate.
private CertifiedPublicKey getMockedCertificate(boolean hasKeyId) throws Exception {
X509CertifiedPublicKey certificate = mock(X509CertifiedPublicKey.class);
when(certificate.getSerialNumber()).thenReturn(SERIAL);
when(certificate.getIssuer()).thenReturn(new DistinguishedName(ISSUER));
when(certificate.getSubject()).thenReturn(new DistinguishedName(SUBJECT));
when(certificate.getEncoded()).thenReturn(CERTIFICATE);
if (hasKeyId) {
X509Extensions extensions = mock(X509Extensions.class);
when(certificate.getExtensions()).thenReturn(extensions);
when(extensions.getSubjectKeyIdentifier()).thenReturn(SUBJECT_KEYID);
when(certificate.getSubjectKeyIdentifier()).thenReturn(SUBJECT_KEYID);
}
return certificate;
}
Also used :
DistinguishedName(org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName)
X509CertifiedPublicKey(org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey)
X509Extensions(org.xwiki.crypto.pkix.params.x509certificate.extension.X509Extensions)
Aggregations
DistinguishedName (org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName)5
X509CertifiedPublicKey (org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey)4
Test (org.junit.Test)2
CertifiedPublicKey (org.xwiki.crypto.pkix.params.CertifiedPublicKey)2
X509Extensions (org.xwiki.crypto.pkix.params.x509certificate.extension.X509Extensions)2
XWiki (com.xpn.xwiki.XWiki)1
XWikiContext (com.xpn.xwiki.XWikiContext)1
HashSet (java.util.HashSet)1
Before (org.junit.Before)1
AsymmetricKeyFactory (org.xwiki.crypto.AsymmetricKeyFactory)1
BinaryStringEncoder (org.xwiki.crypto.BinaryStringEncoder)1
PrivateKeyParameters (org.xwiki.crypto.params.cipher.asymmetric.PrivateKeyParameters)1
PrivateKeyPasswordBasedEncryptor (org.xwiki.crypto.password.PrivateKeyPasswordBasedEncryptor)1
CertificateFactory (org.xwiki.crypto.pkix.CertificateFactory)1
X509ExtensionBuilder (org.xwiki.crypto.pkix.X509ExtensionBuilder)1
CertifiedKeyPair (org.xwiki.crypto.pkix.params.CertifiedKeyPair)1
X509CertificateGenerationParameters (org.xwiki.crypto.pkix.params.x509certificate.X509CertificateGenerationParameters)1
X509CertificateParameters (org.xwiki.crypto.pkix.params.x509certificate.X509CertificateParameters)1
ExtendedKeyUsages (org.xwiki.crypto.pkix.params.x509certificate.extension.ExtendedKeyUsages)1
X509DnsName (org.xwiki.crypto.pkix.params.x509certificate.extension.X509DnsName)1
