cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1521174 - in /cxf/trunk/services/xkms/xkms-x509-handlers/src: main/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidator.java test/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidatorCRLTest.java
Date Mon, 09 Sep 2013 16:10:28 GMT
Author: coheigea
Date: Mon Sep  9 16:10:27 2013
New Revision: 1521174

URL: http://svn.apache.org/r1521174
Log:
Fixing XKMS CRL checking in JDK 1.7 + re-enabling test

Modified:
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidator.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidatorCRLTest.java

Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidator.java?rev=1521174&r1=1521173&r2=1521174&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidator.java
(original)
+++ cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidator.java
Mon Sep  9 16:10:27 2013
@@ -21,8 +21,11 @@ package org.apache.cxf.xkms.x509.validat
 
 import java.security.InvalidAlgorithmParameterException;
 import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertPath;
 import java.security.cert.CertPathBuilder;
 import java.security.cert.CertPathBuilderException;
+import java.security.cert.CertPathValidator;
+import java.security.cert.CertPathValidatorException;
 import java.security.cert.CertStore;
 import java.security.cert.CertStoreParameters;
 import java.security.cert.CollectionCertStoreParameters;
@@ -72,16 +75,22 @@ public class TrustedAuthorityValidator i
             Set<TrustAnchor> trustAnchors = asTrustAnchors(trustedAuthorityCerts);
             CertStoreParameters intermediateParams = new CollectionCertStoreParameters(intermediateCerts);
             CertStoreParameters certificateParams = new CollectionCertStoreParameters(certificates);
-            CertStoreParameters crlParams = new CollectionCertStoreParameters(crls);
             PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
             pkixParams.addCertStore(CertStore.getInstance("Collection", intermediateParams));
             pkixParams.addCertStore(CertStore.getInstance("Collection", certificateParams));
-            pkixParams.addCertStore(CertStore.getInstance("Collection", crlParams));
-            if (crls.isEmpty()) {
-                pkixParams.setRevocationEnabled(false);
-            }
+            pkixParams.setRevocationEnabled(false);
+            
             CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
-            builder.build(pkixParams);
+            CertPath certPath = builder.build(pkixParams).getCertPath();
+            
+            // Now validate the CertPath including CRL checking
+            if (!crls.isEmpty()) {
+                pkixParams.setRevocationEnabled(true);
+                CertStoreParameters crlParams = new CollectionCertStoreParameters(crls);
+                pkixParams.addCertStore(CertStore.getInstance("Collection", crlParams));
+                CertPathValidator validator = CertPathValidator.getInstance("PKIX");
+                validator.validate(certPath, pkixParams);
+            }
         } catch (InvalidAlgorithmParameterException e) {
             throw new RuntimeException(e);
         } catch (NoSuchAlgorithmException e) {
@@ -89,6 +98,9 @@ public class TrustedAuthorityValidator i
         } catch (CertPathBuilderException e) {
             LOG.log(Level.INFO, e.getMessage(), e);
             return false;
+        } catch (CertPathValidatorException e) {
+            LOG.log(Level.INFO, e.getMessage(), e);
+            return false;
         }
         return true;
     }

Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidatorCRLTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidatorCRLTest.java?rev=1521174&r1=1521173&r2=1521174&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidatorCRLTest.java
(original)
+++ cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidatorCRLTest.java
Mon Sep  9 16:10:27 2013
@@ -34,7 +34,6 @@ import org.apache.cxf.xkms.model.xkms.Us
 import org.apache.cxf.xkms.x509.repo.file.FileCertificateRepo;
 import org.junit.Assert;
 import org.junit.Before;
-import org.junit.Ignore;
 import org.junit.Test;
 
 public class TrustedAuthorityValidatorCRLTest extends BasicValidationTest {
@@ -83,11 +82,7 @@ public class TrustedAuthorityValidatorCR
         certificateRepo.saveCRL(crl, crlKey);
     }
 
-    /**
-     * FIXME Fails on JDK 7
-     */
     @Test
-    @Ignore
     public void testIsCertChainValid() throws CertificateException {
         TrustedAuthorityValidator validator = new TrustedAuthorityValidator(certificateRepo);
         Assert.assertTrue("Root should be valid",



Mime
View raw message